CIA breaks terrorist encryption found on seized laptop
List I stumbled over this article, perusing Google for news. Apparently Al Qaida ops planner Khalid Shaikh Mohammed tried - in vain - to protect his information by encrypting it on his laptop. I haven't found any references as to what sort of encryption he used - or if it was just a weak password that was broken. If I recall correctly the computers that was bought and decrypted by a newspaper in Kabul, Afghanistan last year was protected by the Win2k EFS export version. Are there any records of Al Qaida using stronger encryption? Hummm... On a sidenote: I'm researching for an article on the history of export regulations. I seem to remember that a couple of years ago there was an incident where some cypherpunks(?) 'exported' encryption to Mexico by missile, thereby exploiting a loophole in US export regulations. I have tried Google to no avail. Can anyone remember this - or is this just a twist of my imagination? Yours Bo Elkjaer, Denmark http://www.theolympian.com/home/news/20030313/frontpage/19456.shtml Computer holds list of al-Qaida safehouses GANNETT NEWS SERVICE KARACHI, Pakistan -- A laptop computer used by al-Qaida operational planner Khalid Shaikh Mohammed has yielded a list of at least half a dozen hiding places along the Pakistan-Afghan border used by Osama bin Laden and his supporters, U.S. and Pakistani intelligence officials said Wednesday. SNIP Much of the information on Mohammed's laptop computer was protected by an encryption code that was easily broken by CIA analysts, U.S. officials said. The analysts said the code was surprisingly simple. -- EOT
Re: Brinwear at Benetton.
On Thu, Mar 13, 2003 at 08:24:35AM -0800, Mike Rosing wrote: I think economics would be a better argument. If the manufacturer can recycle the tags for inventory control they can save a lot of money. And public pressure. Here's a piece I wrote a few months ago that included some recommendations: RFID tags: Big Brother in small packages http://news.com.com/2010-1069-980325.html -Declan
Re: Fatherland Security measures more important than Bennetton tags!
On Thu, Mar 13, 2003 at 10:49:41AM -0800, Tim May wrote: By the way, I am enjoying the evolving clusterfuck/train wreck that is coming with the War on Some Terrorrists. Seeing our C-student fratboy One word (well, one domain name): http://www.prudentbear.com/ -Declan
Re: Brinwear at Benetton.
On Fri, Mar 14, 2003 at 12:40:27AM -0500, Declan McCullagh wrote: On Thu, Mar 13, 2003 at 08:24:35AM -0800, Mike Rosing wrote: I think economics would be a better argument. If the manufacturer can recycle the tags for inventory control they can save a lot of money. And public pressure. Here's a piece I wrote a few months ago that included some recommendations: RFID tags: Big Brother in small packages http://news.com.com/2010-1069-980325.html Interesting article, Declan. Seems like the future shopper would be prudent to have a reader/detector to check for tags, just as now we have to check all over a garment for labels/tags/pins. Or somewhat like Cayce in Pattern Recognition removing the logos of her clothes, even sanding down the buttons, etc. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com
Re: Brinwear at Benetton.
At 09:38 AM 3/14/2003 -0600, Harmon Seaver wrote: On Fri, Mar 14, 2003 at 12:40:27AM -0500, Declan McCullagh wrote: On Thu, Mar 13, 2003 at 08:24:35AM -0800, Mike Rosing wrote: I think economics would be a better argument. If the manufacturer can recycle the tags for inventory control they can save a lot of money. And public pressure. Here's a piece I wrote a few months ago that included some recommendations: RFID tags: Big Brother in small packages http://news.com.com/2010-1069-980325.html Wonder what happens when one of the tags is placed in a microwave oven. Its likely to do some instant damage without harming many tagged articles, if they aren't left in long. I would think that the RFID manufactures would WANT to design their tags for such easy destruction to placate consumer privacy fears. steve
Re: CIA breaks terrorist encryption found on seized laptop
At 01:31 PM 3/14/2003 +0100, you wrote: On a sidenote: I'm researching for an article on the history of export regulations. I seem to remember that a couple of years ago there was an incident where some cypherpunks(?) 'exported' encryption to Mexico by missile, thereby exploiting a loophole in US export regulations. I have tried Google to no avail. Can anyone remember this - or is this just a twist of my imagination? I seem to recall this never moved beyond musings. But maybe I was out to launch :) steve
Identification of users of payphones
Couple months ago, our local Telecom decided to switch over from easy-to-emulate EPROM-based dumb smartcards (described at http://www.phrack.com/show.php?p=48a=10 ) to Eurochip ones. Today seemed a good day to learn more about them, so I sniffed around a bit (eg, http://gsho.thur.de/phonecard/advanced_e.htm ) and stumbled over some data that could have unpleasant implications. In Europe, chip cards for paying in payphones are common. However, the cards have serial numbers, usually assigned sequentially during the manufacture. It is possible to keep track of the serial numbers vs shipments. The phones may record (or even online-report (eg, for fraud prevention)) the serial numbers of the cards used. Then it could be possible to list all calls done from the same card, possibly indirectly identify the person who made that call from a public payphone by matching their calling patterns. It could be also possible to identify where and approximately when the card was bought, putting more constraints to its owner's possible identity. I can't assess the real proportions of this threat, but it is another thing to be aware of.
RE: Brinwear at Benetton.
On Fri, 14 Mar 2003, Trei, Peter wrote: They don't want to deactivate them. Go back and read the SFGate article I linked in my initial post. They want to recognize when a loyal customer returns, so they can pull up his/her profile and give then personalized treatment. And what happens when the personalized treatment is cold sholder because of buying the competitions product? My bet is they'll just issue an rfid card and not use the inventory control for that purpose. Connecting inventory control to customer preferences can't be done without an alternate device. I can see how the grocery store will want to track your purchases over time to give you discounts on other products, and sell the info to various competing interests. Discount stores will also do the same thing, but the bar code tags already give that info. rfid doesn't add anything, it just gets in the way of store security (why keep track of *every* item purchased by *everybody* to prevent theft of CD's???) What I'm trying to say is that the info the stores want on you is already there and in use. The rfid helps track items without the bar code, and in places you can't read a bar code (like when lots of items are in a box). It can also be used for theft prevention. But you need to disable it to prevent having to deal with goods bought the week before in a store on the other side of the world. If the stores *don't* use the rfid's for security, and they can already use the bar codes for inventory, what good are they? Bar code readers are much cheaper than rfid readers and so is the paper tag that holds the bar code. There's no economic sense for the rfid tag in the first place. Patience, persistence, truth, Dr. mike
Re: Identification of users of payphones
On Fri, Mar 14, 2003 at 05:36:28PM +0100, Thomas Shaddack wrote: | Couple months ago, our local Telecom decided to switch over from | easy-to-emulate EPROM-based dumb smartcards (described at | http://www.phrack.com/show.php?p=48a=10 ) to Eurochip ones. Today seemed | a good day to learn more about them, so I sniffed around a bit (eg, | http://gsho.thur.de/phonecard/advanced_e.htm ) and stumbled over some data | that could have unpleasant implications. | | | In Europe, chip cards for paying in payphones are common. However, the | cards have serial numbers, usually assigned sequentially during the | manufacture. | | It is possible to keep track of the serial numbers vs shipments. The | phones may record (or even online-report (eg, for fraud prevention)) the | serial numbers of the cards used. Then it could be possible to list all | calls done from the same card, possibly indirectly identify the person who | made that call from a public payphone by matching their calling patterns. | It could be also possible to identify where and approximately when the | card was bought, putting more constraints to its owner's possible identity. | | I can't assess the real proportions of this threat, but it is another | thing to be aware of. Its possible, but expensive; this was done in the Tim MViegh trial; they linked all his calls, and then traced it to him. With computers, this gets easier and cheaper. Social network analysis is an obvious outgrowth of the traffic analysis NSA has been doing for 60 years. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
RE: Brinwear at Benetton.
Mike Rosing[SMTP:[EMAIL PROTECTED] They don't want to deactivate them. Go back and read the SFGate article I linked in my initial post. They want to recognize when a loyal customer returns, so they can pull up his/her profile and give then personalized treatment. And what happens when the personalized treatment is cold sholder because of buying the competitions product? My bet is they'll just issue an rfid card and not use the inventory control for that purpose. Connecting inventory control to customer preferences can't be done without an alternate device. I can see how the grocery store will want to track your purchases over time to give you discounts on other products, and sell the info to various competing interests. Discount stores will also do the same thing, but the bar code tags already give that info. rfid doesn't add anything, it just gets in the way of store security (why keep track of *every* item purchased by *everybody* to prevent theft of CD's???) What I'm trying to say is that the info the stores want on you is already there and in use. The rfid helps track items without the bar code, and in places you can't read a bar code (like when lots of items are in a box). It can also be used for theft prevention. But you need to disable it to prevent having to deal with goods bought the week before in a store on the other side of the world. If the stores *don't* use the rfid's for security, and they can already use the bar codes for inventory, what good are they? Bar code readers are much cheaper than rfid readers and so is the paper tag that holds the bar code. There's no economic sense for the rfid tag in the first place. Patience, persistence, truth, Dr. mike You're not thinking this through. As the item goes through the door (in either direction) the check is made Is this individual tag on this store's 'unsold inventory' list?. If so, raise the alarm. The tags are not fungible; they each have a unique number. When you purchase an item, it's tag number is transfered from the 'unsold inventory' list to the 'Mike Rosing' list, or, if no link to a name can be found, 'John Doe #2345'. As you walk up to the counter, the tag in your jockey shorts is read, and you are greeted by name, even if you've never been in that store before. What's more, for stock control, they have 'smart shelves', so they can also say 'Mary, go get some more black hipster jeans in 34x34 and put them out - the shelf says it's empty. As for RFID tags vs bar codes - you missing out the labor cost differential - RFID tags can be read by a fixed reader at several feet, while bar codes must be indvidually scanned. The tag cost is already down to under a dime. When it's under a nickle, these things will be in everything. Think about them in books. Peter Trei
Re: Brinwear at Benetton.
On Fri, 14 Mar 2003, Adam Shostack wrote: On Fri, Mar 14, 2003 at 01:22:44PM -0500, Trei, Peter wrote: | You're not thinking this through. As the item goes through the door (in | either direction) the check is made Is this individual tag on this store's | 'unsold inventory' list?. If so, raise the alarm. The tags are not fungible; | they each have a unique number. When you purchase an item, it's tag | number is transfered from the 'unsold inventory' list to the 'Mike Rosing' | list, or, if no link to a name can be found, 'John Doe #2345'. | | As you walk up to the counter, the tag in your jockey shorts is read, | and you are greeted by name, even if you've never been in that store | before. People will find this spooky, and it will stop, but how much you've spent over the last year will still be whispered into the sales clerk's ear bug, along with advice the woman in the green jacket 12 feet from you spends an average of $1,000 per visit, go fawn on her. And remind her that the jacket is nearly a year old. Very last season. Day of the RIFDs I can also see an even nastier probable RISKS article. You buy an item. The system is either down or crashes soon after the item is purchaced. (Or better yet, gets wiped out after a restore from an old backup tape.) It never makes it to the master database. You are now marked as a probable shoplifter. Now prove that you are not.
Re: Brinwear at Benetton.
On Fri, Mar 14, 2003 at 01:22:44PM -0500, Trei, Peter wrote: | You're not thinking this through. As the item goes through the door (in | either direction) the check is made Is this individual tag on this store's | 'unsold inventory' list?. If so, raise the alarm. The tags are not fungible; | they each have a unique number. When you purchase an item, it's tag | number is transfered from the 'unsold inventory' list to the 'Mike Rosing' | list, or, if no link to a name can be found, 'John Doe #2345'. | | As you walk up to the counter, the tag in your jockey shorts is read, | and you are greeted by name, even if you've never been in that store | before. People will find this spooky, and it will stop, but how much you've spent over the last year will still be whispered into the sales clerk's ear bug, along with advice the woman in the green jacket 12 feet from you spends an average of $1,000 per visit, go fawn on her. And remind her that the jacket is nearly a year old. Very last season. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
Bennetton Blacknet Credit Cards?
Peter Trei wrote... The tag cost is already down to under a dime. When it's under a nickle, these things will be in everything. Think about them in books. Yikes. Makes me wish I had some kind of untraceable credit card. What the heck does that 'RA Hettinga' character do, anyway? Can we get a Cypherpunks Visa or what? -TD From: Trei, Peter [EMAIL PROTECTED] To: 'Mike Rosing' [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: RE: Brinwear at Benetton. Date: Fri, 14 Mar 2003 13:22:44 -0500 Mike Rosing[SMTP:[EMAIL PROTECTED] They don't want to deactivate them. Go back and read the SFGate article I linked in my initial post. They want to recognize when a loyal customer returns, so they can pull up his/her profile and give then personalized treatment. And what happens when the personalized treatment is cold sholder because of buying the competitions product? My bet is they'll just issue an rfid card and not use the inventory control for that purpose. Connecting inventory control to customer preferences can't be done without an alternate device. I can see how the grocery store will want to track your purchases over time to give you discounts on other products, and sell the info to various competing interests. Discount stores will also do the same thing, but the bar code tags already give that info. rfid doesn't add anything, it just gets in the way of store security (why keep track of *every* item purchased by *everybody* to prevent theft of CD's???) What I'm trying to say is that the info the stores want on you is already there and in use. The rfid helps track items without the bar code, and in places you can't read a bar code (like when lots of items are in a box). It can also be used for theft prevention. But you need to disable it to prevent having to deal with goods bought the week before in a store on the other side of the world. If the stores *don't* use the rfid's for security, and they can already use the bar codes for inventory, what good are they? Bar code readers are much cheaper than rfid readers and so is the paper tag that holds the bar code. There's no economic sense for the rfid tag in the first place. Patience, persistence, truth, Dr. mike You're not thinking this through. As the item goes through the door (in either direction) the check is made Is this individual tag on this store's 'unsold inventory' list?. If so, raise the alarm. The tags are not fungible; they each have a unique number. When you purchase an item, it's tag number is transfered from the 'unsold inventory' list to the 'Mike Rosing' list, or, if no link to a name can be found, 'John Doe #2345'. As you walk up to the counter, the tag in your jockey shorts is read, and you are greeted by name, even if you've never been in that store before. What's more, for stock control, they have 'smart shelves', so they can also say 'Mary, go get some more black hipster jeans in 34x34 and put them out - the shelf says it's empty. As for RFID tags vs bar codes - you missing out the labor cost differential - RFID tags can be read by a fixed reader at several feet, while bar codes must be indvidually scanned. The tag cost is already down to under a dime. When it's under a nickle, these things will be in everything. Think about them in books. Peter Trei _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
Re: Give cheese to france?
James Donald wrote... On 11 Mar 2003 at 9:35, Tyler Durden wrote: Does it mean that such observations are invalid just because Marx predicted them? Actually, I didn't write that, though I quoted it. Marx was both untruthful, and spectacularly in error. Marx was primarily an economist, and a lot of what he had to say bore listening to. And there's a core there that I believe is probably correct. For instance, despite your examples, there are industries where consolidation is occuring, and in ways that closely resemble what Marx predicted. A good example is the silicon chip industry. How many top-line fabs still exist (ie, capable of 0.38um and below)? The cost of such fabs is now in the billions, so there are only a few companies that can afford it. Amongst piles of other things, Marx predicted exactly this. (Again, however, this doesn't mean I find Marx's predictions all that appealing, nor is communism-as-it-has-existed any system I'd want to live under again.) If commies actually believed what they said, if they still believed the prophecies, then they would still be working at labor organization, rather than at conspiracy. Well, here's where your rant sideswipes reality at its closest. Today's Marxists definitely seem, by and large, to be more interested in ideology and banner-waving than in helping, say, Haitian workers receive a living wage. When the commies of the world start drop-shipping rifles to striking miners in Bangladesh, then I'll be interested. Ever since Lenin, a core principle of communism has been to know the truth, and to lie about it. Pooey. Here's where you seem distinctly skewed in your thinking by the Soviets. The Chinese communists have a much more interesting history, The lying probably doesn't really get going in China until about 1960 or so. The Chinese communists (particularly prior to 1949) were an absolutely necessary force in China from the 1920s until the mid 50s. (And this is probably not because they were communist per se, but more that the Chinese communists represented an imminently Chinese clustering of ideals and pooled resources in reaction to a murderous occupation by the Japanese and collusion by Chiang Kai Shek.) The point is, Chinese communism didn't have lies as a core principal. The lies came much later. -TD _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail