Re: Secure telephones
Jack Lloyd wrote: Well, nothing stopping you from treating your datagram-based VPN (ie, DTLS) as an IP tunnel, and doing TCP-like stuff on top of it to handle the IM and file transfer. Actually I'm working on something rather like that now, which may or not get finished soon. *lol* aren't we all. I suppose its a sign of the times - a decade ago, we were all writing our own crypto packages - now, we are all writing our own VPN (or zero knowledge routers) :)
Re: Email tapping by ISPs, forwarder addresses, and crypto proxies
At 01:07 PM 7/18/04 -0500, J.A. Terranson wrote: Let me fill in what he left out. Yes, the industry is moving towards MPLS over POS. That's not where it is now though. At least not for most interfaces. Right now the industry is chock full of lagacy gear, mostly old fashioned ATM. You think you can just casually reassemble this crap in transit? Let's see it! Gimme an intel IXA network processor and no problem. ATM is fixed size data, not as tricky as IP decoding. Predicatable bandwidth. Stream all into megadisks, analyze later. You need to tap the MPLS label assignment service (or watch all the egress ports and correlate to endpoints) too to know which ATM chunks went where. Besides that old fashioned transport diversity, we have the original problem: even if you could do it (maybe in three to five years), what are you going to do with the data you've snarfed? Backhaul it? Shove it into TB cassettes? Better keep a guy on staff to change the tray!! You don't know about tape robots, or offline indexing, eh?
Cheap TDR for fibers?
The laser diodes used in eg. CD players have a feedback photodiode, sensing the laser's optical output. If the lasers used for optical fibers have similar mechanism too, and if the diode is sensitive to the light coming to it not only from the chip but also from the fiber itself, and can react quickly enough with high enough sensitivity, maybe it could be exploited. In chosen moments, we could then send a short pulse of laser light into the fiber, then watch the signal from the feedback diode, what gets reflected back from nonhomogenities on the fiber. This would give us the distances of all the splices and connectors, and let us know immediately (if the test is performed eg. once per 5 seconds or with similar short period) that there is an attempt to compromise the line underway. Comparison of snapshots from longer periods apart could also serve to find deterioration of the signal path before it results in failure. The advantage of this approach, if possible, is the ability to add the functionality without having to modify the optical transceivers themselves. It sounds too good to be true, so it probably won't work, but I may be wrong...
Re: 1984 Comes To Boston (fwd from brian-slashdotnews@hyperreal.org)
Eugen Leitl [EMAIL PROTECTED] wrote: from the panopticonjob dept. walmass writes In preparation for the DNC in Boston, [1]75 cameras monitored by the Federal government will be operating around the downtown Boston location. There are also an unspecified number of state police cameras, and 100 cameras owned by the Metro Boston Transit Authority. Quote: 'And it's here to stay: Boston police say the 30 or so cameras installed for the convention will be used throughout the city once the event is over. We own them now, said police Superintendent Robert Dunford. We're certainly not going to put them in a closet.' Maybe it's time to start making those high power IR emitters. Make them cheap enough and we can just hand them out to right-minded folk to drop here and there. Has anyone seen these cameras? Are they noticeable? At least some of them are supposedly on the central artery; your car can certainly spare 100W or so for some IR blasters... -- Riad S. Wahby [EMAIL PROTECTED]
Re: Email tapping by ISPs, forwarder addresses, and crypto proxies
On Mon, Jul 19, 2004 at 07:56:05AM -0500, J.A. Terranson wrote: None of which qualify here - remember, the discussion was based upon a quiet implementation. A VPN link from a *nivore box streaming filtered info is pretty quiet. There are plenty of dedicated network processors for packet filtering purposes: http://leitl.org/ct/2004.1/01/160/art.htm As suggested, tapping oversea fibres in shallow waters is probably the Way To Do It. No way to store the entire traffic, and expect to still be able to mine it. What is interesting is how they do VoIP voice recognition, if at all. Too mancy simultaneous channels to screen them all, or are they? -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpig1tQupMm0.pgp Description: PGP signature
Re: Email tapping by ISPs, forwarder addresses, and crypto proxies
As suggested, tapping oversea fibres in shallow waters is probably the Way To Do It. Apparently NSA has it's own splicing sub for this purpose. As for US fibers, I've spoken to folks who have actually seen the splice in cable landings that went over to W. VA or wherever. -TD _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Re: Email tapping by ISPs, forwarder addresses, and crypto proxies
Gimme an intel IXA network processor and no problem. ATM is fixed size data, not as tricky as IP decoding. Predicatable bandwidth. Stream all into megadisks, analyze later. I'm gonna have to challenge this bit here, Variola. Let's back up. You've got an OC-48 or OC-192 fiber and you want to grab ALL of the data in this fiber. Now I'll grant that in real life there's going to be a lot telephony circuit in there, but let's take a worst-case and assume you need ALL the data. What's in this OC-192? Right now it definitely ain't 10Gb/s of packets. It's going to have LOTS of DS1s, DS3s and, if you're lucky, and STS-3c or two. So you'll need to first of all demux ALL of the tributaries. Next, you've got to un-map any ATM in each of the DS1s, etc, and then pull out the IP data from the ATM cells, remembering to reassemble fragmented packets (and there will be plenty with ATM). And remember, you may have to do this for 5000 simultaneous DS1s. Oh, and let's not forget pointer adjustments. You can't just blindly grab stuff...remember that all those tribs come from different STRATUM 1/3 clocks, so they'll be moving at different speeds and as a result have periodic slips w.r.t the STS-192 container. And that's just one fiber. How will you actually get all of this traffic back to HQ? Remember, it keeps coming and won't stop. No, I think I'm becomming convinced that they can't yet get ALL of it. But they DO probably grab complete wavelengths and backhual them, storing them for later study. (They must do some grooming too. For instance, they probably CALEA everything into and out of Brooklyn, and then that will get switched over to the Beltway where it will be packed into a GIG-BE OC-768 back to storage and processing.) -TD From: Major Variola (ret) [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: Email tapping by ISPs, forwarder addresses, and crypto proxies Date: Sun, 18 Jul 2004 22:35:19 -0700 At 01:07 PM 7/18/04 -0500, J.A. Terranson wrote: Let me fill in what he left out. Yes, the industry is moving towards MPLS over POS. That's not where it is now though. At least not for most interfaces. Right now the industry is chock full of lagacy gear, mostly old fashioned ATM. You think you can just casually reassemble this crap in transit? Let's see it! Gimme an intel IXA network processor and no problem. ATM is fixed size data, not as tricky as IP decoding. Predicatable bandwidth. Stream all into megadisks, analyze later. You need to tap the MPLS label assignment service (or watch all the egress ports and correlate to endpoints) too to know which ATM chunks went where. Besides that old fashioned transport diversity, we have the original problem: even if you could do it (maybe in three to five years), what are you going to do with the data you've snarfed? Backhaul it? Shove it into TB cassettes? Better keep a guy on staff to change the tray!! You don't know about tape robots, or offline indexing, eh? _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
RE: Cheap TDR for fibers?
Telecom-grade laser packages (and the lasers inside them) not only do not have a monitoring diode, they are designed very carefully to prevent the kind of feedback you're talking about (it destabilizes the laser and causes a power penalty). However, there's no real reason not to be able just to splice into the fiber. Hell, you don't even need a splice if you have access to the FDF (Fiber Distributing Frame, or fiber patch panel). -TD From: Thomas Shaddack [EMAIL PROTECTED] To: Cypherpunks [EMAIL PROTECTED] Subject: Cheap TDR for fibers? Date: Mon, 19 Jul 2004 05:25:35 +0200 (CEST) The laser diodes used in eg. CD players have a feedback photodiode, sensing the laser's optical output. If the lasers used for optical fibers have similar mechanism too, and if the diode is sensitive to the light coming to it not only from the chip but also from the fiber itself, and can react quickly enough with high enough sensitivity, maybe it could be exploited. In chosen moments, we could then send a short pulse of laser light into the fiber, then watch the signal from the feedback diode, what gets reflected back from nonhomogenities on the fiber. This would give us the distances of all the splices and connectors, and let us know immediately (if the test is performed eg. once per 5 seconds or with similar short period) that there is an attempt to compromise the line underway. Comparison of snapshots from longer periods apart could also serve to find deterioration of the signal path before it results in failure. The advantage of this approach, if possible, is the ability to add the functionality without having to modify the optical transceivers themselves. It sounds too good to be true, so it probably won't work, but I may be wrong... _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
Why there is no anonymous e-cash
As I predicted, transactions are increasingly going on line. And as Hettinga predicted, the more anonymous and irreversible the transaction service, the cheaper and more convenient its services. All happening as predicted. So why don't we have anonymous chaumian cash by now? Because, the more anonymous and irreversible its services, the more fraudsters use it to convert other people's bank accounts, obtained by phishing, into usable money. Why don't we have anonymous e-cash? - because IE and outlook express are full of massive security holes, and because people are idiots. Observe Tim May, who mistook e-gold phishing spam mail for the real thing. Well, not so much that people are idiots, but that we still have not got a satisfactory security model that adequately accommodates human factors.
Re: Reputation Capital Article - 1st Monday: Manifesto for the Reputation Society
On Mon, Jul 19, 2004 at 02:09:59PM -0400, Steve Furlong wrote: It's ok, you can still say Tim May around here. You rang? http://groups.google.com/groups?q=%22Tim+May%22hl=enlr=ie=UTF-8sa=Gscoring=d -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpZnzwfAbSr3.pgp Description: PGP signature
A cypherpunk in Baghdad (was re: giantlaser: Ali Baba returns)
It looks like Ryan's going to Baghdad... Same as it ever was. Click the link to see details, like a pic or two. :-). Tyler's been running a sattelite ISP there for about a year. I've been reading his LJ for about 6 months now, or so. Great story. Anarchocapitalism at its finest, ladies and germs... Cheers, RAH http://www.livejournal.com/users/giantlaser/48523.html Tyler (??) (?giantlaser) wrote, @ 2004-07-18 13:24:00 ? ? Ali Baba returnsslownewsday and I woke last night to a battle outside our house. Two thieves (Ali Babas) dressed in black were sneaking around the back garden of our neighbor. It isn't clear who fired first, or how it started at all. What is clear is that the guards on my roof (over our bedroom) opened up with multiple rifles in short automatic bursts. The thieves may have responded with pistols, but clearly decided they were outgunned and beat feet. Jayme and I didn't know any of this when it happened. We bolted from bed and silently dressed in the first thing at hand, our pajamas. Note to self - emergency pants. Jayme put on her armor and I took my med kit, and we went to check what happened. My heart was beating and my mind raced. The firing had ceased after 15 seconds of exchange or so, but it was very close with no distant return fire. Is it Ali Baba? Insurgents? Something really serious? Can we defend the house or do we make a running retreat? Protective, aggressive caveman hovered beneath my consciousness. I could feel everything around me, including my own hands shaking as they grabbed spare magazines. Then I was holding my pistol, and I was still and ready. Strange. I advanced down the hall cop-style with my gun made ready with my arms in lowered shooting stance. It seemed like a good idea at the time - it's what cops do, right? Outside, I found Kak Jalal (the former Brig. General) talking to the guards. He looked me up and down, and laughed. He must have seen thousands of young men like that, armed and scared. I dropped the cop stance. It was all over by the time we were outside. We went back to bed. The post-panic sex was fantastic. So we're reviewing security. The approach the thieves might have taken is covered by a guard post (over my bedroom), a 3-meter wall, and razor wire. However, it's dark on the far side of the wall. Noor al Dien (my personal guard and faithful manservant *) spoke to the neighbor. The neighbor thanked him for guarding the neighborhood and asked us to install a light that shines into his yard. He doesn't have a generator, so he can't power a light reliably. This is good news for us, because we wanted to do this anyway but we didn't want to irritate the neighbors. Well, irritate them more than the razor wire and periodic gun battles already do. * I love saying faithful manservant. We're adding the lights and working on better coordination between the guards. Some were more careful and gave measure warning shots. Some decided that overwhelming fright was the best tactic, in order to discourage repeat visits. I can't really argue with that, except for the part where it scares the shit out of me. (Post a new comment) octal 2004-07-18 04:39 (link) Amusing that this happens the day before I show up :) Webcams on the perimeter would be fun, too. I think I'll try to get a III + IV vest for the car; is it worth bothering with a coolmax and a IIA concealable? Also, battle dressings seem like a REALLY good idea. Pistol? Why not the AK? I've never really had a problem with confronting people with a gun while naked; if it shocks them for even a second, it's a plus for me. Heh. What are warning shots? As in center-of-mass hits on the targets, which the others find out about before attacking again? (Reply to this) (Thread) giantlaser 2004-07-18 06:48 (link) Vest is your call - the hard part is finding one. I don't wear one, but Jayme was issued one by her company. We carry battle dressings and tampons (stick them in wounds) at all times. 1/3 of my normal man-bag (read: European Carry-All, or purse) is devoted to bulletwound care. I went shooting with the AK a few days ago. It performed poorly - aim is fine, but after 30 rounds it heats up and jams frequently. I won't carry a weapon that's going to get me killed at a random time in the future. Killing is a very serious thing here. Even if they are thieves, we pay fassel if we kill them. So you give them a chance to flee before taking serious aim. A real attack is one thing. Simple thieves are another. (Reply to this) (Parent) (Thread) travisd 2004-07-18 15:27 (link) If you capture them though, can you demand ransom for their return? (Reply to this) (Parent) (Thread) giantlaser 2004-07-18 22:46 (link) Uh, yes. :) But it's not a wise business to get into. Our engineers are far too vulnerable as they travel around to make a profit on ransom possible. (Reply to this) (Parent) habibi 2004-07-18 08:18 (link) wow! (Reply to this) valiss
Re: Reputation Capital Article - 1st Monday: Manifesto for the Reputation Society
On Mon, 2004-07-19 at 13:43, Sunder wrote: Here's a paper/article/screed on reputation capital. A subject we discussed here a long while ago back when dinosaurs ruled the earth, etc... well, not quite that long ago. It's ok, you can still say Tim May around here.
Re: Why there is no anonymous e-cash
At 08:41 AM 7/19/2004, James A. Donald wrote: As I predicted, transactions are increasingly going on line. And as Hettinga predicted, the more anonymous and irreversible the transaction service, the cheaper and more convenient its services. All happening as predicted. So why don't we have anonymous chaumian cash by now? Because, the more anonymous and irreversible its services, the more fraudsters use it to convert other people's bank accounts, obtained by phishing, into usable money. Only if you ignore soft/hard money issues and your internal fraud controls are not up to par. Why don't we have anonymous e-cash? - because IE and outlook express are full of massive security holes, and because people are idiots. Or e-currency vendors don't use effective anti-phishing and key logger measures. They do seem to exist. steve
Reputation Capital Article - 1st Monday: Manifesto for the Reputation Society
Here's a paper/article/screed on reputation capital. A subject we discussed here a long while ago back when dinosaurs ruled the earth, etc... well, not quite that long ago. This doesn't seem to mention anything about anonymous users, however. http://www.firstmonday.org/issues/issue9_7/masum/index.html Abstract Manifesto for the Reputation Society by Hassan Masum and Yi.Cheng Zhang Information overload, challenges of evaluating quality, and the opportunity to benefit from experiences of others have spurred the development of reputation systems. Most Internet sites which mediate between large numbers of people use some form of reputation mechanism: Slashdot, eBay, ePinions, Amazon, and Google all make use of collaborative filtering, recommender systems, or shared judgements of quality. But we suggest the potential utility of reputation services is far greater, touching nearly every aspect of society. By leveraging our limited and local human judgement power with collective networked filtering, it is possible to promote an interconnected ecology of socially beneficial reputation systems . to restrain the baser side of human nature, while unleashing positive social changes and enabling the realization of ever higher goals. SNIP --Kaos-Keraunos-Kybernetos--- + ^ + :I find it ironic that, on an amendment designed to protect /|\ \|/ :American democracy and our constitutional rights, the /\|/\ --*--:Republican leadership in the House had to rig the vote and \/|\/ /|\ :subvert the democratic process in order to prevail \|/ + v + : -- Rep. Sanders re vote to ammend the US PATRIOT ACT. -- http://www.sunder.net
