Fuck the usenet cabal
I came up with yet another brilliant idea. Stanford Wallace's Cyberpromo site has been hacked by some criminals, but it's coming back. In particular, he's giving away free autoresponders again. (An autoresponder is an address@cyberpromo.com to which you can send an e-mail and get back a pre-recorded response, if your site accepts e-mail from cyberpromo. Supposedly anyone can set one of them up for free and provide their own automatic response. Stanford is running a promotion.) Now, suppose some non-US person sets up an auto-responder that sends out strong crypto software, and another non-US person requests it and gets it. Is anyone going to be guilty of ITAR violations? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
On Tue, 12 Aug 1997, Dr.Dimitri Vulis KOTM wrote:
(An autoresponder is an address@cyberpromo.com to which you can send an e-mail and get back a pre-recorded response, if your site accepts e-mail from cyberpromo. Supposedly anyone can set one of them up for free and provide their own automatic response. Stanford is running a promotion.)
Now, suppose some non-US person sets up an auto-responder that sends out strong crypto software, and another non-US person requests it and gets it.
Is anyone going to be guilty of ITAR violations?
Nice idea Doc, but anyone who goes there you can bet will have their email address added to spamfords databases, and they'll also get loads of spam in addition to the crypto you wish to export. :) Let's not make deals with the devil. (Still if the guy on the other side is smart enough to get a temporary demo account, you're on to a good idea.) =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian |Prying open my 3rd eye. So good to see |./|\. ..\|/..|sunder@sundernet.com|you once again. I thought you were |/\|/\ <--*-->| ------------------ |hiding, and you thought that I had run |\/|\/ ../|\..| "A toast to Odin, |away chasing the tail of dogma. I opened|.\|/. .+.v.+.|God of screwdrivers"|my eye and there we were.... |..... ======================= http://www.sundernet.com ==========================
Ray Arachelian <sunder@brainlink.com> writes:
On Tue, 12 Aug 1997, Dr.Dimitri Vulis KOTM wrote:
[using autoresponder to violate ITAR] Is anyone going to be guilty of ITAR violations?
Nice idea Doc, but anyone who goes there you can bet will have their email address added to spamfords databases, and they'll also get loads of spam in addition to the crypto you wish to export. :) Let's not make deals with the devil. (Still if the guy on the other side is smart enough to get a temporary demo account, you're on to a good idea.)
perhaps a hotmail account would do the trick, just bin the account when you've finished. Adam
-----BEGIN PGP SIGNED MESSAGE----- On Tue, 12 Aug 1997, Dr.Dimitri Vulis KOTM wrote:
I came up with yet another brilliant idea.
You know doing that is dangourous.
Stanford Wallace's Cyberpromo site has been hacked by some criminals, but it's coming back. In particular, he's giving away free autoresponders again.
If we can aggarnge an anon autoresponder. Knowing the way Standford opperates this will not be hard.
(An autoresponder is an address@cyberpromo.com to which you can send an e-mail and get back a pre-recorded response,
The only problem is that he may be using it for email collecting persoposes.
Now, suppose some non-US person sets up an auto-responder that sends out strong crypto software, and another non-US person requests it and gets it.
Is anyone going to be guilty of ITAR violations?
Well if thay can't trace it back to the person who put it on the system thay will go after the system itself. US goverment VS Standfor Wallus, who ever looses We win. - -- Please excuse my spelling as I suffer from agraphia see the url in my header. Never trust a country with more peaple then sheep. ex-net.scum and proud You Say To People "Throw Off Your Chains" And They Make New Chains For Themselves? --Terry Pratchett -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBM/Fwn6QK0ynCmdStAQFZYQQAq0KTJ+QU/7suf5MyPozcYDiezrljRCFJ 8uWFPjxTNSXhVR0nwpZKhOO1hub/2LwK+n4njS79ngCDD0adC9of9ecoSgvrneeT qySrKDafhEKcGS3aZ3RtwsGgWPB2lmWTIJULzj279+yWbSDV6x1nJrnSomZsT9qZ Mgn04ILdUu4= =1BLo -----END PGP SIGNATURE-----
? the Platypus {aka David Formosa} <dformosa@st.nepean.uws.edu.au> writes:
Now, suppose some non-US person sets up an auto-responder that sends out strong crypto software, and another non-US person requests it and gets it.
Is anyone going to be guilty of ITAR violations?
Well if thay can't trace it back to the person who put it on the system thay will go after the system itself.
Another related thought: some folks send out lots of unwanted e-mail offering to broadcast an ad to a million addresses for $40 or some such. What if a non-US person paid them $40 to spam people outside the U.S. with strong crypto? Is it possible to stuff a blatant ITAR violation into about 100 lines of ascii? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
On Wed, 13 Aug 1997, Dr.Dimitri Vulis KOTM wrote:
What if a non-US person paid them $40 to spam people outside the U.S. with strong crypto?
Is it possible to stuff a blatant ITAR violation into about 100 lines of ascii?
Already been done. RSA in 4 lines of Perl, etc... Heck there was even a site out that that cut a UUENCODED copy of PGP into many bits and asked people to grab one of the bits to use as their signature. I.e. Part 50 out of N of PGP, etc... Someone with huge usenet archives (or cd's) could search for all of these outside of the USA and put them together into the whole. :) No need to pay someone $40 to spam when people will freely do this. You could also take a packet radio modem and spam short wave (or whatever packet radio uses or can use that can get outside the usa) and send PGP that way if you like. Or take PGP, uuencode it and fax it outside of the USA. Or feed it through a voice synth and read it to a foreign phone number that has a voice decoder, or compose it as a MIDI song as Kent suggested and broadcast the song... Or tatoo it on your ass then when you visit russia have someone take a picture. :) (Though you might then be arrested in russia for porno or whatever the laws are there, heheheheh....) Don't even need to use the internet to piss off the feds. :) =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian |Prying open my 3rd eye. So good to see |./|\. ..\|/..|sunder@sundernet.com|you once again. I thought you were |/\|/\ <--*-->| ------------------ |hiding, and you thought that I had run |\/|\/ ../|\..| "A toast to Odin, |away chasing the tail of dogma. I opened|.\|/. .+.v.+.|God of screwdrivers"|my eye and there we were.... |..... ======================= http://www.sundernet.com ==========================
-----BEGIN PGP SIGNED MESSAGE----- Ray Arachelian wrote:
On Wed, 13 Aug 1997, Dr.Dimitri Vulis KOTM wrote:
What if a non-US person paid them $40 to spam people outside the U.S. with strong crypto?
Is it possible to stuff a blatant ITAR violation into about 100 lines of ascii?
Already been done. RSA in 4 lines of Perl, etc... Heck there was even a site out that that cut a UUENCODED copy of PGP into many bits and asked
Is RSA in 3 lines of PERL an ITAR violation? Its more like "meta" code for bc todo RSA. adam? - -- Vipul Ved Prakash | - Electronic Security & Crypto vipul@pobox.com | - Web Objects 91 11 2233328 | - PERL Development 198 Madhuban IP Extension | - Linux & Open Systems Delhi, INDIA 110 092 | - Networked Virtual Spaces -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBM/KZHvfccPDXGRjVAQEIxgP/Y6SXfAnz8wu5g6k1a2ZBoDtbq5qifjzL ENNZBEx4ncd20o2kx71mvUEcpfkiZ3XWxKQWHMgji28Av9XQa+TU1BtEY5jjShV4 YSdjQgerzCMDdr2stvIbfFwUaIYxwn1tjUkvle2wMmGDK4NDUf6iXFOa5jFtn1aZ bvjO2iZTlKg= =Ro2S -----END PGP SIGNATURE-----
At 2:05 AM -0700 8/15/97, Bill Stewart wrote:
At 05:35 AM 8/14/97 +0000, Vipul Ved Prakash wrote:
Already been done. RSA in 4 lines of Perl, etc... Heck there was even a site out that that cut a UUENCODED copy of PGP into many bits and asked
Is RSA in 3 lines of PERL an ITAR violation? Its more like "meta" code for bc todo RSA. adam?
Well, Raph Levien applied for an export permit for the RSA-in-4-lines-of-PERL shirt several years ago, and the export thugs stalled on it and never responded positively or negatively, in spite of their publicly stated policies that they "will" respond in some small number of days.
Since then, they've changed the laws, and the PERL RSA has gotten shorter...
Of course, it's not a violation for Adam - he's not an American :-)
But of course Adam was seen within U.S. borders wearing such a shirt. This means the act of importation had occurred, regardless of where Adam came from (and regardless of where the shirt was made, etc.). And once imported, code becomes subject to all of the usual ITARs and related laws. (They changed the name "ITAR" to something else, which I've forgotten...no doubt 5 people will post one-liners telling me what it is.) So unless Adam disposed of this shirt, to a bonafide American or America-approved subject, before his departure from the U.S. last summer.... Perhaps a DEA snatch team can be pressed into service to nab him in England, drug him, wrap him in tarps, and spirit him onto a C-5 cargo plane headed for the Land of the Freeh. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Tim May <tcmay@got.net> writes:
At 2:05 AM -0700 8/15/97, Bill Stewart wrote:
At 05:35 AM 8/14/97 +0000, Vipul Ved Prakash wrote:
Since then, they've changed the laws, and the PERL RSA has gotten shorter...
Of course, it's not a violation for Adam - he's not an American :-)
But of course Adam was seen within U.S. borders wearing such a shirt. This means the act of importation had occurred, regardless of where Adam came from (and regardless of where the shirt was made, etc.).
Made in UK, imported into US from UK, and then re-exported.
And once imported, code becomes subject to all of the usual ITARs and related laws. (They changed the name "ITAR" to something else, which I've forgotten...no doubt 5 people will post one-liners telling me what it is.)
EAR. But it was still ITAR at the time.
So unless Adam disposed of this shirt, to a bonafide American or America-approved subject, before his departure from the U.S. last summer....
Nope, I wore it out again (under another garment -- concealed munitions). Had another one in my luggage which they searched. My luggage was searched on the way in and on the way out, and lots of nosy questions were asked too. Walked straight through both times in the UK.
Perhaps a DEA snatch team can be pressed into service to nab him in England, drug him, wrap him in tarps, and spirit him onto a C-5 cargo plane headed for the Land of the Freeh.
That'd be nice, a freeh holiday :-) There are I think a number of US people who have worn them through US borders. Perhaps we should collectively turn ourselves in and demand they enforce the law. Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
Ray Arachelian <sunder@brainlink.com> writes:
On Wed, 13 Aug 1997, Dr.Dimitri Vulis KOTM wrote:
What if a non-US person paid them $40 to spam people outside the U.S. with strong crypto?
Is it possible to stuff a blatant ITAR violation into about 100 lines of as
Already been done. RSA in 4 lines of Perl, etc... Heck there was even a
I mean a useable package.
site out that that cut a UUENCODED copy of PGP into many bits and asked people to grab one of the bits to use as their signature. I.e. Part 50 out of N of PGP, etc... Someone with huge usenet archives (or cd's) could search for all of these outside of the USA and put them together into the
Yes, but how practical is it?
whole. :) No need to pay someone $40 to spam when people will freely do this.
Stanford Wallace gives out free autoresponders.
You could also take a packet radio modem and spam short wave (or whatever packet radio uses or can use that can get outside the usa) and send PGP that way if you like. Or take PGP, uuencode it and fax it outside of the USA. Or feed it through a voice synth and read it to a foreign phone number that has a voice decoder, or compose it as a MIDI song as Kent suggested and broadcast the song... Or tatoo it on your ass then when you visit russia have someone take a picture. :) (Though you might then be arrested in russia for porno or whatever the laws are there, heheheheh....)
Unsilenced use of crypto. However the point is to get Cyberpromo to export crypto in violation of ITAR without annoying people with spam. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
Dimitri Vulis <dlv@bwalk.dm.com> writes:
Is it possible to stuff a blatant ITAR violation into about 100 lines
Already been done. RSA in 4 lines of Perl, etc...
I mean a useable package.
I once started trying to implement full PGP functionality in as few lines of perl/dc as possible. I got pgp signature verification working. and PGP compatible IDEA PRZ style CFB mode in 9 lines. and PGP key lookup in 7 lines. and MD5 in 8 lines. (Several of those were other peoples contributions) If you used /dev/random for random numbers plus a bit more glue, it would've worked. Everything put compression and key generation. There was a perl competition for the most interesting program in under 2000 characters of perl. I ran out of enthousiasm, patience before completing. With a whole 100 lines to play with you could probably do key gen and compression too. (I wondered if you could shell gzip or zip and some hacking to get PGP zip functionality, as it is just ripped off zip code). Makes you wonder what PRZ did wrong with pgp 2.x, what did he use to pad it out to 34,881 lines? PGP 5.0 is fearsomely large, and I'm sure you could do the rest too in a few more 10s of lines (already got an SHA1, DSS is more twiddling in dc, already got DES in 21 lines, no CAST but that wouldn't be too hard). If anyone is interested naturally I can share the current code. The perl 2000 char competition probably is once a year or something. Any takers? Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
At 08:30 AM 8/14/97 +0100, Adam Back wrote:
I once started trying to implement full PGP functionality in as few lines of perl/dc as possible.
I got pgp signature verification working. and PGP compatible IDEA PRZ style CFB mode in 9 lines. and PGP key lookup in 7 lines. and MD5 in 8 lines.
(Several of those were other peoples contributions)
If you used /dev/random for random numbers plus a bit more glue, it would've worked. Everything put compression and key generation.
If you want to skip PGP file format compatibility, and type the occasional key in in hex, it should be even shorter; the ideal is to fit in about 60 lines for faxing on one page :-) Steve Reid did an RSA key generation program that, in squashed form, looks like this (there's an expanded version with comments.) It depends on the user entering a lot of random junk, but that's what your N monkeys and keyboards are for. #!/usr/local/bin/perl $k=768;$e=sprintf'%X',65537;print"Please enter a LOT of random junk.\n" ;$a=<STDIN>;print"Working. This may take a while.\n";for(1..(length($a)- 1)){$b[$_&31]^=unpack('C',substr($a,$_,1));$b[$_&31]=(($b[$_&31]<<5)|($b [$_&31]>>3))&255;}for(0..255){$c[$_]=$_;}$a=$d=$f=0;for(0..255){$a=($a+ $c[$_]+$b[$a&31])&255;($c[$_],$c[$a])=($c[$a],$c[$_]);}open(F,'|dc'); select F;print"16dio[$e+]sa";for(1..50){for(1..$k/32){printf'%02X',&g;} print"Sr";}for(1,2){printf'%02X',&g|128;for(2..$k/16){printf'%02X',&g;} print"d$e%-2+d2%0=aSP";}print"[d2%SA2/d0<X+d*LA1=ZlP%0]sX[lR*]sZ[1+Q]sQ[ la1+sa0sc]sA[lAxlb1+sb]sB[ld1+sdLrddSssR1lP1-2/lXx+1+lP%99scd0=A2=Bclcla +32>C]sC[LsSrld1-dsd0<D]sD[le1+se0ddsasbsdlCxlDxlP2 $e*+sPlc99=Elb32=ElP 2 $e*-led1>QQ]sE_1selExsq_1seLPlExsp[p=]Plpp[q=]Plqp[n=]P*p[e=]P$e p1-lp 1-lq1-**1+$e/[d=]Pp\n";close(F);sub g{$d=($d+1)&255;$f=($f+$c[$d])&255;( $c[$d],$c[$f])=($c[$f],$c[$d]);return($c[($c[$d]+$c[$f])&255]);} # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list or news, please Cc: me on replies. Thanks.)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dr.Dimitri Vulis KOTM wrote:
However the point is to get Cyberpromo to export crypto in violation of ITAR without annoying people with spam.
Why? All crypto has already been exported. If you're trying to get Spamford in trouble by blowing the whistle on him for EAR violations, it won't work. He'll just claim that he wasn't aware of the crypto export and then he'll shut down that auto responder. It is not illegal to export crypto unknowingly. Spend your free time on debugging PGP5 instead. -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBM/K93cUc8bdD9cnfEQLzZQCg9WqtS0Enu1Pff+E8I0YzLbGQCxkAn3j0 SU+xwU5CGufp/kgzs5earrpC =T1Mj -----END PGP SIGNATURE----- Mike.
At 05:35 AM 8/14/97 +0000, Vipul Ved Prakash wrote:
Already been done. RSA in 4 lines of Perl, etc... Heck there was even a site out that that cut a UUENCODED copy of PGP into many bits and asked
Is RSA in 3 lines of PERL an ITAR violation? Its more like "meta" code for bc todo RSA. adam?
Well, Raph Levien applied for an export permit for the RSA-in-4-lines-of-PERL shirt several years ago, and the export thugs stalled on it and never responded positively or negatively, in spite of their publicly stated policies that they "will" respond in some small number of days. Since then, they've changed the laws, and the PERL RSA has gotten shorter... Of course, it's not a violation for Adam - he's not an American :-) # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list or news, please Cc: me on replies. Thanks.)
-----BEGIN PGP SIGNED MESSAGE----- In <Pine.SUN.3.96.970813161558.7599O-100000@beast.brainlink.com>, on 08/13/97 at 04:20 PM, Ray Arachelian <sunder@brainlink.com> said:
On Wed, 13 Aug 1997, Dr.Dimitri Vulis KOTM wrote:
What if a non-US person paid them $40 to spam people outside the U.S. with strong crypto?
Is it possible to stuff a blatant ITAR violation into about 100 lines of ascii?
Already been done. RSA in 4 lines of Perl, etc... Heck there was even a site out that that cut a UUENCODED copy of PGP into many bits and asked people to grab one of the bits to use as their signature. I.e. Part 50 out of N of PGP, etc... Someone with huge usenet archives (or cd's) could search for all of these outside of the USA and put them together into the whole. :) No need to pay someone $40 to spam when people will freely do this.
You could also take a packet radio modem and spam short wave (or whatever packet radio uses or can use that can get outside the usa) and send PGP that way if you like. Or take PGP, uuencode it and fax it outside of the USA. Or feed it through a voice synth and read it to a foreign phone number that has a voice decoder, or compose it as a MIDI song as Kent suggested and broadcast the song... Or tatoo it on your ass then when you visit russia have someone take a picture. :) (Though you might then be arrested in russia for porno or whatever the laws are there, heheheheh....)
Don't even need to use the internet to piss off the feds. :)
Ofcource you can just go to my web site and download PGP. IMNSHO Fuck the Feds. I for one will not let them violate my First Amendment Rights no matter how much they say that it is a Good Thing (tm) to do so. - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBM/Ixk49Co1n+aLhhAQGdcQP9HGrAETjjycsjJHu+TM7UPN0b9cGc+5E5 tcIQp8XOvIwu+EzV/i8ZE7aDDsxe7oZXS0MJwabgFYKYNSdlKU0lk7ept+Td3Yc0 ++RuV03X9TE1EgxdevUk6hf84Jnw97FwhAkTraf+Z/Mqv3eaJoBFDoJFhzH6BMwO 7U0hWqqy0a4= =tT/B -----END PGP SIGNATURE-----
participants (9)
-
? the Platypus {aka David Formosa} -
Adam Back -
Bill Stewart -
dlv@bwalk.dm.com -
Mike -
Ray Arachelian -
Tim May -
Vipul Ved Prakash -
William H. Geiger III