August 2002 - cypherpunks-legacy

Polio, DES Crack, and Proofs of Concept
by Khoder bin Hakkin 13 Aug '02

13 Aug '02

In the most recent _Science_ some biologists gripe that the scientists who synthesized infectious poliovirus from its description were not doing anything novel, just a "prank". Any biologist would have known that, since you could concatenate nucleotide strings, and since polio needs nothing besides DNA (eg no enzymes) to be infectious, obviously you can synth polio. This is *remarkably* similar to cognescenti reactions to the DES Crack project. Yes, it was obvious it would work, and it was largely unnecessary (from a security-planning perspective) to actually do it. But it was proof-of-concept. Like synthesizing polio. -- "Better bombing through chemistry." -John Pike, director of Globalsecurity.org on use of speed by US pilots

1 0

Rick Walkinshaw your a dead man.
by Matthew X 13 Aug '02

13 Aug '02

Assassination / Targeted Violence Against Public Officials and Public Figures Assassination in the United States: An Operational Study of Recent Assassins, Attackers, and Near Lethal Approaches (5.7M) Protective Intelligence & Threat Assessment Investigations "A Guide for State and Local Law Enforcement Officials" (194K) Threat Assessment: An Approach to Prevent Targeted Violence (243K) http://www.ustreas.gov/usss/ntac.shtml

1 0

The Cpunks do share one characteristic: They are all boys.
by Matthew X 13 Aug '02

13 Aug '02

Newsweek: Attack on America Front Page 3:09 PM ET Saturday, July ... ... NEWSWEEK Poll: Bush Soars. The president's approval rating equals FDR's. FBI Links USS Cole Bombing and World ... Would restricting crypto have stopped these acts? www.msnbc.com/news/NW-ATTACKONAMERICA_Front.asp - 46k - Cached - Similar pages AD for a crypto free America bought to you by msnbc. Together, school shooters make a diverse class portrait. They are white, black, Hispanic, Asian, Native Alaskan. They were in public schools and Christian schools. Few had a mental illness, although many were desperate and depressed. Boys who have killed in America's schools offer a simple suggestion to prevent it from happening again: Listen to us. http://www.ustreas.gov/usss/ntac/chicago_sun_20001016/find15.htm "...Almost all attackers had come to the attention of someone (school officials, police, fellow students) for disturbing behavior. One student worried his friends by talking often of putting rat poison in the cheese shakers at a pizza restaurant." Cute.Hold the parmesan. WEAPONS: Getting weapons was easy. Most of the attackers were able to take guns from their homes or friends, buy them (legally or illegally), or steal them. Some received them as gifts from parents. More than half had a history of gun use, although most did not have a "fascination" with weapons. "F--- you Brady," Eric Harris wrote in his journal about the Brady gun law. "All I want is a couple of guns and thanks to your f------ bill I will probably not get any! Come on, I'll have a clean record and I only want them for personal protection. It's not like I'm some psycho who would go on a shooting spree." YEAH! and fuck you Mongo,how many disturbed lisp members have you given weapons?

1 0

White anting the homeland.
by Matthew X 13 Aug '02

13 Aug '02

http://www.fcw.com/fcw/ Army sets up battle for WIN-T The Army awarded contracts that will let two vendor teams battle it out for the multibillion-dollar tactical intranet [Posted Aug. 12] DOD preps virtual Pentagon DOD has launched a program to create a virtual Pentagon that would provide backup networks and communications [Posted Aug. 12] As part of an effort to provide better service, the Internal Revenue Service has selected Hewlett-Packard Co. to provide $35 million worth of new desktop and notebook computers to 820 IRS locations nationwide. Letters to the editor Serving Homeland Security Aug. 12, 2002 Printing? Use this version. Email this to a friend. WRITE US Following are responses to an FCW.com poll question that asked, "Given an opportunity, would you work for the Homeland Security Department?" I think Homeland Security is overdue. I would be willing to work there, but the location would be paramount in my decision. In my opinion, the one place it doesn't need to be is Washington, D.C. C. L. Jennings General Services Administration *** I would consider working for Homeland Security for two reasons. One, I believe it is an important and necessary effort. Two, as an insider, I would be able to know just exactly how much information will be collected on citizens, and to what use it would be put. Name withheld by request (not carly F)

1 0

Spook wars-When Angleton kicked Harvey under the table.
by Matthew X 13 Aug '02

13 Aug '02

1961 Washington area. Wrights briefing on RAFTER had not gone smoothly as some CIA officers were extremely pissed off that there had been a 3 year gap before they were indoctrinated. "Who else knows about RAFTER?,asked (the CIA's) Harvey. I told him we briefed the FBI and the Canadian RCMP fully as we progressed. "The Canadians!",exploded Harvey,thumping the table in anger."You might as well tell the fuckin' Papuan's as the Canadians." "I'm afraid we don't see it like that.The Canadians are trusted members of the Commonwealth." (I may go there to Kamloops for a holiday after the trial,btw.) "Well you should tell them to get another cipher machine,'he said as Angleton kicked Harvey hard under the table." Could have been Rosa Kleb I guess he was lucky. p151.Spycatcher.peter Wright. What were they using then? No point Hagelin I guess... http://www.fortunecity.com/meltingpot/canada/1034/ >>One of Peter Wright's successes was in listening to (i.e. bugging) the actions of a mechanical cipher machine, in order to break their encryption. This operation was code-named ENGULF, and enabled MI5 to read the cipher of the Egyptian embassy in London at the time of the Suez crisis. Another cipher-reading operation, code-named STOCKADE, read the French embassy cipher by using the electro-magnetic echoes of the input teleprinter which appeared on the output of the cipher machine. Unfortunately, Wright says this operation "was a graphic illustration of the limitations of intelligence" - Britain was blocked by the French from joining the Common Market and no amount of bugging could change that outcome. Particularly interesting is MI5's invention code-named RAFTER, which is used to detect the frequency a radio receiver is tuned to, by tracing emissions from the receiver's local oscillator circuit. RAFTER was used against the Soviet embassy and consulate in London to detect whether they were listening in to A4-watcher radios. Wright also used this technique to try to track down Soviet "illegals" (covert agents) in London who received their instructions by radio from the USSR. << FROM http://www.five.org.uk/security/mi5org/spycatch.htm

1 0

Train the mind,mind the train.
by Matthew X 13 Aug '02

13 Aug '02

Federal agencies are deploying an increasing number of commercial tools from companies such as ArcSight, CyberWolf Technologies Inc., e-Security Inc., GuardedNet and Micromuse Inc., to name a few. The FAA deploys an integrated set of security tools that include event management and intrusion detection. Officials would not name the vendor for security reasons.(A Cpunk challenge.) However, for more advanced correlation and data reduction capabilities, the FAA turned to the academic community, funding researchers at the Massachusetts Institute of Technology to develop an event correlation system. The FAA chose MIT because the agency didn't want a proprietary system and instead opted for one that was open and supported international standards, Brown said. Also, the FAA wanted to develop a system that could be shared with other federal agencies. The FAA is integrating the system into its data warehousing framework, which uses neural technology to extract data. The system also passively scans the network for unusual activity and can detect if new network equipment, such as routers or servers, comes online. Officials have already seen results from their tests of the system. Previously, IT operators reviewed event logs that were six to 10 hours old. The new system has reduced that lag time from hours to minutes, said Tom O'Keefe, deputy director of information systems security at the FAA. Labor Department officials also have seen a reduction in the time it takes IT operators to access and analyze data by adopting event management systems, according to Laura Callahan, deputy chief information officer at Labor. Callahan declined to identify the products the department uses for security reasons, but she said IT operators at the agency are familiar with products from SilentRunner Inc., a Raytheon company, and Network Intelligence Corp. "We are challenged in trying to sift through volumes of information to do trend analysis," she said. Callahan also praised the tools' forensic capabilities, which enable IT operators to play back events for investigative purposes. Besides deploying event management tools to battle the problem of data overload, the department is moving to a common security architecture. This means that each division within a line of business will adhere to the same standards and security technology, eliminating the need for multiple management consoles to monitor disparate products in each business unit. Not a Panacea There is a definite need for security event management tools in federal agencies, but "tools are not a panacea," said Thomas Gluzinski, president and chief executive officer of Paladin Technologies Inc., a provider of security services to the federal government. Many of these tools are in their first generation, and some are complex and hard to use by someone lacking in-depth security knowledge. Others are easy to use but still require experts to analyze the data and take appropriate action, he said. "And security event management products are computers, too," FedCIRC's Hale pointed out, so they are open to attacks or exploitation by hackers. According to John Pescatore, a research director at Gartner Inc., a security event management system needs four key features: n The tool must monitor events in real time and pull that information into a central location. n It must filter data and present it in meaningful reports. n It should have a discovery engine that can identify all the devices on a network. Most current products lack this feature. n It must be able to control the security devices. For instance, the product must have the capability to change settings on a firewall in the event of an attack or work in conjunction with an intrusion-detection system to automatically block an attack. The better products in the future will have some type of neural network capability that will enable them to identify and fix problems, Gluzinski said. Some intrusion-detection systems, such as Internet Security Systems Inc.'s RealSecure, can interact with firewalls from Checkpoint Systems Inc. to fix a rule set and solve a problem in the event of an attack. However, if the intrusion-detection system is not configured properly and is not privy to internal business operations, it could introduce a new problem by making a fix. The same is true for security event management systems, Gluzinski said, which only emphasizes the need for skilled network engineers. But as more network-based intrusion-detection systems move from merely issuing alarms to employing more highly advanced techniques blocking attacks in the way that antivirus software stops the spread of computer viruses there might not be a need for security event management systems, Gartner's Pescatore said. There are two reasons for an organization to deploy security event management tools, according to Pescatore. Large organizations with several hundred firewalls spread across a global network would need to manage the output from those firewalls, and organizations deploying hundreds of network-based intrusion-detection sensors should deploy an event management system to reduce the false alarms generated by the sensors. Unless an organization has made a huge investment in intrusion detection, Gartner researchers recommend holding off on purchasing such systems because more advanced tools will be released in about two years. Others disagree. Intrusion detection "is where the pain is," but security event managers are also collecting data from firewalls and antivirus software, said Juanita Koilpillai, chairman and co-founder of CyberWolf Technologies, formerly Mountain Wave. The Federal Emergency Management Agency now uses the company's product, which automates analysis of data in real time. Symantec Corp. acquired the Falls Church, Va.-based company last month. "It's more than an intrusion-detection issue," Callahan agreed. It's also an issue of tracking who's accessing intellectual capital and the applications and data associated with those assets. Intrusion-detection systems can "tell you that a person is coming through the door, but not all the rooms he's accessed." Security event management tools have the potential to help administrators sort through this information without manually analyzing each individual log file, she said. Meanwhile, other efforts are under way to advance the field of event correlation. For instance, the CERT Coordination Center, located at Carnegie Mellon University, is conducting advance research on developing a common output language for various security systems, said FedCIRC's Hale. And at the SANS Institute, a Bethesda, Md.-based training and education organization for IT security professionals, officials are working with several vendors to determine the market leaders. They will then decide what type of training is needed for security professionals to properly use the products, said Stephen Northcutt, director of training at the institute. "I'm optimistic about the maturity of security event management solutions," Callahan said. As experts refine their efforts to aggregate clusters of data and as vendors develop algorithms for detecting attacks, there should be "a more integrated common view across firewalls, systems, phones and wireless" technology. *** What is event correlation? Event correlation is the process of comparing data from multiple sources to identify attacks, intrusions or misuse. Before data can be correlated, it must be removed from individual security devices and sent to a consolidation point where it is pulled from disparate log files, compressed and prepared for placement into a database. After data is clustered, the security event management system can begin data correlation. Because an attack usually touches many points in a network, leaving a trail, a security analyst can possibly prevent or detect an attack if he or she follows that train.

1 0

You Have An E-Card!!!
by Commissioner 13 Aug '02

13 Aug '02

You have been sent an E-Card Invitation. To See Your Card click http://www.fantasysportshq.com/content/invitation.html You have received this email as a member of Fantasy Sports HQ or one of its partners. From time to time we will contact you about special offers and discounts on exciting fantasy games, contests or advertising from our sponsors. If you do not wish to receive such notifications, simply reply to this message with the word "REMOVE" in the SUBJECT LINE and we will remove you from future mailings.

1 0

Re: Challenge to David Wagner on TCPA
by AARG!Anonymous 13 Aug '02

13 Aug '02

Brian LaMacchia writes: > So the complexity isn't in how the keys get initialized on the SCP (hey, it > could be some crazy little hobbit named Mel who runs around to every machine > and puts them in with a magic wand). The complexity is in the keying > infrastructure and the set of signed statements (certificates, for lack of a > better word) that convey information about how the keys were generated & > stored. Those statements need to be able to represent to other applications > what protocols were followed and precautions taken to protect the private > key. Assuming that there's something like a cert chain here, the root of > this chain chould be an OEM, an IHV, a user, a federal agency, your company, > etc. Whatever that root is, the application that's going to divulge secrets > to the SCP needs to be convinced that the key can be trusted (in the > security sense) not to divulge data encrypted to it to third parties. > Palladium needs to look at the hardware certificates and reliably tell > (under user control) what they are. Anyone can decide if they trust the > system based on the information given; Palladium simply guarantees that it > won't tell anyone your secrets without your explicit request.. This makes a lot of sense, especially for "closed" systems like business LANs and WANs where there is a reasonable centralized authority who can validate the security of the SCP keys. I suggested some time back that since most large businesses receive and configure their computers in the IT department before making them available to employees, that would be a time that they could issue private certs on the embedded SCP keys. The employees' computers could then be configured to use these private certs for their business computing. However the larger vision of trusted computing leverages the global internet and turns it into what is potentially a giant distributed computer. For this to work, for total strangers on the net to have trust in the integrity of applications on each others' machines, will require some kind of centralized trust infrastructure. It may possibly be multi-rooted but you will probably not be able to get away from this requirement. The main problem, it seems to me, is that validating the integrity of the SCP keys cannot be done remotely. You really need physical access to the SCP to be able to know what key is inside it. And even that is not enough, if it is possible that the private key may also exist outside, perhaps because the SCP was initialized by loading an externally generated public/private key pair. You not only need physical access, you have to be there when the SCP is initialized. In practice it seems that only the SCP manufacturer, or at best the OEM who (re) initializes the SCP before installing it on the motherboard, will be in a position to issue certificates. No other central authorities will have physical access to the chips on a near-universal scale at the time of their creation and installation, which is necessary to allow them to issue meaningful certs. At least with the PGP "web of trust" people could in principle validate their keys over the phone, and even then most PGP users never got anyone to sign their keys. An effective web of trust seems much more difficult to achieve with Palladium, except possibly in small groups that already trust each other anyway. If we do end up with only a few trusted root keys, most internet-scale trusted computing software is going to have those roots built in. Those keys will be extremely valuable, potentially even more so than Verisign's root keys, because trusted computing is actually a far more powerful technology than the trivial things done today with PKI. I hope the Palladium designers give serious thought to the issue of how those trusted root keys can be protected appropriately. It's not going to be enough to say "it's not our problem". For trusted computing to reach its potential, security has to be engineered into the system from the beginning - and that security must start at the root! --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)wasabisystems.com

2 1

Station T APB for E-Bay Escapee.
by Matthew X 13 Aug '02

13 Aug '02

http://www.theregister.co.uk/content/6/26654.html Its KAOS over here in the hunt for e-bay scammer Mehmet Onan.How the fuck am i supposed to sell my dell when I get it back some cold day in hell. Dead man talking,Shrub wants small business advice? How about GAMES,ProN and PROSTITUTION! Throw in drugs,arms and munitions and you have a totally free market led recovery.Anyone else need killing? Theres one in every crowd... The managing director of a film distribution company has called for people convicted of film piracy to be jailed. Allan Finney from Buena Vista International was speaking at the 57th annual movie convention on the Gold Coast.

1 0

Neo-Nazi's are run by Mi6...when its not the KGB
by Matthew X 13 Aug '02

13 Aug '02

In his book KGB: The Secret Work of Soviet Secret Agents (Hodder and Stoughton, 1974), John Barron has thrown some interesting light on the question: Under KGB guidance, the Czech STB in 1956 started mailing virulent neo-Nazi tracts to French, British, and American officials in Europe. They bore the imprimatur of a non-existent organisation called the Fighting Group for an Independent Germany (Kampfverband für Unabhängiges Deutschland). Continuing propaganda from this phantom organisation created the impression that a gang of fanatical resurgent Nazis was active in West Germany. Communist organised swastika daubings of 1959-60 led to increased demand for race legislation: "In some cases - Austria, Germany, Norway - existing legislation has been supplemented as a direct result of the swastika-daubing outbreak of the winter of 1959-60." Later... Germany's most notorious postwar neo-Nazi party was led by an intelligence agent working for the British.....( Guardian Unlimited, 13 Aug 02) http://www.guardian.co.uk/international/story/0,3604,773568,00.html Neo-Nazi leader 'was MI6 agent' John Hooper in Berlin Tuesday August 13, 2002 The Guardian Germany's most notorious postwar neo-Nazi party was led by an intelligence agent working for the British, according to both published and unpublished German sources. The alleged agent - the late Adolf von Thadden - came closer than anyone to giving the far-right real influence over postwar German politics. Under his leadership, the National Democratic party (NPD) made a string of impressive showings in regional elections in the late 60s, and there were widespread fears that it would gain representation in the federal parliament. Yet, according to a report earlier this year in the Cologne daily, the Kölner Stadt-Anzeiger, the man dubbed "the New Führer" was working for British intelligence throughout the four years he led the NPD, from 1967 to 1971. However, a former senior officer in German intelligence told the Guardian this week that he had been informed of a much longer-standing link between Von Thadden and British intelligence. His recollection raises the question of whether the German far-right-winger was under the sway of M16 when he and others founded the NPD in 1964. Dr Hans Josef Horchem, who was the head of the Hamburg office of the Verfassungsschutz - the West German security service - from 1969 to 1981, said he received regular visits from British intelligence liaison officers. "We held general discussions on security. At one of these - I think it was towards the end of the 70s- they said, 'Adolf von Thadden was in contact with us', and that that was in the 1950s". Mr Horchem did not know whether the links between the German and British intelligence had continued into the 60s and 70s. According to the Kölner Stadt-Anzeiger, whose report passed virtually unnoticed when it was published, the neo-Nazi leader met his British contact at a hotel in Hamburg. Germany's government is currently trying to ban the NPD on the basis that its policies violate the constitution. But the government's case is in danger of collapse after the disclosure that some senior NPD members were agents of the Verfassungsschutz. This has sparked debate about the extent to which counter-intelligence officers were sustaining the far right in their efforts to monitor it. Similar issues arise in Von Thadden's case. The question also arises of whether MI6 was seeking help from the neo-Nazi movement when far-left militancy was sweeping Europe after the uprising of May 1968 in Paris. Von Thadden left the NPD in 1975, and died at the age of 75 in 1996. His younger sister, Barbara Fox von Thadden, said she had had no reason to suspect her brother worked for British intelligence. But she added that they had very different political views and steered away from political discussion. They had an English grandmother, and Ms Fox von Thadden said her brother "did like coming to Britain, and did like Britain very much".

1 0