At 01:46 PM 8/13/04 -0400, John Kelsey wrote:

...

From: "Major Variola (ret)" <mv@cdc.gov> Obvious lesson: Steganography tool authors, your programs should use the worm/HIV trick of changing their signatures with every invocation. Much harder for the forensic fedz to recognize your tools. (As suspicious, of course).

I would have thought the obvious lesson was to keep all your important work on an >encrypted disk partition, with a good password and a high iteration count. This is true not >just for criminals and terrorists, but for anyone who doesn't want the information on their >hard drive read by anyone who happens to steal their computer.

If you include "PDA & Cellphone" as computer; or include "flash eeprom" as a "hard drive", then we agree. Most Persons of Interest will have secrets on their mobile gizmos (which use flash memory) as well as their PC's spinning disks. Sync'ing the PDA + PC means the security boundary includes them both. The important lesson is that all your gizmos will be seized and analyzed. And that the world needs good Linux-based-PDA & flash-mem-compatible security tools. And don't forget the epoxy...