From jya at pipeline.com Sat May 4 08:07:52 2002 From: jya at pipeline.com (John Young) Date: Sat, 04 May 2002 08:07:52 -0700 Subject: Why I fill this list with SPAM In-Reply-To: <3CD33502.32279.2EADF98@localhost> Message-ID: Jim pukes: >Because I can. >More slashdot is coming The shit you post is less than spam which has minimal content and is anonymous or forged and took slim intelligence to prepare and lob. You send your stinky asswipe, in your own shitty name, as if having wiped your asshole with an article means you need someone to tell you what's it said. Your momma may have done that for you, and may still do it, whispering your tiny brainlessness is so sweet, baby, but it's time Jim for you to use the Net for more than a replacement ofr the slit trench you came out of squawling and pissing. Momma Choate, sober up, your mustardy bastard has grown into a mooning buffoon like his lickturd daddy. Poke him back uphole till he's fully developed and housebreakable. Best, back to the future: sneak into a clinic and trash the shit machine, coathanger its solid noggin. From bilsag at bilsag.com.tr Sat May 4 07:56:34 2002 From: bilsag at bilsag.com.tr (bilsag) Date: Sat, 4 May 2002 17:56:34 +0300 Subject: CEVIRI YAZILIMLARI Message-ID: <200206031457.g53Evou04914@waste.minder.net> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3841 bytes Desc: not available URL: From mujbattenbusinessfek at battenbusiness.com Tue May 7 07:52:28 2002 From: mujbattenbusinessfek at battenbusiness.com (Lakisha Jean) Date: Tue, 7 May 2002 13:52:28 -0100 Subject: Olny this 5 days special price on pharma for you dear customer Message-ID: <776065831.58027992457589@battenbusiness.com> Our Warmest Helloes!!! Particular proposal for you Our Dear Client!!! At these five days only for our customers inconceivable offer!!! On all medicinal agents you need!!! Fill your life with colours of delight!!! http://covervalue.cn/ Truly yours, On-line community of pharmaceutical chemists -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 726 bytes Desc: not available URL: From rxtdu at mailmij.nl Sun May 12 08:22:52 2002 From: rxtdu at mailmij.nl (rxtdu at mailmij.nl) Date: Sun, 12 May 2002 10:22:52 -0500 Subject: INCREASED PRODUCTIVITY MEANS MORE PROFIT. Message-ID: <200206031608.g53G8H702011@smtp2.info.com.ph> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 677 bytes Desc: not available URL: From tarkan at hotmail.com Tue May 14 15:04:43 2002 From: tarkan at hotmail.com (tarkan at hotmail.com) Date: Wed, 15 May 2002 01:04:43 +0300 Subject: Tarkan -Bir Oluruz Yolunda (yukle) Message-ID: A non-text attachment was scrubbed... Name: not available Type: text/html Size: 333 bytes Desc: not available URL: From bill.stewart at pobox.com Wed May 22 13:42:06 2002 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 22 May 2002 13:42:06 -0700 Subject: NAI pulls out the DMCA stick In-Reply-To: References: <1022039381.3760.10.camel@localhost.localdomain> <3CEAE94D.30700@barrera.org> <1022039381.3760.10.camel@localhost.localdomain> Message-ID: <5.1.0.14.1.20020522132742.0397dec0@idiom.com> At 12:43 AM 05/22/2002 -0400, R. A. Hettinga wrote: >At 11:49 PM -0400 on 5/21/02, Luis Villa wrote, on FoRK: > > Well, yes, but you seem to be implying some sinister motive that > > not all of us are reading between the lines clearly enough to see > > :) I mean, otherwise, this just seems like a fairly garden-variety > > silly use of the DMCA by a large software company. What am I > > missing? > >Not much. -----BEGIN PGP UNSIGNED MESSAGE---- NAI is trying to sell off the remains of PGP Inc., and rather than try to get money for a twisted empty shell of a dot-com-era software company, they're probably hoping to have a less-empty shell by maximizing the remaining value of "their" "intellectual property". So yes, it's in Bob's second category of history. :-) -----BEGIN PGP UNSIGNED MESSAGE---- From eresrch at eskimo.com Wed May 22 18:29:38 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Wed, 22 May 2002 18:29:38 -0700 (PDT) Subject: Testing.. In-Reply-To: <3CEC370B.8C7CF523@acmenet.net> Message-ID: On Wed, 22 May 2002, Steve Furlong wrote: > No problem --- I was just waxing my bikini line. > > (This disgusting mental image courtesy of the Janet Reno Full Frontal > Nudity Collection.) > > (That disgusting mental image courtesy of me.) That depends on the gender "preference" of the reader I think - might not be disgusting to the right state of mind :-) That's not sick, it's funny! Patience, persistence, truth, Dr. mike From 1e2m3maa4457 at yahoo.com Wed May 22 17:40:12 2002 From: 1e2m3maa4457 at yahoo.com (Direct EMail) Date: Wed, 22 May 2002 19:40:12 -0500 Subject: Targeted EMails, Safe Sending, get your ad SEEN. Message-ID: <200205230056.TAA07702@einstein.ssz.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4954 bytes Desc: not available URL: From sfurlong at acmenet.net Wed May 22 17:25:47 2002 From: sfurlong at acmenet.net (Steve Furlong) Date: Wed, 22 May 2002 20:25:47 -0400 Subject: Testing.. References: <20020522234727.GC4985@hq.pro-ns.net> Message-ID: <3CEC370B.8C7CF523@acmenet.net> Bill O'Hanlon wrote: > > Sorry for the intrusion. No problem --- I was just waxing my bikini line. (This disgusting mental image courtesy of the Janet Reno Full Frontal Nudity Collection.) (That disgusting mental image courtesy of me.) -- Steve Furlong Computer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking From jya at pipeline.com Wed May 22 22:35:45 2002 From: jya at pipeline.com (John Young) Date: Wed, 22 May 2002 22:35:45 -0700 Subject: Analysis of Neural Cryptography Message-ID: Analysis of Neural Cryptography Alexander Klimov, Anton Mityaguine, and Adi Shamir Computer Science Department The Weizmann Institute, Rehovot 76100, Israel {ask,mityagin,shamir}@wisdom.weizmann.ac.il Abstract. In this paper we analyse the security of a new key exchange protocol proposed in [3], which is based on mutually learning neural networks. This is a new potential source for public key cryptographic schemes which are not based on number theoretic functions, and have small time and memory complexities. In the first part of the paper we analyse the scheme, explain why the two parties converge to a common key, and why an attacker using a similar neural network is unlikely to converge to the same key. However, in the second part of the paper we show that this key exchange protocol can be broken in three different ways, and thus it is completely insecure. ____________________ 3. Ido Kanter, Wolfgang Kinzel, Eran Kanter, "Secure exchange of information by synchronization of neural networks'', Europhys., Lett. 57, 141, 2002. http://cryptome.org/neuralsub.ps (11 pages. 366KB) From avernon123 at post.sk Thu May 23 09:56:09 2002 From: avernon123 at post.sk (ELTON) Date: Wed, 22 May 2002 22:56:09 -1800 Subject: lowest home mortgage rate ERKCCKJ Message-ID: <000016211b45$000043fa$0000712a@smtp.post.sk> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 475 bytes Desc: not available URL: From niffullbookfeb at fullbook.com Wed May 22 17:46:11 2002 From: niffullbookfeb at fullbook.com (Therese Reyes) Date: Wed, 22 May 2002 23:46:11 -0100 Subject: Stop the painful craving for more food Message-ID: <147446967.01861471762737@thhebat.net> Profit by your chance! – Anatrim – The very up-to-date & most attracting product for over-weight people is made available now – As could be seen on Oprah Do you remember all the situations when you said to yourself you would do any thing for being rescued from this frightful number of lbs? Happily, now no great price is to be paid. With Anatrim, the ground-shaking, you can get healthier mode of life and become really thinner. Just look at what customers state! “I had always led an astonishing life until a year ago my girl said to me I was portly and in want of being attentive to my health. My life had suddenly changed after that, until I disclosed Anatrim ™ for me. After getting rid of about 20 kilogrammes only thanks to Anatrim, my private life’s come back, even considerably better than before. Lots of thanks for the coolest stuff and the top-quality service. Keep on the worthy business!” Steve Burbon, Las Vegas "There’s nothing better than slipping into a bikini I haven't worn for many long years. Now I feel slim, determined, and strong, thanx to a great extent to Anatrim! Plenty of thanks to you!" Rita R., Chicago Discover Anatrim, and you'll add yourself to the world-spread association of thousands of delighted buyers who’re enjoying the revolutionary results of Anatrim here & now. Less eating madness, less kilogrames and more gaiety in life! Proceed right here to gaze at our unbeatable Anatrim deals!!! http://www.wespards.net/?g368756A7573786F6A33777E6D777A70456B79746Cw7ftffin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2048 bytes Desc: not available URL: From shamrock at cypherpunks.to Thu May 23 00:24:00 2002 From: shamrock at cypherpunks.to (Lucky Green) Date: Thu, 23 May 2002 00:24:00 -0700 Subject: NAI pulls out the DMCA stick In-Reply-To: <20020522110202.A1992@lightship.internal.homeport.org> Message-ID: <006501c2022a$cf4765c0$c33a080a@LUCKYVAIO> Adam wrote: > Which is too bad. If NAI-PGP went away completely, then > compatability problems would be reduced. I also expect that > the German goverment group currently funding GPG would be > more willing to fund UI work for windows. Tell me about it. PGP, GPG, and all its variants need to die before S/MIME will be able to break into the Open Source community, thus removing the last, but persistent, block to an instant increase in number of potential users of secure email by several orders of magnitude. Here's to hoping, --Lucky From ravage at einstein.ssz.com Thu May 23 05:25:22 2002 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 23 May 2002 07:25:22 -0500 Subject: Slashdot | FBI Databases Used for Stock Fraud Message-ID: <3CECDFB2.5FDE6FBF@ssz.com> http://slashdot.org/articles/02/05/22/2347219.shtml?tid=158 -- -- ____________________________________________________________________ A witty saying proves nothing. Voltaire ravage at ssz.com www.ssz.com jchoate at open-forge.org www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Thu May 23 05:27:14 2002 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 23 May 2002 07:27:14 -0500 Subject: Slashdot | Future Computers Message-ID: <3CECE022.BAF85E01@ssz.com> http://slashdot.org/articles/02/05/22/2350205.shtml?tid=126 -- -- ____________________________________________________________________ A witty saying proves nothing. Voltaire ravage at ssz.com www.ssz.com jchoate at open-forge.org www.open-forge.org -------------------------------------------------------------------- From marshall at idio.com Thu May 23 08:32:56 2002 From: marshall at idio.com (Marshall Clow) Date: Thu, 23 May 2002 08:32:56 -0700 Subject: NAI pulls out the DMCA stick In-Reply-To: <20020523103422.A13263@lightship.internal.homeport.org> References: <20020522110202.A1992@lightship.internal.homeport.org> <006501c2022a$cf4765c0$c33a080a@LUCKYVAIO> <20020523103422.A13263@lightship.internal.homeport.org> Message-ID: At 10:34 AM -0400 5/23/02, Adam Shostack wrote: >On Thu, May 23, 2002 at 12:24:00AM -0700, Lucky Green wrote: >| Adam wrote: >| > Which is too bad. If NAI-PGP went away completely, then >| > compatability problems would be reduced. I also expect that >| > the German goverment group currently funding GPG would be >| > more willing to fund UI work for windows. >| >| Tell me about it. PGP, GPG, and all its variants need to die before >| S/MIME will be able to break into the Open Source community, thus >| removing the last, but persistent, block to an instant increase in >| number of potential users of secure email by several orders of >| magnitude. > >Are you claiming that S/mime no longer has the enourmous compatability >problems it used to have? > >Is there any Open source implementation of the protocol? Try . For some definitions of open source, it qualifies. -- -- Marshall Marshall Clow Idio Software My name is Bobba Fett. You killed my father, prepare to die! From adam at homeport.org Thu May 23 07:34:22 2002 From: adam at homeport.org (Adam Shostack) Date: Thu, 23 May 2002 10:34:22 -0400 Subject: NAI pulls out the DMCA stick In-Reply-To: <006501c2022a$cf4765c0$c33a080a@LUCKYVAIO>; from shamrock@cypherpunks.to on Thu, May 23, 2002 at 12:24:00AM -0700 References: <20020522110202.A1992@lightship.internal.homeport.org> <006501c2022a$cf4765c0$c33a080a@LUCKYVAIO> Message-ID: <20020523103422.A13263@lightship.internal.homeport.org> On Thu, May 23, 2002 at 12:24:00AM -0700, Lucky Green wrote: | Adam wrote: | > Which is too bad. If NAI-PGP went away completely, then | > compatability problems would be reduced. I also expect that | > the German goverment group currently funding GPG would be | > more willing to fund UI work for windows. | | Tell me about it. PGP, GPG, and all its variants need to die before | S/MIME will be able to break into the Open Source community, thus | removing the last, but persistent, block to an instant increase in | number of potential users of secure email by several orders of | magnitude. Are you claiming that S/mime no longer has the enourmous compatability problems it used to have? Is there any Open source implementation of the protocol? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From schear at lvcm.com Thu May 23 10:44:39 2002 From: schear at lvcm.com (Steve Schear) Date: Thu, 23 May 2002 10:44:39 -0700 Subject: Open-Source Fight Flares At Pentagon Microsoft Lobbies Hard Against Free Software Message-ID: <5.1.0.14.2.20020523104014.02cc3898@pop3.lvcm.com> >Open-Source Fight Flares At Pentagon >Microsoft Lobbies Hard Against Free Software > > >By Jonathan Krim >Washington Post Staff Writer >Thursday, May 23, 2002; Page E01 > >Microsoft Corp. is aggressively lobbying the Pentagon to squelch its >growing use of freely distributed computer software and switch to >proprietary systems such as those sold by the software giant, >according to officials familiar with the campaign. > >In what one military source called a "barrage" of contacts with >officials at the Defense Information Systems Agency and the office of >Defense Secretary Donald H. Rumsfeld over the past few months, the >company said "open source" software threatens security and its >intellectual property. > >But the effort may have backfired. A May 10 report prepared for the >Defense Department concluded that open source often results in more >secure, less expensive applications and that, if anything, its use >should be expanded. > >"Banning open source would have immediate, broad, and strongly >negative impacts on the ability of many sensitive and security-focused >DOD groups to protect themselves against cyberattacks," said the >report, by Mitre Corp. >Microsoft also said open-source software is inherently less secure >because the code is available for the world to examine for flaws, >making it possible for hackers or criminals to exploit >them. Proprietary software, the company argued, is more secure because >of its closed nature. A master of the security half-truth chimes in... >"I've never seen a systematic study that showed open source to be more >secure," said Dorothy Denning, a professor of computer science at >Georgetown University who specializes in information warfare. >John Stenbit, an assistant secretary of defense and the Defense >Department's chief information officer, said Microsoft has said using >free software with commercial software might violate the >intellectual-property rights of companies such as Microsoft. Stenbit >said the issue is legally "murky." >Stenbit said the debate is academic and that what matters is how >secure a given piece of software is. To that end, the Defense >Department is now prohibited from purchasing any software that has not >undergone security testing by the NSA. Stenbit said he is unaware of >any open-source software that has been tested. This should present no problem for open source software. No purchase takes place since the software is "free" by definition. steve From rah at shipwright.com Thu May 23 08:36:51 2002 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 23 May 2002 11:36:51 -0400 Subject: Peter Wayner's New Book: Translucent Databases Message-ID: http://www.wayner.org/books/td/ Translucent Databases Do you have personal information in your database? Do you keep files on your customers, your employees, or anyone else? Do you need to worry about European laws restricting the information you keep? Do you keep copies of credit card numbers, social security numbers, or other information that might be useful to identity thieves or insurance fraudsters? Do you deal with medical records or personal secrets? Most database administrators have some of these worries. Some have all of them. That's why database security is so important. This new book, Translucent Databases, describes a different attitude toward protecting the information. Most databases provide elaborate control mechanisms for letting the right people in to see the right records. These tools are well-designed and thoroughly tested, but they can only provide so much support. If someone breaks into the operating system itself, all of the data on the hard disk is unveiled. If a clerk, a supervisor, or a system administrator decides to turn traitor, there's nothing anyone can do. Translucent databases provide better, deeper protection by scrambling the data with encryption algorithms. The solutions use the minimal amount of encryption to ensure that the database is still functional. In the best applications, the personal and sensitive information is protected but the database still delivers the information. Order directly from the publisher and get a free copy of Free for All . "I would like to recommend this book to everyone who is storing sensitive information in their database. Credit card numbers or other private information from customer statistics data can fall into the wrong hands and give someone else too valuable insights in specific customers behavior." -- Michael Widenius, MySQL Now order from Amazon.com ----------------------------------- Translucent Databases contains several dozen examples written in basic SQL and Java. The code is written to be easy-to-follow and portable. All of the code can be extended and modified to fit a number of different applications. Here are some of the examples: * A database that hides the position of Navy ships from enemies while simultaneously providing accurate information to those with proper authorization. * An anti-rape database that identifies trends without containing any personal information. * A babysitter scheduling service that matches parents with available sitters while protecting the sitters' identities and locations'. * A department store database that guards the modesty of customers. * A private accounting system that detects fraud without revealing information. * A poker game for the Internet that prevents cheating. * A pharmacy database for preventing dangerous drug interactions while keeping medical records secure. * A tool for travel agents to protect their clients from stalkers and kidnappers. * A stock exchange transaction mechanism designed to stop insider-trading. * A website logfile tool that provides accurate counts of visitors while protecting their identities. * A credit-card database for defending crucial e-commerce transactions. * A patent search tool that doesn't reveal the nature and focus of the search. * A conference bulletin board that routes messages without helping stalkers. * A tool for studying the radon concentration in homes without maintaining personal information. * An anti-money laundering database. Anyone who purchases the book receives an unlimited license to use the source code from the examples on up to ten CPUs. If you have greater needs, other licenses are available. Or just buy another copy of the book. ----------------- A Supplementary Syllabus If you're a professor teaching a database course, you may want to use Translucent Databases as an additional textbook. You are welcome to consider this one week module presents some of the most important concepts from Translucent Databases. It consists ofthree parts that roughly correspond to the three hours spent in a classroom in a typical week. Part I -- One-Way Functions * One-way functions are easy to compute but hard to reverse. * Some of the common ones are MD5, SHA, and raising a number to a power modulo a prime number. This section will just use generic one-way functions and call them h(x). There is no reason to do more with advanced mathematics. * Most common one-way functions are not truly impossible to reverse-- they're just practically impossible. Describe how hash functions like MD5 produce their answer. How long does it take to search for a collision? How long does it take to do brute force attack? * Show how to protect passwords using this approach. Anyone can look at the file and anyone can test a password presented as real. But no one can take the password database and work backwards to determine the password * Show how to protect credit cards. (Some systems leave the last four digits in the clear. Mention that this is a hint for how information is treated in Part III.) * Show how multiple people can use h(x) to look up information instead of just x. This can be used to synchronize schedules or protect personal information. * Show how to design a store database that stores h(name) instead of name. * Emphasize that the regular SQL database features still work with the fields of the database that aren't scrambled by h. Part II -- Determining Reality * Digital signatures can use one-way functions. This section won't use the more sophisticated, traditional versions like RSA or Diffie-Hellman, although it could. It will only use simpler versions that are often called Message Authentication Codes. Describe how this is a weaker restriction. * Someone can create a signature or MAC by computing h(password,document). Only someone with the right password can check the signature and see if it was generated by the document. * Show how fake entries in the database can disguise the real ones. * Only someone with the password can distinguish between the real and the fake. Part III -- Blurring Reality with Quantization * Quantization is the act of taking a number from a big set and assigning it the closest value from a smaller subset. * Rounding off values is one form of quantization. * More sophisticated algorithms don't distribute the small set of surrogates evenly over the larger set. * Some basic algorithms block some fields if it makes it too easy to identify the human behind the record. * Other algorithms add random amounts to the data to disguise the true value. * Some encrypt this random amount so some users can get the real values. * Show how this can be applied to medical records used for research. * Show how this can help hide the position of ships. Sample Homework Questions: * Write a program to try random values of x until MD5(x) ends with the sixteen bit value FF. How many random values should it take? Run your program. Do you come close? Repeat this 1000 times and report the average number of samples that must be tested before one is found. Now, extrapolate how long it will take for your computer to completely find an answer that matches a complete 160-bit result from MD-5. * Create a tool for protecting medical records in a trial. Determine which fields to scramble and which fields to leave in the clear. * Describe some possible attacks against the scheduling algorithms described in Chapter 4. * Describe three ideal databases where one-way functions can prevent abuse. Describe several examples where the technique will fail. * Describe three ideal databases where false entries can distract attackers. Describe several cases where the fake entries will corrupt the database. Can this problem be avoided? * Describe three examples where blurring data with quantization can add enough confusion to block attackers. Can you think of examples where too much confusion also confounds the regular users? Are there examples where there's no middle ground? -------- Table of Contents 1--Translucency-- 1.1--Some Examples-- 1.2--Limits-- 1.3--How to Use the Book-- 1.4--Some Examples-- 2--One Way Functions-- 2.1--Pure One-Way Functions-- 2.1.1--Discrete Log-- 2.1.2--The Secure Hash Algorithm or SHA-- 2.1.3--MD-5-- 2.2--Public Key or Trapdoor Function-- 2.3--Secret Key Functions-- 2.3.1--Turning a secret key function into a pure one-way function.-- 2.3.2--Turning One-Way Functions Into Secret-Key Encryption Functions-- 2.4--Implementations-- 2.4.1--MySQL-- 2.4.2--PostgreSQL-- 2.4.3--Oracle-- 2.4.4--Client-side Applications-- 2.5--Conclusions-- 2.5.1--Lessons-- 3--One Way Tables-- 3.1--An Example from a Department Store-- 3.1.1--Adding Security-- 3.2--Cleaning Up One-Way Input-- 3.2.1--Some Java Code-- 3.3--Security Trade Offs-- 3.3.1--Slowing the One-Way Functions-- 3.3.2--Salt-- 3.4--Adding Redundancy-- 3.5--An Example with Encryption for Security-- 3.5.1--Some Java Code-- 3.6--Hashing Instead of Encryption-- 3.7--Serial Queries-- 3.8--Keeping Some Information In the Clear-- 3.8.1--Inserting a Credit Card Number-- 3.8.2--Using the Information-- 3.9--Conclusions-- 3.9.1--Lessons-- 4--Coordinating Users-- 4.1--A Bulletin Board Example-- 4.1.1--Adding a Shared Password-- 4.2--Special One-Way Functions-- 4.2.1--Creating A Public Key-- 4.2.2--Using the Public Key-- 4.2.3--Recovering Messages-- 4.2.4--Using Public-Key One-Way Functions-- 4.3--Conclusion-- 4.3.1--Lessons-- 5--Synchronization-- 5.0.2--The BabySitter's Table-- 5.0.3--Adding More Names-- 5.0.4--Multiple Tables-- 5.0.5--Adding Extra Information-- 5.0.6--Security-- 5.1--Conclusions-- 5.1.1--Lessons-- 6--Evolving Data-- 6.1--An Auction Example-- 6.1.1--The First Bid-- 6.1.2--Adding New Bids-- 6.1.3--Creating Bids-- 6.1.4--The Value of Counter-- 6.1.5--Better Hash Functions-- 6.2--Working With Encryption-- 6.3--Conclusions-- 6.3.1--Lessons-- 7--Sharing-- 7.1--The Algorithms-- 7.1.1--More Precise Algorithms-- 7.1.2--More Efficient Algorithms-- 7.1.3--Adding Sophistication-- 7.2--Nuclear Launch Codes-- 7.2.1--Adding Launch Codes-- 7.2.2--Recovering the Code-- 7.2.3--Adding More Security-- 7.3--A Public-Key Example-- 7.3.1--Adding a Message-- 7.3.2--Retrieving the Message-- 7.4--Conclusions-- 7.4.1--Lessons-- 8--Revelation-- 8.1--A Masquerade-- 8.2--Lottery-- 8.2.1--Paying for the Ticket-- 8.2.2--Placing Bets-- 8.2.3--Testing Winners-- 8.3--Sports Poker and Multiple Columns-- 8.3.1--Inserting Predictions-- 8.3.2--Testing and Verifying-- 8.4--Identity Cards and Selective Revelations-- 8.4.1--The Basic Mathematics-- 8.4.2--A Rental Car Example-- 8.4.3--The License-- 8.4.4--Proving Information-- 8.4.5--The Rental Car Company-- 8.5--Conclusions-- 8.5.1--Lessons-- 9--Quantization-- 9.1--Algorithms-- 9.1.1--Adaptive Quantization-- 9.1.2--Projection-- 9.2--Using Quantization In Databases-- 9.2.1--Adding Random Noise-- 9.2.2--Adding Encryption-- 9.3--Quantized One-Way Functions-- 9.3.1--One-Way Functions and Noise-- 9.4--Conclusions-- 9.4.1--Lessons-- 10--Authentication-- 10.1--Digital Signature Taxonomy-- 10.1.1--One-Way Functions and Signatures-- 10.1.2--Modular Exponentiation and Signatures-- 10.2--Adding Digital Signatures To SQL Databases-- 10.2.1--A Hash-based Signature-- 10.2.2--Signatures Using Exponentiation-- 10.3--Fake Information-- 10.3.1--An Appointment System-- 10.3.2--Adding Entries With Signatures-- 10.3.3--Adding Fake Entries-- 10.3.4--Finding the Results-- 10.3.5--Modifications-- 10.4--Conclusions-- 10.4.1--Lessons-- 11--Accounting-- 11.1--Sales Force Accounting-- 11.1.1--Adding Values-- 11.1.2--Checking Things Out-- 11.2--Conclusions-- 11.2.1--Lessons-- 12--Tokens-- 12.1--Prescription Records-- 12.1.1--Inserting Records-- 12.1.2--A Relatively Fast Mechanism for Retrieval-- 12.1.3--A More Secure Mechanism-- 12.1.4--At the client-- 12.1.5--At the database-- 12.1.6--Using transparency-- 12.1.7--Dealing with the Challenge-- 12.2--Conclusions-- 12.2.1--Lessons-- 13--Private Retrieval-- 13.1--Stock Prices From Multiple Sources-- 13.2--A Single Server Example-- 13.2.1--Using More Decoys-- 13.3--A Patent Example-- 13.4--Conclusions-- 13.4.1--Lessons-- A--Further Reading-- ---------------------- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From InsightontheNews at broadbandpublisher.com Thu May 23 08:49:11 2002 From: InsightontheNews at broadbandpublisher.com (Insight on the News) Date: 23 May 2002 11:49:11 -0400 Subject: Insight on the News Email Edition Message-ID: <20020523114941.SM01140@broadbandpublisher.com> INSIGHT NEWS ALERT! The latest Insight on the News articles are now online http://www.insightmag.com ............................................... Folks, we�ve got still more stories you won�t be able to find anywhere else. John Berlau has really turned some heads with his home run expose of how Major League Baseball is discriminating against Cuban defectors http://www.insightmag.com/news/252748.html . And Ken Timmerman will surprise you again with how deeply involved the Saudis have been with the terrorist fronts http://www.insightmag.com/news/252751.html . Read on. Until next time, from the Bunker, I remain your newsman in Washington. ............................................... MAJOR LEAGUES PLAYING BALL WITH CASTRO John Berlau tells us that Cuban defectors are singled out for substandard treatment by Major League Baseball. Orioles owner Peter Angelos says his special relationship with Castro has nothing to do with it. http://www.insightmag.com/news/252748.html ............................................... CULTURE�THE GOP�S MIDTERM ELECTION EDGE Chad Stafko writes that the famous color-coded 2000 presidential-election map, with the counties that went to George W. Bush shaded in red and those that went to Al Gore in blue, painted a picture of a divided nation. The red counties will make the state of the culture the deciding issue. http://www.insightmag.com/news/252810.html ............................................... DEPT. OF ENERGY�S MOTHBALL FLEET OF ALTERNATIVE FUEL CARS Sean Paige reveals that the Department of Energy has purchased thousands of alternative-fuel vehicles in recent years to appear as if it is at the vanguard of energy-conservation efforts. But the department has made little progress in cutting its overall gasoline consumption. http://www.insightmag.com/news/252800.html ======================================== Don't Gamble with your Family's Health! Click here for Affordable Health Insurance NOW! http://etools.ncol.com/a/jgroup/bg_uici_wwwinsightmagcom_8.html ======================================== THE MYSTERIOUS VANISHING JOB CORPS TRAVEL FUNDS Sean Paige reveals that the Job Corps vocational-training program cannot properly account for $21.6 million it spends annually to transport students, according to an internal audit by the Department of Labor's Inspector General. http://www.insightmag.com/news/252806.html ............................................... DEPT. OF INTERIOR SPEAKS WITH FORKED TONGUE Kelly O�Meara reports that a court-appointed monitor says the slings and arrows of Interior Secretary Gale Norton are off target and thinks Indian trust monies need to be put into a receivership. http://www.insightmag.com/news/252749.html ............................................... THE NET EFFECT AND TECHNOLOGY POLITICS Brandon Spun tells us that once a liberal, cyber-reporter Declan McCullagh had a political epiphany after realizing the threat that government regulation poses to the Internet. http://www.insightmag.com/news/252795.html ======================================== SUBSCRIBE TO THE INSIGHT PRINT EDITION TODAY! And Save 72% (Off Our Newsstand Price) https://www.collegepublisher.com/insightsub/subform1.cfm ======================================= You have received this newsletter because you have a user name and password at Insight on the News. To unsubscribe from this newsletter, visit "http://www.insightmag.com/main.cfm?include=unsubscribe". You may also log into Insight on the News and edit your account preferences on the Web. If you have forgotten or don't know your user name and password, it will be emailed to you after visiting the following link: http://www.insightmag.com/main.cfm?include=emailPassword&serialNumber=16oai891z5&email=cypherpunks at ssz.com From Marketings at eyou.com Wed May 22 21:31:44 2002 From: Marketings at eyou.com (Marketing Manager) Date: Thu, 23 May 2002 12:31:44 +0800 Subject: Promote Your Business Message-ID: <200205230502.AAA09801@einstein.ssz.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 10432 bytes Desc: not available URL: From adam at homeport.org Thu May 23 12:05:49 2002 From: adam at homeport.org (Adam Shostack) Date: Thu, 23 May 2002 15:05:49 -0400 Subject: why OpenPGP is preferable to S/MIME (Re: NAI pulls out the DMCA stick) In-Reply-To: <20020523191001.A296533@exeter.ac.uk>; from adam@cypherspace.org on Thu, May 23, 2002 at 07:10:01PM +0100 References: <006501c2022a$cf4765c0$c33a080a@LUCKYVAIO> <20020523164634.51615.qmail@web11607.mail.yahoo.com> <20020523191001.A296533@exeter.ac.uk> Message-ID: <20020523150549.A16659@lightship.internal.homeport.org> On Thu, May 23, 2002 at 07:10:01PM +0100, Adam Back wrote: | Certificate authorities also can forge certificates and issue | certificates in fake names if asked by government agencies. S/MIME is | too much under central control by design to be a sensible choice for | general individual use. So what if we create the Cypherpunks Root CA, which (either) signs what you submit to it via a web page, or publish the secret key? We then get the Cypherpunks Root CA key added to the browsers--it can't be that hard, the US postal service managed it... Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From my4cijv5r2 at arabia.com Fri May 24 03:09:33 2002 From: my4cijv5r2 at arabia.com (jgerry) Date: Thu, 23 May 2002 17:09:33 -1700 Subject: We Can help you Support Message-ID: <000068ba62a6$0000029d$000012ee@mx1.arabia.mail2world.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 12541 bytes Desc: not available URL: From gsl at insurancemail.net Thu May 23 14:23:17 2002 From: gsl at insurancemail.net (Senior Selling) Date: Thu, 23 May 2002 17:23:17 -0400 Subject: Roth conversions = jumbo annuity sales Message-ID: <1f3e0b01c202a0$0e0b26f0$3201a8c0@insuranceiq.com> What good is a great concept (Roth conversion) without a turnkey system to sell it? Introducing the Roth Conversion turnkey selling system Our top producing roth conversion agent (sold 10 jumbo annuities, 200k sales with 14%+ commissions) has shared with us his secrets of selling the roth conversion concept. Per his input, we have created the roth conversion "turnkey sales process". The system includes client postcards, client brochures, a client worksheet (perfect for introducing the roth conversion program), a full marketing presentation, etc. If he can do it, so can you! To join us for the brand new "sales presentation" teleconference, call in Monday, Wednesday or Friday at 12:00 noon Pacific/3 p.m. Eastern at: 702-579-4902 To find out more about the content of the call complete the form below and you will be immediately directed to the "conference call" page. First Name: Last Name: Note that when you press the "Send Information" button the screen may not change, but we will still receive your information and get back to you. Another way to order our sample presentation is to visit our website at www.gsladvisory.com/froco . E-Mail: Phone#: GSL Advisory These materials are for "agent use only". You should be a practicing, licensed and appointed annuity agent to order this information. We don't want anyone to receive our mailings who does not wish to. This is professional communication sent to insurance professionals. To be removed from this mailing list, DO NOT REPLY to this message. Instead, go here: http://www.Insurancemail.net Legal Notice -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5056 bytes Desc: not available URL: From wolf at priori.net Thu May 23 17:23:31 2002 From: wolf at priori.net (Meyer Wolfsheim) Date: Thu, 23 May 2002 17:23:31 -0700 (PDT) Subject: why OpenPGP is preferable to S/MIME (Re: NAI pulls out the DMCA stick) In-Reply-To: <20020523215848.A296829@exeter.ac.uk> Message-ID: On Thu, 23 May 2002, Adam Back wrote: > On Thu, May 23, 2002 at 03:05:49PM -0400, Adam Shostack wrote: > > So what if we create the Cypherpunks Root CA, which (either) signs > > what you submit to it via a web page, or publish the secret key? > > This won't achieve the desired effect because it will just destroy the > S/MIME trust mechanism. S/MIME is based on the assumption that all > CAs are trustworthy. Which is, of course, a major flaw. S/MIME is of some value for internal corporate email for companies who can run their own CA. (The sort of people who used to be Xcert's customers.) S/MIME is of very little value outside of a closed intranet environment, for the simple reason that public CAs are mostly incompetent, untrustworthy, or both. -MW- From adam at cypherspace.org Thu May 23 13:58:48 2002 From: adam at cypherspace.org (Adam Back) Date: Thu, 23 May 2002 21:58:48 +0100 Subject: why OpenPGP is preferable to S/MIME (Re: NAI pulls out the DMCA stick) In-Reply-To: <20020523150549.A16659@lightship.internal.homeport.org>; from adam@homeport.org on Thu, May 23, 2002 at 03:05:49PM -0400 References: <006501c2022a$cf4765c0$c33a080a@LUCKYVAIO> <20020523164634.51615.qmail@web11607.mail.yahoo.com> <20020523191001.A296533@exeter.ac.uk> <20020523150549.A16659@lightship.internal.homeport.org> Message-ID: <20020523215848.A296829@exeter.ac.uk> On Thu, May 23, 2002 at 03:05:49PM -0400, Adam Shostack wrote: > So what if we create the Cypherpunks Root CA, which (either) signs > what you submit to it via a web page, or publish the secret key? This won't achieve the desired effect because it will just destroy the S/MIME trust mechanism. S/MIME is based on the assumption that all CAs are trustworthy. Anyone can forge any identity for clients with that key installed. S/MIME isn't really compatible with the web of trust because because of the two tier trust system -- all CAs are assumed trustworthy and all users are not able to sign anything. By issuing a key and revealing it's private key, you elevate a rogue user to being a CA and then the system would be broken. > We then get the Cypherpunks Root CA key added to the browsers--it > can't be that hard, the US postal service managed it... I think you'd have to do it in reverse to stand a chance if you literally published the private key -- they're never going to add the public key for a known compromised private key. Also it costs lots of money, and takes some time to take effect. Adam From ljaehee at korea.com Thu May 23 06:14:28 2002 From: ljaehee at korea.com (gift) Date: Thu, 23 May 2002 22:14:28 +0900 Subject: []ִ ˹ θԴϴ Message-ID: <200205231331.IAA13262@einstein.ssz.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1783 bytes Desc: not available URL: From shamrock at cypherpunks.to Fri May 24 01:44:53 2002 From: shamrock at cypherpunks.to (Lucky Green) Date: Fri, 24 May 2002 01:44:53 -0700 Subject: Government subsidies: our last, best hope for Cryptanarchy? Message-ID: <000501c202ff$4b218840$c33a080a@LUCKYVAIO> You may be asking yourself: where, oh where, has all the crypto gone? Where are the BlackNet's? Where is the untraceable Ecash? Where is the Cryptanarchy that we've been waiting for? For that matter...where is the crypto? The staunchest Cypherpunk will by now have noticed that PGP/GPG usage even amongst list members, once the bellwether indicator of Cypherpunks crypto adoption success, is in decline. NAI has pulled PGP off the shelves. Conspiracy theories as to what may have been driving this business decision abound. The fact of the matter is that the usage of PGP by businesses, the sole significant source of NAI PGP revenue, had long passed its peek. How many business do you know that rolled out PGP in the last year? How many do you know that quietly stopped using PGP after formally adopting its use with big fanfare a few years ago? The facts are that there are more of the latter than of the former. Did NAI receive The Briefing? I don't know. Nor does it really matter. There wasn't enough money to be made with PGP. A well-respected Cypherpunk recently expressed hope that if NAI's PGP were to disappear for good, perhaps compatibility problems amongst versions of PGP would diminish. A plausible sounding theory, if one were to assume that the compatibility problems amongst versions of PGP are between versions produced by different vendors. Presumably, the theory would go, with only one major supplier left standing, that being GPG (yes, I am aware there are others), interop problems with other vendors' implementations would pretty much disappear by definition. However, a closer inspection of the PGP interoperability problems, which have been at one of the issues coming up in just about every single discussion I've had with anybody about PGP over the last year, shows that the interop problems are not between current versions by multiple vendors, but between versions, in some cases by the same vendor, that were released over time. The current version of NAI-PGP will interoperate just fine with the current version of GPG. So why is PGP interoperability such a frequently raised issue? And why does the importance of this topic seem to diminish the further away you stray from Cypherpunks into the realms of the casual PGP users? The answer to the second question is straight-forward. Even the most casual user of software tends to be familiar with and acceptant of the need for occasional software upgrades. It appears that those that are experiencing interop problems are those that are insisting on using up to 5-year old versions of PGP. It is true and should come as no surprise that those 5-year old versions do indeed have interop problems with newer versions of PGP. Some may say: I shouldn't need to keep on upgrading my software to be able to send encrypted email. Does anybody seriously believe that those that insist on using 5-year old versions of PGP have not upgraded their operating systems in those 5 years? Indeed, upgraded more their operating systems more than once? Or does anybody seriously believe that those that insist on using old versions of PGP still run the exact same version of their MUA and text editor as they did 5 years ago? Of course they don't. If they did, their boxes would long have become unusable due to the warez traffic taking place on the machines as a result of the countless remote exploits discovered over these last 5 years. The reluctance to upgrade to a newer version of PGP does not appear to be driven by a refusal or inability to upgrade software in general. This reluctance to upgrade appears PGP specific. Why this is the case I do not know. (And don't greatly care. I am running the latest version of NAI PGP and I can make my copy talk to any version of PGP 2.x or higher). Now perhaps there may be the rare case of a PGP user that is still running PGP 2.x on the same DOS box, using the same mailer and the same text editor as they did 5 years ago. I don't know of any such users, but that doesn't mean no such users exists within the vastness of the Internet. What I do know is that those that I am aware of that are complaining about PGP version interoperability problems do not fall into the rare category of users who have not upgraded any software at all for the last 5 years. Since the existence of multiple PGP software providers has not been the cause of the interop problems experienced by some, reducing the number of PGP implementation providers should not be expected to have a significant impact on the number or severity of PGP interop problems experienced by the users. The same Cypherpunk expressed a hope that absent NAI's PGP, the German government group currently funding GPG might be more inclined to fund UI work for Windows. Perhaps they would. Assuming for a moment they will, would this lead to a better PGP Windows UI than NAI's PGP offered? NAI's PGP UI is pretty darn good. Looking at the sorry state of UI's currently offered for GPG, even with government funding, I suspect that it will be a long time indeed before we will see a GPG UI that will compare positively to the current NAI PGP UI. Of course Cypherpunks know that it is dangerous to base one's hope for the development of a Cypherpunk tools on funding by a government. Be that the US government or the German government. Strongly pro-crypto German governmental officials have been know for their propensity to stumble out of the windows of high story buildings. Warnings regarding the dangers that may lure in parking lots come to mind. Where has the crypto gone? The crypto has gone under the hood, away from the UI, to a place where the crypto will be of most use to the average user. Yes, for crypto to be secure against the active, well resourced, attacker, the crypto must at one point touch the user to permit the user to make a trust decision. But to secure communications from passive and/or less resourced attacker, crypto can be placed under the hood. I bet a good percentage of the readers of this list that still require to be engaged in a form of employment nowadays access their company network via some form of VPN. Up by orders of magnitude from a few years ago. More importantly, a good percentage of users that have never heard of this mailing list and will never hear of this mailing list are using strong crypto to access their company's information. The percentage of users utilizing strong crypto is increasing daily. Another major segment of Internet infrastructure in which strong crypto is rapidly becoming the default rather than the exception, at least amongst those running their own servers, is SMTP. The percentage of SMTP connections to my mail server that use TLS to encrypt SMTP has grown from around 30% a few months ago to well over 60% today. This increase in the use of STARTTLS on SMTP appears to parallel a loss of sendmail MTA market share in favor of postfix. It is just too darn easy to turn on support for STARTTLS during a migration to postfix, hence most sites performing such a migration appear to do so. (I am aware that sendmail and qmail support STARTTLS as well, but the increases in the use of STARTTLS that I am seeing at my SMTP server coincides with sites switching MTA's to postfix. I see a handful of qmail sites using TLS, representing a fraction of the postfix sites, and no sendmail site that I have noticed. Having once considered activating STARTTLS in sendmail myself, I vividly recall myself reading the instructions, bursting out laughing, followed by my researching competitive MTA's. Within a week I had switched to postfix. Wished I had done so years ago. All these hours that I wasted over those years... YMMV). An interesting side-effect of the increased adoption of MTA's and MUA's that support STARTTLS is that I now have a link that is secure against passive eavesdroppers to the majority of those with whom I regularly correspond in encrypted email. Is protection against only passive eavesdroppers good enough for me? No. Are we a heck of a lot further along than we were 5 years ago? I would argue that we are. Where has all the crypto gone? It has gone mainstream. Some of you may remember the discussions from years ago how we should try to find a way to make crypto cool and attractive for the average person. This afternoon, I installed the "Britney Spears SmartFlash Kit" on my Windows XP test box. For $29.95 plus shipping and handling, you too can own a Britney SmartFlash Kit, which includes a USB smartcard reader, a Gemplus smartcard (both the reader and card are graced with pictures of Britney), and a CD with Gemplus GemSafe smartcard crypto driver software (the click-wrap EULA reminds you that export to Cuba, Libya, and other naughty countries or those developing biological weapons is strictly prohibited. Sorry pop music fans located in Cuba or at the CDC). Once you installed the gear and inserted your one of 5 possible Britney Spears' smartcards (collect all 5), you will automatically be taken to a client-authenticated, 128-bit RC4 encrypted website that provides you with exclusive access to such exciting content as 45 second QuickTime clips of Britney purchasing chocolates and of course Fe's (Britney's most trusted advisor) indispensable advice column. A representative sample question follows. "Dear Fe: I'm 14 but my parents treat me like I am 10! They won't let me go out at night, and won't even let me bring a boy to the Homecoming dance. I'm in high school and want to do all the things that go along with that, but they won't let me! -- Trying to Grow Up, Americus, GA". I will spare you Fe's answer (get your own smartcard :), but I won't spare you this: if you wonder where crypto has gone, you need to look no further than Americus, GA. If the question posed to Fe leaves any doubt about the nouveau crypto users' demographics, a drop-down list inquiring about the user's age to participate in a contest (smartcard required) should help clarify matters. The age selections offered are: [2-6], [7-12], [13-15], [16-18], [over 18]. Do not worry should your parents disapprove of your choice of music. If you hear your parents walk up to your door, just yank the card out of the reader and your browser will close instantly. Crypto has gone as mainstream as can be. While crypto for crypt's sake may not have become cool to everybody, crypto has become a Must Have for your average 14 year-old high school freshman girl. Crypto has become ubiquitous. http://www.britneyspears.com/smartflashcard/index.php As to when we'll see BlackNet and untraceable Ecash, who knows. Here's hoping to 2005. [In the time it took me to write this post, another of the regular entries in my maillog has turned on STARTTLS, protecting the SMTP connection with EDH and 3DES]. --Lucky From jtrjtrjtr2001 at yahoo.com Fri May 24 03:07:06 2002 From: jtrjtrjtr2001 at yahoo.com (gfgs pedo) Date: Fri, 24 May 2002 03:07:06 -0700 (PDT) Subject: Mersenne Twister In-Reply-To: <20020524093945.66406.qmail@web21204.mail.yahoo.com> Message-ID: <20020524100706.26172.qmail@web21203.mail.yahoo.com> hi, Does any 1 have a reference to the actual Mersenne Twister algorithm? Thank u. Regards Data. __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com From eresrch at eskimo.com Fri May 24 06:44:08 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Fri, 24 May 2002 06:44:08 -0700 (PDT) Subject: Mersenne Twister In-Reply-To: <20020524100706.26172.qmail@web21203.mail.yahoo.com> Message-ID: On Fri, 24 May 2002, gfgs pedo wrote: > hi, > > Does any 1 have a reference to the actual Mersenne > Twister algorithm? > Thank u. I've got code posted on the authors web page. Do a web search of Mersenne Twister and you'll get there eventually. Patience, persistence, truth, Dr. mike From wk at gnupg.org Thu May 23 23:37:26 2002 From: wk at gnupg.org (Werner Koch) Date: Fri, 24 May 2002 08:37:26 +0200 Subject: NAI pulls out the DMCA stick In-Reply-To: <20020523103422.A13263@lightship.internal.homeport.org> (Adam Shostack's message of "Thu, 23 May 2002 10:34:22 -0400") References: <20020522110202.A1992@lightship.internal.homeport.org> <006501c2022a$cf4765c0$c33a080a@LUCKYVAIO> <20020523103422.A13263@lightship.internal.homeport.org> Message-ID: <87vg9euk49.fsf@alberti.gnupg.de> On Thu, 23 May 2002 10:34:22 -0400, Adam Shostack said: > Is there any Open source implementation of the protocol? Well, there is a Free Software implementation called NewPG which provides a backend called gpgsm - very similar to gpg. It is currently under development but we already exchanged encrypted messages with proprietary implementations. This backend will eventually be included with gpg. It does not yet work for Windows but making it work won't be very difficult. Like gpg, gpgsm does not handle the MIME encapsulation because this is something a MUA can handle much better. We have support for KMail and Mutt in the works and adding it to Sylpheed will be easy. See: http://www.gnupg.org/aegypten/ I don't suggest to use S/MIME; however in some domains (law conforming digital signatures) there is currently no alternative for it. Salam-Shalom, Werner From lutz at iks-jena.de Fri May 24 02:07:27 2002 From: lutz at iks-jena.de (Lutz Donnerhacke) Date: Fri, 24 May 2002 09:07:27 +0000 (UTC) Subject: Government subsidies: our last, best hope for Cryptanarchy? References: <000501c202ff$4b218840$c33a080a@LUCKYVAIO> Message-ID: * Lucky Green wrote: >Now perhaps there may be the rare case of a PGP user that is still >running PGP 2.x on the same DOS box, using the same mailer and the same >text editor as they did 5 years ago. I don't know of any such users, but >that doesn't mean no such users exists within the vastness of the >Internet. Take me as an example. Not running DOS, but NeXTstep, Linux and HPUX (7.x). Newest Hardware running at home is from 1991. Newest hardware running at work (for me) is from 1996. >What I do know is that those that I am aware of that are complaining about >PGP version interoperability problems do not fall into the rare category >of users who have not upgraded any software at all for the last 5 years. Ack. From eresrch at eskimo.com Fri May 24 09:28:39 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Fri, 24 May 2002 09:28:39 -0700 (PDT) Subject: MPAA wants all A/D converters to implement copyright protection. In-Reply-To: Message-ID: On Fri, 24 May 2002, Trei, Peter wrote: > My mind has been boggled, my flabbers have been ghasted. Yes. It is not really possible to put into words just how insane this is is it? I'm gonna try to sit down with a senator's aide who's working on this as soon as possible, I think the guys from wisconsin on on the judiciary committee.. > ---------------------------------------------------------- > http://slashdot.org/articles/02/05/23/2355237.shtml?tid=97 > - start quote - > MPAA to Senate: Plug the Analog Hole! > > Posted by jamie on Friday May 24, @09:30AM > from the op-amp dept. > > A month ago, the MPAA filed its report [PDF][1] with the Senate > Judiciary Committee on the terrors of analog copying. I quote: "in > order to help plug the hole, watermark detectors would be required > in" -- are you sitting down? -- "all devices that perform analog to digital > conversions." At their page Protecting Creative Works in a Digital Age[2], Patience, persistence, truth, Dr. mike From Marketings at eyou.com Thu May 23 18:40:24 2002 From: Marketings at eyou.com (Marketing Manager) Date: Fri, 24 May 2002 09:40:24 +0800 Subject: To Help Your Business Message-ID: <200205240147.g4O1l3u21063@waste.minder.net> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 10440 bytes Desc: not available URL: From morlockelloi at yahoo.com Fri May 24 10:45:28 2002 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Fri, 24 May 2002 10:45:28 -0700 (PDT) Subject: Government subsidies: our last, best hope for Cryptanarchy? In-Reply-To: <000501c202ff$4b218840$c33a080a@LUCKYVAIO> Message-ID: <20020524174528.30919.qmail@web13201.mail.yahoo.com> > You may be asking yourself: where, oh where, has all the crypto gone? Presuming question, as the rest of the article. Crypto is there for all those who want to encrypt, accessible as it was five years ago. And stuff does get encrypted - the real crypto, P2P, not the bogus one between servers in boiler rooms. As for argument that OS upgrade game requires live crypto coders to keep up - that's also bogus. PGP 2.6.3i runs fine on the latest winshit. PGP 2.6.2 runs fine on latest macs. PGP 2.6.2 compiles under linux and freebsd today (unlike 6.* sources) And they are being used by those who need them. What, no shiny UI ? Tough shit. Use plaintext. And shiny UI *did not* make masses use 7.0.3, did it ? Actually, people have machines with 5-6-7 year old OSes ... because they work. Especially in end-user interface applications - text editors, mail clients, telnet/ssh/http, there is no need to upgrade at all. Virus claim is also bogus. That is, unless you you use microsoft stuff with 5 months average life span. You do ? I thought so. Face it, convenient crypto is an exercise in futility. Convenience is positioning end users where they are wanted - bent over, pants down, cleansed by the upgrade enema, ready to receive. ITAR classification was correct, after all. Crypto is arms. Successful crypto distribution and use patterns will follow those for arms. Guess when sheeple will start to use crypto. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com From DaveHowe at gmx.co.uk Fri May 24 02:45:37 2002 From: DaveHowe at gmx.co.uk (David Howe) Date: Fri, 24 May 2002 10:45:37 +0100 Subject: Open-Source Fight Flares At Pentagon Microsoft Lobbies Hard Against Free Software References: <5.1.0.14.2.20020523104014.02cc3898@pop3.lvcm.com> Message-ID: <003701c20307$ccc34980$c71121c2@sharpuk.co.uk> >Microsoft also said open-source software is inherently less secure >because the code is available for the world to examine for flaws, >making it possible for hackers or criminals to exploit >them. Proprietary software, the company argued, is more secure because >of its closed nature. Presumably the contrast between this and their other recent declaration (that their code is so insecure releasing it would be a national security risk) doesn't occur to them? Or maybe they think the two compliment each other (eg "look, our code is so insecure that we can't release it, and we can't believe anyone is any better than us, so theirs must be so insecure it can't be released too") From jamesd at echeque.com Fri May 24 11:17:08 2002 From: jamesd at echeque.com (jamesd at echeque.com) Date: Fri, 24 May 2002 11:17:08 -0700 Subject: NAI pulls out the DMCA stick In-Reply-To: <006501c2022a$cf4765c0$c33a080a@LUCKYVAIO> References: <20020522110202.A1992@lightship.internal.homeport.org> Message-ID: <3CEE2134.2450.C43632@localhost> -- On 23 May 2002 at 0:24, Lucky Green wrote: > Tell me about it. PGP, GPG, and all its variants need to die > before S/MIME will be able to break into the Open Source > community, thus removing the last, but persistent, block to an > instant increase in number of potential users of secure email by > several orders of magnitude. My impression is that S/MIME sucks big ones, because it commits one to a certificate system based on verisign or equivalent. I have been the verisign administrator at several companies, and there is no way that bird will fly. The verisign system is just barely tolerable for identifying authorized web sites and software. For identifying individuals, forget it. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG CXACCdVytBDJ5TDVZ2+IV9xP4c3QRpRxP+JoLBdL 4w44ULlzkb4jKH9nuzpy/Mlxl8CctM+OYZoZEhO8H From ptrei at rsasecurity.com Fri May 24 08:19:28 2002 From: ptrei at rsasecurity.com (Trei, Peter) Date: Fri, 24 May 2002 11:19:28 -0400 Subject: MPAA wants all A/D converters to implement copyright protection. Message-ID: My mind has been boggled, my flabbers have been ghasted. In the name of protecting their business model, the MPAA proposes that every analog/digital (A/D) converter - one of the most basic of chips - be required to check for US government mandated copyright flags. Quite aside from increasing the cost and complexity of the devices many, manyfold, it eliminates the ability of the US to compete in the world electronics market. If this level of ignorance, chuptza, and bloodymindedness had been around a hundred years ago, cars would be forbidden to have a range greater then 20 miles, to protect the railway industry, and transoceanic airline tickets would have a $1000/seat surcharge, to compensate the owners of ocean liners for lost revenue. I know that Tinsletown is based on dreams and fantasies (as well as the violation of Edision's movie patents), but someone needs to sit these people down and teach them the lesson that King Canute taught his nobles. Peter Trei [The above is my personal opinion only. Do not misconstrue it to belong to others.] ---------------------------------------------------------- http://slashdot.org/articles/02/05/23/2355237.shtml?tid=97 - start quote - MPAA to Senate: Plug the Analog Hole! Posted by jamie on Friday May 24, @09:30AM from the op-amp dept. A month ago, the MPAA filed its report [PDF][1] with the Senate Judiciary Committee on the terrors of analog copying. I quote: "in order to help plug the hole, watermark detectors would be required in" -- are you sitting down? -- "all devices that perform analog to digital conversions." At their page Protecting Creative Works in a Digital Age[2], the Senate lays out the issues they'll be looking at, including briefs from corporate groups, and provides a comment form[3] so your opinion can be heard as well. As Cory Doctorow writes: "this is a much more sweeping (and less visible) power-grab than the Hollings Bill, and it's going forward virtually unopposed. ...the Broadcast Protection Discussion Group is bare weeks away from turning over a veto on new technologies to Hollywood." Doctorow's article on the "analog hole"[4] for the EFF does a great job of explaining the issues to non-electrical-engineers, and has many thought-provoking examples of how requiring such technology would be a giant step backwards. [1] http://judiciary.senate.gov/special/content_protection.pdf [2] http://judiciary.senate.gov/special/feature.cfm [3] http://judiciary.senate.gov/special/input_form.cfm [4] http://bpdg.blogs.eff.org/archives/000113.html - end quote - From jamesd at echeque.com Fri May 24 11:55:11 2002 From: jamesd at echeque.com (jamesd at echeque.com) Date: Fri, 24 May 2002 11:55:11 -0700 Subject: Joe Sixpack doesn't run Linux In-Reply-To: References: <006501c2022a$cf4765c0$c33a080a@LUCKYVAIO> Message-ID: <3CEE2A1F.23264.E70C4A@localhost> -- On 23 May 2002 at 10:57, Meyer Wolfsheim wrote: > 3. The people who might use it if it is easy. > > This is Joe Sixpack. This is who you are worrying about, wanting > S/MIME to deliver on its promises. This is Templeton is worrying > about, wanting opportunistic mail encryption. Joe sixpack is willing and able to make the necessary mental effort if there is money at stake -- which of course there is not. The first recorded use of envelopes in mail was in financial transactions. People would create a clay tablet containing marks representing so many goods of this type, so many goods of another type, bake it, then wrap in another clay envelope, and bake that. Right now Joe Sixpack relies on the widely shared secret of his credit card number, and that sharing worries him more than somewhat. Problems resulting from that sharing are dealt with by the credit card company's arbitration facitilities, which cost him, the card company, and the merchant dearly. The big lack of demand for encryption by Joe Sixpack is a result of the lack of financial transactions using the internet between Joe sixpack and Bob sixpack. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG GLOU6WqBTbh5/1XBintStENCsUIWt7tnZNUrmtbZ 4ydGcwGiWOaRxYAIjlkIr8jUnEMBYpo4PElVUT14t From jamesd at echeque.com Fri May 24 11:55:11 2002 From: jamesd at echeque.com (jamesd at echeque.com) Date: Fri, 24 May 2002 11:55:11 -0700 Subject: why OpenPGP is preferable to S/MIME (Re: NAI pulls out the DMCA stick) In-Reply-To: <20020523215848.A296829@exeter.ac.uk> References: <20020523150549.A16659@lightship.internal.homeport.org>; from adam@homeport.org on Thu, May 23, 2002 at 03:05:49PM -0400 Message-ID: <3CEE2A1F.28388.E70C73@localhost> -- On 23 May 2002 at 21:58, Adam Back wrote: > This won't achieve the desired effect because it will just > destroy the S/MIME trust mechanism. S/MIME is based on the > assumption that all CAs are trustworthy. Anyone can forge any > identity for clients with that key installed. S/MIME isn't > really compatible with the web of trust because because of the > two tier trust system -- all CAs are assumed trustworthy and all > users are not able to sign anything. Or to say the same thing in slightly different words, all CAs are perfectly and equally trustworthy, and all users are untrustworthy. This system is inherently authoritarian. Because that authority must be restricted for it to be useful, it is inherently a pain in the ass to administer, with inherently high administrative costs. Like socialism, S/MIME results in bureacracy, delay, expense, and inefficiency. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG USL5cv1ggEyWtLV5o70QlHagEAxDOVzR+aGoGJyG 4r/H3bXgCwZ3aRF4U6H7Adat9jD9PjCxb1FPSgQpk From objectpascal at yahoo.com Fri May 24 12:07:48 2002 From: objectpascal at yahoo.com (Curt Smith) Date: Fri, 24 May 2002 12:07:48 -0700 (PDT) Subject: NAI pulls out the DMCA stick In-Reply-To: <200205240511.RAA43173@ruru.cs.auckland.ac.nz> Message-ID: <20020524190748.51943.qmail@web11605.mail.yahoo.com> While we are on the subject of issuing your own X.509 certificates: 1. How do you create a X.509 signing hierarchy? 2. Can you add additional algorithms (ie. Twofish)? 3. Is a relavent developer reference is available for X.509? --- Peter Gutmann wrote: > ... > So issue your own. Honestly, why would anyone want to *pay* > some random CA for this? > ... ===== end LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com From objectpascal at yahoo.com Fri May 24 12:21:54 2002 From: objectpascal at yahoo.com (Curt Smith) Date: Fri, 24 May 2002 12:21:54 -0700 (PDT) Subject: Joe Sixpack doesn't run Linux In-Reply-To: <3CEE2A1F.23264.E70C4A@localhost> Message-ID: <20020524192154.92294.qmail@web11601.mail.yahoo.com> The lack of e-mail detailing financial transactions is also the reason many businesses chose not to incur the overhead of secure communications. If there were servers on the internet which automatically displayed all plaintext e-mail messages which passed through them as webpages (for the bored, curious, and opportunistic), THEN everyone would see the value of encrypted e-mail. --- jamesd at echeque.com wrote: > ... > The big lack of demand for encryption by Joe Sixpack is a > result of the lack of financial transactions using the > internet between Joe sixpack and Bob sixpack. > > --digsig > James A. Donald > ===== end LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com From juicy at melontraffickers.com Fri May 24 12:40:27 2002 From: juicy at melontraffickers.com (A.Melon) Date: Fri, 24 May 2002 12:40:27 -0700 (PDT) Subject: Joe Sixpack doesn't run Linux Message-ID: <9d899dd2cd24626ac04924f4e47fa6d8@melontraffickers.com> On Fri, 24 May 2002, Curt Smith wrote: > The lack of e-mail detailing financial transactions is also the > reason many businesses chose not to incur the overhead of > secure communications. > > If there were servers on the internet which automatically > displayed all plaintext e-mail messages which passed through > them as webpages (for the bored, curious, and opportunistic), > THEN everyone would see the value of encrypted e-mail. http://www.shmoo.com/~pablos/pages/RandomMailReader.html From mv at cdc.gov Fri May 24 13:11:56 2002 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 24 May 2002 13:11:56 -0700 Subject: have you got a license for that A to D converter? Message-ID: <3CEE9E8B.5E8CCBCA@cdc.gov> At 11:19 AM 5/24/02 -0400, Trei, Peter wrote: >In the name of protecting their business model, the MPAA >proposes that every analog/digital (A/D) converter - one of >the most basic of chips - be required to check for US >government mandated copyright flags. Amazing how the fates are turning yesterday's black humor into reality.. At 11:19 AM 5/24/02 -0400, Trei, Peter wrote: >My mind has been boggled, my flabbers have been ghasted. Reminds me of some others getting ghabberflasted too: >I'm apoplectic at the sheer chutzpah. ---Stanton McCandlish (on some other e-atrocity-law/powergrab) >Ok. That's pretty much my limit. ---"Black Unicorn" on DCMA bust of Russian reverse engineer of Adobe tools And various things others have said about draining the Potomoc swamps... From contrary at fastmail.fm Fri May 24 07:11:25 2002 From: contrary at fastmail.fm (contrary) Date: Fri, 24 May 2002 14:11:25 +0000 Subject: NAI pulls out the DMCA stick Message-ID: <20020524141125.7C71F6DA1D@www.fastmail.fm> On Fri, 24 May 2002 17:13:18 +1200 (NZST), "Peter Gutmann" said: > "contrary" writes: > > >As long as you obtain your S/MIME certificate from an apporved > >CA, using an > >approved payment method and appropriate identification..... > > The only CA-issued certs I've ever used were free, and under a bogus > name. > Usually I just issue my own. You really need to find a better strawman > than > this if you want to criticise S/MIME. > > Peter. > OK, likewise. But I guess my point (if I had one) is that regardless of technical, usage, privacy and trust issues there is also one of linkage between a nym and meatspace. With pgp, it's easy to generate a new keypair, label or sign it anyway I care to, and exchange and use it for a single interaction. Relatively easy. (Joe Sixpack-'O-Bass-Ale) S/MIME certificates (by which I may just mean commercial CA's) seem mostly directed at strong authentication for commerce, and lean heavily toward linking to a credit card, driver's license number, or credential. This is a Good Thing for cryptography and for commerce, but not for 'nymity. Also not for "undeclared privacy" which is privacy that occurs below the attention threshold and without the permission of the censors. -- contrary contrary at fastmail.fm -- Access all of your messages and folders wherever you are! http://fastmail.fm - Get your mail using the web or your email software From morlockelloi at yahoo.com Fri May 24 14:23:44 2002 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Fri, 24 May 2002 14:23:44 -0700 (PDT) Subject: Joe Sixpack doesn't run Linux In-Reply-To: <20020524192154.92294.qmail@web11601.mail.yahoo.com> Message-ID: <20020524212344.38619.qmail@web13208.mail.yahoo.com> > If there were servers on the internet which automatically > displayed all plaintext e-mail messages which passed through > them as webpages (for the bored, curious, and opportunistic), > THEN everyone would see the value of encrypted e-mail. Most of them do ... they are called MAEs - it's just that *you* don't belong to the set of people that get to see it. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com From mv at cdc.gov Fri May 24 15:42:15 2002 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 24 May 2002 15:42:15 -0700 Subject: Joe Sixpack doesn't run Linux Message-ID: <3CEEC1C7.4AE29850@cdc.gov> At 12:21 PM 5/24/02 -0700, Curt Smith wrote: >If there were servers on the internet which automatically >displayed all plaintext e-mail messages which passed through >them as webpages (for the bored, curious, and opportunistic), >THEN everyone would see the value of encrypted e-mail. Hmm, didn't Sircam do a bit of that? But it sent files, not your entire mail spool; and it didn't try too hard to broadcast (it could have always forwarded a copy to usenet in addition to your contacts). Not sure if disk-encryption would have helped; it just would have sent one of the open (cleartext) files. Sircam forwarding a saved, encrypted email would have been harmless modulo traffic analysis. To encourage WiFi encryption you could use a high-gain antenna and anonymously (re) broadcast traffic you found. And publicize the site. Don't do this too early during deployment or you'll stunt the early growth. From mando at insurancemail.net Fri May 24 12:54:01 2002 From: mando at insurancemail.net (M & O Marketing) Date: Fri, 24 May 2002 15:54:01 -0400 Subject: 6% Commission on 12 Month "CD-Style" Annuity Message-ID: <220bd101c2035c$c018f1d0$3201a8c0@insuranceiq.com> The M&O Annuity Guru Versus The M&O Commissioner ...in Mortal Combat The 12 Month "CD Style" Annuity 3.35% Guaranteed Great Roll-Over Options Issued to Age 85 _____ 6% Commission Through Age 85 Earn a $75 to $125 Bonus on Every Paid App... No Limit! Bonus Offer Expires July 31, 2002 Call or e-mail M&O Marketing Today! (800) 862-0504 ? or ? Please fill out the form below for more information Name: E-mail: Phone: City: State: We don't want anyone to receive our mailings who does not wish to. This is professional communication sent to insurance professionals. To be removed from this mailing list, DO NOT REPLY to this message. Instead, go here: http://www.Insurancemail.net Legal Notice -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 8743 bytes Desc: not available URL: From ericm at lne.com Fri May 24 16:40:36 2002 From: ericm at lne.com (Eric Murray) Date: Fri, 24 May 2002 16:40:36 -0700 Subject: S/MIME and web of trust (was Re: NAI pulls out the DMCA stick) In-Reply-To: <3CEE2134.2450.C43632@localhost>; from jamesd@echeque.com on Fri, May 24, 2002 at 11:17:08AM -0700 References: <20020522110202.A1992@lightship.internal.homeport.org> <006501c2022a$cf4765c0$c33a080a@LUCKYVAIO> <3CEE2134.2450.C43632@localhost> Message-ID: <20020524164036.A12498@slack.lne.com> On Fri, May 24, 2002 at 11:17:08AM -0700, jamesd at echeque.com wrote: > -- > On 23 May 2002 at 0:24, Lucky Green wrote: > > Tell me about it. PGP, GPG, and all its variants need to die > > before S/MIME will be able to break into the Open Source > > community, thus removing the last, but persistent, block to an > > instant increase in number of potential users of secure email by > > several orders of magnitude. > > My impression is that S/MIME sucks big ones, because it commits > one to a certificate system based on verisign or equivalent. It uses X.509, which is supposed to be a hierarchical certificate system. Verisign is just the dominant X.509 CA. But as others have pointed out, its possible to become one's own X.509 CA and issue oneself certs. Netscape and IE browsers will accept certs from completely made up CAs. You might have to click on a few "do you really want to do this" dialog boxes but that's it. All you need is a copy of Openssl and directions off a web site.. Additionally, there is nothing that prevents one from issuing certs that can be used to sign other certs. Sure, there are key usage bits etc but its possible to ignore them. It should be possible to create a PGP style web of trust using X.509 certs, given an appropriate set of cert extensions. If Peter can put a .gif of his cat in an X.509 cert there's no reason someone couldn't represent a web of trust in it. Each user would self-sign their cert. Or self-sign a CA cert and use that to sign a cert, same thing. Trust would be indicated by (signed) cert extensions that indicate "I trust Joe Blow X amount as a signer of keys". Each time you added a trust extension you would generate a new cert using the same key. Each trust extension would indicate the entity, their key id (hash of public key), and the degree of trust. When you added a trust extension you'd give a copy of the enw cert to the entity you just added. They can then append these certs onto their cert when they authenticate to someone. When authenticating, you verify the other guys cert, something he signed with his private key, then all the other people's certs that he sends in addition to his own, all of which attest to his trustworthiness. Ideally, you also trust some of the same people, so you now have their signed "statements" attesting to a degree of trust in the new guy. [note, there's probably a conceptal flaw in this since I'm loopy from allergy drugs today and probably not thinking as clearly as I think I am, so be polite when you point out my error. In any case, the point is that its possible to do a web of trust in x.509, not that I have a fully formed scheme for implementing it] Since all this is in X.509, S/MIME MTAs accept it (unless they are programmed to not accept self-signed CAs, in which case your MTA is a slave to Verisign et. al). You'd need an external program to verify the web of trust, but that's about it. And to be honest, exactly zero of the PGP exchanges I have had have actually used the web of trust to really verify a PGP key. I've only done it in testing. In the real world, I either verify out of band (i.e. over the phone) or don't bother if the other party is too clueless to understand what I want to do and getting them to do PGP at all has already exausted my paticnce. But why bother? Even if I could do this X.509 web of trust tomorrow, no one besides a few crypto-geeks would use it. People just don't give a shit about other people reading their email. Most people can't even be bothered to use a decent password or shred their credit-card statements. Only criminals have anything to hide, right? -- Eric From ljaehee at korea.com Fri May 24 01:01:47 2002 From: ljaehee at korea.com (gift) Date: Fri, 24 May 2002 17:01:47 +0900 Subject: []ڵ ̴Ͼó Message-ID: <200205240818.DAA22114@einstein.ssz.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1432 bytes Desc: not available URL: From ericm at lne.com Fri May 24 17:03:56 2002 From: ericm at lne.com (Eric Murray) Date: Fri, 24 May 2002 17:03:56 -0700 Subject: NAI pulls out the DMCA stick In-Reply-To: <20020524190748.51943.qmail@web11605.mail.yahoo.com>; from objectpascal@yahoo.com on Fri, May 24, 2002 at 12:07:48PM -0700 References: <200205240511.RAA43173@ruru.cs.auckland.ac.nz> <20020524190748.51943.qmail@web11605.mail.yahoo.com> Message-ID: <20020524170356.B12498@slack.lne.com> On Fri, May 24, 2002 at 12:07:48PM -0700, Curt Smith wrote: > While we are on the subject of issuing your own X.509 > certificates: > > 1. How do you create a X.509 signing hierarchy? Do a web search on "openssl certificate authority". > 2. Can you add additional algorithms (ie. Twofish)? Yes, if the libraries you use support them. Note that twofish, being a symetric algorithm, would not be used in certificates. Public key and hashes only. > 3. Is a relavent developer reference is available for X.509? X.509 is an ITU/T standard, which means, among other things, that they charge money for copies. You can find copies on the net though. Being ITU/T also means that the standard is written in a format and style that is designed to be incomprehensible as possible. This keeps the professional meeting-goers who write these things from having to search for honest work. The documents get progressively less understandable over time, so its best to start with the 1988 version. PKCS#6 explains X.509 as well and is easier to understand. Peter Gutman's X.509 Style Guide is quite comprehsnsible and also pretty funny after you have spent time trying to decipher X.509 or any other X.whatever standard. Peter also has a neat utility called dumpasn.1 which you will want if you start diddling X.509 certs. Openssl is probably the most common library for doing cert stuff these days. Unfortunately the docs for Openssl are pretty much non-existent and the ASN.1 code is particularly difficult to understand. Eric From pgut001 at cs.auckland.ac.nz Thu May 23 22:04:18 2002 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Fri, 24 May 2002 17:04:18 +1200 (NZST) Subject: NAI pulls out the DMCA stick Message-ID: <200205240504.RAA43129@ruru.cs.auckland.ac.nz> Adam Shostack writes: >Are you claiming that S/mime no longer has the enourmous compatability >problems it used to have? It never had much in the way of compatibility problems (see e.g. RSA's S/MIME interop page, if it still exists - even Microsoft's implementation would interoperate without any real trouble). It *did* have a problem that the compatibility was typically at the level of RC2/40. This hasn't been an issue since the export controls were lifted. >Is there any Open source implementation of the protocol? Well, there's http://www.cs.auckland.ac.nz/~pgut001/cryptlib/index.html for starters, which has been around for some years. Peter. From pgut001 at cs.auckland.ac.nz Thu May 23 22:13:18 2002 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Fri, 24 May 2002 17:13:18 +1200 (NZST) Subject: NAI pulls out the DMCA stick Message-ID: <200205240513.RAA43189@ruru.cs.auckland.ac.nz> "contrary" writes: >As long as you obtain your S/MIME certificate from an apporved CA, using an >approved payment method and appropriate identification..... The only CA-issued certs I've ever used were free, and under a bogus name. Usually I just issue my own. You really need to find a better strawman than this if you want to criticise S/MIME. Peter. From pgut001 at cs.auckland.ac.nz Thu May 23 23:55:09 2002 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Fri, 24 May 2002 18:55:09 +1200 (NZST) Subject: Joe Sixpack doesn't run Linux Message-ID: <200205240655.SAA75786@ruru.cs.auckland.ac.nz> Meyer Wolfsheim writes: >S/MIME support is in just about every popular email client out of the box. >Why is PGP more widely used? > >[Good reasons snipped] Those who care about security [0] use PGP, the rest use S/MIME. To steal a line from Hexed: "S/MIME: For people who could care less". Actually it's not even that, it's closer to: "Plaintext: For people who could care less". I have yet to exchange an encrypted S/MIME message of any significance with anyone, ever. Even if the other side is using an S/MIME-enabled mailer, we usually end up using PGP even if it means having to try half a dozen different versions to find one which will process the other side's messages. While I'm in a quoting mood, there's also Marshall Rose's comment about X.400 to steal: Two people meet at a conference and exchange email addresses. They get back to their offices and want to communicate securely. If both sides are using PGP x.y.z, they communicate securely. If one side is using PGP x.y.z and the other isn't, they wait for a message and then keep trying different PGP versions until they find one which will process the message. If they aren't using PGP, they communicate in plaintext and hope no-one's listening. (In case that's forwarded or quoted out of context, this is a comment on a social issue, not a software issue). Peter. [0] With the corollary: "and aren't government users", S/MIME is used a fair bit in certain areas, it just doesn't get much public exposure. From emc at artifact.psychedelic.net Fri May 24 21:03:26 2002 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Fri, 24 May 2002 21:03:26 -0700 (PDT) Subject: When Will Terror Videos be Banned Message-ID: <200205250403.g4P43fd13271@artifact.psychedelic.net> The FBI currently has its shorts in a wad over the numerous Web sites featuring the short but poignant last moments of Wall Street Journal reporter Daniel Pearl. Clearly, as our War on Terrorism(tm) progresses, it is not unlikely that terrorists will kidnap and kill more Americans and email video clips of their last twitches to the media, and it is not unlikely that various web sites specializing in stomach-turning will place them online for public viewing. Creation, sale, or possession of child porn is illegal. Creation, sale, or possession of depictions of animals being harmed in an illegal manner is illegal as well. It seems unlikely that creation, sale, or possession of depictions of Americans being harmed in an illegal manner by political extremists will remain legal for long. When this happens, will this mean that the First Amendment is then officially brain dead, and may be disconnected from life support, and anything will be able to be banned, because "We're at War." When the inevitable law is written, where will the ACLU and EFF stand? Are they willing to take the heat and be labeled as supporters of terrorists? I bet if you polled the Sheeple today, they would be more than happy to give life in prison to anyone who looks at the Pearl video and snickers inappropriately. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From DaveHowe at gmx.co.uk Fri May 24 13:13:35 2002 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Fri, 24 May 2002 21:13:35 +0100 Subject: NAI pulls out the DMCA stick References: <20020524190748.51943.qmail@web11605.mail.yahoo.com> Message-ID: <003a01c2035f$80d033a0$01c8a8c0@p800> > 1. How do you create a X.509 signing hierarchy? by issuing other people's keys with a subordinate CA certificate.? From rah at shipwright.com Fri May 24 20:06:37 2002 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 24 May 2002 23:06:37 -0400 Subject: MCI: Money Crimes Incorporated? Message-ID: See: I remember hearing "I can get you MCI OC3's *real* cheap..." out of Hughes, Hilby, and Co. at Simple Access, back in the day. Now I know why. Cheers, RAH http://www.forbes.com/forbes/2002/0610/064_print.html Ring of Thieves Neil Weinberg, 06.10.02 MCI introduced Walter Pavlo to a world of armed thugs, duffel bags stuffed with cash and phony accounting. Now, sitting in a South Carolina prison, he points a finger back at his former employer. Walter Pavlo has plenty of time these days to walk the track inside South Carolina's secluded Edgefield prison. He takes a daily stroll with Mark Whitacre, the Archer Daniels Midland whistle-blower who is serving a ten-and-a-half-year sentence for fraud. Surrounded by drug convicts, camp fences and rolling woodlands, they chat about their pasts and draw parallels to the scandals swirling around big corporations now--at Enron, at Arthur Andersen, in telecom. Pavlo, blond and still boyish at 39, committed his crimes at MCI as the telecom business roared in the mid-1990s. He is in the 15th month of a 41-month sentence for obstruction of justice, money laundering and mail fraud. An unremarkable rank-and-filer in a 25-person billing department, he says he cooked the books, under pressure from higher-ups, to help bolster MCI's growth. Pavlo employed an array of tricks--taught to him, he says, at MCI--to hide hundreds of millions of dollars in aging bad debts and clearly uncollectable receivables owed by a raft of upstart telecom resellers. In the process, he used the same sleight of hand to skim $6 million on the sly for himself and a couple of partners; for that he is doing soft time. The resellers stoked growth at a time when MCI, lit up by the halo of the Internet frenzy, was prettying itself up for a sale to someone bolder. The company, with Walter Pavlo's copious assistance, granted easy credit to dozens of fly-by-nights looking to lease its lines and resell service to businesses and consumers. It blithely let just about anyone, from raw rookies to pornographers and astrological touts, run up tens of millions of dollars in bills. Then, Pavlo says, MCI kept the receivables on its books long after any real hope of collecting had vanished--with the resellers themselves, in some cases. Banks, eager for high interest and fees, financed it all. It was his job, he says, to hold these losses to a minimum, even if doing so required deceptive means. His actions benefited MCI. The company filed a proxy with the Securities & Exchange Commission recommending a $20 billion buyout by British Telecom in 1997, just days after management knew it had fraud on its hands, according to a brief filed by a group of banks that sued MCI in 1997. That deal collapsed, and MCI then accepted a $41 billion offer from WorldCom months later. MCI denied the banks' allegations and has claimed it was duped by its own employees. At MCI only Pavlo and James B. Wilkie, a senior manager, have been punished (along with a third partner, an outsider named Harold R. B. Mann). For five years Pavlo has wondered when someone might take a hard look at the four levels above him, from his boss up to the chief financial officer--Douglas Maine, who later became chief financial officer at IBM and now runs its online arm--and above him to MCI chief executive Bert C. Roberts, who now is chairman of WorldCom. And so when Pavlo learned one day in March, as he sat reading in the prison library, that the SEC is investigating whether there were any accounting misdeeds at WorldCom, he had one sentiment: "It's about time." He believes the remnants of his stunts are buried in a $685 million pretax charge for bad receivables that WorldCom took in October 2000. The company blamed the big charge ($405 million after tax benefits) on a handful of customers' going bankrupt in the previous quarter. Pavlo argues that the charge was, rather, a way to use the industry downturn to mask the writeoff of receivables that had been rotting for years on the books of MCI and WorldCom, artificially boosting profits. "This story is bigger than Walt Pavlo heisting money from MCI and going to jail," says Walt Pavlo. "This is about corruption of telecom, with lots of games. I didn't come to MCI knowing how to hide accounts receivable." Pavlo is a convicted felon and an accomplished liar. But his claims have some supporters. A shareholder lawsuit, dismissed in April and now under appeal, makes the same claim about the October 2000 writeoff. The SEC seems to harbor similar suspicions, and in March it asked WorldCom to list the carriers included in the big charge, how much each owed and how old their debts were. WorldCom says the charge was proper but declines to comment about the SEC's inquiry or events at MCI. Pavlo seemed an unlikely candidate for scandal. He grew up mostly near Sistersville, W. Va. and Savannah, Ga., with two younger brothers. His father describes Walter Jr. as a hard worker who started at quarterback in high school one season, more out of grit than athletic ability. Pavlo earned an industrial engineering degree at West Virginia University and an M.B.A. at Mercer in 1991. After working at Goodyear Aerospace, where he met his wife, Rhoda, he joined MCI in 1992 at age 29. He was assigned to head a four-person group in the sleepy carrier finance department in Atlanta, which handled about $240 million a month in billings in 1993. MCI and the entire telecom business were on the cusp of big change. After rising more than thirtyfold in 20 years, MCI's stock lost ground in 1994 and 1995. A year later deregulation promised to upend old monopolies and raze barriers to new competition, and soon MCI was in play. The smell of fast money was in the air. A raft of new resellers began buying contracts to repackage MCI capacity as cut-rate long-distance, prepaid phone cards and caller-paid 900 numbers. For MCI and other big carriers it was a godsend. Consumer long distance was getting cutthroat. Margins on big corporate accounts were thinning. Resellers were another story. Most started small and paid rates with gross margins of 50% or more. Some doubled or tripled billings in a month. The torrid growth set off a tug-of-war inside MCI: The sales side pursued resellers with alacrity, but the finance side worried about the resellers' ability to pay their bills. "Everyone who dealt with MCI considered them feudal and schizophrenic," says the chief of one prepaid-card service. By 1995 Pavlo had risen to senior manager and the carrier finance unit had grown to 120 employees. It was handling $650 million in collections a month. About 10% of sales, but a far larger slice of profits, came from resellers. At 32, Pavlo was the department's "target man," charged with handling high-risk accounts, collecting receivables and coming up with creative ways to dispose of them. It was a job Pavlo performed well, Ralph McCumber, his boss until the spring of 1996, stated in a deposition taken in the banks' 1997 lawsuit charging MCI with fraud. But the job was taking a heavy toll on Pavlo. MCI signed up resellers by the dozen and let bad billings mount. When Pavlo went out into the field to dun the debtors, he found a wild and woolly world. One prepaid calling card outfit, Caribbean Telephone & Telegraph in Bloomfield Hills, Mich., signed on in early 1995. By midyear CT&T owed MCI $30 million, Pavlo says. The small firm's debt swelled faster than MCI could even track it; MCI took 60 days to get a bill out and waited another 15 days before it came due. Pavlo visited CT&T's office in lower Manhattan, seeking payment, but owner James Franklin insisted he couldn't afford to pay. Really? Pavlo says he spotted duffel bags of cash, armed guards and money-counting machines. Pavlo returned to Atlanta empty-handed and convinced that CT&T's pleas of poverty were a bit exaggerated. By February 1996 MCI had cut off service to CT&T, which had filed for Chapter 11 bankruptcy protection. Franklin blamed CT&T's problems on slow payments from its own customers. At the Las Vegas office of one prepaid-card shop, Hi-Rim, a colleague of Pavlo's showed up to demand payment--and a Hi-Rim official threatened to go get his gun, the colleague says. Another reseller, Tel-Central, had a bit of star power: It was run by Dennis D. McLain, a 30-game winner as a Detroit Tigers pitcher who later was convicted of money laundering, theft and mail fraud. By early 1996 Tel-Central owed MCI up to $30 million and had been cut off. McLain was indicted in 1998 along with John A. (Junior) Gotti in a phone-card scam, but the charges were dropped in 1999. McLain is now doing time for stealing $3 million from Peet Packing's pension fund. Big carriers added to the problems by locking resellers into "ramp-up" contracts that charged them set prices for an increasing number of minutes. Many soon found rivals retailing service at prices below what they had paid wholesale. For resellers, the choice was simple: Either keep collecting from their customers, stop paying MCI and pocket wads of cash--or pay MCI and go bankrupt. The uncollected bills got so bad that managers at MCI, WorldCom, Sprint and elsewhere discussed setting up a database to track offenders. Pavlo was feeling the strain of it all. He was coming to work at 5 a.m. and staying late. He traveled constantly. Yet the more he worked, the worse the finances got. Until 1995 his group's bad debt had run $10 million or so a year, well within range of the unit's 2% ceiling. Accounts more than 90 days past due remained in the 5% to 7% target range. But 1995 bad debt came in at $90 million, and 90-days-late accounts had ballooned. Pavlo sent his superiors a memo on Jan. 4, 1996, warning of $88 million, and possibly more, in reseller receivables that MCI was unlikely to collect, the plaintiff banks allege. Accounting rules urge firms to write down such assets as soon as they realize they will not collect. But that means adding to bad debt reserves or posting a special loss, hurting earnings. The banks alleged that James Folk, vice president in charge of revenue operations, revealed the threat to Don Lynch, a senior vice president reporting to Chief Financial Officer Douglas Maine. Pavlo says he got word back via Steven Rubio, an accounting senior manager: Whatever the numbers said, the 1995 carrier bad debt charge would be $15 million. "We can't let this revenue get away. It's not in the plan," Pavlo says he was told. Folk, who has since left MCI, now lives in Olney, Md., Lynch is a telecom consultant in Fairfax, Va., Maine runs IBM.com and Rubio now is WorldCom's assistant controller. All four declined to comment. Pavlo says he, Rubio and other MCI financial planners started meeting monthly to discuss the extent of the problem and how to make it go away. By early 1996 they had found an ingenious way to keep a creaky unpaid bill off the past-due ledger: Turn it into a promissory note. MCI's carrier finance group did this on a large scale for the first time in early 1996, decreeing that CT&T owed $100 million on a promissory note. Recognizing that Hi-Rim was also going to welch, MCI disconnected it in March of 1996, wrote up a promissory note for at least $35 million and carried the balance into 1997, according to the deposition testimony in the banks' lawsuit, taken from James Wanserski, director of finance for credit and collections and Pavlo's boss from March 1996 onward. Wanserski, who now works for Arthur Andersen in Atlanta, declined comment. Pavlo says MCI had to have known the promissory notes were next to worthless but nonetheless told auditors it expected to collect 75% of face value. Even the promissory gimmick, however, couldn't keep pace with MCI's rising balance of bills 90 days late. So Pavlo and colleagues resorted to another trick: misapplying so-called "unapplied cash," money customers sent in without specifying the bill it was intended for. At the end of each month a member of the carrier division went around asking, "Who needs money?" Typically, $1 million to $2 million was doled out to cover older accounts, according to Pavlo and two other former members of the department. Another tactic: postdating invoices. "Accounting was real loose," says a former financial analyst in the department. "We'd move money around to keep over-90s down and managers off our backs." "Placeholder credits" were another tool. The carrier finance department used them to credit a customer for up to several million dollars in payments as if the money had already been received, when it hadn't yet arrived at MCI. Sometimes the money behind a placeholder never showed up. In one case, Hi-Rim said it was sending a payment via FedEx. Pavlo's group credited its account and tracked the payment's progress. When the envelope was opened, says the former analyst, it was empty. Placeholder credits apparently became common at MCI. "Competition among business divisions" over which one had the "youngest" receivables "has stimulated the posting of memo entries in advance of actuals," Folk, the revenue operations chief, wrote in a 1997 e-mail quoted in a lawsuit later filed by an MCI partner. "In time this practice became more the rule than the exception." Folk admitted in a deposition that this had led to "fudging" the age of receivables on MCI's books. What was in it for employees? "They get to keep their jobs." Pavlo was stuck: He knew customers were taking in piles of cash yet refusing to pay their bills; he says his MCI bosses knew of the chicanery but refused to write off the receivable. Increasingly, he feared for his job and fretted about falling into legal jeopardy. He was drinking heavily--and growing resentful. Even if MCI sold out at a premium, Pavlo wasn't going to get rich like top managers. He earned $70,000 and had vested options worth less than his salary. "I'm getting instructions from other parts of MCI that aren't in writing, like 'Make the bad debt $15 million,' but I'm the only one with my name all over this stuff," he says. "I started to feel I was going to be made into a scapegoat." In early 1996 Pavlo complained to a pal and customer, Harold Mann of Iris Enterprises, a caller-paid 900 service that handled phone sex, a lottery for fishing licenses in North Dakota and fundraising for racist David Duke. Mann soon became a central player (and codefendant) in MCI's reseller scandal, along with James Wilkie, Pavlo's buddy and senior manager in MCI's carrier finance unit. Mann introduced Pavlo to Mark Benveniste, president of Manatee Capital, an Atlanta firm set up in 1994 to factor, or collect, debts, for caller-paid phone services, including Mann's Denmark Dial. Why not move up the food chain, acting, in effect, as a factor for MCI? Benveniste proposed that Manatee could deliver MCI's receivables in days instead of months by collecting from resellers' clients directly. The only catch was that factoring reseller receivables was risky. Benveniste told Pavlo the only way he could get bank financing was for MCI to cover any collections shortfalls. Why not? Pavlo figured. MCI was out the money anyway. In March 1996 Pavlo met with Benveniste and several executives of National Bank of Canada at the swank Georgia Club in Atlanta. He told the bankers why MCI liked the factoring deal and said he was willing to sign a guarantee. After the meeting a loan officer called MCI's switchboard to make sure Pavlo worked there, according to court documents. That, it turned out, was the sum of due diligence for what turned out to be $45 million in revolving credit set up for Manatee by National Bank of Canada, NationsBank (now part of Bank of America) and CIT Group--the banks that ended up suing MCI in the fallout in 1997. Never mind that Pavlo had the power to authorize credits of only $50,000 at most, and that his superiors were unaware of the guarantee. "It's absurd, but that was the level of greed at the table," Pavlo says. Pavlo figured his superiors in finance would dislike the Manatee idea, so he pitched it to Dan Dennis, head of the $7 billion (1996 revenue) carrier division, who loved it, he says. "Walt, you've cornered the market. You control the cash. This product is ingenious," is how Pavlo recalls Dennis responding. At Dennis' urging, Pavlov says he gave the program a name: Rapid Advance. Dennis, who has left MCI and now lives in Michigan, says he doesn't recall discussing such a program with Pavlo. But Rapid Advance soon became big stuff in Dennis' division. In April 1996 MCI began using Rapid Advance to collect from delinquent resellers and lure new customers. It cranked out Rapid Advance banners, stopwatches and CD-ROMs. The sales force had Pavlo pitching it at its meetings. He was a star. Little did MCI management know that Pavlo was working a side deal with Mann. Not long after Rapid Advance was up and running, Pavlo was griping to Mann over drinks at Taco Mac in Atlanta. He cited one reseller, Robert Hilby of Telemedia Networks, who owed MCI $2 million and, Pavlo believed, had no intention of paying. Pavlo said he would love to rip off Hilby right back. Mann said he know how to make Hilby pay--and to pocket some cash in the process, according to Pavlo and Mann. Mann contacted Hilby and offered to have his own factoring firm, Orion Management Services, pay off Telemedia's MCI debt in exchange for a $200,000 upfront commission, 25% of Telemedia and a promise to pay back Orion over five years. Hilby took the offer, Pavlo says. He got a call from Hilby telling him of the Orion deal. Pavlo acted surprised and agreed. He wrote to Hilby, congratulating him for paying up. Then Pavlo and Mann flew first class to the Cayman Islands to party and deposit their $200,000. Pavlo put his account in the name of Parnell Investments, after the street he had once lived on in Savannah. They checked in to the Coral Stone Club and celebrated with Cristal champagne and Cuban cigars. "I felt on top of the world sitting in the middle of Seven Mile Beach," Pavlo says. Orion never paid MCI. Instead, Pavlo used tricks he had learned on the job, like diverting unapplied cash, to strike Telemedia's debt from MCI's books. Hilby could not be reached for comment, but in a deposition in the banks' suit against MCI, Hilby said he warned the carrier as early as October 1996 that he suspected a "conspiracy to defraud" MCI and its resellers. All told, Pavlo, Mann, Wilkie and at least one other cohort signed on seven resellers with Orion. That included Tel-Central, Denny McLain's old outfit. They figured that by owning a piece of the resellers and forcing them into Manatee-style factoring deals, they could keep some money flowing to MCI and still skim off a nifty slice. Orion also skimmed money from four Manatee customers by making bogus claims against them and diverting payments as they came in, Pavlo says. For a while, Pavlo says, he felt "bulletproof." Orion was bringing in tens of thousands of dollars a week and paying his wife $100,000 a year (though she held a full-time job elsewhere). Pavlo was wearing custom-tailored suits, tooling around in limos and flying to the Caymans regularly. Orion even bought the little West Virginia steel business where his father worked. He knew his actions were wrong. "Was it legal? No. Was it unethical? Absolutely," he says. "I know that now. But at the time you find yourself in a situation like this and somehow justify it." In August 1996 Pavlo visited Atlanta's exclusive Chateau Elan to brief senior MCI execs in town for the Summer Olympics. Pavlo says he reported that MCI held $170 million in doubtful reseller accounts. Wanserski, who also attended the meeting, said in a deposition later that senior management discussed the debts of CT&T and the likelihood that writeoffs could soar. "We just can't let this happen," Don Lynch, the senior vice president, responded in a conference call to the Atlanta group, Pavlo says. Pavlo left the meeting angry. The accounting games continued. Two months later, in October 1996, Wanserski flew to Washington D.C. to brief Chief Financial Officer Doug Maine on carrier bad debt. Maine declines to comment on the result. The following month, British Telecom announced plans to buy MCI for $20 billion in the largest cross-border deal ever. If it went through, many senior MCI managers would reap overnight riches. It was then, Pavlo says, that his boss, Wanserski, took him into his office and told him: "You have to get us through this purchase." But Pavlo was slipping. As the numbers mounted, it was becoming increasingly tough to disguise Orion's theft on MCI's books. Pavlo was gobbling Prozac and drinking a half-bottle of scotch a night. In January 1997 a carrier division analyst noticed that part of a $41.5 million payment WorldCom had made for using MCI's network had been posted elsewhere. At first the analyst thought it was just another "covering of agings." But it was too big. Pavlo had shifted $5 million to Denny McLain's Tel-Central in a desperate bid to cover his theft. Wanserski sent an e-mail to Pavlo, who was at the Four Seasons at Rancho Mirage, Calif., and demanded a call at 4:30 local time the following morning, Pavlo says. He stayed up all night drinking and popping antidepressants. Wanserski wanted him back in the office immediately. Pavlo said there was nothing to talk about. Pavlo never returned to the MCI office. An investigation soon uncovered his role. According to a brief filed by the banks, by March 3, 1997 Wanserski and Folk knew MCI had fraud on its hands. Saying nothing, MCI filed a proxy four days later, recommending the BT merger. Shortly afterwards James Folk, the boss of Pavlo's superior as vice president of revenue operations, discussed the events leading up to the fraud in an internal e-mail. "The second half of 1995 saw big growth in the carrier segment, which brought in unethical and shady companies," Folk wrote, according to a deposition he gave the following year in a breach-of-contract lawsuit that Manatee filed against MCI. The banks, still counting on Pavlo's MCI guarantee, kept pushing Manatee to lend more. Unaware that Pavlo had been fired, they hiked Manatee's credit limit to $30 million in March and to $45 million two months later. The legal wrangling began in the fall of 1997 when, seven months after it uncovered Pavlo's scam, MCI reported it to the banks. Out at least $28 million, they sued MCI for racketeering, fraud and breach of contract. The suit, in the U.S. District Court in Atlanta, charged MCI with using Rapid Advance to keep overstated assets on its books, avoid writeoffs and "conceal misconduct, including the alteration and falsification of MCI's financial books and records." Manatee owner Jack T. Hammer sued MCI for breach of contract. MCI countersued the banks and Manatee for negligent misrepresentation, fraud and civil conspiracy. MCI claimed that Pavlo, Mann, Wilkie and Benveniste used Orion to divert funds from its resellers to accounts they controlled in the Caymans and then doctored MCI's accounts to hide the theft. Shortly thereafter, a grand jury began looking into the fraud charges against Pavlo and his co-conspirators. Wilkie turned himself in to federal prosecutors in 1998 and received jail time. The maze of suits and countersuits was so complicated it took another two years to get to court. By then WorldCom owned MCI. It agreed in April 2000, on the second day of trial in the banks' case, to pay them $8 million. Manatee owner Jack Hammer received $1 million, though former president Benveniste is still fighting fraud charges in court and has pleaded not guilty. After Pavlo was found out in early 1997, he was constantly looking over his shoulder, fearing he was being followed by the feds. Finally, in the summer of 2000, he walked into the FBI office in Atlanta to cut a deal. He entered a guilty plea in October 2000--the same month WorldCom announced the $685 million write-off now under SEC scrutiny. Pavlo entered prison in March of last year to serve 41 months but hopes to reduce it by 10 months by completing an alcohol treatment program. Harold Mann will begin a 54-month sentence this summer. James Wanserski, Pavlo's ex-boss, stepped down when the scandal broke in October 1997. He was paid his $138,752 salary, plus a $50,000 incentive for cooperating in MCI's defense and for not disparaging the firm. The day after the agreement expired in 1998, he joined WorldCom's auditor, Andersen, in Atlanta. The drama continues. Pavlo and Mann insist they have disgorged their entire ill-gotten gain--there's no stash on some island. The shareholder suit filed against WorldCom last year was dismissed by a judge in March but is on appeal. Along with the SEC investigation, it may or may not prove Pavlo to be a legitimate, whistle-blowing crook--just like Mark Whitacre of ADM. "I started out a company man but abandoned that to act selfishly, as I believed others were doing. I was wrong," Pavlo says. "But so were they." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From avufittbuske at hotmail.com Fri May 24 20:37:19 2002 From: avufittbuske at hotmail.com (arucfittbuske@hotmail.com) Date: Fri, 24 May 2002 23:37:19 -0400 Subject: hey baby... hope u remembered me aev Message-ID: <200205250343.WAA00491@einstein.ssz.com> Hey baby... heres my website link u wanted... all my pix and webcam shots of me and my horny girl friends are there;) http://www.netmails.com/members/69errrslut/ I hope my hot wet pussy gets ur cock nice and hard for me babes=) later sexy, mwa! kserqycegyymbcyntnfqymyuj From lo4rist7r47 at hotmail.com Sat May 25 12:52:36 2002 From: lo4rist7r47 at hotmail.com (Emily) Date: Sat, 25 May 2002 00:52:36 -1900 Subject: Lowest Cost Life Insurance Quotes... RZWVMDKEF Message-ID: <00001f594882$00006ec4$00001f40@mx12.hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1427 bytes Desc: not available URL: From rah at shipwright.com Fri May 24 21:59:15 2002 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 25 May 2002 00:59:15 -0400 Subject: MCI, Bob Hilby, Eric Hughes, and Simple Access... Message-ID: Yes. It's the whole article. Life is hard. If you don't want to troll the entire thing :-), just search for "Hilby", below. Whew. It's looking like an ur-cypherpunk or two dodged a bullet, even if some of them did end up getting ripped off themselves, from, you guessed it, non-payment of invoices, plus the odd router or two... Cheers, RAH --- begin forwarded text From kkhk2c8a at prodigy.net Fri May 24 23:42:09 2002 From: kkhk2c8a at prodigy.net (kkhk2c8a at prodigy.net) Date: Sat, 25 May 2002 02:42:09 -0400 Subject: Refinance Your Mortgage [yaypv] Message-ID: <200205250642.g4P6g8S26710@ns1.qiaoxing.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5697 bytes Desc: not available URL: From adam at cypherspace.org Fri May 24 21:13:36 2002 From: adam at cypherspace.org (Adam Back) Date: Sat, 25 May 2002 05:13:36 +0100 Subject: S/MIME and web of trust (was Re: NAI pulls out the DMCA stick) In-Reply-To: <20020524164036.A12498@slack.lne.com>; from ericm@lne.com on Fri, May 24, 2002 at 04:40:36PM -0700 References: <20020522110202.A1992@lightship.internal.homeport.org> <006501c2022a$cf4765c0$c33a080a@LUCKYVAIO> <3CEE2134.2450.C43632@localhost> <20020524164036.A12498@slack.lne.com> Message-ID: <20020525051336.A322193@exeter.ac.uk> On Fri, May 24, 2002 at 04:40:36PM -0700, Eric Murray wrote: > Additionally, there is nothing that prevents one from issuing certs > that can be used to sign other certs. Sure, there are key usage bits > etc but its possible to ignore them. The S/MIME aware MUAs do not ignore the trust delegation bit. Therefore you can not usefully sign other certs with a user grade certificate from verisign et al. If you make your own CA key (with the trust delegation bit set) and self-sign it, S/MIME aware MUAs will also flag signatures made with it as invalid signatures because your self-signed "CA" key is not signed by a CA in the default trusted CA key database. > It should be possible to create a PGP style web of trust using X.509 > certs, given an appropriate set of cert extensions. If Peter can > put a .gif of his cat in an X.509 cert there's no reason someone > couldn't represent a web of trust in it. While it is true that you can extend X.509v3 I don't see how useful it would be to add a WoT extension until it got widely deployed. Recipient MUAs will at best ignore your extensions, and worse will fail on them until support for such an extension is deployed. I view the chances of such an extension getting deployed as close to nil. The S/MIME MUA / PKI library / CA cartel has a financial incentive to not deploy it -- as they view it as competition to the CAs business. Adam From susanwvwvjxmd at mailme.dk Sat May 25 04:53:26 2002 From: susanwvwvjxmd at mailme.dk (susanwvwvjxmd at mailme.dk) Date: Sat, 25 May 2002 06:53:26 -0500 Subject: FREE PORN GET OFF NOW!! Message-ID: <1022324006.2083@something> cypherpunks at algebra.com FREE PORN ACCESS ALL THE PORN YOU CAN HANDLE!! DO ME NOW I WANT YOU TO CUM!!! http://www.netvisionsenterprises.com/pp to opt out removxcccc at excite.com you will be removed instantly plcurechaxf^nytroen(pbz From declan at well.com Sat May 25 04:22:29 2002 From: declan at well.com (Declan McCullagh) Date: Sat, 25 May 2002 07:22:29 -0400 Subject: Jim-Bell-in-prison update Message-ID: <5.1.0.14.0.20020525072208.0223fb20@mail.well.com> http://www.wired.com/news/politics/0,1283,52781,00.html Jim Bell update: Way back in the 1980s, entrepreneur Jim Bell owned a company that sold computer storage devices. Now Bell works in a California prison, demolishing computers and their monitors at the handsome wage of 46 cents an hour. "I've taken a day job destroying computer monitors," Bell said in a phone call from prison this week. "I've gone through about 100 so far." Bell is the infamous author of Assassination Politics, an essay that discusses ways to eliminate bothersome IRS agents. That captured the attention of the feds, who charged him with stalking federal agents. Last year, a jury found Bell guilty and he's been sentenced (PDF) to 10 years. Bell says that it's easy to destroy a monitor without making it implode. "That almost never is impressive, particularly if you do it right," he says. "There's a little nib at the end of the CRT that if you hit it just right with the hammer it creates a small hiss. There's an ooomph if someone drops the monitor, but other than that it's pretty innocuous." He gets paid by Unicorp, the Justice Department-affiliated business that markets prison labor to federal agencies. Eventually, Bell says, he'll be making $1.07 an hour. "Some day." From ravage at einstein.ssz.com Sat May 25 07:40:05 2002 From: ravage at einstein.ssz.com (Jim Choate) Date: Sat, 25 May 2002 09:40:05 -0500 Subject: Slashdot | Comcast Sued Over Internet Data Gathering Message-ID: <3CEFA245.66BE38B7@ssz.com> http://yro.slashdot.org/yro/02/05/25/129226.shtml?tid=158 -- -- ____________________________________________________________________ A witty saying proves nothing. Voltaire ravage at ssz.com www.ssz.com jchoate at open-forge.org www.open-forge.org -------------------------------------------------------------------- From mv at cdc.gov Sat May 25 10:23:06 2002 From: mv at cdc.gov (Major Variola (ret)) Date: Sat, 25 May 2002 10:23:06 -0700 Subject: Geopolitical Snuff Film, 2002; Rating: 3 jets Message-ID: <3CEFC87A.E94E7E3D@cdc.gov> At 09:03 PM 5/24/02 -0700, Eric Cordian wrote: >The FBI currently has its shorts in a wad over the numerous Web sites >featuring the short but poignant last moments of Wall Street Journal >reporter Daniel Pearl. >It seems unlikely that creation, sale, or possession of depictions of >Americans being harmed in an illegal manner by political extremists will >remain legal for long. NB: KaZaa has versions in .asf, .mpg, and .ram copied from the net. Some of the web sites mentioned in the Wired article are still up, so historians, archivists, librarians, spooks, professors, reporters, and other academic-jihadi can check out the film from there --or can receive upon request anonymous copies if the web sites find a black boot stomping their face, forever. The film contains political messages which the government doesn't want you to hear: americans are toast in pakistan because of their government's middle-eastern interference. Hardly surprising. No hostility towards democracy, freedom, or Brittney Spears. They use rolling-text to print their concerns in english, and use simple fades, so they have some video-production facility. They also want their F-16s that they paid for (and never got), which is the only comic relief in the film. Pearl looks dead already when they sever his neck. (Cf the "Russian soldier snuff film") He doesn't look stressed when he talks about his jewish and Israeli ties, though of course he's been kidnapped and is under duress. Released 2002, originally in PAL format Producers: Pakistani Islamic Jihad, LLP Rating: Not yet rated. Some decapitation (on par with any surgery web site) no drugs, no foul language. Actors: Daniel Pearl, unknown Jehadi staff Cameos by various dead palestinians babies --- No, I don't know that unbelievers should be considered as citizens, nor should they be considered patriots. This is one nation under Allah. -GW Bush From hju4mb at earthlink.net Sat May 25 06:14:49 2002 From: hju4mb at earthlink.net (hju4mb at earthlink.net) Date: Sat, 25 May 2002 15:14:49 +0200 Subject: End your IRS tax problems [jqv36] Message-ID: <200205251314.PAA19912@ntiis> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4477 bytes Desc: not available URL: From jamesd at echeque.com Sat May 25 15:44:29 2002 From: jamesd at echeque.com (jamesd at echeque.com) Date: Sat, 25 May 2002 15:44:29 -0700 Subject: S/MIME and web of trust (was Re: NAI pulls out the DMCA stick) In-Reply-To: <20020525051336.A322193@exeter.ac.uk> References: <20020524164036.A12498@slack.lne.com>; from ericm@lne.com on Fri, May 24, 2002 at 04:40:36PM -0700 Message-ID: <3CEFB15D.31584.F5A4C@localhost> -- Having been the verisign guy at a couple of companies, it appears to me that the administrative costs of both models are unacceptably high. The hierarchical verisign model is useful when one wishes to verify that something comes from a famous and well known name -- that this software really is issued by Flash, that this website really does belong to the Bank of America. In this case, however, only famous and well known names need their keys from verisign. No one else needs one. When one wishes to know one is really communicating with Bob, it is best to use the same channels to verify this is Bob's key, as one used to verify that Bob is the guy one wishes to talk to. The web of trust, and Verisign, merely get in the way. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG xkCkA0o8/Z61jfLQ1GxttqqvOUL5cRcKXhnoSRp2 4530ol1PGEfGac3Gmk2JosCmoRLyj96HAEp0EUGLT From battle_wounds2000 at mail.com Sat May 25 15:35:09 2002 From: battle_wounds2000 at mail.com (battle_wounds2000 at mail.com) Date: Sat, 25 May 2002 17:35:09 -0500 Subject: Need More Product Awareness countryrose? Message-ID: A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3840 bytes Desc: not available URL: From lloyd at acm.jhu.edu Sat May 25 14:40:20 2002 From: lloyd at acm.jhu.edu (Jack Lloyd) Date: Sat, 25 May 2002 17:40:20 -0400 (EDT) Subject: NAI pulls out the DMCA stick In-Reply-To: <20020524170356.B12498@slack.lne.com> Message-ID: On Fri, 24 May 2002, Eric Murray wrote: > > 3. Is a relavent developer reference is available for X.509? > > X.509 is an ITU/T standard, which means, among other things, that > they charge money for copies. You can find copies on the net though. Depending on how good your local library is, they may be able to get you a copy on interlibrary loan. I managed to get ahold of a copy of X9.19 that way. If ITU works anything like the ABA, they'll charge you about $4/page to get one of these from them (at least that's the rate X9.19 came to). PKCS and other online sources seem your best bet for this by far. -J From intr0519c at bk.ru Sat May 25 19:49:26 2002 From: intr0519c at bk.ru (Interesting Products) Date: Sat, 25 May 2002 19:49:26 -0700 Subject: NEW... Unlimited People Searches Online -- Fast Fun and Easy! Message-ID: <200205260246.g4Q2k5521615@server.cobachbc.edu.mx> ============================================= Astounding New Software Lets You Find Out Virtually ANYTHING about ANYONE ============================================= Download it right now (no charge card needed): Click here: http://mx0523p.sg.st Discover EVERYTHING you ever wanted to know about: your friends your family your enemies your employees yourself - Is Someone Using Your Identity? even your boss! DID YOU KNOW you can search for ANYONE, ANYTIME, ANYWHERE, right on the Internet? Download this software right now--click here: http://mx0523p.sg.st This mammoth COLLECTION of internet investigative tools & research sites will provide you with NEARLY 400 GIGANTIC SEARCH RESOURCES to locate information on: * people you trust * screen new tenants or roommates * housekeepers * current or past employment * people you work with * license plate number with name and address * unlisted phone numbers * long lost friends Locate e-mails, phone numbers, or addresses: o Get a Copy of Your FBI file. o Get a Copy of Your Military file. o FIND DEBTORS and locate HIDDEN ASSETS. o Check CRIMINAL Drug and driving RECORDS. o Lookup someone's EMPLOYMENT history. http://mx0523p.sg.st Locate old classmates, missing family member, or a LONG LOST LOVE: - Do Background Checks on EMPLOYEES before you hire them. - Investigate your family history, birth, death and government records! - Discover how UNLISTED phone numbers are located. - Check out your new or old LOVE INTEREST. - Verify your own CREDIT REPORTS so you can correct WRONG information. - Track anyone's Internet ACTIVITY; see the sites they visit, and what they are typing. - Explore SECRET WEB SITES that conventional search engines have never found. Click here: http://mx0523p.sg.st ==> Discover little-known ways to make UNTRACEABLE PHONE CALLS. ==> Check ADOPTION records; locate MISSING CHILDREN or relatives. ==> Dig up information on your FRIENDS, NEIGHBORS, or BOSS! ==> Discover EMPLOYMENT opportunities from AROUND THE WORLD! ==> Locate transcripts and COURT ORDERS from all 50 states. ==> CLOAK your EMAIL so your true address can't be discovered. ==> Find out how much ALIMONY your neighbor is paying. ==> Discover how to check your phones for WIRETAPS. ==> Or check yourself out, and you will be shocked at what you find!! These are only a few things you can do, There is no limit to the power of this software!! To download this software, and have it in less than 5 minutes click on the url below to visit our website (NEW: No charge card needed!) http://mx0523p.sg.st If you no longer wish to hear about future offers from us, send us a message with STOP in the subject line, by clicking here: mailto:stop0523 at excite.com?subject=STOP_MX0523 Please allow up to 72 hours to take effect. Please do not include any correspondence in your message to this automatic stop robot--it will not be read. All requests processed automatically. [":}H&*TG0BK5NKIYs5] From sendit at howamazing.com Sat May 25 19:53:10 2002 From: sendit at howamazing.com (sendit) Date: Sat, 25 May 2002 19:53:10 Subject: adv What The Banks Don't Want You To Know!!! Message-ID: <200205260253.g4Q2r6Gs014146@ak47.algebra.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5504 bytes Desc: not available URL: From sendit at howamazing.com Sat May 25 19:53:12 2002 From: sendit at howamazing.com (sendit) Date: Sat, 25 May 2002 19:53:12 Subject: adv What The Banks Don't Want You To Know!!! Message-ID: <200205260253.g4Q2r9E06959@locust.minder.net> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5503 bytes Desc: not available URL: From sendit at howamazing.com Sat May 25 19:53:37 2002 From: sendit at howamazing.com (sendit) Date: Sat, 25 May 2002 19:53:37 Subject: adv What The Banks Don't Want You To Know!!! Message-ID: <200205260310.WAA07986@einstein.ssz.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5509 bytes Desc: not available URL: From ߽ at einstein.ssz.com Sat May 25 04:06:22 2002 From: ߽ at einstein.ssz.com (banknet A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1002 bytes Desc: not available URL: From j_i_s_u_n at orgio.net Sat May 25 21:55:34 2002 From: j_i_s_u_n at orgio.net (j_i_s_u_n at orgio.net) Date: Sat, 25 May 2002 21:55:34 -0700 Subject: ̻ ȭ ã ! 3216108654433222222111 Message-ID: <9ACC652644F@mitconsult.it> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1136 bytes Desc: not available URL: From keyser-soze at hushmail.com Sat May 25 22:25:14 2002 From: keyser-soze at hushmail.com (keyser-soze at hushmail.com) Date: Sat, 25 May 2002 22:25:14 -0700 Subject: Jim-Bell-in-prison update Message-ID: <200205260525.g4Q5PE738857@mailserver2.hushmail.com> If 'ol Jim had really implemented an AP system instead of just running his mouth off about one he might not be breaking rocks, I mean TVs. Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople From MO2042_20020513_617 at link2buy.com Sun May 26 01:07:32 2002 From: MO2042_20020513_617 at link2buy.com (EAASI) Date: Sun, 26 May 2002 01:07:32 -0700 (PDT) Subject: 50% Hotel Discount Notice #7734228, please claim by Sunday June 2, 2002 Message-ID: <850218409.1022401494525.mu@link2buy.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6462 bytes Desc: not available URL: From susanrctxigdu at mailme.dk=20 Sun May 26 01:27:09 2002 From: susanrctxigdu at mailme.dk=20 (susanrctxigdu at mailme.dk=20) Date: Sun, 26 May 2002 01:27:09 -0500=20 Subject: FREE PORN GET OFF NOW!!=20 Message-ID: anton at email.ky FREE PORN ACCESS ALL THE PORN YOU CAN HANDLE!! DO ME NOW I WANT YOU TO CUM!!! http://www.netvisionsenterprises.com/pp to opt out removxcccc at excite.com you will be removed instantly ybir2yvpx^rznvy(xl ----- Original Message -----=20 From: anton at email.ky=20 To: Excite Mail Abuse=20 Sent: Saturday, June 01, 2002 10:32 PM Subject: RE: Fw: OPT OUT NOW!!!! (KMM219200C0KM) How do I stop this. These people have been sending me these spam emails = for ages with different From and Reply address and a variety of weblinks = like http://www.now-host.com/ppp or http://www.netvisionsenterprises/ppp = which redirect to something like http://198.64.133.2/ppp. Not always the = same address eg /ggg or something. Also always some or other excite.com = email to "opt out with" which never works.=20 When you go back on to http://198.64.133.2 you get a site titled=20 Test page for SSL/TLS-aware Apache Installation on Website starting = with: Hey, it worked ! The SSL/TLS-aware Apache webserver was successfully installed on this website.=20 The latest original message had the following header and date: From eresrch at eskimo.com Sun May 26 09:15:59 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Sun, 26 May 2002 09:15:59 -0700 (PDT) Subject: NYT: Techies Now Respect Government In-Reply-To: Message-ID: On Sun, 26 May 2002, John Young wrote: > Thomas Friedman in the New York Times today: > > > http://www.nytimes.com/2002/05/26/opinion/26FRIE.html > > Webbed, Wired and Worried, May 26, 2002 [...] > Silicon Valley staunchly opposed the Clipper Chip, which > would have given the government a back-door key to all > U.S. encrypted data. Now some wonder whether they > shouldn't have opposed it. John Doerr, the venture > capitalist, said, "Culturally, the Valley was already > maturing before 9/11, but since then it's definitely > developed a deeper respect for leaders and government > institutions." Great propaganda! Nice to know the press still has the will to force words into all our mouths. What a bunch of losers. Patience, persistence, truth, Dr. mike From tcmay at got.net Sun May 26 09:28:15 2002 From: tcmay at got.net (Tim May) Date: Sun, 26 May 2002 09:28:15 -0700 Subject: NYT: Techies Now Respect Government In-Reply-To: Message-ID: <9490F728-70C5-11D6-8D6A-0050E439C473@got.net> On Sunday, May 26, 2002, at 10:07 AM, John Young wrote: > Thomas Friedman in the New York Times today: > > > http://www.nytimes.com/2002/05/26/opinion/26FRIE.html > > Webbed, Wired and Worried, May 26, 2002 > .... > pose these questions to techies. I found at least some of > their libertarian, technology-will-solve-everything cockiness > was gone. I found a much keener awareness that the unique > web of technologies Silicon Valley was building before 9/11 -- > from the Internet to powerful encryption software -- can be > incredible force multipliers for individuals and small groups > to do both good and evil. Well, "duh." As an analyst of high tech, Friedman is a pretty good analyst of the Arab-Israeli conflict. His conclusions about the views of Silicon Valley are facile and simplistic. For example, in another place: "The question `How can this technology be used against me?' is now a real R-and-D issue for companies, where in the past it wasn't really even being asked," said Jim Hornthal, a former vice chairman of Travelocity.com. "People here always thought the enemy was Microsoft, not Mohamed Atta."" No, the reason companies deployed crypto was not because they feared Microsoft would read their mail, but because they feared hackers, terrorists, thieves would read their mail. As for worrying about terrorism, many corporate headquarters have anti-truckbomb measures in place. In front of the Noyce Building in Santa Clara, Intel's high-rise headquarters building, there are extensive barriers and other measures to prevent a truck bomb from being driven into the main lobby and detonated. These have been there for most of the past decade; security was not an afterthought resulting from 9/11. > And I found an acknowledgment > that all those technologies had been built with a high degree > of trust as to how they would be used, and that that trust had > been shaken. In its place is a greater appreciation that > high-tech companies aren't just threatened by their > competitors; but also by some of their users. Double duh. Incredible that Friedman was this naive. > > It was part of Silicon Valley lore that successful innovations > would follow a well-trodden path: beginning with early > adopters, then early mass-appeal users and finally the > mass market. But it's clear now there is also a parallel, > criminal path: starting with the early perverters of a new > technology up to the really twisted perverters. "The street will always find uses for technology" has been the motto for a generation. Has Friedman not noticed online porn, cellphones used by gangbangers, and so on? Porn is what made the VCR a success. > For instance, > the 9/11 hijackers may have communicated globally > through steganography software, which lets users e-mail, > say, a baby picture that secretly contains a 300-page > compressed document or even a voice message. How many years have we known about this _possibility_? I wrote about it online in 1990, Kevin Kelly quoted me at length about it in 1992 for some articles and for his eventual book, "Out of Control," and Romana Machado released "Stego" in 1993. As to the actual _use_ by 9/11 hijackers, there is no evidence whatsoever that anything this sophisticated was necessary or was used. > "We have engineered large parts of our system on an > assumption of trust that may no longer be accurate," said > a Stanford law professor, Joseph A. Grundfest. "Trust is > hard-wired into everything from computers to the Internet > to building codes. What kind of building codes you need > depends on what kind of risks you thought were out there. > The odds of someone flying a passenger jet into a tall > building were zero before. They're not anymore. " We have been writing about "soft targets" for a long time. Schelling points for attacks. And the scenario of crashing a loaded jetliner into a building was of course not unforeseen. Tom Clancy described a very detailed scenario for just such an act in his _1994_ (there's that seminal year again) novel "Debt of Honor." A Google search will turn up many discussions of this over the years. Here's my own description of the Sato Solution from a post made to this very list in 1997: ---begin quote--- " To: cypherpunks at cyberpass.net * Subject: Re: Tim May's offensive racism (was: about RC4) * From: Tim May * Date: Fri, 14 Nov 1997 10:52:32 -0700 * In-Reply-To: <199711141755.SAA20812 at basement.replay.com> * Sender: owner-cypherpunks at Algebra.COM .... lines of: "I fully expect to wake up some morning and hear that some terrorist nuke has destroyed Washington, D.C. I can't say I'll be crying." Big deal. Nothing Tom Clancy hasn't talked about in his novels. (And recall Clancy's delicious description of a Japanese 747 loaded with jet fuel being crashed into the main hall of Congress during a joint session, with the President and cabinet in attendance. It was clear that Clancy was vicarious relishing this vermin removal effort. ---end quote--- So, Clancy had this scenario worked out. Ramsy Yousif, one of the WTC bombers, was implicated in a plot in the mid-90s to hijack half a dozen jetliners and crash them simultaneously into Schelling point/high psychological value targets, including the Eiffel Tower, CIA headquarters, etc. Does this mean I, for example, "knew" the WTC attack in 2001 would happen? Of course not. Did I expect such an attack, in broad outlines, would happen? Of course. It's the history of warfare. Burning down a city, lobbing dead animals over fortified walls, dynamiting bridges, putting an entire city to the sword, firebombing civilian cities...it's the nature of war. We knew it. Friedman should get up to speed. Maybe I'll forward him my _1988_ "Cryptoanarchist Manifesto." Then maybe he'll see that the "techies" (at least he didn't call us "nerds") have known what was coming, and looked forward to it!, for many years. > Silicon Valley staunchly opposed the Clipper Chip, which > would have given the government a back-door key to all > U.S. encrypted data. Now some wonder whether they > shouldn't have opposed it. John Doerr, the venture > capitalist, said, "Culturally, the Valley was already > maturing before 9/11, but since then it's definitely > developed a deeper respect for leaders and government > institutions." > Guys like Friedman represent the New Enemy. --Tim May "To those who scare peace-loving people with phantoms of lost liberty, my message is this: Your tactics only aid terrorists." --John Ashcroft, U.S. Attorney General From jya at pipeline.com Sun May 26 10:07:16 2002 From: jya at pipeline.com (John Young) Date: Sun, 26 May 2002 10:07:16 -0700 Subject: NYT: Techies Now Respect Government Message-ID: Thomas Friedman in the New York Times today: http://www.nytimes.com/2002/05/26/opinion/26FRIE.html Webbed, Wired and Worried, May 26, 2002 I've been wondering how the entrepreneurs of Silicon Valley were looking at the 9/11 tragedy; whether it was giving them any pause about the wired world they've been building and the assumptions they are building it upon. In a recent visit to Stanford University and Silicon Valley, I had a chance to pose these questions to techies. I found at least some of their libertarian, technology-will-solve-everything cockiness was gone. I found a much keener awareness that the unique web of technologies Silicon Valley was building before 9/11 -- from the Internet to powerful encryption software -- can be incredible force multipliers for individuals and small groups to do both good and evil. And I found an acknowledgment that all those technologies had been built with a high degree of trust as to how they would be used, and that that trust had been shaken. In its place is a greater appreciation that high-tech companies aren't just threatened by their competitors; but also by some of their users. It was part of Silicon Valley lore that successful innovations would follow a well-trodden path: beginning with early adopters, then early mass-appeal users and finally the mass market. But it's clear now there is also a parallel, criminal path: starting with the early perverters of a new technology up to the really twisted perverters. For instance, the 9/11 hijackers may have communicated globally through steganography software, which lets users e-mail, say, a baby picture that secretly contains a 300-page compressed document or even a voice message. "We have engineered large parts of our system on an assumption of trust that may no longer be accurate," said a Stanford law professor, Joseph A. Grundfest. "Trust is hard-wired into everything from computers to the Internet to building codes. What kind of building codes you need depends on what kind of risks you thought were out there. The odds of someone flying a passenger jet into a tall building were zero before. They're not anymore. The whole objective of the terrorists is to reduce our trust in all the normal instruments and technologies we use in daily life. You wake up in the morning and trust that you can get to work across the Brooklyn Bridge -- don't. This is particularly dangerous because societies which have a low degree of trust are backward societies." Silicon Valley staunchly opposed the Clipper Chip, which would have given the government a back-door key to all U.S. encrypted data. Now some wonder whether they shouldn't have opposed it. John Doerr, the venture capitalist, said, "Culturally, the Valley was already maturing before 9/11, but since then it's definitely developed a deeper respect for leaders and government institutions." ----- From jya at pipeline.com Sun May 26 13:50:12 2002 From: jya at pipeline.com (John Young) Date: Sun, 26 May 2002 13:50:12 -0700 Subject: NYT: Techies Now Respect Government In-Reply-To: <9490F728-70C5-11D6-8D6A-0050E439C473@got.net> References: Message-ID: Officials, and journalists, accustomed to handling civil unrest through police means, have to stretch to get their hands on national security threats, in particular what to do with military capabilities which are scaled for much greater threats than the police can handle. The military doesn't like civil affairs where a distinction has to be made between innocents and opponents, where a battle has to be fought while civil affairs continue. It blows whole areas away, hardly affected by collateral damage laments. Some military commentators have reported that th 9/11 losses are barely significant in military terms, but are a big hit for police-scale mentality, and even bigger for political mindsets which fear loss of face more than all else. Terrorism thrives by remaining less than a military-scale threat but is becoming more than police, and police-minded officials and journalists like Friedman can handle can handle. A nuke on DC or NYC could lead all of them to grow up, a favorite theme of the Times these days about Silicon Valley. The Times some months ago, by way of Jeffifer Lee, reported on the fervor with with which high-tech firms are racing to capitalize on the requirements for homeland security and the rise in military actions, redefining product lines, digging out civilian ideas for re-uniforming in national security dress. Perhaps that is what Friedman is doing, scaling up the picayune Palestinian dust-up to a global affair, as he has tried futilely to do for years but failing due to the required emphasis on its Jewish attribute for the New York City readership yet paying the price of indifference elsewhere. Friedman regularly these days predicts a series of suicide bombings in New York City, and as a sidebar elsewhere in the US. That police scale he is good at, but the military scale of widespread carnage appears beyond his comprehension -- in the spirit of the once-isolated and comfortably insulated USA. The problem with dismissing the drumbeat of terrorist alarms is that the guardians could well let a few attacks happen to show the citizenry the neeed to show respect for government. This is not to suggest that 9/11 was such an attention-getting operation but it certainly has fulfilled the dreams of those who warned about it and are now reaping its benefits -- gov, mil, com and edu. From remailer at aarg.net Sun May 26 15:15:36 2002 From: remailer at aarg.net (AARG! Anonymous) Date: Sun, 26 May 2002 15:15:36 -0700 Subject: NYT: Techies Now Respect Government Message-ID: <21122ff078fcf6e1fdbc3f30d85ef59b@aarg.net> What really changed in the Valley is that the best are gone. There is always a very small number of real contributors, I'd say one in several hundreds, that shape the whole environment and dictate the overall mood. This was best seen in Xerox PARC, where sleazy Gilman Louie was selling fatherland defense on May 16, with mannerism and vocabulary of a polished used car salesman. He was preaching to an auditorium packed with white middle managers and young aspiring nobodies, extracting applause and laughs at all the right places. No one threw up, and at the end he even didn't have to say "MEIN GOTT I CAN WALK !!" It was implied. He said, after describing his enlightment that working for CIA is good after all, in the best tradition of government commercials from 50-ties, that VCs were always patriotic. He also said that they received 500 business plans in few weeks after demolition of WTC, and that government needs better tools to track arab student pilots. This is the new silicon valley, future grounds of the Homeland Security Industries, where thousands of engineers will proudly churn out surveillance products, dissent-detecting chips and network tapping devices. From shamrock at cypherpunks.to Sun May 26 15:52:43 2002 From: shamrock at cypherpunks.to (Lucky Green) Date: Sun, 26 May 2002 15:52:43 -0700 Subject: NYT: Techies Now Respect Government In-Reply-To: <9490F728-70C5-11D6-8D6A-0050E439C473@got.net> Message-ID: <001101c20508$0c2b8090$c33a080a@LUCKYVAIO> Tim wrote: > On Sunday, May 26, 2002, at 10:07 AM, John Young wrote: > > > Thomas Friedman in the New York Times today: > > > > > > http://www.nytimes.com/2002/05/26/opinion/26FRIE.html > > > > Webbed, Wired and Worried, May 26, 2002 > > .... > > > pose these questions to techies. I found at least some of their > > libertarian, technology-will-solve-everything cockiness was gone. I > > found a much keener awareness that the unique web of technologies > > Silicon Valley was building before 9/11 -- from the Internet to > > powerful encryption software -- can be incredible force multipliers > > for individuals and small groups to do both good and evil. > > Well, "duh." As an analyst of high tech, Friedman is a pretty good > analyst of the Arab-Israeli conflict. His conclusions about > the views of > Silicon Valley are facile and simplistic. I didn't really interpret Friedman's article to indicate that he himself has so much come to see technology in a different light following 9/11, but rather that he noticed that many in the Valley have begun to see technology in a different light, being now more receptive and susceptible to governmental suggestions to consider including the Big Brother Inside. In as far as Friedman's post is reporting on a change in the mindset of the technology providers, his article might be represent more of a statement of fact than an opinion. Just a thought, --Lucky From objectpascal at yahoo.com Sun May 26 16:04:37 2002 From: objectpascal at yahoo.com (Curt Smith) Date: Sun, 26 May 2002 16:04:37 -0700 (PDT) Subject: PGP - when you care enough to send the very best! In-Reply-To: <000501c202ff$4b218840$c33a080a@LUCKYVAIO> Message-ID: <20020526230437.89874.qmail@web11601.mail.yahoo.com> It is strange that crypto was a lot more popular back when cryptography export was heavily controlled. Many people fought for their crypto rights, but cannot be bothered with encrypted e-mail. It is similar to securing the right to vote and then declining to do so. Lucky indicates that strong crypto has gone "under the hood" and is now "mainstream" and "ubiquitous". This is not true. There are countless e-mail and instant messages sent as plaintext across networks, through wireless, and over the Internet. Also "under-the-hood" is a risky place for crypto. It may be "patched" or "upgraded" right out of your system. Or perhaps "improved" to 40-bit for optimum performance. Stand alone cryptography is best. I enjoy sealing my personal letters in an envelope. I am uncomfortable entrusting that process to a third-party, or to the mailman. I am similarly uncomfortable entrusting e-mail encryption to an embedded system and cached authentication systems. Curt --- Lucky Green wrote: You may be asking yourself: where, oh where, has all the crypto gone? Where are the BlackNet's? Where is the untraceable Ecash? Where is the Cryptanarchy that we've been waiting for? For that matter...where is the crypto? The staunchest Cypherpunk will by now have noticed that PGP/GPG usage even amongst list members, once the bellwether indicator of Cypherpunks crypto adoption success, is in decline. ...(segment elided) Where has the crypto gone? The crypto has gone under the hood, away from the UI, to a place where the crypto will be of most use to the average user. Yes, for crypto to be secure against the active, well resourced, attacker, the crypto must at one point touch the user to permit the user to make a trust decision. But to secure communications from passive and/or less resourced attacker, crypto can be placed under the hood. ...(segment elided) Where has all the crypto gone? It has gone mainstream. Some of you may remember the discussions from years ago how we should try to find a way to make crypto cool and attractive for the average person. ...(segment elided) Crypto has gone as mainstream as can be. While crypto for crypt's sake may not have become cool to everybody, crypto has become a Must Have for your average 14 year-old high school freshman girl. Crypto has become ubiquitous. ===== end Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com From shamrock at cypherpunks.to Sun May 26 17:50:18 2002 From: shamrock at cypherpunks.to (Lucky Green) Date: Sun, 26 May 2002 17:50:18 -0700 Subject: PGP - when you care enough to send the very best! In-Reply-To: <20020526230437.89874.qmail@web11601.mail.yahoo.com> Message-ID: <002b01c20518$79696720$c33a080a@LUCKYVAIO> Curt Smith wrote: > It is strange that crypto was a lot more popular back when > cryptography export was heavily controlled. Many people > fought for their crypto rights, but cannot be bothered with > encrypted e-mail. It is similar to securing the right to > vote and then declining to do so. Acts that are potentially slightly illegal and certainly considered naughty by some carry more appeal to many than acts that are unquestionably as above board as they are boring. Once the export regs changed and more advanced uses of cryptographic applications failed in the market place, crypto lost some of its sex appeal to its initial early-adopter rebel constituency. > Lucky indicates that strong crypto has gone "under the hood" > and is now "mainstream" and "ubiquitous". > > This is not true. There are countless e-mail and instant > messages sent as plaintext across networks, through wireless, > and over the Internet. I believe our viewpoint coincide, rather than conflict. Crypto has gone under the hood, it is used by anybody accessing an https website, which nowadays is just about anybody with a web browser. Crypto is used by many corporate employee's accessing the corporate VPN. It is the rare Internet user, of which there are of course many more than there were Cypherpunks got started, that does not employ strong crypto in some fashion. > Also "under-the-hood" is a risky place for crypto. It may be > "patched" or "upgraded" right out of your system. Or perhaps > "improved" to 40-bit for optimum performance. Agreed. Which is why I pointed out that the encryption taking place under-the-hood tends to be a reasonable defense against a passive or less-resourced attacker while being frequently unsuitable against the active, well-resourced attacker. Though I would contend that there are more of the former than there are of the latter, I too continue to utilize, as I pointed out, strong crypto that requires active user interaction permitting the trust decision to occur. > Stand alone cryptography is best. I enjoy sealing my > personal letters in an envelope. I am uncomfortable > entrusting that process to a third-party, or to the mailman. > I am similarly uncomfortable entrusting e-mail encryption to > an embedded system and cached authentication systems. I indeed consider passive encryption methods alone to be typically insufficient for some of my personal security needs and am continuing to utilize encryption that requires me as the user to make that trust decision. But that does not mean that no security benefits are to be had from opportunistic encryption of Internet traffic. Example: the other day I sent an email to a friend that accidentally failed to PGP encrypt. The email did not contain truly critical information, but I certainly would have preferred for neither my friend's nor my ISP to have ready access to the cleartext of that email. Fortunately, we had encrypted SMTP connections end-to-end, thus protecting the contents of the email from the ISP's, albeit perhaps not from the NSA. Lastly, allow me to address the issue raised that many IM protocols in use today do not support crypto at this time. This is true, but I noticed that a good majority of the P2P efforts introduced at CODECON all included support for encryption as part of the protocol. The various developers had read Applied Cryptography, understood a sufficient part of it, and made provisions to design crypto into their protocols from the beginning rather than as an adjunct to be thought about later. While the details of the initial implementations were of varying quality, one project began by using Blowfish in ECB mode until the developer realized that he could see patterns in the ciphertext, but changing a protocol during alpha testing to use a secure mode of a block cipher given that the protocol already contains all the hooks for crypto, may be considerably easier than gluing crypto onto some of the existing IM system Given the rapid changes in the P2P space, just because some IM and P2P systems today fail to offer cryptographic protections should not be taken as an indicator that these protocol's successors will not offer transparent crypto as a default feature. One such project that I have been somewhat following is the Anonymous IRC project. While their design is far from perfect, it is one of many steps into the right direction. http://www.invisiblenet.net/ There are dozens of similar projects underway, all employing crypto, that may one day replace the prevalent IM clients as rapidly as Gnutella and later Kazaa and Morpheus replaced Napster. How does the increased use of strong crypto under-the-hood help Cypherpunks? The answer reminds me of the response another Cypherpunk gave to my posting statistics about the nature of the USENET traffic seen by a major node. I expressed surprise at these rather revealing statistics, musing that there had to be a lesson to be learned from the fact that the bulk of the data is generated in newsgroups that one would not initially consider mainstream. His response was illuminating: "Yes, the lesson is: just look at all that cover traffic". --Lucky From j_i_s_u_n at orgio.net Sun May 26 18:37:35 2002 From: j_i_s_u_n at orgio.net (j_i_s_u_n at orgio.net) Date: Sun, 26 May 2002 18:37:35 -0700 Subject: 100% 帮 ۿ ϴ ! 281497544332222 Message-ID: <200205270215.VAA15799@einstein.ssz.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1136 bytes Desc: not available URL: From 665363 at hotmail.com Sun May 26 16:55:22 2002 From: 665363 at hotmail.com (665363 at hotmail.com) Date: Sun, 26 May 2002 18:55:22 -0500 Subject: Offers an extensive collection of fragrances (5364TnFx1-920RjBv7371NfZr2-5@26) Message-ID: <006d36a46aee$7766a6e2$7ed78da3@aqkfsv> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 10988 bytes Desc: not available URL: From morlockelloi at yahoo.com Sun May 26 19:24:59 2002 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Sun, 26 May 2002 19:24:59 -0700 (PDT) Subject: PGP - when you care enough to send the very best! In-Reply-To: <002b01c20518$79696720$c33a080a@LUCKYVAIO> Message-ID: <20020527022459.45023.qmail@web13206.mail.yahoo.com> > Agreed. Which is why I pointed out that the encryption taking place > under-the-hood tends to be a reasonable defense against a passive or > less-resourced attacker while being frequently unsuitable against the Whoever taps SMTP/POP3 bitstreams is hardly less-resourced. The only adversary you need to worry about is the resourceful one. > decision. But that does not mean that no security benefits are to be had > from opportunistic encryption of Internet traffic. Any massive deployment of crypto is subvertible. I see no way around it - it's like microsoft windows' vulnerabilities. To be safe, crypto needs to be diverse, custom-made and manual. The brain cycles you spend when encrypting are the only real defense. > friend's nor my ISP to have ready access to the cleartext of that email. > Fortunately, we had encrypted SMTP connections end-to-end, thus > protecting the contents of the email from the ISP's, albeit perhaps not > from the NSA. Very few run their own SMTP. Your own SMTP on your own box is not much different from PGP eudora plug-in autoencrypting. But you cannot use this argument to preach benefits of under-the-hood crypto - when almost all internet mail traffic uses ISP-owned SMTP servers. > noticed that a good majority of the P2P efforts introduced at CODECON > all included support for encryption as part of the protocol. The various I predict that first attempt to apply this on the gnutella/morpheus/kazaa/napster scale will lead to clampdown. Which is the reason that no one did it. We don't want osama sending orders that way. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com From keyser-soze at hushmail.com Sun May 26 19:51:19 2002 From: keyser-soze at hushmail.com (keyser-soze at hushmail.com) Date: Sun, 26 May 2002 19:51:19 -0700 Subject: A counterpoint to NYT's Friedman: US media cowed by patriotic fever, says Dan Rather Message-ID: <200205270251.g4R2pJD75117@mailserver4.hushmail.com> US media cowed by patriotic fever, says CBS star Network news veteran admits national mood caused him to shrink from tough questions on war in Afghanistan Matthew Engel in Washington Friday May 17, 2002 The Guardian Dan Rather, the star news anchor for the US television network CBS, said last night that "patriotism run amok" was in danger of trampling the freedom of American journalists to ask tough questions. And he admitted that he had shrunk from taking on the Bush administration over the war on terrorism. In the weeks after September 11 Rather wore a Stars and Stripes pin in his lapel during his evening news show in an apparent display of total solidarity with the American cause. However, in an interview with BBC's Newsnight, he graphically described the pressures to conform that built up after the attacks on the World Trade Centre and the Pentagon. "It is an obscene comparison - you know I am not sure I like it - but you know there was a time in South Africa that people would put flaming tyres around people's necks if they dissented. And in some ways the fear is that you will be necklaced here, you will have a flaming tyre of lack of patriotism put around your neck," he said. "Now it is that fear that keeps journalists from asking the toughest of the tough questions." Rather did not exempt himself from the criticism, and said the problem was self-censorship. "It starts with a feeling of patriotism within oneself. It carries through with a certain knowledge that the country as a whole - and for all the right reasons - felt and continues to feel this surge of patriotism within themselves. And one finds oneself saying: 'I know the right question, but you know what? This is not exactly the right time to ask it.'" Such a confession is astonishing, bearing in mind its source. Rather is almost as famous in the US as the president, though he is more secure in his tenure, far better paid and probably more pampered. Rather, 70, has held what used to be regarded as the top job in American journalism for two decades, since he was chosen to succeed the revered and avuncular Walter Cronkite as CBS News's anchorman. Traditionally, CBS was the country's No 1 news channel but has lost its status and ratings after years of budget cutbacks. The White House was to blame for its failure to provide adequate information about the war, Rather said. "There has never been an American war, small or large, in which access has been so limited as this one. "Limiting access, limiting information to cover the backsides of those who are in charge of the war, is extremely dangerous and cannot and should not be accepted. And I am sorry to say that, up to and including the moment of this interview, that overwhelmingly it has been accepted by the American people. And the current administration revels in that, they relish that, and they take refuge in that." He said his view of the patriotism differed from that of the administration. "It's unpatriotic not to stand up, look them in the eye, and ask the questions they don't want to hear - they being those who have the responsibility, the ultimate responsibility - of sending our sons and daughters, our husbands, wives, our blood, to face death. Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople From ltcc at insurancemail.net Sun May 26 17:14:05 2002 From: ltcc at insurancemail.net (Phyllis Shelton) Date: Sun, 26 May 2002 20:14:05 -0400 Subject: Group Worksite LTCI with Phyllis Shelton Message-ID: <30537801c20513$698b75a0$6701a8c0@insuranceiq.com> Group Worksite LTCI with Phyllis Shelton "The First Lady of LTCI" and InsuranceIQ Free with purchase: LTC Policy Comparison Software! Free with purchase: LTC Policy Comparison Software! Long Term Care Insurance Worksite Marketing System Take advantage of the most current information available concerning the group LTCI market. Developed after months of exhaustive research and agent interviews, the Worksite Marketing System is THE resource for successful group enrollment. Included with your order: ? Agent Manual - all the "how-to" info including an implementation schedule ? Benefit Manager Flip Chart ? Presentation/Sales Script which promotes Long Term Care Insurance as "Productivity Insurance" ? Benefit Manager Sales Brochures ? Benefit Manager Direct Mail Letters ? Employer Announcement Letter ? Seven (7) Newsletter/E-Mail Articles to promote employee education prior to meetings ? 50 each of five (5) Payroll Stuffers ? 50 each of three (3) Employee Seminar Posters ? Employee Education Presentation on CD-ROM ? 150 Employee Education Brochures which promote Long Term Care Insurance as "Lifestyle Insurance" ? "The Secret of a Successful Group Enrollment" instructional audiotape ? A handsome gold embossed binder with storage pockets Click here for more information and pricing BONUS! Free with your order: The LTC Policy Comparison - a $120 value! Click here to view a demo PDF! This comprehensive LTCI policy review compares over 40 major companies in 17 benefit and ratings/asset categories and includes a premium comparison for a 60 year old couple. Over 210 policies are covered in this semi-annual publication. This is the oldest LTC policy comparison in the nation and is a valuable tool for any agent selling LTC insurance today. (Older generation policies are kept after new policies are introduced because agents encounter the older policies in the field.) The CD-ROM version allows you to compare up to three companies at a time in any of the 17 categories. You'll also receive a spreadsheet version to take with you all the time. We don't want anybody to receive our mailings who does not wish to receive them. This is professional communication sent to insurance professionals. To be removed from this mailing list, DO NOT REPLY to this message. Instead, go here: http://www.Insurancemail.net Legal Notice -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5954 bytes Desc: not available URL: From shamrock at cypherpunks.to Sun May 26 20:26:37 2002 From: shamrock at cypherpunks.to (Lucky Green) Date: Sun, 26 May 2002 20:26:37 -0700 Subject: Transparent disk encryption coming this year [was:RE: disk encryption modes] In-Reply-To: <003801c1ee87$7a1b4e10$c33a080a@LUCKYVAIO> Message-ID: <003e01c2052e$513bc020$c33a080a@LUCKYVAIO> FYI, The author of GEOM has just added the first straw man crypto provider to the FreeBSD 5.0 drive/partition manager. http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/geom/geom_aes.c?rev=1.1&co ntent-type=text/x-cvsweb-markup Yes, I know it is a modest start. But given how much interest there has been on the list in transparent drive encryption, those inclined to provide constructive feedback, ideally in the form of source code, may wish to do so. --Lucky > -----Original Message----- > From: owner-cypherpunks at lne.com > [mailto:owner-cypherpunks at lne.com] On Behalf Of Lucky Green > Sent: Sunday, April 28, 2002 12:37 AM > To: cypherpunks at lne.com > Cc: 'Peter Gutmann' > Subject: Transparent disk encryption coming this year > [was:RE: disk encryption modes] > > > I would like to direct anybody's attention who is interested > in transparent drive encryption to GEOM, which will be a > native feature of FreeBSD 5.0. > > GEOM is a project that is slated for inclusion in the release > of FreeBSD 5.0, a major upgrade to FreeBSD that has been > years in the making, due out by the end of the year. Based on > my understanding of what GEOM does, which may be imperfect, > GEOM provides a transparent middle layer between the actual > physical drives and what the OS thinks those drives are. For > example, the OS may believe it is using two UFS partitions on > the same IDE drive when in fact the actual drives used are > one hard drive formatted for Linux, one MS-DOS drive, and > some Solaris partition mounted over NFS. The OS or the > application will be completely isolated from the physical > hardware of the drives and the actual file systems on the drives. > > The benefits are compelling: you can simply add another drive > and tell your OS that one of the partitions that it is using > has just magically become much larger. Or move all the data > over to a RAID without your OS ever changing the device entry > it is talking to. As I said, totally transparent. > > I believe that GEOM will become widely adopted, just as Soft > Updates became widely adopted within months of its inclusion > in FreeBSD, because it is simply so compelling. > > Of course this magic requires various behind-the-scenes > "transformations". One of such transformations that the > author is explicitly targeting is transparent encryption. And > that's not just encryption of blocks on the file system or > via some kludgy loop back interface. If this gets implement > right, if you were to look at the physical drive, you > shouldn't even be able to tell how many files there are, or > for that matter how much data is stored on the drive. > > Currently, GEOM is being written by a single guy in Denmark. > Which sounds perhaps more crazy than it might be, because > Soft Updates, IIRC, was written by one person as well. The > guy seems real, has a grant for the project, and is an active > member of the FreeBSD team. > > If you feel comfortable with running FreeBSD-CURRENT, which > was just released as a Developer Preview 1 build, are > familiar with at least some file systems, and are interested > in seeing transparent drive encryption deployed on hundreds > of thousands of machines worldwide by the end of the year, I > would encourage you to visit > http://phk.freebsd.dk/geom/ and read the geom man page found > on the FreeBSD web site. Note that the encryption > transformation code is not yet available, though some of the > file system transformation code is. > > --Lucky From keyser-soze at hushmail.com Sun May 26 20:43:58 2002 From: keyser-soze at hushmail.com (keyser-soze at hushmail.com) Date: Sun, 26 May 2002 20:43:58 -0700 Subject: Regulatory arbitrage in action Message-ID: <200205270343.g4R3hwr78182@mailserver4.hushmail.com> Flight Schools See Downside to Crackdown By DAVID FIRESTONE with MATTHEW L. WALD The security crackdown meant to keep terrorist hijackers out of American flight schools has forced thousands of foreign students to train overseas, weakening the country's global dominance in aviation training, officials in the industry say. That shift, they warn, could ultimately mean greater risks for air travelers, because American flight schools are the main source of well-trained commercial pilots for foreign airlines. http://www.nytimes.com/2002/05/27/national/27FLIG.html Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople From estone at synernet.com Sun May 26 17:45:29 2002 From: estone at synernet.com (Ed Stone) Date: Sun, 26 May 2002 20:45:29 -0400 Subject: PGP - when you care enough to send the very best! In-Reply-To: <20020526230437.89874.qmail@web11601.mail.yahoo.com> References: <000501c202ff$4b218840$c33a080a@LUCKYVAIO> Message-ID: <5.1.0.14.2.20020526204151.00a0f4f0@localhost> At 07:04 PM 5/26/02, you wrote: >Stand alone cryptography is best. I enjoy sealing my personal >letters in an envelope. I am uncomfortable entrusting that >process to a third-party, or to the mailman. I am similarly >uncomfortable entrusting e-mail encryption to an embedded >system and cached authentication systems. And I prefer key generation when not online to a facility that may implement various operations like: "The "Internet X.509 Certificate Request Message Format" Internet-draft that defines certain functions between a Certificate Authority (such as VeriSign) and the user's machine that generates the key pair, including certain options for "Proof of Possession of Private Key" (POPOPrivKey) during the online session to generate keys and obtain an X.509 S/MIME certificate: "POPOPrivKey ::= CHOICE { thisMessage [0] BIT STRING, -- posession is proven in this message (which contains the private -- key itself (encrypted for the CA))" .. and .. "PKIArchiveOptions ::= CHOICE { encryptedPrivKey [0] EncryptedKey, -- the actual value of the private key keyGenParameters [1] KeyGenParameters, -- parameters which allow the private key to be re-generated archiveRemGenPrivKey [2] BOOLEAN } -- set to TRUE if sender wishes receiver to archive the private -- key of a key pair which the receiver generates in response to -- this request; set to FALSE if no archival is desired." From md2002 at datacommarketing.com Sun May 26 22:24:07 2002 From: md2002 at datacommarketing.com (md2002 at datacommarketing.com) Date: Mon, 27 May 2002 00:24:07 -0500 Subject: Not Just E m a i l Addresses... Sort by SIC Code... Message-ID: <<< SPECIAL REVISED PRICE AS OF 5/24/2002 - HURRY QUANITIES WILL BE LIMITED >>> Attention: Are you buying from the "Information America" type companies for .10-.15 cents per record, we sell the same types of data for 1000's of records per penny! As a matter of fact several of these companies use and sell our data since did not have the skills to compile / append the newer internet fields such as web site info and e m a i l information. Please Read On... The Ultimate Traditional & Internet Marketing Tool, Introducing the "M A S T E R D I S C 2002" versions 4.00-4.10, now released its MASSIVE 11 disc set with over 145 Million database records (18-20 gigabytes of databases) for marketing to companies, people, via e m a i l, fax, phone and mailing addresses Worldwide! COMPLETE 11 DISC SET IS ALL OF THE MARKETING DATA YOU WILL NEED FOR 2002 & 2003 (Put your service or product out for the world to see!) We've been slashing prices once again to get you hooked on our leads & data products. The full disc set ver 4.00-4.10 (Contains all databases, all software titles, all demos, more then 65 million records include an e m a i l address and many, many other useful fields) including unlimited usage is yours permanently for just $799.00 for the full set or $99.00 for the single sample disc (Normally Sold For $2800.00 for the full set and $299.00 for single sample disc) if you order today! **** M A S T E R D I S C 2002 CONTENTS **** We've gone out of our way to insure that this product is the finest of its kind available. Each CD (ver.4.01 to ver.4.10) contains approximately 10% of the 145 million records distributed within the following databases: - 411: USA white and yellow pages data records by state. - DISCREETLIST: Adult web site subscribers and adult webmasters E M A I L addresses. - FORTUNE: This database contains primary contact data relating to fortune 500, fortune 1000, and millions more corporations sort able by company size and sales. - GENDERMAIL: Male and female email address lists that allow you target by gender with 97% accuracy. - MARKETMAKERS: Active online investors E M A I L addresses. Also information in reference to thousands of public companies symbols, and descriptions. - MAXDISC: Online website owners, administrators, and technical contacts for website domain name owners of the ".com", ".net", and ".org" sites. This database has information from about 25% of all registered domains with these extensions. - NEWSPAPERS: National directory of newspapers from small local papers to large metro news agencies. - PITBOSS: Avid Online casino and sports book players, and casino webmasters. - SA: South American mailing databases from more than a dozen countries. Each mailing address belongs to a Visa or MasterCard credit card holder. - SOFTWARE: This directory contains 86 software titles, some are fully functional versions and others are demo versions. Many suites of commercial e m a i l tools as well as many other useful resources will be found here to help extract, verify, manage, and deliver successful commercial e m a i l marketing campaigns. For More Information, Available Records, Pricing, CUSTOM Databases, Ordering Contact us: D a t a C o m M a r k e t i n g C o r p 1 4 4 0 C o r a l R i d g e D r. #3 3 6 C o r a l S p r i n g s, F l 3 3 0 7 1 (9 5 4) 7 5 3-2 8 4 6 voice / fax (Promo Code: 052402) For no further notice at no cost and to be disolved from all of our databases, simply "r e p l y" to this message with the word "Discontinue" in the subject line. IZ1 From shamrock at cypherpunks.to Mon May 27 00:41:25 2002 From: shamrock at cypherpunks.to (Lucky Green) Date: Mon, 27 May 2002 00:41:25 -0700 Subject: attack on rfc3211 mode (Re: disk encryption modes) In-Reply-To: <200205101601.EAA381273@ruru.cs.auckland.ac.nz> Message-ID: <004601c20551$ec5a0e90$c33a080a@LUCKYVAIO> Peter wrote: > Yup. Actually the no-stored-IV encryption was never designed > to be a non- malleable cipher mode, the design goal was to > allow encryption-with-IV without having to explicitly store > an IV. For PWRI it has the additional nice feature of > avoiding collisions when you use a 64-bit block cipher, which > is probably going to be the case for some time to come even > with AES around. It was only after all that that I noticed > that the first pass was effectively a CBC-MAC, but it didn't > seem important enough to mention it in the RFC since it > wasn't an essential property (good thing I didn't :-). > > >With a disk mode, unlike with RFC3211 password based > encryption for CMS > >there is no place to store the structure inside the > plaintext which may > >to some extent defend against this attack. Here is a partial list of requirements that I believe apply to drive encryption cryptographic systems. I am sure that list is incomplete and may contain errors. The following is what springs to mind: 1) I do not believe that there is a fundamental need to limit the size of the ciphertext to the size of the plain text. Adding a 1% or even more space overhead for encryption is acceptable under any day-to-day scenario that I can think of. 2) The algorithm must be able to decrypt individual sectors without having to decrypt the entire contents of the drive. Nor must the algorithm leak any plaintext, even if the attacker were to have knowledge of all but one byte of the plaintext stored on the drive. 3) The encrypted partition should leak no information about the number, nature, and size of any files stored on the drive. Unless one has access to the key, the entire partition should be appear to the observer as a homogenous block of opaque encrypted data. 4) It would be nice, but is not in the least required, to be able to convert an existing unencrypted partition to an encrypted partition and back. 5) It must be possible to pass the encryption key as a parameter to mount, presumably in the form of a config file containing they key to prevent the key from showing up in ps. 6) It should be possible to both specify a raw AES key as well as a passphrase-derived SHA2 generated AES key. 7) Since the key will need to be stored in RAM for extended periods of time, the key should be protected from forensic recovery by being never being swapped to disk as well as by periodic bit-flipping. 8) Ideally, and this is definitely a feature for v2.0, each user would be able to specify a capability that will permit the listing and access of any files under that user's permissions on the encrypted file system. 9) While steganographic file systems offering multiple levels of credible distress keys are nice, I don't consider this a feature that should be included in v1.0. From noreply at magicopen.com Sun May 26 08:51:08 2002 From: noreply at magicopen.com () Date: Mon, 27 May 2002 00:51:08 +0900 Subject: []Ǻ θ! ͼ ! Message-ID: <200205261604.LAA12263@einstein.ssz.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 15550 bytes Desc: not available URL: From giftdc at personaldb.net Sun May 26 09:48:33 2002 From: giftdc at personaldb.net (ϴ giftdcԴϴ.) Date: Mon, 27 May 2002 01:48:33 +0900 Subject: RE[PR] ٷ ʿ!!! ** Message-ID: <200205261705.MAA12672@einstein.ssz.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 9184 bytes Desc: not available URL: From fa4sezi8k67 at hotmail.com Mon May 27 14:09:33 2002 From: fa4sezi8k67 at hotmail.com (Zoe) Date: Mon, 27 May 2002 02:09:33 -1900 Subject: Herbal Viagra 30 day trial... BJNG Message-ID: <000001b849a0$00007e27$00007683@mx08.hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 862 bytes Desc: not available URL: From alex04 at arabia.com Mon May 27 02:38:49 2002 From: alex04 at arabia.com (ALEX CHIOMA) Date: Mon, 27 May 2002 02:38:49 Subject: urgent business Message-ID: <200205270159.UAA15668@einstein.ssz.com> from the Desk of DR. ALEX CHIOMA B.sc.(UNN);Msc;Ph.D;Mnim;Mica Executive Director and Financial Controller (NNPC) CONFIDENTIAL ATTN: PRESIDENT/DIRECTOR DEAR SIR, THIS LETTER MAY COME TO YOU AS A SURPRISE, PLEASE TREAT IT LIKE A BLOOD BROTHER AFFAIR. YOUR ADDRESS WAS MADE AVAILABLE TO ME BY A GOOD FRIEND WHO WORKS WITH THE NIGERIAN CHAMBER OF COMMERCE AND INDUSTRY, HE ASSURED ME OF YOUR COMPANY’S VIABILITY AND CAPABILITY IN BUSINESS TRANSACTION.I THEREFORE PICKED A KEEN INTEREST IN THE IMPORTATION OF YOUR COMPANY’S PRODUCTS AND ALSO TO REQUEST FOR THIS BUSINESS RELATIONSHIP WITH YOU. I AM DR.ALEX CHIOMA, THE PRINCIPAL ACCOUNTANT WITH THE NIGERIAN NATIONAL PETROLEUM CORPORATION (NNPC).I AM WRITING ON BEHALF OF MY COLLEAGUES IN THE NNPC AND HAS BEEN MANDATED TO SEEK FOR THE ASSISTANT OF A RELIABLE FOREIGN COMPANY THROUGH WHICH WE CAN TRANSFER THE SUM OF THIRTY TWO MILLION, FIFTY THREE THOUSAND UNITED STATES DOLLARS ONLY (US$32,053,000.00).THIS MONEY IS NOW DEPOSITED IN THE NNPC TREASURY ACCOUNT WITH THE CENTRAL BANK OF NIGERIA. ORIGIN OF THE FUND: THE SUM AROSE FROM THE DELIBERATE OVER-INVOICING OF A CONTRACT AWARDED BY THE NNPC TO A FOREIGN FIRM FOR THE CONSTRUCTION OF LIQUIFIED NATURAL GAS PLANT (LNG) IN BONNY, SOUTHERN NIGERIA DURING THE LAST MILITARY REGIME. THIS CONTRACT HAS BEEN COMPLETELY EXECUTED AND COMMISSIONED AND THE CONTRACTOR THAT HANDLED THIS CONTRACT HAS COLLECTED HIS FINAL PAYMENT THUS LEAVING BEHIND THE ABOVE STATED AMOUNT WHICH REPRESENTS THE OVER INVOICED SUM. WE HAVE BEEN SAFEGUARDING THIS MONEY WAITING FOR CONDUCIVE TIME FOR ITS TRANSFER OUT OF THE COUNTRY FOR OUR INVESTMENT PLAN. THE CURRENT FAVOURABLE POLITICAL CLIMATE SINCE THE ASSUMPTION OF DUTY BY THE NEW CIVILIAN ADMINISTRATION PRESENTED AN OPPORTUNITY FOR THIS MONEY TO BE TRANSFERRED OUT OF THE COUNTRY. HOWEVER, THE CODE OF CONDUCT BUREAU (CIVIL SERVANTS LAWS) DOES NOT ALLOW US TO OWN AND OPERATE FOREIGN ACCOUNT, THEREFORE, WE NEEDED A FOREIGN PARTNER THAT WILL PRESENT HIMSELF AS THE SUB-CONTRACTOR BY PROVIDING HIS BANK PARTICULARS SO THAT THE MONEY WILL BE TRANSFERRED INTO HIS COMPANY’S OR PERSONAL ACCOUNT. HENCE THE NEED OF YOUR BUSINESS IS NOT PARTICULARLY RELEVANT TO THE SUCCESS OF THIS TRANSACTION . ALL WE REQUIRE IS YOUR WILLINGNESS TO PRESENT YOUR BANKING INFORMATION SO THAT THE MONEY WILL BE TRANSFERRED INTO YOUR ACCOUNT. FOR YOUR ASSISTANCE IN THIS BUSINESS, YOUR SHARE WILL BE 30% OF THE TOTAL SUM, I AND MY COLLEAGUE WILL TAKE 60% WHILE 10% WILL BE SET ASIDE TO OFF-SET ANY EXPENSES WE MAY INCURE IN THE COURSE OF THIS TRANSACTION. NOTE ALSO THAT SOME PART OF OUR OWN SHARE WILL BE USED FOR IMPORTATION OF PRODUCTS INTO NIGERIA WHILE THE REST WILL BE USED FOR FURTHER INVESTMENT YOU MAY ADVICE ON. IF YOU ARE WILLING TO ASSIST US IN THIS TRANSACTION, PLEASE SEND THE FOLLOWING INFORMATION . (1)NAME OF YOUR BANK AND ADDRESS (2)YOUR ACCOUNT NUMBER/BENEFICIARY’S NAME. (3) YOUR PRIVATE TELEPHONE AND FAX NUMBER FOR EASY COMMUNICATION. THIS INFORMATION WILL ENABLE US FILE AN APPLICATION FOR PAYMENT APPROVAL TO THE CONCERNED MINISTRIES AND FINALLY TO THE CENTRAL BANK OF NIGERIA AND IT IS GOING TO LAST BETWEEN 7-10 BANKING DAYS STARTING FROM THE DAY WE RECEIVE THE ABOVE INFORMATION FROM YOU. ALL MODALITIES FOR THE TAKE-OFF, OF THIS TRANSACTION HAS BEEN WORKED OUT AND FURTHER ACTION WILL COMMENCE IMMEDIATELY WE HEAR FROM YOU. WE SOLICIT FOR YOUR CO-OPERATION. IF YOU HAVE ANY QUESTION, PLEASE DO NOT HESITATE TO ASK ME IMMEDIATELY ON THE FOLLOWING TELEPHONE AND FAX NUMBERS: 234-1-7593405, 234-1-7593123.AND ALSO EMAIL alex72110 at yahoo.com TRULY YOURS, DR. ALEX CHIOMA From iqsoftware at export2000.ro Sun May 26 20:13:39 2002 From: iqsoftware at export2000.ro (iqsoftware at export2000.ro) Date: Mon, 27 May 2002 06:13:39 +0300 Subject: Romanian Software Production & Export Message-ID: A non-text attachment was scrubbed... Name: not available Type: text/plain charset=us-ascii Size: 7801 bytes Desc: not available URL: From jamesd at echeque.com Mon May 27 07:48:40 2002 From: jamesd at echeque.com (jamesd at echeque.com) Date: Mon, 27 May 2002 07:48:40 -0700 Subject: NAI pulls out the DMCA stick In-Reply-To: <200205270756.TAA276660@ruru.cs.auckland.ac.nz> Message-ID: <3CF1E4D8.17153.54D94E8@localhost> On 27 May 2002 at 19:56, Peter Gutmann wrote: > jamesd at echeque.com writes: > > >My impression is that S/MIME sucks big ones, because it commits one > >to a certificate system based on verisign or equivalent. > > I'll say this one more time, slowly for those at the back: What you're > criticising is PEM circa 1991, not S/MIME. Things have moved on a bit > since then. You need a certification authority. Every one you deal with has to acknowledge whatever certification authority gave you your certificate. Interaction with big public certification authorities is impractically painful for most users. If you uses S/MIME, you need a Thawte or Verisign certificate, and the guy you are trying to work with is never going to get a Thawte or Verisign certificate. From jamesd at echeque.com Mon May 27 07:48:40 2002 From: jamesd at echeque.com (jamesd at echeque.com) Date: Mon, 27 May 2002 07:48:40 -0700 Subject: PGP - when you care enough to send the very best! In-Reply-To: <20020527022459.45023.qmail@web13206.mail.yahoo.com> References: <002b01c20518$79696720$c33a080a@LUCKYVAIO> Message-ID: <3CF1E4D8.12708.54D9498@localhost> -- > > noticed that a good majority of the P2P efforts introduced at > > CODECON all included support for encryption as part of the > > protocol. The various On 26 May 2002 at 19:24, Morlock Elloi wrote: > I predict that first attempt to apply this on the > gnutella/morpheus/kazaa/napster scale will lead to clampdown. > Which is the reason that no one did it. We don't want osama > sending orders that way. Osama Bin Laden can already send orders by PGP, or even S/MIME -- but fortunately he did not, perhaps for lack of comprehension. No one is cracking down on PGP or S/MIME. A few assholes floated some trial balloons, and spread some stories, but the Bush administration, while selling out to everyone else, blew that one off, perhaps figuring that if Bin Laden could not understand the issue, neither would the critics. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG JRE12TCQDYazxvzqIJSv7a+TSPn3wVDa/nJwgkr2 41luNgdnx0+kGF4wVVQyY+SpoJcWNsLOAIpXAgeiw From Party1109 at nomade.fr Mon May 27 05:42:17 2002 From: Party1109 at nomade.fr (Afterwork Party) Date: Mon, 27 May 2002 08:42:17 -0400 Subject: NYCs Largest Afterwork Party Free 5/31@Eugene Message-ID: <371431401103278111412@nomade.fr> To Be Added to our ALWAYS FREE Guestlist: Keep713 at flashmail.com To Be Removed: Respond to this email with "remove" in the subject line -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 476 bytes Desc: not available URL: From ravage at einstein.ssz.com Mon May 27 06:43:44 2002 From: ravage at einstein.ssz.com (Jim Choate) Date: Mon, 27 May 2002 08:43:44 -0500 Subject: Slashdot | A Libel Suit May Establish E-Jurisdiction Message-ID: <3CF23810.9404156E@ssz.com> http://yro.slashdot.org/yro/02/05/27/1232210.shtml?tid=123 -- -- ____________________________________________________________________ A witty saying proves nothing. Voltaire ravage at ssz.com www.ssz.com jchoate at open-forge.org www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Mon May 27 06:46:21 2002 From: ravage at einstein.ssz.com (Jim Choate) Date: Mon, 27 May 2002 08:46:21 -0500 Subject: Slashdot | Face-Scanning Loses by a Nose in Palm Beach Message-ID: <3CF238AD.40D0DF22@ssz.com> http://slashdot.org/articles/02/05/27/0032212.shtml?tid=126 -- -- ____________________________________________________________________ A witty saying proves nothing. Voltaire ravage at ssz.com www.ssz.com jchoate at open-forge.org www.open-forge.org -------------------------------------------------------------------- From wonderfulnews at netpaloffers.com Mon May 27 09:12:39 2002 From: wonderfulnews at netpaloffers.com (NetPalOffers) Date: Mon, 27 May 09:12:39 2002 -0700 Subject: Great New Offer Message-ID: <62705712.7401507@mailhost> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2404 bytes Desc: not available URL: From k.brown at ccs.bbk.ac.uk Mon May 27 03:52:13 2002 From: k.brown at ccs.bbk.ac.uk (Ken Brown) Date: Mon, 27 May 2002 11:52:13 +0100 Subject: NYT: Techies Now Respect Government References: <9490F728-70C5-11D6-8D6A-0050E439C473@got.net> Message-ID: <3CF20FDD.DA8922EA@ccs.bbk.ac.uk> Tim May wrote: > > On Sunday, May 26, 2002, at 10:07 AM, John Young wrote: > > > Thomas Friedman in the New York Times today: > > > For example, in another place: > > "The question `How can this technology be used against me?' is now a > real R-and-D issue for companies, where in the past it wasn't really > even being asked," said Jim Hornthal, a former vice chairman of > Travelocity.com. "People here always thought the enemy was Microsoft, > not Mohamed Atta."" > > No, the reason companies deployed crypto was not because they feared > Microsoft would read their mail, but because they feared hackers, > terrorists, thieves would read their mail. > As for worrying about terrorism, many corporate headquarters have > anti-truckbomb measures in place. In front of the Noyce Building in > Santa Clara, Intel's high-rise headquarters building, there are > extensive barriers and other measures to prevent a truck bomb from being > driven into the main lobby and detonated. These have been there for most > of the past decade; security was not an afterthought resulting from 9/11. Exactly I can't imagine that any large US company that operated abroad - which is effectively all of big ones - didn't think about the same sort of thing. My ex-employers did business in a number of African and middle-eastern countries, some of them in a state of civil war, and had planned responses to kidnapping or murder of employees or their families, and to armed attack on company buildings, so physical security had always been on the agenda. If any of them were complacent about security in the USA itself, they would surely have been shaken out of it in the 1960s if not before. (Hey, didn't you guys use to have bank robbers? And what about the days when payrolls really were rolls of paper money?). Anyway, after abortion clinic bombings in the 1990s, and the Atlanta Olympic & Oklahoma bombings and Seattle protests surely no corporation the USA could have been naive enough to think that they were immune to politcal violence? The US company I used to work for in London had it's buildings within the blast radius of IRA bombs in 1983 and 1991 (and nearby in 1982 and 1995). The main thing that worried them in London was being occupied by demonstrators against the company's policies in other countries, or by "anti-Globalisation" protestors. We had discussions with police and others about corporate response to attacks or demonstrations. I participated in them at one point to discuss IT security. It was that sort of discussion that persuaded people to pay for firewalls and proxy servers. I don't think the idea that whole areas of the net woudl be wiped out by stupid Microsoft word macros occured to many of the non-IT managers, but they certainly didn't want to be hacked by Greens, who some of them had an exaggerated fear of. One of the reasons I knew it was time to leave was when I found myself talking to men in suits about defending ourselves against demonstrations that friends of mine might have been taking part in. From gift at giftdc.co.kr Sun May 26 21:45:39 2002 From: gift at giftdc.co.kr (giftdc) Date: Mon, 27 May 2002 13:45:39 +0900 Subject: =?ks_c_5601-1987?B?vPa9xbDFus40sMc=?= Message-ID: <001101c20539$5bf4f490$fd3bd6d3@homejr0jvlgwvf> hell at einstein.ssz.com, cypherpunks at einstein.ssz.com, hangar18-general at open-forge.org, open-science-general at open-forge.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 683 bytes Desc: not available URL: From undervaluded at yahoo.com Mon May 27 14:09:14 2002 From: undervaluded at yahoo.com (undervaluded at yahoo.com) Date: Mon, 27 May 2002 14:09:14 -0700 Subject: Get in while you can below .25 Message-ID: <200205272111.GAA13021@klic2001.co.kr> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 20993 bytes Desc: not available URL: From geer at TheWorld.com Mon May 27 14:34:54 2002 From: geer at TheWorld.com (Dan Geer) Date: Mon, 27 May 2002 17:34:54 -0400 Subject: Edinburgh Financial Cryptography Engineering 2002 - CFP In-Reply-To: Your message of "Mon, 13 May 2002 18:40:14 EDT." <200205130640.SAA144526@ruru.cs.auckland.ac.nz> Message-ID: <200205272134.RAA3967188@shell.TheWorld.com> Peter, > Does anyone know what happened to the Usenix e-commerce > conferences? They were in the vein of what FC used to be ... > there's also the EC-Web conference, although that has more of an > emphasis on web technology than EC. I founded this series in 1995 and was proud to have done so; we ran them in 1996 and 1998 as well, but the cutting edge quickly moved away from USENIX's core and forte to where every conference organizer on the planet had an e-commerce workshop of some sort up and running. Whether these were technical, financial or sheer hype, the noise factor was too great and we (USENIX Board of Directors) moved on to other things where we could make a difference without having to wage an advertising war in the middle of an investment bubble. I'm open to suggestions, of course, but in the meantime you might enjoy reminiscing about 1995 as seen through this lens: http://www.usenix.org/publications/library/proceedings/ec95/index.html --dan (current usenix president) From pgut001 at cs.auckland.ac.nz Mon May 27 00:56:48 2002 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Mon, 27 May 2002 19:56:48 +1200 (NZST) Subject: NAI pulls out the DMCA stick Message-ID: <200205270756.TAA276660@ruru.cs.auckland.ac.nz> jamesd at echeque.com writes: >My impression is that S/MIME sucks big ones, because it commits one to a >certificate system based on verisign or equivalent. I'll say this one more time, slowly for those at the back: What you're criticising is PEM circa 1991, not S/MIME. Things have moved on a bit since then. Peter. From pgut001 at cs.auckland.ac.nz Mon May 27 01:06:21 2002 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Mon, 27 May 2002 20:06:21 +1200 (NZST) Subject: NAI pulls out the DMCA stick Message-ID: <200205270806.UAA365373@ruru.cs.auckland.ac.nz> Curt Smith writes: >1. How do you create a X.509 signing hierarchy? Grab whatever crypto software you feel most comfortable with that does X.509 and start cranking out certs. >2. Can you add additional algorithms (ie. Twofish)? Certs are for public-key algorithms, so Twofish would never appear in there (well, I guess you could certify a Twofish key, but I'm not sure what the point would be). >3. Is a relavent developer reference is available for X.509? You have to distinguish between the X.509 format and tools to use X.509. I assume you're after a manual for the tools, rather than RFC 3280, for the same reason that most PGP users don't start by reading RFC 2440. In that case, refer to the docs for your crypto toolkit. Peter. From pgut001 at cs.auckland.ac.nz Mon May 27 01:11:18 2002 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Mon, 27 May 2002 20:11:18 +1200 (NZST) Subject: S/MIME and web of trust (was Re: NAI pulls out the DMCA stick) Message-ID: <200205270811.UAA411849@ruru.cs.auckland.ac.nz> Eric Murray writes: >Additionally, there is nothing that prevents one from issuing certs that can >be used to sign other certs. Sure, there are key usage bits etc but its >possible to ignore them. It should be possible to create a PGP style web of >trust using X.509 certs, given an appropriate set of cert extensions. I proposed some very simple additions to X.509 which would allow you to use the certs in the same way as PGP keys a year or two back. Unfortunately the PKIX WG chair is about as open to PGP-style additions to X.509 as some PGP people are towards S/MIME. (You can also do PGP using X.509 certs, I've been doing that for awhile just out of sheer bloody-mindedness :-). Peter. From rw at insurancemail.net Mon May 27 17:28:23 2002 From: rw at insurancemail.net (Rockwood) Date: Mon, 27 May 2002 20:28:23 -0400 Subject: Feeling Exposed? Message-ID: <28d42e01c205de$9359ce10$3201a8c0@insuranceiq.com> Feeling Exposed? We Cover Your Assets! Policies as low as $525 A+ Rated Carrier Additional Coverage Endorsements · Vicarious Liability · Financial Products · Property & Casualty · Investment Services As a Life, Accident, Health agent or broker, potential litigation against you can arise from numerous sources--a dissatisfied policyholder, insurance carrier, or other third party. You need to be prepared to defend yourself even against the most unfounded or frivolous allegations. After surveying hundreds of agents and brokers, Rockwood Programs Inc. has developed one of the most comprehensive errors and omissions policies in the industry--the "Rockwood Guardian." Policy Highlights ? Limit of liability options available up to 1 million. ? $1.5 million of defense protection in addition to the limit of liability. Policy deductibles do not apply to defense costs; ? Punitive damage protection (where permissible by law); ? Insolvency of carrier coverage (on carriers rated B+ or higher by A.M. Best). ? Extended reporting period provision available (free to retirees); ? Low deductible ($2,500); and ? Short Form Application. Call Corlin Hackett, one of our dedicated underwriting professionals, today at 877-242-2487 and click here for an application. We are available to assist you in the enrollment process and answer any questions regarding the E&O program. Are you a Life Company President, Sales Manager, Broker-Dealer, or large GA? Rockwood offers additional services such as sponsored E&O Programs, compliance, and database development. Contact: Call or e-mail Corlin Hackett 877-242-2487 ? or ? Please fill out the form below for more information Name: E-mail: Phone: City: State: Life/Health Agent Property/Casualty Agent Visit us on the web at www.rockwoodinsurance.com We don't want anyone to receive our mailings who does not wish to receive them. This is a professional communication sent to insurance professionals. To be removed from this mailing list, DO NOT REPLY to this message. Instead, go here: http://www.insurancemail.net Legal Notice -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 12803 bytes Desc: not available URL: From marketing at scnyc.com Mon May 27 18:23:00 2002 From: marketing at scnyc.com (The Training Letter) Date: Mon, 27 May 2002 21:23:00 -0400 Subject: The Training Letter May 28, 2002 3160 Message-ID: The Training Letter S E L A comprehensive 10 part series will cover the highlights, feature techniques and share some tips for Selling at the Executive Level. Twice each month another step in the process will unfold. What's in it for you ( click here ) READY, WILLING AND WORTHY by Scott Wintrip Some time ago I heard a wonderful song by Richard Mekdeci called "Ready, Willing and Worthy." So struck was I by the title, that I found I could focus on nothing else for the remainder of the event. I am always on the lookout for the simple and effective things in work and life. And "Ready, Willing and Worthy" immediately captured my attention as a simple and effective tool for exploring and making changes in your business. For the details ( click here ) Why Managers Condone Incompetence by Terry Petra There is one thing worse than hiring the wrong person. That is to hang on to the employee long after the evidence indicates you should let them go. This is a problem that challenges managers at all levels of the organizational ladder. Without getting into a discussion regarding hiring practices, let?s begin this monograph by simply stating that most managers, at one time or another, find themselves in a situation where they have an employee who should be terminated and yet, the manager takes no action. It may be a problem of unacceptable performance, poor attendance, negative attitude or lack of congruence between the manager?s primary operating style and the functional preferences of the employee. Terry provides insight into this common problem ( click here ) for the details Installment 1: Define your target prospects Here are a few ideas that may help you to identify your top 10 prospects. These are the companies where strategic and solution oriented selling will have a large pay off. Ideas and tips ( click here ) How to Identify Quality Search Assignments By Mike Ramer, CPC Recruiters from all sectors of the employment industry will relate to these points Being able to determine the quality of a search assignment before you "work it" is more critical today than any time in the past decade. What if you were to take on a search assignment that wasn't a quality one? You could spend weeks, even months, before finding out that: 1) the position was put on hold, 2) an internal candidate filled the job, 3) the company found the choice candidate through another source, 4) you're really looking for a "needle in a haystack," 5) the company isn't financially stable and can't pay your fee and/or 6) another reason spent your valuable time, which could have been used to work better assignments. Mike provides a simple recipe to avoid wastingyour time To identify the quality of a new search assignment: ( click here ) Recruiters week, week of 05.28.02 ( click here ) To unsubscribe ( click here ) Customer service 973-691-2000 Copyright Recruiter.com 2002 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 8688 bytes Desc: not available URL: From marketing at scnyc.com Mon May 27 18:23:00 2002 From: marketing at scnyc.com (The Training Letter) Date: Mon, 27 May 2002 21:23:00 -0400 Subject: The Training Letter May 28, 2002 3162 Message-ID: The Training Letter S E L A comprehensive 10 part series will cover the highlights, feature techniques and share some tips for Selling at the Executive Level. Twice each month another step in the process will unfold. What's in it for you ( click here ) READY, WILLING AND WORTHY by Scott Wintrip Some time ago I heard a wonderful song by Richard Mekdeci called "Ready, Willing and Worthy." So struck was I by the title, that I found I could focus on nothing else for the remainder of the event. I am always on the lookout for the simple and effective things in work and life. And "Ready, Willing and Worthy" immediately captured my attention as a simple and effective tool for exploring and making changes in your business. For the details ( click here ) Why Managers Condone Incompetence by Terry Petra There is one thing worse than hiring the wrong person. That is to hang on to the employee long after the evidence indicates you should let them go. This is a problem that challenges managers at all levels of the organizational ladder. Without getting into a discussion regarding hiring practices, let?s begin this monograph by simply stating that most managers, at one time or another, find themselves in a situation where they have an employee who should be terminated and yet, the manager takes no action. It may be a problem of unacceptable performance, poor attendance, negative attitude or lack of congruence between the manager?s primary operating style and the functional preferences of the employee. Terry provides insight into this common problem ( click here ) for the details Installment 1: Define your target prospects Here are a few ideas that may help you to identify your top 10 prospects. These are the companies where strategic and solution oriented selling will have a large pay off. Ideas and tips ( click here ) How to Identify Quality Search Assignments By Mike Ramer, CPC Recruiters from all sectors of the employment industry will relate to these points Being able to determine the quality of a search assignment before you "work it" is more critical today than any time in the past decade. What if you were to take on a search assignment that wasn't a quality one? You could spend weeks, even months, before finding out that: 1) the position was put on hold, 2) an internal candidate filled the job, 3) the company found the choice candidate through another source, 4) you're really looking for a "needle in a haystack," 5) the company isn't financially stable and can't pay your fee and/or 6) another reason spent your valuable time, which could have been used to work better assignments. Mike provides a simple recipe to avoid wastingyour time To identify the quality of a new search assignment: ( click here ) Recruiters week, week of 05.28.02 ( click here ) To unsubscribe ( click here ) Customer service 973-691-2000 Copyright Recruiter.com 2002 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 8688 bytes Desc: not available URL: From pgut001 at cs.auckland.ac.nz Mon May 27 03:54:22 2002 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Mon, 27 May 2002 22:54:22 +1200 (NZST) Subject: Government subsidies: our last, best hope for Cryptanarchy? Message-ID: <200205271054.WAA471355@ruru.cs.auckland.ac.nz> "Lucky Green" writes, and I add my $0.02: >The fact of the matter is that the usage of PGP by businesses, the sole >significant source of NAI PGP revenue, had long passed its peek. How many >business do you know that rolled out PGP in the last year? It's also become increasingly difficult for crypto-enthusiasts within a company to convince mgt. that a new project should use PGP. A year or two back you could still, with a bit of persuasion, convince a company to go with PGP rather than S/MIME or SSL or whatever (and "whatever" is, with frightening frequency, IPsec, of which more below). This is now almost impossible to do, because PGP is seen as having very little industry support, which terrifies management. >However, a closer inspection of the PGP interoperability problems, which have >been at one of the issues coming up in just about every single discussion I've >had with anybody about PGP over the last year, shows that the interop problems >are not between current versions by multiple vendors, but between versions, in >some cases by the same vendor, that were released over time. The major reason for this is the incessant need of the PGP standards contributors to keep tweaking the spec for every little issue which comes down the track, constantly breaking compatibility with the current code base. Unfortunately given that someone is going to come up with some novel problem which PGP doesn't quite address at the moment but which can be fixed with a minor update, every six months or so, it's quite possible that the standard will never settle down until someone gets around to shooting the engineers and backing out the last dozen or so compatibility-breaking tweaks and updates. >Even the most casual user of software tends to be familiar with and acceptant >of the need for occasional software upgrades. Only if it's broken, and that's the "problem" with PGP: It ain't broken. I can take my 10-year-old copy of PGP 2.6.x and be no less secure with it than with the very latest NAI release. The only reason most people ever dumped ssh 1.x was because of very widely-publicised exploits, and even then for many users it took the widespread use of ssh rootkits to get them to go to 2.x. PGP hasn't had that problem. Like the Energizer bunny, it just keeps on going. Look at the Disastry PGP releases with source code going back 10 years, it's like taking a trip back in time. Except for the gratuitous changes in packet formats and whatnot and a few new algorithms, you could use it to process current messages (it's one of the first of my standard suite of PGP versions to try). In fact since good ol' 2.x will interoperate with any other 2.x-vintage version out there but post-2.x stuff is nothing but interop trouble, there's a strong incentive *not* to upgrade. >The reluctance to upgrade to a newer version of PGP does not appear to be >driven by a refusal or inability to upgrade software in general. This >reluctance to upgrade appears PGP specific. It's not PGP specific. It's because it ain't broken, and going to a newer version is frequently more painful (due to interop problems) than staying with what works. >Now perhaps there may be the rare case of a PGP user that is still running PGP >2.x on the same DOS box, using the same mailer and the same text editor as >they did 5 years ago. As a matter of fact I keep an old DOS box stashed away for emergencies. No matter how bad things get, you can always bring up DOS on whatever random hardware you can scrape together from various corners, fire up a terminal emulator, and get online. >The same Cypherpunk expressed a hope that absent NAI's PGP, the German >government group currently funding GPG might be more inclined to fund UI work >for Windows. Perhaps they would. Assuming for a moment they will, would this >lead to a better PGP Windows UI than NAI's PGP offered? NAI's PGP UI is pretty >darn good. Looking at the sorry state of UI's currently offered for GPG, even >with government funding, I suspect that it will be a long time indeed before >we will see a GPG UI that will compare positively to the current NAI PGP UI. That's always been the problem with crypto software. Crypto is cool and fun to do. It is (compared to the UI) relatively easy to implement given a decent toolkit with a good selection of algorithms and whatnot (just to show I'm not blowing smoke, it took me around two weeks to add OpenPGP as a target format for cryptlib enveloping). OTOH UI work is painful and boring and not even remotely sexy. It'd take me forever to put a UI at the level of Outlook (which is what the masses would expect) onto cryptlib, and even if I knew anything about Windows GUIs you couldn't pay me enough to do it. There are however a few products which have managed this, eg The Bat, http://www.ritlabs.com/securebat/index.html, so it's not impossible. Sure, it's not Outlook, but it's an impressive piece of work for one person. >I bet a good percentage of the readers of this list that still require to be >engaged in a form of employment nowadays access their company network via some >form of VPN. Up by orders of magnitude from a few years ago. Frequently because of management misunderstanding... no, let's be honest, total cluelessness, though. "You got a security problem? No worries, just install a VPN. Sign here please". VPNs are being sold as the solution to everything from viruses to premature baldness, and occasionally even because of concerns about outsiders grabbing sensitive data off external networks, although the latter seems to be the exception rather than the rule. Either the complete lack of addressing (or even considering) the threat model before deployment, or the fact that everyone including the tea lady are regarded as requiring access once it's deployed, mean it's just an expensive collection of electronic worry beads once installed. >This afternoon, I installed the "Britney Spears SmartFlash Kit" on my Windows >XP test box. For $29.95 plus shipping and handling, you too can own a Britney >SmartFlash Kit, which includes a USB smartcard reader, a Gemplus smartcard >(both the reader and card are graced with pictures of Britney), and a CD with >Gemplus GemSafe smartcard crypto driver software These things are great, for $29.95 and a little isopropyl alcohol (or acrylic spray paint) you get a nice GemPC430 card reader and drivers (they're normally $60-70). The card is just a dumb memory card though, so you still need to get a GPK8K alongside the reader. Peter. From airborn444 at post.sk Tue May 28 10:10:43 2002 From: airborn444 at post.sk (RUSS) Date: Mon, 27 May 2002 23:10:43 -1800 Subject: lowest home mortgage rate TR Message-ID: <000065d0746d$00001783$00007a96@smtp.post.sk> Proposal Want to refinance? Fill out this quick form and immediately have mortgage companies compete for you business. You will be offered the, absolute, BEST refinance rates available! Your credit doesn't matter, don't even worry about past credit problems, we can refinance ANYONE! Let Us Put Our Expertise to Work for You! http://save.ac2002.net Erase http://save.ac2002.net/optout.htm From 106848 at yahoo.com Mon May 27 21:10:59 2002 From: 106848 at yahoo.com (106848 at yahoo.com) Date: Mon, 27 May 2002 23:10:59 -0500 Subject: erotic entertainer and dominatrix (7948BtLF7-957X@13) Message-ID: <000e84e65bba$3344b5c1$3bc72de1@aqkyuw> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2147 bytes Desc: not available URL: From ogapy at korea.com Mon May 27 08:42:36 2002 From: ogapy at korea.com (ſ) Date: Tue, 28 May 2002 00:42:36 +0900 Subject: No subject Message-ID: <200205271557.KAA22149@einstein.ssz.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 25200 bytes Desc: not available URL: From xi2vakr9f47 at hotmail.com Tue May 28 13:49:06 2002 From: xi2vakr9f47 at hotmail.com (Zoe) Date: Tue, 28 May 2002 01:49:06 -1900 Subject: Fast, Free, Instant Life Insurance Quotes... YWXUA Message-ID: <00003566734b$00005a8c$000034fb@mx08.hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1429 bytes Desc: not available URL: From tajv at earthlink.net Mon May 27 22:50:35 2002 From: tajv at earthlink.net (tajv at earthlink.net) Date: Tue, 28 May 2002 01:50:35 -0400 Subject: Financial Opportunity [w10bvw] Message-ID: <200205280150468.SM00116@fgskr.geocities.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5314 bytes Desc: not available URL: From ravage at einstein.ssz.com Tue May 28 04:13:17 2002 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 28 May 2002 06:13:17 -0500 Subject: Slashdot | NZ Firm Shows Anti-DDoS Tool Message-ID: <3CF3664D.A08003BC@ssz.com> http://slashdot.org/articles/02/05/28/0345248.shtml?tid=172 -- -- ____________________________________________________________________ A witty saying proves nothing. Voltaire ravage at ssz.com www.ssz.com jchoate at open-forge.org www.open-forge.org -------------------------------------------------------------------- From eresrch at eskimo.com Tue May 28 06:48:12 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Tue, 28 May 2002 06:48:12 -0700 (PDT) Subject: Missing pieces? In-Reply-To: <3CF3757A.E66F6DAA@acmenet.net> Message-ID: On Tue, 28 May 2002, Steve Furlong wrote: > Mister Heex wrote: > > > > What are the fundamental building blocks that we're missing for a bright 'n' shiny crypto-future? > > Cluefull users. Politicians who aren't trying to grab power. I'm not sure he gets the sarcasm :-) Speaking of power grabs, I just sent a 4 page letter to my senator on the Judiciary committee on S.2048 - the bill to make A/D converters test for copyright notice. We can't stop power grabs, but we can at least educate clueless politicians. Probably won't change anything, but at least we can try! Patience, persistence, truth, Dr. mike From nobody at xmailer.ods.org Tue May 28 04:21:05 2002 From: nobody at xmailer.ods.org (Mister Heex) Date: Tue, 28 May 2002 07:21:05 -0400 (EDT) Subject: Missing pieces? Message-ID: <1559f192a7c68d53b52c49f2a33138ec@xmailer.ods.org> What are the fundamental building blocks that we're missing for a bright 'n' shiny crypto-future? From sunder at sunder.net Tue May 28 04:39:20 2002 From: sunder at sunder.net (Sunder) Date: Tue, 28 May 2002 07:39:20 -0400 (edt) Subject: NYT: Techies Now Respect Government In-Reply-To: Message-ID: Sounds like more of the same kinds of words inserted into Phil Zimmermann mouth by Ariana Cha to me. Hmmm, smells like bullshit, looks like bullshit, there's a bull looking a bit relieved a few feet away, I wonder what it could be? ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\ \|/ :aren't security. A |share them, you don't hang them on your/\|/\ <--*-->:camera won't stop a |monitor, or under your keyboard, you \/|\/ /|\ :masked killer, but |don't email them, or put them on a web \|/ + v + :will violate privacy|site, and you must change them very often. --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Sun, 26 May 2002, John Young wrote: > Thomas Friedman in the New York Times today: > http://www.nytimes.com/2002/05/26/opinion/26FRIE.html > Webbed, Wired and Worried, May 26, 2002 > > Silicon Valley staunchly opposed the Clipper Chip, which > would have given the government a back-door key to all > U.S. encrypted data. Now some wonder whether they > shouldn't have opposed it. John Doerr, the venture > capitalist, said, "Culturally, the Valley was already > maturing before 9/11, but since then it's definitely > developed a deeper respect for leaders and government > institutions." From sfurlong at acmenet.net Tue May 28 05:18:02 2002 From: sfurlong at acmenet.net (Steve Furlong) Date: Tue, 28 May 2002 08:18:02 -0400 Subject: Missing pieces? References: <1559f192a7c68d53b52c49f2a33138ec@xmailer.ods.org> Message-ID: <3CF3757A.E66F6DAA@acmenet.net> Mister Heex wrote: > > What are the fundamental building blocks that we're missing for a bright 'n' shiny crypto-future? Cluefull users. Politicians who aren't trying to grab power. -- Steve Furlong Computer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking From sfurlong at acmenet.net Tue May 28 07:14:58 2002 From: sfurlong at acmenet.net (Steve Furlong) Date: Tue, 28 May 2002 10:14:58 -0400 Subject: Missing pieces? References: Message-ID: <3CF390E2.2D19F59B@acmenet.net> Mike Rosing wrote: > Speaking of power grabs, I just sent a 4 page letter to my senator on the > Judiciary committee on S.2048 - the bill to make A/D converters test for > copyright notice. We can't stop power grabs, but we can at least educate > clueless politicians. Probably won't change anything, but at least we can > try! My senators are Clinton and Schumer. Makes me damn proud to be an American, I tell you. Neither's office has responded to any of my letters, probably because I didn't include money with my missives. I guess there's no point to further letters to my senators, unless I can get my hands on some anthrax. (Note to hypothetical snoop: that was a joke. Get a life, idiot girl.) -- Steve Furlong Computer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking From mdbwpeff at yahoo.com Tue May 28 03:25:43 2002 From: mdbwpeff at yahoo.com (PATRICA) Date: 28 May 2002 10:25:43 -0000 Subject: Viagra - No Doctor Visit Message-ID: <20020528102543.14804.qmail@viper.themarcomgroup.com> Below is the result of your feedback form. It was submitted by PATRICA (mdbwpeff at yahoo.com) on Tuesday, May 28, 2002 at 03:25:43 --------------------------------------------------------------------------- body: MERIDIA � is an FDA-approved oral prescription medication that is used for the medical management of obesity, including weight loss and the maintenance of weight loss. MERIDIA can only be prescribed by a licensed medical practictioner. XENICAL, weight loss medication used to help overweight people lose weight and keep this weight off. http://www.globalrxco.com/main2.php?rx=16701 RETIN-A � is used in the treatment of acne as well as to reduce the signs of aging. Many other prescription drugs available, including: VIAGRA Less than 7.00 a pill!!!!!!!!!!!! VALTREX, Treatement for Herpes. PROPECIA, the first pill that effectively treats male pattern hair loss. ZYBAN, Zyban is the first nicotine-free pill that, as part of a comprehensive program from your health care professional, can help you stop smoking. CLARITIN, provides effective relief from the symptoms of seasonal allergies. And Much More... http://www.globalrxco.com/main2.php?rx=16701 EXIT INSTRUCTIONS: To Be EXTRACTED From Future Mailings: mailto:52502pm at eudoramail.com 4403 --------------------------------------------------------------------------- From eresrch at eskimo.com Tue May 28 11:46:43 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Tue, 28 May 2002 11:46:43 -0700 (PDT) Subject: Missing pieces? In-Reply-To: <3CF390E2.2D19F59B@acmenet.net> Message-ID: On Tue, 28 May 2002, Steve Furlong wrote: > My senators are Clinton and Schumer. Makes me damn proud to be an > American, I tell you. Neither's office has responded to any of my Yeah, that's a grim position to be in. At least my congress critters write back. > letters, probably because I didn't include money with my missives. I > guess there's no point to further letters to my senators, unless I can > get my hands on some anthrax. > > (Note to hypothetical snoop: that was a joke. Get a life, idiot girl.) Good luck, robots aren't too great with jokes :-) Patience, persistence, truth, Dr. mike From dmolnar at hcs.harvard.edu Tue May 28 09:35:38 2002 From: dmolnar at hcs.harvard.edu (dmolnar) Date: Tue, 28 May 2002 12:35:38 -0400 (EDT) Subject: Forward-secure public-key encryption eprint Message-ID: Forward-secure public-key encryption has been discussed here, on sci.crypt, and elsewhere. To recap - the goal is that an adversary who breaks into your computer today can't read messages sent/received yesterday. In the interactive case, you use ephermal Diffie-Hellman. The non-interactive case is more complicated and has had some ideas considered by Ross Anderson, Adam Back, and David Hopwood (among others). Cypherpunks relevance: forward security is nice for remailers. Anyway, there's a new eprint up which shows how to construct such a scheme starting from an ID-based encryption scheme by Boneh + Franklin. "A Forward-Secure Public-Key Encryption Scheme" Jonathan Katz http://eprint.iacr.org/2002/060/ It's worth noting that the scheme this is based on has code available. http://crypto.stanford.edu/ibe/download.html -David From schear at lvcm.com Tue May 28 14:21:20 2002 From: schear at lvcm.com (Steve Schear) Date: Tue, 28 May 2002 14:21:20 -0700 Subject: Anti-snooping operating system close to launch Message-ID: <5.1.0.14.2.20020528142027.03556e50@pop3.lvcm.com> Anti-snooping operating system close to launch 16:28 28 May 02 NewScientist.com news service Computer activists in Britain are close to completing an operating system that could undermine government efforts to the wiretap the internet. The UK Home Office has condemned the project as potentially providing a new tool for criminals. Electronic communications can be kept private using encryption. But new UK legislation will soon give law enforcers the right to demand encryption keys from anyone suspected of illegal activity. The Regulation of Investigatory Powers Act (RIPA) was introduced to update UK surveillance laws to include electronic communications. But privacy campaigners say it gives too much power to law enforcers and permits intrusive eavesdropping. Peter Fairbrother, a mathematician and computer enthusiast, is programming the new operating system, called M-o-o-t. "It is aimed at anybody who's concerned about the government being nosey," he says. http://www.newscientist.com/news/news.jsp?id=ns99992335 From schear at lvcm.com Tue May 28 14:58:54 2002 From: schear at lvcm.com (Steve Schear) Date: Tue, 28 May 2002 14:58:54 -0700 Subject: Anti-snooping operating system close to launch In-Reply-To: <5.1.0.14.2.20020528142027.03556e50@pop3.lvcm.com> Message-ID: <5.1.0.14.2.20020528145501.04f8ee50@pop3.lvcm.com> An interesting thread concerning M-o-o-t can be found at http://www.topica.com/lists/m-o-o-t-os-group/read Of particular interest to cypherpunks may be the "Threats and Weaknesses" analysis begun in Dec 2000 Threats and Weaknesses ====================== Workstation: · Hardware/firmware traps either built-in or add-on (eg keystroke data capture plugs) · Execution on a virtual machine designed to compromise the application · Surveillance techniques (camera, electronic monitoring, "Tempest") · Trojan horse software via doctored compiler · Trojan horse software via doctored CD Server: · Undetected impostors or other subversion of security software · Key captures · Billing/Account/Payment tracing and trawling Network: · Denial of service attacks on the havens · DNS and routing attacks (eg via ARPS, spoofing etc) · false packet etc protocol attacks · traffic analysis · monkey in the middle attacks User: · Criminalise this product · Criminalise encryption · Problem of creating a personal identifier that cannot be copied, forged or usurped by force · Billing systems may expose usage details Data: · Data entry and exit to the unsecure world - need to have anonymous methods for this · Is the data going to be locked up too tightly to be useful? · Can the data be manageable but still secure? Eg, individual directories may be necessary but a security risk. If there is no good built-in management system, people will create hazardous insecure out-of-system ones. · How can data availability be guaranteed over long periods of time? Encryption: · How can keys be securely created, managed and protected from mis-use? · Are there sufficiently top-class cryptographers on tap to implement new secure systems? Project: · Is it too ambitious for the resources? · Can it be staged to produce useful (and profitable) subsets more quickly? · Does it conflict with other similar developments? · Can it be managed in an insecure environment in a jurisdiction that is hostile to its purpose? steve From powerhealth at com.ne.kr Tue May 28 00:55:36 2002 From: powerhealth at com.ne.kr (aema) Date: Tue, 28 May 2002 16:55:36 +0900 Subject: []ͳ οȭ Message-ID: <200205280657.BAA03317@einstein.ssz.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1621 bytes Desc: not available URL: From plhn2423216 at yahoo.com Tue May 28 15:04:36 2002 From: plhn2423216 at yahoo.com (plhn2423216 at yahoo.com) Date: Tue, 28 May 2002 17:04:36 -0500 Subject: business news: the latest way to grow your business 3216 Message-ID: <200205300353.WAA19487@einstein.ssz.com> PROMOTE YOUR PRODUCT OR SERVICE TO MILLIONS TODAY! E-MAIL MARKETING - Bulk e-mail will make you money so fast, your head will spin! - Our customers tell us that they would no longer be in business without it. - Complete collection of e-mail software & unlimited addresses! FAX MARKETING SYSTEM - Fax broadcasting is the hot new way to market your product or service! - You can not beat fax broadcasting for cost effectiveness and reliability - System includes all software and 1 million business leads on disk 1 MILLION AMERICAN BUSINESS LEADS ON CD - If you do telemarketing, mailing, or faxing this list will be a gold mine! - Contains company name, address, phone, fax, SIC, # of employees & revenue - List allows for UNLIMITED DOWNLOADS! Visit our web site http://81.9.8.7/index.htm or call 618-288-6661 for more information. to be taken off of our list respond here mailto:l1l12345a1 at btamail.net.cn From pgut001 at cs.auckland.ac.nz Mon May 27 22:06:18 2002 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Tue, 28 May 2002 17:06:18 +1200 (NZST) Subject: Edinburgh Financial Cryptography Engineering 2002 - CFP Message-ID: <200205280506.RAA23315@ruru.cs.auckland.ac.nz> Dan Geer writes: >I founded this series in 1995 and was proud to have done so; we ran them in >1996 and 1998 as well, but the cutting edge quickly moved away from USENIX's >core and forte to where every conference organizer on the planet had an e- >commerce workshop of some sort up and running. Unfortunately they've become either just another Crypto clone (FC in the last year or two) or a collection of XML/J2EE/buzzword-du-jour be-ins (all the rest). The world still needs a good, technical e-commerce security conference which isn't one of the above. >I'm open to suggestions, of course, I'd love to see it resurrected. While I can't really organise it because of where I am, I'd be happy to referee papes or whatever. Having served on PCs for several other security conferences, I've seen enough papers of the appropriate kind submitted elsewhere to indicate that there'd be enough for an e-commerce security conference (in other words there's no shortage of material there). The Usenix one, during its short lifetime, attracted some really good papers. Peter. From pgut001 at cs.auckland.ac.nz Mon May 27 22:37:54 2002 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Tue, 28 May 2002 17:37:54 +1200 (NZST) Subject: NAI pulls out the DMCA stick Message-ID: <200205280537.RAA23558@ruru.cs.auckland.ac.nz> jamesd at echeque.com writes: >On 27 May 2002 at 19:56, Peter Gutmann wrote: >>jamesd at echeque.com writes: >>>My impression is that S/MIME sucks big ones, because it commits one >>>to a certificate system based on verisign or equivalent. >> >>I'll say this one more time, slowly for those at the back: What you're >>criticising is PEM circa 1991, not S/MIME. Things have moved on a bit >>since then. > >You need a certification authority. Every one you deal with has to >acknowledge whatever certification authority gave you your certificate. > >[etc etc - standard description of original 10-year-old PEM certification > model] No, as I said before, what you're describing is PEM circa 1991, not S/MIME. In the S/MIME model, anyone can issue certs (just like PGP), including yourself. In addition, many large CAs will issue certs in any name to anyone, so even if you don't want to do your own keys a la PGP you can still get a Verisign cert which behaves like a PGP key. Rather than wasting all this bandwidth in a lets-bash-S/MIME-by-pretending- it's-still-PEM debate (what is it with this irrational fear of S/MIME?), I'd be more interested in a serious discussion on which key-handling model is less ineffective, WoT or X.509-free-for-all. At the moment both of them seem to work by using personal/direct contact to exchange keys, with one side pretending to be WoT-based (although no-one ever relies on this) and the other pretending to be CA-based (although no-one ever relies on this [0]). The end result is that they're more or less the same thing, the only major differentiating factor being that most X.509-using products don't allow you to distribute your own certs the way PGP does. Peter. [0] With my earlier caveat about exceptions for government orgs who have been instructed to rely on it, or else. From morlockelloi at yahoo.com Tue May 28 19:26:21 2002 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Tue, 28 May 2002 19:26:21 -0700 (PDT) Subject: Anti-snooping operating system close to launch In-Reply-To: <5.1.0.14.2.20020528142027.03556e50@pop3.lvcm.com> Message-ID: <20020529022621.15171.qmail@web13203.mail.yahoo.com> > Anti-snooping operating system close to launch http://www.m-o-o-t.org/ didn't change much code-wise in the last year or so, except for the "news" section. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com From pfnllc at insurancemail.net Tue May 28 16:33:38 2002 From: pfnllc at insurancemail.net (Producers Financial Network) Date: Tue, 28 May 2002 19:33:38 -0400 Subject: "Annuity Magic" Has Arrived! Message-ID: <2c1ef701c206a0$17fbd7f0$3201a8c0@insuranceiq.com> "Annuity Magic" Has Arrived! 5.20% Guaranteed for 5 years 5 Year Surrender Charge 3.4% Commission A+ Raged Company Don't forget to ask about our _____ Our 6 year product crediting 5.7% guaranteed for 6 years with a 6 year surrender Call or e-mail us today! 800-985-5549 Please fill out the form below for more information Name: E-mail: Phone: City: State: We don't want anybody to receive or mailing who does not wish to receive them. This is professional communication sent to insurance professionals. To be removed from this mailing list, DO NOT REPLY to this message. Instead, go here: http://www.insurancemail.net Legal Notice -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6459 bytes Desc: not available URL: From mrsmabacha at qrio.com Tue May 28 20:40:50 2002 From: mrsmabacha at qrio.com (mrsmabacha) Date: Tue, 28 May 2002 20:40:50 -0700 Subject: CRY FOR HELP Message-ID: <200205280645.BAA03182@einstein.ssz.com> ATTN: SEEKING HONEST ASSOCIATE Pardon me for contacting you through this medium and in this manner without any prior introduction. This is due to circumstances beyond my control. I had to bribe the prison attendants to secretly allow me open an email address from the computer in their office. My name is Alhaji Mohammed Sani Abacha, the eldest surviving son of the late Nigerian Head of State, General Sani Abacha. I am currently in detention on the orders of the current Nigerian government at the Kirikiri Maximum Security Prisons, Lagos on what is to me, on political grounds. You would have read some of the news recently of how the present government claims that my late father looted their treasury before he died. Well, you can see some of them at the following websites: http//news.bbc.co.uk; www.bobminton.org. Since the assumption of power by the present civilian government in Nigeria, my entire family has known no peace. The present government has set out to humiliate and persecute my late father's family and associates for both real and imagined sins' of my late father. They have confiscated all the assets they could lay hands on, frozen the family's bank accounts both here and abroad and generally emasculate the members of my family. All these victimization and more have left me, my siblings and most especially my widowed mother in a very difficult situation in the battle for survival. In view of this experience and in order to avoid further decimation of the family's fortunes, my mother and I have decided to entrust a reasonable part of the family's hidden funds under the care of a trustworthy foreigner for safekeeping. Her major problem is that while I am in detention my mother's movements and access are restricted since she is virtually under house arrest and constantly monitored. This explains my having to contact you through clandestine sources. Let me therefore inform you in the utmost confidence that before the freezing of certain key bank accounts in Nigeria, we were able through a technical arrangement to withdraw monies totaling US$45,000,000.00 (Forty Five Million U.S. Dollars Only) which was immediately moved out of the country through the help of some of my late father's close associates who are still serving in the present government. It is both my wish and my mother's that you assist us in the safekeeping of these monies. My mother will be able to discuss with you if the proper arrangements are made through our lawyer, Messr abdulsan and abdulsan & Co. (Legal Practitioners & Notaries Public). Note that all correspondence between us shall be through the lawyer, contact directly the most senior partner. CHIEF hamed bala(SAN) bala & bala & CO. (Legal Practitioners & Notaries Public) e-mail:hamed_808_bala at yahoo.com Tele phone; 234-80-33223121. I have arranged and agreed with my mother that 25% of the total sum will be for you for your kind assistance, while 5% of the total sum have been earmarked for expenses that might be incured both local and international in the course of the whole of the whole transaction, including calls made either by you or both. But please note that this request is contingent on your undertaking that you shall make the funds available to my mother on demand as a primary condition prior to the commencement of this transaction. This email address is my only source of communication. You can contact the attorney directly as all the information is already with him. Please keep me posted via email as I will be looking forward to your favorable response. Regards, ALHAJI MOHAMMED SANI ABACHA -------------- next part -------------- A non-text attachment was scrubbed... Name: go1.txt Type: application/octet-stream Size: 22903 bytes Desc: not available URL: From ravage at einstein.ssz.com Tue May 28 20:27:26 2002 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 28 May 2002 22:27:26 -0500 Subject: Slashdot | FBI Carnivore Screwup Destroys E-Mail Evidence Message-ID: <3CF44A9E.A4B22C73@ssz.com> http://yro.slashdot.org/yro/02/05/29/0043253.shtml?tid=158 -- -- ____________________________________________________________________ A witty saying proves nothing. Voltaire ravage at ssz.com www.ssz.com jchoate at open-forge.org www.open-forge.org -------------------------------------------------------------------- From MO2508_20020528_795 at link2buy.com Wed May 29 04:57:52 2002 From: MO2508_20020528_795 at link2buy.com (EAASI) Date: Wed, 29 May 2002 04:57:52 -0700 (PDT) Subject: FREE instant online health insurance quotes! Message-ID: <850218409.1022674783483.mu@link2buy.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 7762 bytes Desc: not available URL: From objectpascal at yahoo.com Wed May 29 06:03:13 2002 From: objectpascal at yahoo.com (Curt Smith) Date: Wed, 29 May 2002 06:03:13 -0700 (PDT) Subject: Key verification schemes... In-Reply-To: <3CEFB15D.31584.F5A4C@localhost> Message-ID: <20020529130313.16489.qmail@web11603.mail.yahoo.com> (in response to a topic mentioned in various threads) I agree that neither CA-verification nor WoT-verification is as useful as Key Fingerprint-verification for secure communication between crypto-aware individuals. After all, CA's can be subverted and WoT is probably best used as a back-up option when direct key verification is not possible. Key Fingerprints can be verified in both PGP and S/MIME, but neither system enforces it. I would prefer for Key Fingerprint-verification to be more central to the system. --- jamesd at echeque.com wrote: ... > The hierarchical verisign model is useful when one wishes to > verify that something comes from a famous and well known > name --that this software really is issued by Flash, that > this website really does belong to the Bank of America. In > this case, however, only famous and well known names need > their keys from verisign. No one else needs one. > > When one wishes to know one is really communicating with Bob, > it is best to use the same channels to verify this is Bob's > key, as one used to verify that Bob is the guy one wishes to > talk to. The web of trust, and Verisign, merely get in the > way. ... --- Eric Murray wrote: ... > And to be honest, exactly zero of the PGP exchanges I have > had have actually used the web of trust to really verify a > PGP key. I've only done it in testing. In the real world, I > either verify out of band (i.e. over the phone) or don't > bother if the other party is too clueless to understand what > I want to do and getting them to do PGP at all has already > exausted my paticnce. ... ===== end Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com From cristobal93 at hotmail.com Wed May 29 16:19:08 2002 From: cristobal93 at hotmail.com (cristobal93 at hotmail.com) Date: Wed, 29 May 2002 07:19:08 -1600 Subject: Lose 30 Pounds In 10 Days 10746 Message-ID: <00006dab0750$0000076c$000075de@.> Hey there, If you're like me, you've tried EVERYTHING to lose weight.  I know how you feel - the special diets, miracle pills, and fancy exercise equipment never helped me lose a pound either.  It seemed like the harder I tried, the bigger I got, until I heard about a product called Extreme Power Plus. You're probably thinking to yourself, "Oh geez, not another miracle diet pill!"  Like you, I was skeptical at first, but my sister swore it helped her lose 23 pounds in just two weeks, so I told her I'd give it a shot.  I mean, there was nothing to lose except a lot of weight!  Let me tell you, it was the best decision I've ever made. Period.  Six months later, as I'm writing this message to you, I've gone from 355 pounds to 210 pounds, and I haven't changed my exercise routine or diet at all.  Yes, I still eat pizza, and lots of it! I was so happy with the results that I contacted the manufacturer and got permission to resell it - at a BIG discount.  I want to help other people lose weight like I did, because it does so much for your self-esteem, not to mention your health. I give you my personal pledge that Extreme Power Plus absolutely WILL WORK FOR YOU.  If it doesn't, you can return it any time for a full refund.    If you are frustrated with trying other products, not having any success, and just not getting the results you were promised, then I recommend the only product that worked for me - EXTREME POWER PLUS. You're probably asking yourself, "Ok, so how does this stuff actually work?" Extreme Power Plus contains Lipotropic fat burners and ephedra which is scientifically proven to increase metabolism and cause rapid weight loss. No "hocus pocus" in these pills - just RESULTS, RESULTS, RESULTS!! Here is the bottom line ... I can help you lose 10-15 pounds per week naturally, without exercising and without having to eat rice cakes all day.  Just try it for one month - there's nothing to lose, and everything to gain.  You will lose weight fast - GUARANTEED.  That is my pledge to you.  To order Extreme Power Plus on our secure server, just click on the link below: http://www.2002marketing.com/power/extreme.cfm If you have difficulty accessing the website above, please try our mirror site by clicking on the link below: http://www.2002marketing.com/power/extreme.cfm To see what some of our customers have said about this product, visit http://www.2002marketing.com/power/extreme.cfm To see a list of ingredients and for more information on test studies and how it will help you lose weight, visit http://www.2002marketing.com/power/extreme.cfm ************************************************************* If you do not wish to receive any more emails from me, please send an email to "affiliate1 at btamail.net.cn" requesting to be removed. ************************************************************* From objectpascal at yahoo.com Wed May 29 08:34:32 2002 From: objectpascal at yahoo.com (Curt Smith) Date: Wed, 29 May 2002 08:34:32 -0700 (PDT) Subject: When encryption is also authentication... In-Reply-To: <002b01c20518$79696720$c33a080a@LUCKYVAIO> Message-ID: <20020529153432.30057.qmail@web11602.mail.yahoo.com> I agree that under-the-hood encryption is becoming more and more prevalent, and that it generally improves security. Also, the widespread use of encryption technology helps protect cryptorights in general as important to the public good. The fundamental problem with "under-the-hood" is that the user is not required to have any understanding of the process. Furthermore encryption technology is often also authentication technology. This includes transparently sending S/MIME documents (encrypted and/or signed) as a default without requiring additional user intervention. In many places this results in legally binding documents. Furthermore, anyone with access to a system can send legally binding e-mail documents on the user's behalf. Both legally-binding and authentication technology should not be completely transparent. Even "EULA's" require user-intervention. Digitally signed messages should require user-intervention. --- Lucky Green wrote: ... > I indeed consider passive encryption methods alone to be > typically insufficient for some of my personal security needs > and am continuing to utilize encryption that requires me as > the user to make that trust decision. But that does not mean > that no security benefits are to be had from opportunistic > encryption of Internet traffic. ... > How does the increased use of strong crypto under-the-hood > help Cypherpunks? The answer reminds me of the response > another Cypherpunk gave to my posting statistics about the > nature of the USENET traffic seen by a major node. I > expressed surprise at these rather revealing statistics, > musing that there had to be a lesson to be learned from the > fact that the bulk of the data is generated in newsgroups > that one would not initially consider mainstream. His > response was illuminating: "Yes, the lesson is: just look at > all that cover traffic". > > --Lucky ===== end Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com From eresrch at eskimo.com Wed May 29 09:05:25 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Wed, 29 May 2002 09:05:25 -0700 (PDT) Subject: When encryption is also authentication... In-Reply-To: <20020529153432.30057.qmail@web11602.mail.yahoo.com> Message-ID: On Wed, 29 May 2002, Curt Smith wrote: > I agree that under-the-hood encryption is becoming more and > more prevalent, and that it generally improves security. Also, > the widespread use of encryption technology helps protect > cryptorights in general as important to the public good. This is kinda the opposite of... > Both legally-binding and authentication technology should not > be completely transparent. Even "EULA's" require > user-intervention. Digitally signed messages should require > user-intervention. this. Having it be "transparent" where the user doesn't need to know anything about how it works does not have to destroy the effectiveness of digital signatures or crypto. When people sign a document they don't know all the ramifications because few bother to read all of any document they sign - most of it won't apply as long as you keep your part of the bargin, so why bother? The same thing should be true of digital signatures. The user shouldn't have to know a thing, other than they've made a promise they better keep or all the bad clauses really do apply, and the proof of their signature will come to haunt them. The way the digital signature works does not matter to them, and it shouldn't need to. If digital crypto, signatures or e-cash are going to get into mass appeal, then their operations will be "magic" to the majority. And it all has to work, to 1 part in 10^8th or better, without user comprehension. It may well take "user intervention" to create a signature, but they shouldn't have to know what they are doing. Patience, persistence, truth, Dr. mike From InsightontheNews at broadbandpublisher.com Wed May 29 06:51:02 2002 From: InsightontheNews at broadbandpublisher.com (Insight on the News) Date: 29 May 2002 09:51:02 -0400 Subject: Insight on the News Email Edition Message-ID: <200205290951991.SM01140@broadbandpublisher.com> INSIGHT NEWS ALERT! A new issue of Insight on the News is now online http://www.insightmag.com ............................................... Folks, don�t miss Tim Maier�s cover story on the sad tale of Scott Speicher, and why he may be the last POW of the Gulf War http://www.insightmag.com/news/253599.html . And you�ll just gasp as Ken Timmerman reveals the extent of Democratic efforts to smear President Bush over the pre Sept. 11 intelligence breakdown http://www.insightmag.com/news/253605.html . Meanwhile, from the Bunker, I remain your newsman in Washington. ............................................... WHAT HE DIDN�T KNOW AND WHEN HE DIDN�T KNOW IT Ken Timmerman writes that despite the hue and cry from partisan Democrats and the media, the Bush team did not act irresponsibly before the attacks on New York City and Washington. http://www.insightmag.com/news/253605.html ............................................... CLINTON UNDEAD HAUNTING THE PENTAGON Michael Waller reports that antimilitary holdovers and entrenched bureaucrats are using Pentagon-funded platforms to undermine national-defense policies of President George W. Bush. http://www.insightmag.com/news/253607.html ............................................... FORGOTTEN MIA OF THE GULF WAR Tim Maier tells us that U.S. Navy pilot Michael Scott Speicher was shot down during the Persian Gulf War and classified as 'killed in action' despite reports that he survived. Did he ultimately die because of Pentagon inaction, or could he still be alive in an Iraqi prison more than a decade later? http://www.insightmag.com/news/253599.html ======================================== FREE QUOTE! You could SAVE Up To 66% Paying Too Much For Life Insurance? Click here for a FREE, no obligation quote from Matrix Direct http://etools.ncol.com/a/jgroup/bg_wwwmatrix-direct-rlcom_wwwinsightmagcom_6.html ======================================== NEGLECTING THE TORTURE OPTION? Martin Anderson reveals that interrogators increasingly frustrated with hardened al-Qaeda terrorists are considering the use of tactics once unthinkable for U.S. law-enforcement officers. http://www.insightmag.com/news/253614.html ............................................... PUT THE BRAKES ON PHOTO RADAR? Sheila Cherry writes that authorities claim surveillance cameras are slowing traffic, but opponents say these high-tech speed traps are more about raising revenue than increasing safety. http://www.insightmag.com/news/253617.html ............................................... MIKE WALLACE CHANGES HIS TUNE Sam MacDonald and John Berlau explain how Mike Wallace backpedaled on protecting our troops. http://www.insightmag.com/news/253640.html ======================================== INSIGHT SUBSCRIPTION SPECIAL! Save $50.83 (Off Our Newsstand Price) https://www.collegepublisher.com/insightsub/subform1.cfm ======================================== You have received this newsletter because you have a user name and password at Insight on the News. To unsubscribe from this newsletter, visit "http://www.insightmag.com/main.cfm?include=unsubscribe". You may also log into Insight on the News and edit your account preferences on the Web. If you have forgotten or don't know your user name and password, it will be emailed to you after visiting the following link: http://www.insightmag.com/main.cfm?include=emailPassword&serialNumber=16oai891z5&email=cypherpunks at ssz.com From objectpascal at yahoo.com Wed May 29 10:21:02 2002 From: objectpascal at yahoo.com (Curt Smith) Date: Wed, 29 May 2002 10:21:02 -0700 (PDT) Subject: When encryption is also authentication... In-Reply-To: Message-ID: <20020529172102.54611.qmail@web11603.mail.yahoo.com> I agree that the signer does not need to understand the mathematics or underlying technology for digital signatures to be viable. However, what good is an agreement when the parties do not know what the terms of the agreement are? A signature (digital or otherwise) generally indicates that the signer not only made an agreement, but also understood the agreement. A digital signatures must involve a conscious decision by the signer to keep their part of an agreement. I maintain that this requires user intervention to verify that the signer knew that they making an agreement - a "click of understanding" or pass phrase. Curt --- Mike Rosing wrote: ... > Having it be "transparent" where the user doesn't need to know > anything about how it works does not have to destroy the > effectiveness of digital signatures or crypto. When people > sign a document they don't know all the ramifications because > few bother to read all of any document they sign - most of it > won't apply as long as you keep your part of the bargin, > so why bother? > > The same thing should be true of digital signatures. The > user shouldn't have to know a thing, other than they've made > a promise they better keep or all the bad clauses really do > apply, and the proof of their signature will come to haunt > them. The way the digital signature works does not > matter to them, and it shouldn't need to. > > If digital crypto, signatures or e-cash are going to get into > mass appeal, then their operations will be "magic" to the > majority. And it all has to work, to 1 part in 10^8th or > better, without user comprehension. > > It may well take "user intervention" to create a signature, > but they shouldn't have to know what they are doing. > > Patience, persistence, truth, > Dr. mike ===== end Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com From eresrch at eskimo.com Wed May 29 10:47:36 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Wed, 29 May 2002 10:47:36 -0700 (PDT) Subject: When encryption is also authentication... In-Reply-To: <20020529172102.54611.qmail@web11603.mail.yahoo.com> Message-ID: On Wed, 29 May 2002, Curt Smith wrote: > A digital signatures must involve a conscious decision by the > signer to keep their part of an agreement. I maintain that > this requires user intervention to verify that the signer knew > that they making an agreement - a "click of understanding" or > pass phrase. Yes of course - the point of signing something is a promise. The act of signing by pen is just being transformed into a different kind of act. I think typing a pass phrase is better than a click, but we'll see what the market develops. Graham, there are many university profs interested in security on the net, and the medical field is just starting to get into this in a big way. I'm not sure they are following consumers, but a web search on "medical crypto" may find you a lot of interesting tidbits. Patience, persistence, truth, Dr. mike From hr111 at columbia.edu Wed May 29 08:19:09 2002 From: hr111 at columbia.edu (Hector Rosario) Date: Wed, 29 May 2002 11:19:09 -0400 (EDT) Subject: sources on steganography Message-ID: I am writing my dissertation on steganography. Basically I'm writing a technical monograph that would be of use to undergraduate instructors. What do you think are the best sources on steganography on the Web? What about books other than Johnson, Katzenbeiser & Peticolas, and the volumes covering the four international workshops on information hiding. I am also interested in the history of the subject. One major problem with the available sources covering the history (like Kahn) is that they completely disregard China, India, and Arab countries. Any pointers? thanks, hector From bogus@does.not.exist.com Wed May 29 08:24:38 2002 From: bogus@does.not.exist.com () Date: Wed, 29 May 2002 11:24:38 -0400 Subject: Bear Advisory Message-ID: The California State Department of Fish and Game is advising hikers, hunters, fishermen and golfers to take extra precautions and keep alert for bears while in the Yosemite and Mammoth areas. They advise people to wear noise-producing devices such as little bells on their clothing to alert but not startle the bear unexpectedly. They also advise carrying pepper spray in case of an encounter with a bear. It is also a good idea to watch for fresh signs of bear activity and know the difference between black bear and grizzly bear droppings. Black bear droppings are smaller and contain berries and possibly squirrel fur. Grizzly bear droppings have little bells in them and smell like pepper spray. From adam at homeport.org Wed May 29 08:44:49 2002 From: adam at homeport.org (Adam Shostack) Date: Wed, 29 May 2002 11:44:49 -0400 Subject: Government subsidies: our last, best hope for Cryptanarchy? In-Reply-To: <000501c202ff$4b218840$c33a080a@LUCKYVAIO>; from shamrock@cypherpunks.to on Fri, May 24, 2002 at 01:44:53AM -0700 References: <000501c202ff$4b218840$c33a080a@LUCKYVAIO> Message-ID: <20020529114449.A66752@lightship.internal.homeport.org> Hey, most of your points about crypto going under the hood are well taken. I wanted to echo Peter Gutmann's comments about PGP, and add that I see PGP as a protocol, and most of the protocols I use daily (TCP, IP, UDP, DNS, HTTP, SMTP) have not changed in the last 10 years and I don't need to upgrade my software to deal with them. Looking at PGP as a protocol gives you a different perspective. (I also see .doc, .xls and .ppt as protocols, and bad ones) Adam On Fri, May 24, 2002 at 01:44:53AM -0700, Lucky Green wrote: | You may be asking yourself: where, oh where, has all the crypto gone? | Where are the BlackNet's? Where is the untraceable Ecash? Where is the | Cryptanarchy that we've been waiting for? For that matter...where is the | crypto? | | The staunchest Cypherpunk will by now have noticed that PGP/GPG usage | even amongst list members, once the bellwether indicator of Cypherpunks | crypto adoption success, is in decline. | | NAI has pulled PGP off the shelves. Conspiracy theories as to what may | have been driving this business decision abound. The fact of the matter | is that the usage of PGP by businesses, the sole significant source of | NAI PGP revenue, had long passed its peek. How many business do you know | that rolled out PGP in the last year? How many do you know that quietly | stopped using PGP after formally adopting its use with big fanfare a few | years ago? The facts are that there are more of the latter than of the | former. Did NAI receive The Briefing? I don't know. Nor does it really | matter. There wasn't enough money to be made with PGP. | | A well-respected Cypherpunk recently expressed hope that if NAI's PGP | were to disappear for good, perhaps compatibility problems amongst | versions of PGP would diminish. A plausible sounding theory, if one were | to assume that the compatibility problems amongst versions of PGP are | between versions produced by different vendors. Presumably, the theory | would go, with only one major supplier left standing, that being GPG | (yes, I am aware there are others), interop problems with other vendors' | implementations would pretty much disappear by definition. | | However, a closer inspection of the PGP interoperability problems, which | have been at one of the issues coming up in just about every single | discussion I've had with anybody about PGP over the last year, shows | that the interop problems are not between current versions by multiple | vendors, but between versions, in some cases by the same vendor, that | were released over time. The current version of NAI-PGP will | interoperate just fine with the current version of GPG. | | So why is PGP interoperability such a frequently raised issue? And why | does the importance of this topic seem to diminish the further away you | stray from Cypherpunks into the realms of the casual PGP users? The | answer to the second question is straight-forward. Even the most casual | user of software tends to be familiar with and acceptant of the need for | occasional software upgrades. It appears that those that are | experiencing interop problems are those that are insisting on using up | to 5-year old versions of PGP. It is true and should come as no surprise | that those 5-year old versions do indeed have interop problems with | newer versions of PGP. | | Some may say: I shouldn't need to keep on upgrading my software to be | able to send encrypted email. Does anybody seriously believe that those | that insist on using 5-year old versions of PGP have not upgraded their | operating systems in those 5 years? Indeed, upgraded more their | operating systems more than once? Or does anybody seriously believe that | those that insist on using old versions of PGP still run the exact same | version of their MUA and text editor as they did 5 years ago? Of course | they don't. If they did, their boxes would long have become unusable due | to the warez traffic taking place on the machines as a result of the | countless remote exploits discovered over these last 5 years. | | The reluctance to upgrade to a newer version of PGP does not appear to | be driven by a refusal or inability to upgrade software in general. This | reluctance to upgrade appears PGP specific. Why this is the case I do | not know. (And don't greatly care. I am running the latest version of | NAI PGP and I can make my copy talk to any version of PGP 2.x or | higher). | | Now perhaps there may be the rare case of a PGP user that is still | running PGP 2.x on the same DOS box, using the same mailer and the same | text editor as they did 5 years ago. I don't know of any such users, but | that doesn't mean no such users exists within the vastness of the | Internet. What I do know is that those that I am aware of that are | complaining about PGP version interoperability problems do not fall into | the rare category of users who have not upgraded any software at all for | the last 5 years. | | Since the existence of multiple PGP software providers has not been the | cause of the interop problems experienced by some, reducing the number | of PGP implementation providers should not be expected to have a | significant impact on the number or severity of PGP interop problems | experienced by the users. | | The same Cypherpunk expressed a hope that absent NAI's PGP, the German | government group currently funding GPG might be more inclined to fund UI | work for Windows. Perhaps they would. Assuming for a moment they will, | would this lead to a better PGP Windows UI than NAI's PGP offered? NAI's | PGP UI is pretty darn good. Looking at the sorry state of UI's currently | offered for GPG, even with government funding, I suspect that it will be | a long time indeed before we will see a GPG UI that will compare | positively to the current NAI PGP UI. Of course Cypherpunks know that it | is dangerous to base one's hope for the development of a Cypherpunk | tools on funding by a government. Be that the US government or the | German government. Strongly pro-crypto German governmental officials | have been know for their propensity to stumble out of the windows of | high story buildings. Warnings regarding the dangers that may lure in | parking lots come to mind. | | Where has the crypto gone? The crypto has gone under the hood, away from | the UI, to a place where the crypto will be of most use to the average | user. Yes, for crypto to be secure against the active, well resourced, | attacker, the crypto must at one point touch the user to permit the user | to make a trust decision. But to secure communications from passive | and/or less resourced attacker, crypto can be placed under the hood. | | I bet a good percentage of the readers of this list that still require | to be engaged in a form of employment nowadays access their company | network via some form of VPN. Up by orders of magnitude from a few years | ago. More importantly, a good percentage of users that have never heard | of this mailing list and will never hear of this mailing list are using | strong crypto to access their company's information. The percentage of | users utilizing strong crypto is increasing daily. | | Another major segment of Internet infrastructure in which strong crypto | is rapidly becoming the default rather than the exception, at least | amongst those running their own servers, is SMTP. The percentage of SMTP | connections to my mail server that use TLS to encrypt SMTP has grown | from around 30% a few months ago to well over 60% today. This increase | in the use of STARTTLS on SMTP appears to parallel a loss of sendmail | MTA market share in favor of postfix. It is just too darn easy to turn | on support for STARTTLS during a migration to postfix, hence most sites | performing such a migration appear to do so. | | (I am aware that sendmail and qmail support STARTTLS as well, but the | increases in the use of STARTTLS that I am seeing at my SMTP server | coincides with sites switching MTA's to postfix. I see a handful of | qmail sites using TLS, representing a fraction of the postfix sites, and | no sendmail site that I have noticed. Having once considered activating | STARTTLS in sendmail myself, I vividly recall myself reading the | instructions, bursting out laughing, followed by my researching | competitive MTA's. Within a week I had switched to postfix. Wished I had | done so years ago. All these hours that I wasted over those years... | YMMV). | | An interesting side-effect of the increased adoption of MTA's and MUA's | that support STARTTLS is that I now have a link that is secure against | passive eavesdroppers to the majority of those with whom I regularly | correspond in encrypted email. Is protection against only passive | eavesdroppers good enough for me? No. Are we a heck of a lot further | along than we were 5 years ago? I would argue that we are. | | Where has all the crypto gone? It has gone mainstream. Some of you may | remember the discussions from years ago how we should try to find a way | to make crypto cool and attractive for the average person. | | This afternoon, I installed the "Britney Spears SmartFlash Kit" on my | Windows XP test box. For $29.95 plus shipping and handling, you too can | own a Britney SmartFlash Kit, which includes a USB smartcard reader, a | Gemplus smartcard (both the reader and card are graced with pictures of | Britney), and a CD with Gemplus GemSafe smartcard crypto driver software | (the click-wrap EULA reminds you that export to Cuba, Libya, and other | naughty countries or those developing biological weapons is strictly | prohibited. Sorry pop music fans located in Cuba or at the CDC). | | Once you installed the gear and inserted your one of 5 possible Britney | Spears' smartcards (collect all 5), you will automatically be taken to a | client-authenticated, 128-bit RC4 encrypted website that provides you | with exclusive access to such exciting content as 45 second QuickTime | clips of Britney purchasing chocolates and of course Fe's (Britney's | most trusted advisor) indispensable advice column. A representative | sample question follows. | | "Dear Fe: | I'm 14 but my parents treat me like I am 10! They won't let me go out at | night, and won't even let me bring a boy to the Homecoming dance. I'm in | high school and want to do all the things that go along with that, but | they won't let me! -- Trying to Grow Up, Americus, GA". | | I will spare you Fe's answer (get your own smartcard :), but I won't | spare you this: if you wonder where crypto has gone, you need to look no | further than Americus, GA. If the question posed to Fe leaves any doubt | about the nouveau crypto users' demographics, a drop-down list inquiring | about the user's age to participate in a contest (smartcard required) | should help clarify matters. The age selections offered are: [2-6], | [7-12], [13-15], [16-18], [over 18]. Do not worry should your parents | disapprove of your choice of music. If you hear your parents walk up to | your door, just yank the card out of the reader and your browser will | close instantly. | | Crypto has gone as mainstream as can be. While crypto for crypt's sake | may not have become cool to everybody, crypto has become a Must Have for | your average 14 year-old high school freshman girl. Crypto has become | ubiquitous. | | http://www.britneyspears.com/smartflashcard/index.php | | As to when we'll see BlackNet and untraceable Ecash, who knows. Here's | hoping to 2005. | | [In the time it took me to write this post, another of the regular | entries in my maillog has turned on STARTTLS, protecting the SMTP | connection with EDH and 3DES]. | | --Lucky | -- "It is seldom that liberty of any kind is lost all at once." -Hume From keyser-soze at hushmail.com Wed May 29 13:13:26 2002 From: keyser-soze at hushmail.com (keyser-soze at hushmail.com) Date: Wed, 29 May 2002 13:13:26 -0700 Subject: Why asymmetrical warefare practitioners have nothing to fear from the FBI (and probably the rest of U.S. intelligence/law enforcement) Message-ID: <200205292013.g4TKDQ864019@mailserver2.hushmail.com> [An edited copy of "Who Let the Terrorists Succeed?" http://www.msnbc.com/news/758330.asp] The now-famous memo Minneapolis agent Coleen Rowley sent to Robert Mueller, director of the FBI, now widely known as the Federal Bureau of Incompetence. The May 21, 2002 memo, obtained by Time, is one scary document. It suggests [SURPRISE!] that we have a bunch of time-servers protecting our security, which no one is in charge of anything. If any of this changed after September 11, Rowley, a highly regarded veteran of the bureau, does not say so. Without mentioning names, Rowley basically fingers a mid-level FBI supervisory agent in the Hoover Building (in Washington) named Dave Frasca, who was supposed to be running the task force on religious fanatics. After the Minneapolis office took flight-student and hijacker-wannabe Zacarias Moussaoui into custody and obtained intelligence from the French indicating that he had terrorist ties, alert Minnesota agents didnt just passively push the case up the chain of command. They became, in Rowleys words, desperate to search his computer laptop. So desperate that they risked the wrath of higher ups by committing a real pre-9-11 no-no: contacting the CIA. Headquarters personnel didnt just deny the request to probe Moussaoui further. Even though they were privy to many more sources of intelligence information than field agents, as Rowley plaintively put it, they continued to, almost inexplicably, throw up roadblocks and undermine Minneapolis by-now desperate attempts to obtain a search warrant. Because Frascas not commenting publicly, we havent heard the other side of the story. But as anyone who has ever worked in an office knows, HQ always has its own take on events, and sometimes its even right. In this case a federal judge in Washington, Royce C. Lambreth, grew annoyed at the poor documentation involved in requests from federal prosecutors for search warrants and wiretaps. One prosecutor so angered Lambreth that he was actually barred from seeking any more approvals from judges, a move that sent a chilling career message down through the ranks of the Justice Department. So Frasca, knowing which way the wind was blowing in Washington, wasnt just going to rubber stamp the Minneapolis request. [Does this mean the complaints by civil libertarians that FESA were being heard?] Moreover, the very fact that HQ is, in Rowleys words, privy to many more sources of intelligence is actually a hindrance, not necessarily a sign of negligence. The more intelligence chaff that comes in, the harder it is to find the wheat. Frasca should have the chance to explain that, and Judge Lambreth should explain why he thought the warrant process was being abused. But Rowleys certainly correct when she tells Mueller that the problem with chalking this all up to the 20/20 hindsight is perfect problem  is that this is not a case of everyone in the FBI failing to appreciate the potential consequences. It is obvious that the agents in Minneapolis who were closest to the action and in the best position to gauge the situation locally did fully appreciate the terrorist risk/danger posed by Moussaoui. Doesnt that sound familiar in your company? The branch offices never think headquarters knows whats really going on, while the home office VPs think the branch guys are a bunch of whiners without the chops to make it in the big time at HQ. But in this evergreen of bureaucratic in-fighting, one of HQs best arguments is usually that unlike the branch offices, it sees the big picture. This time, as Rowley notes, Frasca and company not only failed to see the big picture, they worked actively to keep others from trying to see it. Thats quite an indictment. And thats only part of her bombshell. Rowley, who is, fortunately for her, close to retirement, also goes after Mueller himself. I have deep concerns that a delicate and subtle shading/skewering of facts by you and others at the highest levels of the FBI has occurred and is occurring. She argues that Muellers reorganization, which would further empower the FBIs Washington headquarters, is exactly the wrong approach to preventing terrorism. As if to confirm Rowleys harsh judgment, Mueller last week classified her memo, though we learned after it was leaked that there is nothing even vaguely compromising about FBI sources and methods contained in it. He classified it for the same reason Bush and Cheney dont want an independent commission to investigate what happened: Its embarrassing. Now its up to the rest of us to decide. [Unfortunately its not. If it were the problem would have been addresses decades ago.] Is embarrassment a proper standard for classifying documents and sweeping poor performance under the carpet? Or is it perhaps more patrioticand better for preventing a future attack to get to the bottom of what happened in order to make the necessary bureaucratic changes? This is a deep question for American democracy. The issue is not accountability versus security; its accountability versus embarrassment and political discomfort. [The problem is that individuals are prevented from pursuing criminal prosecutions.] [That's why its so important that insiders have a practical means (e.g., John Young's site) to leak mis-classified data.] Mueller argues that the reform of the FBI is already underway, and need not be disrupted by a lot of finger-pointing. Let him do it in private, the administration asks. Let the company handle its own affairs. But that assumes a universe where Mr. Mooney doesnt need Lucys suggestions, and Dolly Parton, Jane Fonda and Lily Tomlin should just shut up. It assumes a world where Dilbert has no cause for complaint. That wasnt life before September 11, or after. Bureaucracies ossify. Office politics grows more bitter with time. Sometimes the only answer is the kind of wholesale reorganization we dont seem to be getting so far. [The kind or "re-organization" we need is way beyond anything the mainstream media, not to mention D.C., could even understand. There is no reason to believe that our fearless leaders will be anymore successful in catching these new villains than they have the drug kingpins and narco-terrorists. The impact of these failures will, however, be immeasurably higher.] Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople From morlockelloi at yahoo.com Wed May 29 15:56:28 2002 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Wed, 29 May 2002 15:56:28 -0700 (PDT) Subject: sources on steganography In-Reply-To: Message-ID: <20020529225628.47293.qmail@web13201.mail.yahoo.com> > I am writing my dissertation on steganography. Basically I'm writing a ^^^^ ^ ^ ^ ^ ^ You can't fool us. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com From mc2000 at webmail.co.za Wed May 29 08:30:54 2002 From: mc2000 at webmail.co.za (mambo clerk) Date: Wed, 29 May 2002 17:30:54 +0200 Subject: Seeking trusthwhorthy foreign business partner. Message-ID: <200205291530.g4TFUrq12646@mailgate.mailbox.co.za> DR. ANTHONY THABO, TEL.0031-613306555. SEEKING A TRUSTWHORTHY FOREIGN BUSINESS PARTNER I WILL LIKE TO BEGIN BY WAY OF INTRODUCTION; I AM DR. ANTHONY THABO, A NATIVE OF CAPE TOWN, SOUTH-AFRICA AND A SENIOR EMPLOYEE OF THE SOUTH AFRICA DEPARTMENT OF MINING AND NATURAL RESOURCES CURRENTLY HERE IN AMSTERDAM ON A ( 3) MONTH TRADE MISSION.And please do not be embarrassed as to how we gotten your contact;This was achieved through the chamber of commerce here in HOLLAND without the purposes being disclosed.So make this business highly confidential as well. I AM WRITING THIS LETTER TO SOLICIT YOUR CO-OPERATION IN ORDER TO REDEEM AN INVESTMENT INTEREST CURRENTLY BEING HELD UNDER TRUST WITH THE SOUTH AFRICA MINISTRY OF MINING AND NATURAL RESOURCES. THE SAID INVESTMENT NOW VALUED AT ( U.S.$22,500,000.00 ) MILLION DOLLARS WAS ORIGINALLY PURCHASED BY ONE MR. LUCIO MANFRED AND LEASED TO THE TRANSVAAL ORANGE MINNING CORPORATION IN 1979. SINCE THE MATURITY OF THE CONTRACT IN SEPTEMBER 1989 SEVERAL ATTEMPTS HAVE BEEN MADE WITHOUT SUCCESS TO CONTACT MR LUCIO MANFRED OR ANY OF HIS RELATIVES IN WHOSE FAVOUR THE INVESTMENT CASH VALUE CAN BE PAID. MY PARTNER WHO IS THE ACCOUNTS DIRECTOR AT THE MINISTRY OF MINNING AND SOME OF OUR OTHER COLLEAGUES THAT ARE ATTACHED TO BOTH SOUTH AFRICA CENTRAL BANK AND MINISTRY OF FINANCE RESPECTIVELY HAVE INITIATED THE PROCESS OF FILLING A CLAIM FOR THIS MONEY WITH THE HOPE OF HAVING THE FUNDS TRANSFERED ABROAD FOR SECURITY REASONS. WE REQUEST THAT YOU LET ME AND MY PARTNERS FILE A CLAIM FOR THIS MONEY FROM SOUTH AFRICA MINISTRY OF MINNING AND NATURAL RESOURCES INDICATING THAT YOU ARE AND WERE APPOINTED BY MR LUCIO MANFRED TO BE THE BENEFICIARY OF THIS FUNDS. THE APPROVAL / CLEARANCE OF THIS FUND FROM SOUTH AFRICA CENTRAL BANK WILL COST US ($150,953,45)DOLLARS ONLY, BUT ME AND MY SOUTH AFRICA PARTNERS HAVE ALREADY RAISED THE MONEY AND SET IT ASIDE WAITING FOR ANY RELIABLE AND TRUSTWORTHY PARTNER LIKE YOU WHO WE CAN TRANSFER THE WHOLE MONEY INTO HIS OR HER ACCOUNT RELIABLY. THE BASIC THINGS WE ARE REQUESTING FROM YOU AS OUR FOREIGN PARTNER, TO FACILITATING THIS TRANSFER / CLAIM URGENTLY INTO YOUR CHOICED ACCOUNT ARE; 1.BANK NAME AND ADDRESS, 2.TELEPHONE,FAX NUMBERS OF BANKERS, 3.NAME OF BENEFICIARY,COMPANYS NAME,ADDRESS,ACCOUNT DETAILS, 4.CONFIDENTIAL TELEPHONE,FAX NUMBERS OF BENEFICIARY ( Beneficiary means you). SINCE THE MONEY WILL BE PAID DIRECTLY TO ANY BANK ACCOUNT OF YOUR CHOICE YOU HAVE A LIABILITY TO ENSURE THAT MY PARTNERS AND I RECEIVE 70% OF THE TOTAL SUM WHILE YOU KEEP 25% FOR YOUR ASSISTANCES AND 5% WILL BE SET ASIDE FOR ANY EXPENSES DURING THE TRANSFER. PLEASE WE URGE YOU TO KEEP THIS MATTER VERY CONFIDENTIALLY BECAUSE WE ARE STILL IN ACTIVE PUBLIC SERVICES IN SOUTH AFRICA. I WANT TO ASSURE YOU THAT MY PARTNERS ARE IN A POSITION TO MAKE THE PAYMENT OF THIS CLAIM POSSIBLE PROVIDED YOU CAN GIVE US A STRONG GUARANTEE THAT OUR SHARE WILL BE WELL SECURED AND THAT YOU WILL NOT TAKE ADVANTAGE OF OUR POSITION SINCE THE MONEY WILL BE TRANSFERED DIRECTLY TO A BANK YOU WILL NOMINATE. BE ASSURED THAT THERE IS ABSOLUTELY NOTHING TO WORRY ABOUT IN VIEW OF THIS CLAIM.IT IS PERFECTLY SAFE WITH NO RISK INVOLVED AND IT IS NOT SUBJECT TO ANY ENQUIRY SINCE MY PERTNERS WILL BE HANDLING IT DIRECTLY IN SOUTH AFRICA ON YOUR BEHALF. I DO HOPE MY PROPOSAL IS ACCEPTABLE TO YOU. AND PLEASE ACKNOWLEDGE THE RECEIPT OF THIS LETTER SO THAT I CAN PROVIDE YOU WITH MORE CLARIFICATION ABOUT THE CLAIM AND NOW WE INTEND TO MAKE THIS DEAL BENEFICIAL TO EVERYONE. PLEASE FOR URGENT RESPONSE, CONTACT ME THROUGH THIS TELEPHONE NUMBER';0031- 613306555 AND THESE E-MAIL ADDRESSES OF OUR PARTNERS; johnmbane at webmail.co.za OR andrewzulu5000 at webmail.co.za .REMINDER;The whole transfer / transaction will only take us 6-8 WORKING DAYS so please kindly assist us because we are restricted by SOUTH AFRICA LAW as civil servants to operate a foreign account otherwise we would have done the transfer ourselves without seeking the assistance of foreign partner.PLEASE TREAT THIS BUSINESS WITH HIGH CONFIDENTIALITY. BEST REGARDS, ANTHONY THABO (D.R) _______________________________________________________________ http://www.webmail.co.za the South-African free email service From huffman at insurancemail.net Wed May 29 14:32:38 2002 From: huffman at insurancemail.net (Huffman & Associates ) Date: Wed, 29 May 2002 17:32:38 -0400 Subject: Can this be an Indexed Annuity? Message-ID: <2ee6d501c20758$5aeea160$3201a8c0@insuranceiq.com> Can this be an indexed annuity? 100% Participation for Life No Earnings Cap for Life Up to 11% Commission 5 Yr Point-to-Point Strategy Call or e-mail Rex Huffman & Associates today! 800-749-9900 ext. 143 ? or ? Please fill out the form below for more information Name: E-mail: Phone: City: State: For agent use only. IDEAL Index 100 Annuity issued by Allianz Life Insurance Company of North America. Product availability and benefits may vary by state. The IDEAL Index 100 Annuity is not approved in: NJ, NY, ND, OR, SC and WA. FLA217-02 We don't want anyone to receive our mailings who does not wish to. This is professional communication sent to insurance professionals. To be removed from this mailing list, DO NOT REPLY to this message. Instead, go here: http://www.Insurancemail.net Legal Notice -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5737 bytes Desc: not available URL: From scribe at exmosis.net Wed May 29 09:40:26 2002 From: scribe at exmosis.net (Graham Lally) Date: Wed, 29 May 2002 17:40:26 +0100 Subject: When encryption is also authentication... References: Message-ID: <3CF5047A.8010804@exmosis.net> Mike Rosing wrote: > If digital crypto, signatures or e-cash are going to get into mass appeal, > then their operations will be "magic" to the majority. And it all has to > work, to 1 part in 10^8th or better, without user comprehension. > > It may well take "user intervention" to create a signature, but they > shouldn't have to know what they are doing. Agreed, the mechanics of a system are unimportant from a user's point of view, so long as it works and they can work it. What magic crypto should strive for, though, is an understanding in users of the effects its presence promotes, and the ramifications involved when it is lacking. SSL for commerce is readily in place without batting an eyelid these days. However, I'd be interested to know just how many users out there would enter their card details on an unprotected site, despite the unclosed padlocks and the alert boxes. Have security fears and paranoia been abated by widespread crypto to the point whereby users will happily transmit private data, whether encrypted or nay, just because they *perceive* the threat to now be minimal? Now that the media has grown tired of yet-another-credit-card-hack story? Pointers to any evidence/research into this much appreciated... ta. .g From moneypvdnnxsr at jakgym.se Wed May 29 17:39:55 2002 From: moneypvdnnxsr at jakgym.se (moneypvdnnxsr at jakgym.se) Date: Wed, 29 May 2002 19:39:55 -0500 Subject: INC 500 Co. Seeks Mgrs. / High $$ Paid! Message-ID: <1022715595.2083@something> ---------------------------------------------------------------------------- Hi-tech industry manufacturer is now seeking motivated individuals with entrepreneurial drive for U.S. and Canadian expansion. Huge compensation benefits program offered! Due to our overwhelming growth of nearly 1,000% over the last three years, we have an immediate need and are willing to train and develop even non-experienced individuals in local markets. Now you can have your very own part-time or full-time business backed with full company support and start up capital if needed and work right from the comfort of your home. Create your own hours! To maintain regulatory compliance, we are unable to name our company in this ad. However, you will soon discover that our 14 year old INC 500 company has developed a proprietary technology that helps solve a common problem that up to 82% or more population suffers from and helps solve it quickly and easily in a 90 billion dollar untapped marketplace. Candidate characteristics: * Strong work ethic required. * Honesty and integrity expected. * Management / leadership skills helpful, but not necessary. * No sales experience expected or needed. (Product sells itself!) Qualified candidates get huge benefits: * No Commuting. Work from home environment. * P/T or F/T positions available. * Create your own schedule and hours. * Luxury company car ($800/mo). * National/International all expense paid vacations, business or pleasure. * Profit sharing program. * Uncapped commissions and bonuses. * Qualified Mgrs. Avg. up to $6,293/mo. or more. * Personal one-on-one training by top company leaders. * Proven step-by-step marketing system (No cold calling!). * Up to 99.0% start up funding available if needed. GO TO http://www.tnt-hosting.com/rirb529d/c4d/ LOCAL POSITIONS ARE GOING FAST. Interested parties should respond IMMEDIATELY! ************************************************************* To receive a FREE information pack, including an audiocassette and corporate video on this amazing hi-tech product and how YOU CAN START MAKING MONEY with it now... ----->>> GO TO http://www.tnt-hosting.com/rirb529d/c4d/ <<<----- ************************************************************* plcurechaxf^nytroen(pbz From plhn242168543 at yahoo.com Wed May 29 18:54:17 2002 From: plhn242168543 at yahoo.com (plhn242168543 at yahoo.com) Date: Wed, 29 May 2002 20:54:17 -0500 Subject: more new customers 16854322211111111000 Message-ID: THE COMPLETE FAX MARKETING SYSTEM! 1 Million Fax Leads & Fax Broadcasting Software REDUCED PRICE! Now Only $99 + shipping! Fax broadcasting is the hot new way to market your product or service. You can not beat fax broadcasting for cost effectiveness and reliability. Get your information out to the masses for the lowest price. People are 4 times more likely to read a fax than junk mail! This $99 special price is not on our web site, mention the $99 special offer when you call. Visit our web site: http://81.9.8.7/index.htm Or Call Us @ 618-288-6661. to be taken off of our list: mailto:l1l12345a1 at btamail.net.cn From schear at lvcm.com Wed May 29 22:10:30 2002 From: schear at lvcm.com (Steve Schear) Date: Wed, 29 May 2002 22:10:30 -0700 Subject: FC: Hollywood wants to plug "analog hole," regulate A-D converters In-Reply-To: <51c398de008b8604d0176c5ca949739f@dizum.com> Message-ID: <5.1.0.14.2.20020529215557.034887c0@pop3.lvcm.com> At 06:20 AM 5/30/2002 +0200, Nomen Nescio wrote: >Peter Trei writes: > > My mind has been boggled, my flabbers have been ghasted. > > > > In the name of protecting their business model, the MPAA > > proposes that every analog/digital (A/D) converter - one of > > the most basic of chips - be required to check for US > > government mandated copyright flags. Quite aside from > > increasing the cost and complexity of the devices many, > > manyfold, it eliminates the ability of the US to compete > > in the world electronics market. > >This is absurd. In all the commentary on this issue, no one has made >the obvious point that the MPAA has no interest or intention in putting >watermark detectors into every ADC chip! They don't care about the ADC >chip in a digital thermometer or even a cell phone. All they care about >are things like PC video capture cards, which are high fidelty consumer >devices capable of digitizing copyright protected content. But that also means it could block sale of analog test instruments, such as programmable PC-based spectrum analyzers. steve From daniocean at hotmail.com Thu May 30 09:11:35 2002 From: daniocean at hotmail.com (daniocean at hotmail.com) Date: Thu, 30 May 2002 00:11:35 -1600 Subject: #1 DIET PILL 88 LBS OR 8 SIZES IN 1 MONTH PROOF 30779 Message-ID: <000076d303d0$000056b2$00007cc1@.> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3650 bytes Desc: not available URL: From bill.stewart at pobox.com Thu May 30 00:32:46 2002 From: bill.stewart at pobox.com (Bill Stewart) Date: Thu, 30 May 2002 00:32:46 -0700 Subject: sources on steganography In-Reply-To: Message-ID: <5.1.0.14.1.20020530003158.03aeb660@idiom.com> Peter Wayner has a few books that deal with this and related topics. Search for them on Amazon or wherever. At 11:19 AM 05/29/2002 -0400, you wrote: >I am writing my dissertation on steganography. Basically I'm writing a >technical monograph that would be of use to undergraduate instructors. >What do you think are the best sources on steganography on >the Web? What about books other than Johnson, Katzenbeiser & Peticolas, >and the volumes covering the four international workshops on information >hiding. > >I am also interested in the history of the subject. One major problem with >the available sources covering the history (like Kahn) is that they >completely disregard China, India, and Arab countries. Any pointers? > >thanks, >hector From marsese2 at rediffmail.com Wed May 29 19:06:40 2002 From: marsese2 at rediffmail.com (MRS M SESE SEKO) Date: Thu, 30 May 2002 03:06:40 +0100 Subject: Please assist Message-ID: DEAR FRIEND, I AM MRS. SESE-SEKO WIDOW OF LATE PRESIDENT MOBUTU SESE-SEKO OF ZAIRE? NOW KNOWN AS DEMOCRATIC REPUBLIC OF CONGO (DRC). I AM MOVED TO WRITE YOU THIS LETTER, THIS WAS IN CONFIDENCE CONSIDERING MY PRESENT CIRCUMSTANCE AND SITUATION. I ESCAPED ALONG WITH MY HUSBAND AND TWO OF OUR SONS SOLOMON AND BASHER OUT OF DEMOCRATIC REPUBLIC OF CONGO (DRC) TO ABIDJAN, COTE D'IVOIRE WHERE MY FAMILY AND I SETTLED, WHILE WE LATER MOVED TO SETTLED IN MORROCO WHERE MY HUSBAND LATER DIED OF CANCER DISEASE. HOWEVER DUE TO THIS SITUATION WE DECIDED TO CHANGED MOST OF MY HUSBAND'S BILLIONS OF DOLLARS DEPOSITED IN SWISS BANK AND OTHER COUNTRIES INTO OTHER FORMS OF MONEY CODED FOR SAFE PURPOSE BECAUSE THE NEW HEAD OF STATE OF (DR) MR LAURENT KABILA HAS MADE ARRANGEMENT WITH THE SWISS GOVERNMENT AND OTHER EUROPEAN COUNTRIES TO FREEZE ALL MY LATE HUSBAND'S TREASURES DEPOSITED IN SOME EUROPEAN COUNTRIES. HENCE MY CHILDREN AND I DECIDED LAYING LOW IN AFRICA TO STUDY THE SITUATION TILL WHEN THINGS GETS BETTER, LIKE NOW THAT PRESIDENT KABILA IS DEAD AND THE SON TAKING OVER (JOSEPH KABILA). ONE OF MY LATE HUSBAND'S CHATEAUX IN SOUTHERN FRANCE WAS CONFISCATED BY THE FRENCH GOVERNMENT, AND AS SUCH I HAD TO CHANGE MY IDENTITY SO THAT MY INVESTMENT WILL NOT BE TRACED AND CONFISCATED. I HAVE DEPOSITED THE SUM THIRTY MILLION UNITED STATE DOLLARS(US$30,000,000,00.) WITH A SECURITY COMPANY , FOR SAFEKEEPING. THE FUNDS ARE SECURITY CODED TO PREVENT THEM FROM KNOWING THE CONTENT. WHAT I WANT YOU TO DO IS TO INDICATE YOUR INTEREST THAT YOU WILL ASSIST US BY RECEIVING THE MONEY ON OUR BEHALF.ACKNOWLEDGE THIS MESSAGE, SO THAT I CAN INTRODUCE YOU TO MY SON (SOLOMON) WHO HAS THE OUT MODALITIES FOR THE CLAIM OF THE SAID FUNDS. I WANT YOU TO ASSIST IN INVESTING THIS MONEY, BUT I WILL NOT WANT MY IDENTITY REVEALED. I WILL ALSO WANT TO BUY PROPERTIES AND STOCK IN MULTI-NATIONAL COMPANIES AND TO ENGAGE IN OTHER SAFE AND NON-SPECULATIVE INVESTMENTS. MAY I AT THIS POINT EMPHASISE THE HIGH LEVEL OF CONFIDENTIALITY, WHICH THIS BUSINESS DEMANDS, AND HOPE YOU WILL NOT BETRAY THE TRUST AND CONFIDENCE, WHICH I REPOSE IN YOU. IN CONCLUSION, IF YOU WANT TO ASSIST US , MY SON SHALL PUT YOU IN THE PICTURE OF THE BUSINESS, TELL YOU WHERE THE FUNDS ARE CURRENTLY BEING MAINTAINED AND ALSO DISCUSS OTHER MODALITIES INCLUDING REMUNERATION FOR YOUR SERVICES. FOR THIS REASON KINDLY FURNISH US YOUR CONTACT INFORMATION, THAT IS YOUR PERSONAL TELEPHONE AND FAX NUMBER FOR CONFIDENTIAL PURPOSE. BEST REGARDS, MRS M. SESE SEKO From marsese2 at rediffmail.com Wed May 29 19:10:55 2002 From: marsese2 at rediffmail.com (MRS M SESE SEKO) Date: Thu, 30 May 2002 03:10:55 +0100 Subject: Please assist Message-ID: DEAR FRIEND, I AM MRS. SESE-SEKO WIDOW OF LATE PRESIDENT MOBUTU SESE-SEKO OF ZAIRE? NOW KNOWN AS DEMOCRATIC REPUBLIC OF CONGO (DRC). I AM MOVED TO WRITE YOU THIS LETTER, THIS WAS IN CONFIDENCE CONSIDERING MY PRESENT CIRCUMSTANCE AND SITUATION. I ESCAPED ALONG WITH MY HUSBAND AND TWO OF OUR SONS SOLOMON AND BASHER OUT OF DEMOCRATIC REPUBLIC OF CONGO (DRC) TO ABIDJAN, COTE D'IVOIRE WHERE MY FAMILY AND I SETTLED, WHILE WE LATER MOVED TO SETTLED IN MORROCO WHERE MY HUSBAND LATER DIED OF CANCER DISEASE. HOWEVER DUE TO THIS SITUATION WE DECIDED TO CHANGED MOST OF MY HUSBAND'S BILLIONS OF DOLLARS DEPOSITED IN SWISS BANK AND OTHER COUNTRIES INTO OTHER FORMS OF MONEY CODED FOR SAFE PURPOSE BECAUSE THE NEW HEAD OF STATE OF (DR) MR LAURENT KABILA HAS MADE ARRANGEMENT WITH THE SWISS GOVERNMENT AND OTHER EUROPEAN COUNTRIES TO FREEZE ALL MY LATE HUSBAND'S TREASURES DEPOSITED IN SOME EUROPEAN COUNTRIES. HENCE MY CHILDREN AND I DECIDED LAYING LOW IN AFRICA TO STUDY THE SITUATION TILL WHEN THINGS GETS BETTER, LIKE NOW THAT PRESIDENT KABILA IS DEAD AND THE SON TAKING OVER (JOSEPH KABILA). ONE OF MY LATE HUSBAND'S CHATEAUX IN SOUTHERN FRANCE WAS CONFISCATED BY THE FRENCH GOVERNMENT, AND AS SUCH I HAD TO CHANGE MY IDENTITY SO THAT MY INVESTMENT WILL NOT BE TRACED AND CONFISCATED. I HAVE DEPOSITED THE SUM THIRTY MILLION UNITED STATE DOLLARS(US$30,000,000,00.) WITH A SECURITY COMPANY , FOR SAFEKEEPING. THE FUNDS ARE SECURITY CODED TO PREVENT THEM FROM KNOWING THE CONTENT. WHAT I WANT YOU TO DO IS TO INDICATE YOUR INTEREST THAT YOU WILL ASSIST US BY RECEIVING THE MONEY ON OUR BEHALF.ACKNOWLEDGE THIS MESSAGE, SO THAT I CAN INTRODUCE YOU TO MY SON (SOLOMON) WHO HAS THE OUT MODALITIES FOR THE CLAIM OF THE SAID FUNDS. I WANT YOU TO ASSIST IN INVESTING THIS MONEY, BUT I WILL NOT WANT MY IDENTITY REVEALED. I WILL ALSO WANT TO BUY PROPERTIES AND STOCK IN MULTI-NATIONAL COMPANIES AND TO ENGAGE IN OTHER SAFE AND NON-SPECULATIVE INVESTMENTS. MAY I AT THIS POINT EMPHASISE THE HIGH LEVEL OF CONFIDENTIALITY, WHICH THIS BUSINESS DEMANDS, AND HOPE YOU WILL NOT BETRAY THE TRUST AND CONFIDENCE, WHICH I REPOSE IN YOU. IN CONCLUSION, IF YOU WANT TO ASSIST US , MY SON SHALL PUT YOU IN THE PICTURE OF THE BUSINESS, TELL YOU WHERE THE FUNDS ARE CURRENTLY BEING MAINTAINED AND ALSO DISCUSS OTHER MODALITIES INCLUDING REMUNERATION FOR YOUR SERVICES. FOR THIS REASON KINDLY FURNISH US YOUR CONTACT INFORMATION, THAT IS YOUR PERSONAL TELEPHONE AND FAX NUMBER FOR CONFIDENTIAL PURPOSE. BEST REGARDS, MRS M. SESE SEKO From marsese2 at rediffmail.com Wed May 29 19:15:14 2002 From: marsese2 at rediffmail.com (MRS M SESE SEKO) Date: Thu, 30 May 2002 03:15:14 +0100 Subject: Please assist Message-ID: DEAR FRIEND, I AM MRS. SESE-SEKO WIDOW OF LATE PRESIDENT MOBUTU SESE-SEKO OF ZAIRE? NOW KNOWN AS DEMOCRATIC REPUBLIC OF CONGO (DRC). I AM MOVED TO WRITE YOU THIS LETTER, THIS WAS IN CONFIDENCE CONSIDERING MY PRESENT CIRCUMSTANCE AND SITUATION. I ESCAPED ALONG WITH MY HUSBAND AND TWO OF OUR SONS SOLOMON AND BASHER OUT OF DEMOCRATIC REPUBLIC OF CONGO (DRC) TO ABIDJAN, COTE D'IVOIRE WHERE MY FAMILY AND I SETTLED, WHILE WE LATER MOVED TO SETTLED IN MORROCO WHERE MY HUSBAND LATER DIED OF CANCER DISEASE. HOWEVER DUE TO THIS SITUATION WE DECIDED TO CHANGED MOST OF MY HUSBAND'S BILLIONS OF DOLLARS DEPOSITED IN SWISS BANK AND OTHER COUNTRIES INTO OTHER FORMS OF MONEY CODED FOR SAFE PURPOSE BECAUSE THE NEW HEAD OF STATE OF (DR) MR LAURENT KABILA HAS MADE ARRANGEMENT WITH THE SWISS GOVERNMENT AND OTHER EUROPEAN COUNTRIES TO FREEZE ALL MY LATE HUSBAND'S TREASURES DEPOSITED IN SOME EUROPEAN COUNTRIES. HENCE MY CHILDREN AND I DECIDED LAYING LOW IN AFRICA TO STUDY THE SITUATION TILL WHEN THINGS GETS BETTER, LIKE NOW THAT PRESIDENT KABILA IS DEAD AND THE SON TAKING OVER (JOSEPH KABILA). ONE OF MY LATE HUSBAND'S CHATEAUX IN SOUTHERN FRANCE WAS CONFISCATED BY THE FRENCH GOVERNMENT, AND AS SUCH I HAD TO CHANGE MY IDENTITY SO THAT MY INVESTMENT WILL NOT BE TRACED AND CONFISCATED. I HAVE DEPOSITED THE SUM THIRTY MILLION UNITED STATE DOLLARS(US$30,000,000,00.) WITH A SECURITY COMPANY , FOR SAFEKEEPING. THE FUNDS ARE SECURITY CODED TO PREVENT THEM FROM KNOWING THE CONTENT. WHAT I WANT YOU TO DO IS TO INDICATE YOUR INTEREST THAT YOU WILL ASSIST US BY RECEIVING THE MONEY ON OUR BEHALF.ACKNOWLEDGE THIS MESSAGE, SO THAT I CAN INTRODUCE YOU TO MY SON (SOLOMON) WHO HAS THE OUT MODALITIES FOR THE CLAIM OF THE SAID FUNDS. I WANT YOU TO ASSIST IN INVESTING THIS MONEY, BUT I WILL NOT WANT MY IDENTITY REVEALED. I WILL ALSO WANT TO BUY PROPERTIES AND STOCK IN MULTI-NATIONAL COMPANIES AND TO ENGAGE IN OTHER SAFE AND NON-SPECULATIVE INVESTMENTS. MAY I AT THIS POINT EMPHASISE THE HIGH LEVEL OF CONFIDENTIALITY, WHICH THIS BUSINESS DEMANDS, AND HOPE YOU WILL NOT BETRAY THE TRUST AND CONFIDENCE, WHICH I REPOSE IN YOU. IN CONCLUSION, IF YOU WANT TO ASSIST US , MY SON SHALL PUT YOU IN THE PICTURE OF THE BUSINESS, TELL YOU WHERE THE FUNDS ARE CURRENTLY BEING MAINTAINED AND ALSO DISCUSS OTHER MODALITIES INCLUDING REMUNERATION FOR YOUR SERVICES. FOR THIS REASON KINDLY FURNISH US YOUR CONTACT INFORMATION, THAT IS YOUR PERSONAL TELEPHONE AND FAX NUMBER FOR CONFIDENTIAL PURPOSE. BEST REGARDS, MRS M. SESE SEKO From marsese2 at rediffmail.com Wed May 29 19:21:42 2002 From: marsese2 at rediffmail.com (MRS M SESE SEKO) Date: Thu, 30 May 2002 03:21:42 +0100 Subject: Please assist Message-ID: DEAR FRIEND, I AM MRS. SESE-SEKO WIDOW OF LATE PRESIDENT MOBUTU SESE-SEKO OF ZAIRE? NOW KNOWN AS DEMOCRATIC REPUBLIC OF CONGO (DRC). I AM MOVED TO WRITE YOU THIS LETTER, THIS WAS IN CONFIDENCE CONSIDERING MY PRESENT CIRCUMSTANCE AND SITUATION. I ESCAPED ALONG WITH MY HUSBAND AND TWO OF OUR SONS SOLOMON AND BASHER OUT OF DEMOCRATIC REPUBLIC OF CONGO (DRC) TO ABIDJAN, COTE D'IVOIRE WHERE MY FAMILY AND I SETTLED, WHILE WE LATER MOVED TO SETTLED IN MORROCO WHERE MY HUSBAND LATER DIED OF CANCER DISEASE. HOWEVER DUE TO THIS SITUATION WE DECIDED TO CHANGED MOST OF MY HUSBAND'S BILLIONS OF DOLLARS DEPOSITED IN SWISS BANK AND OTHER COUNTRIES INTO OTHER FORMS OF MONEY CODED FOR SAFE PURPOSE BECAUSE THE NEW HEAD OF STATE OF (DR) MR LAURENT KABILA HAS MADE ARRANGEMENT WITH THE SWISS GOVERNMENT AND OTHER EUROPEAN COUNTRIES TO FREEZE ALL MY LATE HUSBAND'S TREASURES DEPOSITED IN SOME EUROPEAN COUNTRIES. HENCE MY CHILDREN AND I DECIDED LAYING LOW IN AFRICA TO STUDY THE SITUATION TILL WHEN THINGS GETS BETTER, LIKE NOW THAT PRESIDENT KABILA IS DEAD AND THE SON TAKING OVER (JOSEPH KABILA). ONE OF MY LATE HUSBAND'S CHATEAUX IN SOUTHERN FRANCE WAS CONFISCATED BY THE FRENCH GOVERNMENT, AND AS SUCH I HAD TO CHANGE MY IDENTITY SO THAT MY INVESTMENT WILL NOT BE TRACED AND CONFISCATED. I HAVE DEPOSITED THE SUM THIRTY MILLION UNITED STATE DOLLARS(US$30,000,000,00.) WITH A SECURITY COMPANY , FOR SAFEKEEPING. THE FUNDS ARE SECURITY CODED TO PREVENT THEM FROM KNOWING THE CONTENT. WHAT I WANT YOU TO DO IS TO INDICATE YOUR INTEREST THAT YOU WILL ASSIST US BY RECEIVING THE MONEY ON OUR BEHALF.ACKNOWLEDGE THIS MESSAGE, SO THAT I CAN INTRODUCE YOU TO MY SON (SOLOMON) WHO HAS THE OUT MODALITIES FOR THE CLAIM OF THE SAID FUNDS. I WANT YOU TO ASSIST IN INVESTING THIS MONEY, BUT I WILL NOT WANT MY IDENTITY REVEALED. I WILL ALSO WANT TO BUY PROPERTIES AND STOCK IN MULTI-NATIONAL COMPANIES AND TO ENGAGE IN OTHER SAFE AND NON-SPECULATIVE INVESTMENTS. MAY I AT THIS POINT EMPHASISE THE HIGH LEVEL OF CONFIDENTIALITY, WHICH THIS BUSINESS DEMANDS, AND HOPE YOU WILL NOT BETRAY THE TRUST AND CONFIDENCE, WHICH I REPOSE IN YOU. IN CONCLUSION, IF YOU WANT TO ASSIST US , MY SON SHALL PUT YOU IN THE PICTURE OF THE BUSINESS, TELL YOU WHERE THE FUNDS ARE CURRENTLY BEING MAINTAINED AND ALSO DISCUSS OTHER MODALITIES INCLUDING REMUNERATION FOR YOUR SERVICES. FOR THIS REASON KINDLY FURNISH US YOUR CONTACT INFORMATION, THAT IS YOUR PERSONAL TELEPHONE AND FAX NUMBER FOR CONFIDENTIAL PURPOSE. BEST REGARDS, MRS M. SESE SEKO From marsese2 at rediffmail.com Wed May 29 19:24:20 2002 From: marsese2 at rediffmail.com (MRS M SESE SEKO) Date: Thu, 30 May 2002 03:24:20 +0100 Subject: Please assist Message-ID: DEAR FRIEND, I AM MRS. SESE-SEKO WIDOW OF LATE PRESIDENT MOBUTU SESE-SEKO OF ZAIRE? NOW KNOWN AS DEMOCRATIC REPUBLIC OF CONGO (DRC). I AM MOVED TO WRITE YOU THIS LETTER, THIS WAS IN CONFIDENCE CONSIDERING MY PRESENT CIRCUMSTANCE AND SITUATION. I ESCAPED ALONG WITH MY HUSBAND AND TWO OF OUR SONS SOLOMON AND BASHER OUT OF DEMOCRATIC REPUBLIC OF CONGO (DRC) TO ABIDJAN, COTE D'IVOIRE WHERE MY FAMILY AND I SETTLED, WHILE WE LATER MOVED TO SETTLED IN MORROCO WHERE MY HUSBAND LATER DIED OF CANCER DISEASE. HOWEVER DUE TO THIS SITUATION WE DECIDED TO CHANGED MOST OF MY HUSBAND'S BILLIONS OF DOLLARS DEPOSITED IN SWISS BANK AND OTHER COUNTRIES INTO OTHER FORMS OF MONEY CODED FOR SAFE PURPOSE BECAUSE THE NEW HEAD OF STATE OF (DR) MR LAURENT KABILA HAS MADE ARRANGEMENT WITH THE SWISS GOVERNMENT AND OTHER EUROPEAN COUNTRIES TO FREEZE ALL MY LATE HUSBAND'S TREASURES DEPOSITED IN SOME EUROPEAN COUNTRIES. HENCE MY CHILDREN AND I DECIDED LAYING LOW IN AFRICA TO STUDY THE SITUATION TILL WHEN THINGS GETS BETTER, LIKE NOW THAT PRESIDENT KABILA IS DEAD AND THE SON TAKING OVER (JOSEPH KABILA). ONE OF MY LATE HUSBAND'S CHATEAUX IN SOUTHERN FRANCE WAS CONFISCATED BY THE FRENCH GOVERNMENT, AND AS SUCH I HAD TO CHANGE MY IDENTITY SO THAT MY INVESTMENT WILL NOT BE TRACED AND CONFISCATED. I HAVE DEPOSITED THE SUM THIRTY MILLION UNITED STATE DOLLARS(US$30,000,000,00.) WITH A SECURITY COMPANY , FOR SAFEKEEPING. THE FUNDS ARE SECURITY CODED TO PREVENT THEM FROM KNOWING THE CONTENT. WHAT I WANT YOU TO DO IS TO INDICATE YOUR INTEREST THAT YOU WILL ASSIST US BY RECEIVING THE MONEY ON OUR BEHALF.ACKNOWLEDGE THIS MESSAGE, SO THAT I CAN INTRODUCE YOU TO MY SON (SOLOMON) WHO HAS THE OUT MODALITIES FOR THE CLAIM OF THE SAID FUNDS. I WANT YOU TO ASSIST IN INVESTING THIS MONEY, BUT I WILL NOT WANT MY IDENTITY REVEALED. I WILL ALSO WANT TO BUY PROPERTIES AND STOCK IN MULTI-NATIONAL COMPANIES AND TO ENGAGE IN OTHER SAFE AND NON-SPECULATIVE INVESTMENTS. MAY I AT THIS POINT EMPHASISE THE HIGH LEVEL OF CONFIDENTIALITY, WHICH THIS BUSINESS DEMANDS, AND HOPE YOU WILL NOT BETRAY THE TRUST AND CONFIDENCE, WHICH I REPOSE IN YOU. IN CONCLUSION, IF YOU WANT TO ASSIST US , MY SON SHALL PUT YOU IN THE PICTURE OF THE BUSINESS, TELL YOU WHERE THE FUNDS ARE CURRENTLY BEING MAINTAINED AND ALSO DISCUSS OTHER MODALITIES INCLUDING REMUNERATION FOR YOUR SERVICES. FOR THIS REASON KINDLY FURNISH US YOUR CONTACT INFORMATION, THAT IS YOUR PERSONAL TELEPHONE AND FAX NUMBER FOR CONFIDENTIAL PURPOSE. BEST REGARDS, MRS M. SESE SEKO From marsese2 at rediffmail.com Wed May 29 19:28:23 2002 From: marsese2 at rediffmail.com (MRS M SESE SEKO) Date: Thu, 30 May 2002 03:28:23 +0100 Subject: Please assist Message-ID: DEAR FRIEND, I AM MRS. SESE-SEKO WIDOW OF LATE PRESIDENT MOBUTU SESE-SEKO OF ZAIRE? NOW KNOWN AS DEMOCRATIC REPUBLIC OF CONGO (DRC). I AM MOVED TO WRITE YOU THIS LETTER, THIS WAS IN CONFIDENCE CONSIDERING MY PRESENT CIRCUMSTANCE AND SITUATION. I ESCAPED ALONG WITH MY HUSBAND AND TWO OF OUR SONS SOLOMON AND BASHER OUT OF DEMOCRATIC REPUBLIC OF CONGO (DRC) TO ABIDJAN, COTE D'IVOIRE WHERE MY FAMILY AND I SETTLED, WHILE WE LATER MOVED TO SETTLED IN MORROCO WHERE MY HUSBAND LATER DIED OF CANCER DISEASE. HOWEVER DUE TO THIS SITUATION WE DECIDED TO CHANGED MOST OF MY HUSBAND'S BILLIONS OF DOLLARS DEPOSITED IN SWISS BANK AND OTHER COUNTRIES INTO OTHER FORMS OF MONEY CODED FOR SAFE PURPOSE BECAUSE THE NEW HEAD OF STATE OF (DR) MR LAURENT KABILA HAS MADE ARRANGEMENT WITH THE SWISS GOVERNMENT AND OTHER EUROPEAN COUNTRIES TO FREEZE ALL MY LATE HUSBAND'S TREASURES DEPOSITED IN SOME EUROPEAN COUNTRIES. HENCE MY CHILDREN AND I DECIDED LAYING LOW IN AFRICA TO STUDY THE SITUATION TILL WHEN THINGS GETS BETTER, LIKE NOW THAT PRESIDENT KABILA IS DEAD AND THE SON TAKING OVER (JOSEPH KABILA). ONE OF MY LATE HUSBAND'S CHATEAUX IN SOUTHERN FRANCE WAS CONFISCATED BY THE FRENCH GOVERNMENT, AND AS SUCH I HAD TO CHANGE MY IDENTITY SO THAT MY INVESTMENT WILL NOT BE TRACED AND CONFISCATED. I HAVE DEPOSITED THE SUM THIRTY MILLION UNITED STATE DOLLARS(US$30,000,000,00.) WITH A SECURITY COMPANY , FOR SAFEKEEPING. THE FUNDS ARE SECURITY CODED TO PREVENT THEM FROM KNOWING THE CONTENT. WHAT I WANT YOU TO DO IS TO INDICATE YOUR INTEREST THAT YOU WILL ASSIST US BY RECEIVING THE MONEY ON OUR BEHALF.ACKNOWLEDGE THIS MESSAGE, SO THAT I CAN INTRODUCE YOU TO MY SON (SOLOMON) WHO HAS THE OUT MODALITIES FOR THE CLAIM OF THE SAID FUNDS. I WANT YOU TO ASSIST IN INVESTING THIS MONEY, BUT I WILL NOT WANT MY IDENTITY REVEALED. I WILL ALSO WANT TO BUY PROPERTIES AND STOCK IN MULTI-NATIONAL COMPANIES AND TO ENGAGE IN OTHER SAFE AND NON-SPECULATIVE INVESTMENTS. MAY I AT THIS POINT EMPHASISE THE HIGH LEVEL OF CONFIDENTIALITY, WHICH THIS BUSINESS DEMANDS, AND HOPE YOU WILL NOT BETRAY THE TRUST AND CONFIDENCE, WHICH I REPOSE IN YOU. IN CONCLUSION, IF YOU WANT TO ASSIST US , MY SON SHALL PUT YOU IN THE PICTURE OF THE BUSINESS, TELL YOU WHERE THE FUNDS ARE CURRENTLY BEING MAINTAINED AND ALSO DISCUSS OTHER MODALITIES INCLUDING REMUNERATION FOR YOUR SERVICES. FOR THIS REASON KINDLY FURNISH US YOUR CONTACT INFORMATION, THAT IS YOUR PERSONAL TELEPHONE AND FAX NUMBER FOR CONFIDENTIAL PURPOSE. BEST REGARDS, MRS M. SESE SEKO From Offers at allbestcheapstuff.com Thu May 30 01:35:40 2002 From: Offers at allbestcheapstuff.com (Offers) Date: Thu, 30 May 2002 04:35:40 -0400 Subject: Relax this Summer... On a new Hammock Message-ID: <200205301836.NAA25723@einstein.ssz.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5069 bytes Desc: not available URL: From MO2030_20020506_217 at link2buy.com Thu May 30 04:52:23 2002 From: MO2030_20020506_217 at link2buy.com (EAASI) Date: Thu May 30 04:52:23 PDT 2002 Subject: Travel Now - Pay Later - Vacations From $18 Message-ID: <850218409.1022760451885.mu@link2buy.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6495 bytes Desc: not available URL: From objectpascal at yahoo.com Thu May 30 05:16:44 2002 From: objectpascal at yahoo.com (Curt Smith) Date: Thu, 30 May 2002 05:16:44 -0700 (PDT) Subject: When encryption is also authentication... In-Reply-To: <001501c207b4$599d8b80$c71121c2@sharpuk.co.uk> Message-ID: <20020530121644.7030.qmail@web11601.mail.yahoo.com> I concur. The problem is that the most prevalent e-mail program (Outlook) requires no user intervention as a default when signing and/or encrypting a message with S/MIME. One can override the default to "High Security" (requiring password) only while the X.509 certificate is being installed. I also agree that alternative authorization mechanisms (or combination thereof) are entirely appropriate: smartcards, flashcards, biometric readers, magnetic strips, bar codes, etc. Different schemes will work provided the hardware is available and adequate authentication can be assured. Curt --- David Howe wrote: > Partially agreed - a user doesn't have to know *how* it > works, but must have to take a positive step (eg, type in a > password, answer "yes" to a "are you really sure you want to > do this" message, that sort of thing) for it to be binding > under most e-sig legislation. However, the law of contract > assumes every dotted i and crossed t is read and fully > understood to the full measure of the law. Enough people get > caught out this way each year (they find the contract they > signed isn't what they negotiated but (eg) binds them to a > full term of service (say, two years) when they wanted a > three month trial... > There is a balance to be had here. it should be impossible > for a random user to walk up to their powered off pc, power > it on, then sign a document. It should be extremely difficult > for a random user to walk up to a pc that has been left > logged on (but which hasn't been used to sign documents for > five minutes or so) and sign a document; it should be easy > for the user to sign a large number of documents in rapid > succession, without having to type in a complex password > every single time. If this involves remembering the password > for a specified "idle" time, or using a smartcard to auth > (rather than a manual password or in addition) that the user > can remove when he takes a coffee break then fine - but > whatever you do must almost certainly use no other hardware > than is already fitted to the machine, so a usb dongle could > be ok for a home user but a credit-card style smartcard > almost certainly won't be (although if anyone knows a decent > floppy-adaptor for smartcards, I would love to know about it) ===== Curt end eof . Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com From nobody at dizum.com Wed May 29 21:20:03 2002 From: nobody at dizum.com (Nomen Nescio) Date: Thu, 30 May 2002 06:20:03 +0200 (CEST) Subject: FC: Hollywood wants to plug "analog hole," regulate A-D converters Message-ID: <51c398de008b8604d0176c5ca949739f@dizum.com> Peter Trei writes: > My mind has been boggled, my flabbers have been ghasted. > > In the name of protecting their business model, the MPAA > proposes that every analog/digital (A/D) converter - one of > the most basic of chips - be required to check for US > government mandated copyright flags. Quite aside from > increasing the cost and complexity of the devices many, > manyfold, it eliminates the ability of the US to compete > in the world electronics market. This is absurd. In all the commentary on this issue, no one has made the obvious point that the MPAA has no interest or intention in putting watermark detectors into every ADC chip! They don't care about the ADC chip in a digital thermometer or even a cell phone. All they care about are things like PC video capture cards, which are high fidelty consumer devices capable of digitizing copyright protected content. Their white paper is a brief summary of their goals and intentions and does not go into full technical detail. But let's use a little common sense here, folks. It's pointless to try to shoot down this proposal by raising all these horror stories about ADC chips in industrial and technical devices being crippled by a watermark detector which will never be activated. If you waste time developing this line of argument, you will be left with nothing to say when the actual bill focuses only on the specific devices that the content holders are worried about. And sure, a sufficiently talented electrical engineer can produce a custom board to do non-watermark-aware ADC, and digitize TV shows and music. The MPAA has to accept that such activity will continue to go on at a low level. They just want to make sure that consumer devices are not sold that enable every customer to make easy digital copies of copyrighted data based on an analog source, as they can now with the Replay DVR. Please, let's use some common sense and not go overboard with an obviously mistaken interpretation of the MPAA's intentions. That wastes everyone's time. From eresrch at eskimo.com Thu May 30 06:43:40 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Thu, 30 May 2002 06:43:40 -0700 (PDT) Subject: FC: Hollywood wants to plug "analog hole," regulate A-D converters In-Reply-To: <51c398de008b8604d0176c5ca949739f@dizum.com> Message-ID: On Thu, 30 May 2002, Nomen Nescio wrote: > This is absurd. In all the commentary on this issue, no one has made > the obvious point that the MPAA has no interest or intention in putting > watermark detectors into every ADC chip! They don't care about the ADC If they don't they are screwed. > chip in a digital thermometer or even a cell phone. All they care about > are things like PC video capture cards, which are high fidelty consumer > devices capable of digitizing copyright protected content. And everyone outside the US will build their cards without the detector, or with a software switch to turn it off so they can sell more in the US. > Their white paper is a brief summary of their goals and intentions and > does not go into full technical detail. But let's use a little common > sense here, folks. Common sense says they are corrupt pigs who will stop at nothing to get their profits back up. > It's pointless to try to shoot down this proposal by raising all these > horror stories about ADC chips in industrial and technical devices > being crippled by a watermark detector which will never be activated. > If you waste time developing this line of argument, you will be left > with nothing to say when the actual bill focuses only on the specific > devices that the content holders are worried about. And what are they going to do when people build MP3 players from auto ADC's that don't detect watermarks? Make them illegal? > And sure, a sufficiently talented electrical engineer can produce a custom > board to do non-watermark-aware ADC, and digitize TV shows and music. > The MPAA has to accept that such activity will continue to go on at a > low level. They just want to make sure that consumer devices are not > sold that enable every customer to make easy digital copies of copyrighted > data based on an analog source, as they can now with the Replay DVR. And what's to prevent it from happening at a high level if there's enough profit in it? MPAA is a tiny market compared to the rest of the electronics industry - it will be easy to bypass the law on a huge scale. You don't need to be a "sufficiently talented electrical engineer" when you can go across the border, buy 1000 simple/cheap devices and bring 'em back in your pickup truck. > Please, let's use some common sense and not go overboard with an obviously > mistaken interpretation of the MPAA's intentions. That wastes everyone's > time. MPAA is definitly a waste of everybody's time. They need to be shot so we don't have to listen to them anymore!!! :-) Patience, persistence, truth, Dr. mike From nobody at remailer.privacy.at Wed May 29 22:03:05 2002 From: nobody at remailer.privacy.at (Anonymous) Date: Thu, 30 May 2002 07:03:05 +0200 (CEST) Subject: Forward-secure public-key encryption eprint Message-ID: <971c23f5aeb930d822ef1bd6ddca7104@remailer.privacy.at> David Hopwood writes: > Forward-secure public-key encryption has been discussed here, on > sci.crypt, and elsewhere. To recap - the goal is that an adversary who > breaks into your computer today can't read messages sent/received > yesterday. In the interactive case, you use ephermal Diffie-Hellman. The > non-interactive case is more complicated and has had some ideas considered > by Ross Anderson, Adam Back, and David Hopwood (among others). Cypherpunks > relevance: forward security is nice for remailers. > > Anyway, there's a new eprint up which shows how to construct such a scheme > starting from an ID-based encryption scheme by Boneh + Franklin. > > "A Forward-Secure Public-Key Encryption Scheme" > Jonathan Katz > http://eprint.iacr.org/2002/060/ > > It's worth noting that the scheme this is based on has code available. > http://crypto.stanford.edu/ibe/download.html Adam Back noted several years ago that identity-based encryption systems could be converted into forward-secure PK encryption methods. At the time it did not appear that any of the identity-based encryption systems were very secure. In the past few years a number of cryptographic results have been achieved by using the Weil and Tate pairings, which are mappings among groups associated with supersingular elliptic curves. These mappings have special mathematical properties which give a new slant to a number of cryptographic problems. For example it can be shown that in the appropriate group, the Decision Diffie-Hellman problem is easy while the Diffie-Hellman problem is still thought to be hard. On coderpunks this was discussed as a possible approach to ecash. The Weil pairing can also be used to create short signatures, only 20 bytes long for the same security as a DSA sig taking 40 bytes. At Crypto 2001, Boneh and Franklin showed how to use the Weil pairing to create an identity based PK system. Unlike earlier constructions, this one seems to have a good security margin. Following Adam Back's earlier idea, this means a forward-secure PKCS can be constructed, and the new paper does so, using the Weil and Tate pairings. One concern is that these mathematical techniques are new in cryptography and so it is possible that new attacks will be found against them. While the underlying math is old, the specific application is new and so weaknesses may still be discovered. Another problem is that the math is really advanced and not many implementors or users are likely to understand it very well. Sure we've got a library but the kind of people who want forward security would like to understand the principles a little better. From iang at systemics.com Thu May 30 05:34:49 2002 From: iang at systemics.com (Ian Grigg) Date: Thu, 30 May 2002 08:34:49 -0400 Subject: When encryption is also authentication... References: Message-ID: <3CF61C69.690FAA24@systemics.com> > SSL for commerce is readily in place without batting an eyelid these days. Costs are still way too high. This won't change until browsers are shipped that treat self-signed certs as being valid. Unfortunately, browser manufacturers believe in cert-ware for a variety of non-security reasons. Hopefully, one day the independant browser manufacturers will ship browsers that show a different icon for self- certs, rather than annoy the user with mindless security warnings. Then, we can expect a massive increase in secure browsing as sites start defaulting to self-signed certs, and a consequent massive increase in security, as well as a follow-on massive increase in the sale of certs. Unfortunately, we probably won't see an enhanced market for CA certs until Verisign goes broke. > However, I'd be interested to know just how many users out there would enter > their card details on an unprotected site, despite the unclosed padlocks > and the > alert boxes. Huge numbers of them. You won't see it in security lists, but most of your average people out there do not understand the significance of the padlock, and when merchants request credit card numbers, they quietly forget to tell them. And, in a lot of cases, credit card details are shipped over cleartext email rather than browsers. Many of these merchants have card-holder-present agreements, the restrictions of which, they just ignore. Commerce being what commerce is, it is more important to get the sale than deal with some obscure security nonsense that doesn't make sense. > Have security fears and paranoia been abated by widespread crypto > to the point whereby users will happily transmit private data, whether > encrypted > or nay, just because they *perceive* the threat to now be minimal? Now that the > media has grown tired of yet-another-credit-card-hack story? Much of today's body of (OECD) net users don't read the news about the net and don't understand the debate, nor can they make sense of how to protect themselves from a site that is hacked... Three or four years back, much of the body of the net was still technically advanced and capable of understanding the fallacious security arguments. These days, perversely, the users are better able to evaluate the security risks, because they don't understand the arguments, so they look to the actual experience, which provides no warnings. > Pointers to any evidence/research into this much appreciated... ta. Unfortunately, real data is being kept back by the credit card majors. It is my contention that there has never been a case of sniffed-credit-card-abuse, and nobody I've ever talked to in the credit card world has ever been able to change that. On the whole, all net-related credit card fraud is to do with other factors: mass thefts from hacked databases, fraudulent merchant gatherings, fear-of- wife revocations, etc. Nothing, ever, to do with on-the-wire security. -- iang From eresrch at eskimo.com Thu May 30 08:46:21 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Thu, 30 May 2002 08:46:21 -0700 (PDT) Subject: When encryption is also authentication... In-Reply-To: <000001c207ef$61741190$1d02a8c0@na.webmd.net> Message-ID: On Thu, 30 May 2002, cypherpunk_reader wrote: > If the end user insists on e-signing a document without having read it it is > there perogative, > but I think there should be a better system in place to insure that they > either read it or that > they did not read it but agree anyway. I don't think so. If they are fool enough to sign a document without reading it, it's the same as using a pen to sign a contract without reading it. A fool is a fool, why try to protect them? It's pretty hopeless to try because fools are so clever! I don't have a problem with a signing system that requires the user to do something (like maybe even use a pda stylus and actually sign with their own handwriting), but *forcing* them to read a contract is just plain silly. When enough fools have been burned by a scam, the word will get out and the rest of the fools who don't read contracts might think about not signing. An e-signature can have the same weight in law as an ink one, and the same rules apply. A fool and their money are soon parted. Patience, persistence, truth, Dr. mike From DaveHowe at gmx.co.uk Thu May 30 01:30:50 2002 From: DaveHowe at gmx.co.uk (David Howe) Date: Thu, 30 May 2002 09:30:50 +0100 Subject: When encryption is also authentication... References: Message-ID: <001501c207b4$599d8b80$c71121c2@sharpuk.co.uk> Mike Rosing wrote: > Having it be "transparent" where the user doesn't need to know > anything about how it works does not have to destroy the > effectiveness of digital signatures or crypto. When people sign a > document they don't know all the ramifications because few bother to > read all of any document they sign - most of it won't apply as long > as you keep your part of the bargin, so why bother? Partially agreed - a user doesn't have to know *how* it works, but must have to take a positive step (eg, type in a password, answer "yes" to a "are you really sure you want to do this" message, that sort of thing) for it to be binding under most e-sig legislation. However, the law of contract assumes every dotted i and crossed t is read and fully understood to the full measure of the law. Enough people get caught out this way each year (they find the contract they signed isn't what they negotiated but (eg) binds them to a full term of service (say, two years) when they wanted a three month trial... There is a balance to be had here. it should be impossible for a random user to walk up to their powered off pc, power it on, then sign a document. It should be extremely difficult for a random user to walk up to a pc that has been left logged on (but which hasn't been used to sign documents for five minutes or so) and sign a document; it should be easy for the user to sign a large number of documents in rapid succession, without having to type in a complex password every single time. If this involves remembering the password for a specified "idle" time, or using a smartcard to auth (rather than a manual password or in addition) that the user can remove when he takes a coffee break then fine - but whatever you do must almost certainly use no other hardware than is already fitted to the machine, so a usb dongle could be ok for a home user but a credit-card style smartcard almost certainly won't be (although if anyone knows a decent floppy-adaptor for smartcards, I would love to know about it) From hr111 at columbia.edu Thu May 30 06:41:54 2002 From: hr111 at columbia.edu (Hector Rosario) Date: Thu, 30 May 2002 09:41:54 -0400 (EDT) Subject: sources on steganography In-Reply-To: <20020529225628.47293.qmail@web13201.mail.yahoo.com> Message-ID: Why would I be interested in "fool[ing] [you]." All I asked was for some help with sources. If you cannot be of help, at least don't be a hindrance. Besides, don't claim to speak for others. If envy is what drives you, then I suggest that you work on that. hr On Wed, 29 May 2002, Morlock Elloi wrote: > > I am writing my dissertation on steganography. Basically I'm writing a > ^^^^ ^ ^ ^ ^ ^ > > You can't fool us. > > > > ===== > end > (of original message) > > Y-a*h*o-o (yes, they scan for this) spam follows: > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com From askit2paul at mail.ru Thu May 30 20:58:26 2002 From: askit2paul at mail.ru (RUDOLF) Date: Thu, 30 May 2002 09:58:26 -1800 Subject: Best refinance mortgage rate WI Message-ID: <000014991ef8$00002333$000009a7@mxs.mail.ru> Clarification Want to refinance? Fill out this quick form and immediately have mortgage companies compete for you business. You will be offered the, absolute, BEST refinance rates available! Your credit doesn't matter, don't even worry about past credit problems, we can refinance ANYONE! Let Us Put Our Expertise to Work for You! http://66.230.217.86 Erase http://66.230.217.86/optout.htm From pcw2 at flyzone.com Thu May 30 06:59:52 2002 From: pcw2 at flyzone.com (Peter Wayner) Date: Thu, 30 May 2002 09:59:52 -0400 Subject: sources on steganography In-Reply-To: References: Message-ID: <200205301400.g4UE0Ka23238@slack.lne.com> At 11:19 AM -0400 5/29/02, Hector Rosario wrote: >I am writing my dissertation on steganography. Basically I'm writing a >technical monograph that would be of use to undergraduate instructors. >What do you think are the best sources on steganography on >the Web? What about books other than Johnson, Katzenbeiser & Peticolas, >and the volumes covering the four international workshops on information >hiding. I know that my book, _Disappearing Cryptography_, is being used as a textbook in a few schools. It's a bit broader than the others because it uses a more inclusive view of the topic. You can read a bit more here: http://www.wayner.org/books/discrypt2/ The book on Watermarking by Cox et al is also very nice, although very focused and very detailed. -Peter From sfurlong at acmenet.net Thu May 30 07:05:40 2002 From: sfurlong at acmenet.net (Steve Furlong) Date: Thu, 30 May 2002 10:05:40 -0400 Subject: sources on steganography References: Message-ID: <3CF631B4.6002AD21@acmenet.net> Hector Rosario wrote: > > Why would I be interested in "fool[ing] [you]." All I asked was for some ^ ^ ^ ^ > help with sources. If you cannot be of help, at least don't be a ^ ^ ^ > hindrance. Besides, don't claim to speak for others. If envy is what ^ ^ ^ > drives you, then I suggest that you work on that. ^ ^ ^ ^ -- Steve Furlong Computer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking From cypherpunk at whitech.net Thu May 30 08:33:41 2002 From: cypherpunk at whitech.net (cypherpunk_reader) Date: Thu, 30 May 2002 10:33:41 -0500 Subject: When encryption is also authentication... In-Reply-To: <20020529172102.54611.qmail@web11603.mail.yahoo.com> Message-ID: <000001c207ef$61741190$1d02a8c0@na.webmd.net> I ain't got that much schooling in these here matters, but it seems to me that in terms of the agreements, online agreements are pretty slacking when it comes to verifying that the end user actually read the document. Most agreements online take advantage of the fact that a user is going to skip reading the document and jump straight to the "Agree" button. If the end user insists on e-signing a document without having read it it is there perogative, but I think there should be a better system in place to insure that they either read it or that they did not read it but agree anyway. Something along the lines of timers (set to an average number of minutes it takes to read the average contract), a keyword in the document itself that forces the user to peruse the document to find the keyword, or at least force the user to type "Agree" rather than just click a button. But hey, realistically speaking, I doubt there is much enforcement going on regarding these online contracts. Do we want the Federale involved in how these contracts are designed or is the industry going to self police? CW -----Original Message----- From: owner-cypherpunks at ssz.com [mailto:owner-cypherpunks at ssz.com]On Behalf Of Curt Smith Sent: Wednesday, May 29, 2002 12:21 PM To: cypherpunks at lne.com Subject: CDR: Re: When encryption is also authentication... I agree that the signer does not need to understand the mathematics or underlying technology for digital signatures to be viable. However, what good is an agreement when the parties do not know what the terms of the agreement are? A signature (digital or otherwise) generally indicates that the signer not only made an agreement, but also understood the agreement. A digital signatures must involve a conscious decision by the signer to keep their part of an agreement. I maintain that this requires user intervention to verify that the signer knew that they making an agreement - a "click of understanding" or pass phrase. Curt --- Mike Rosing wrote: ... > Having it be "transparent" where the user doesn't need to know > anything about how it works does not have to destroy the > effectiveness of digital signatures or crypto. When people > sign a document they don't know all the ramifications because > few bother to read all of any document they sign - most of it > won't apply as long as you keep your part of the bargin, > so why bother? > > The same thing should be true of digital signatures. The > user shouldn't have to know a thing, other than they've made > a promise they better keep or all the bad clauses really do > apply, and the proof of their signature will come to haunt > them. The way the digital signature works does not > matter to them, and it shouldn't need to. > > If digital crypto, signatures or e-cash are going to get into > mass appeal, then their operations will be "magic" to the > majority. And it all has to work, to 1 part in 10^8th or > better, without user comprehension. > > It may well take "user intervention" to create a signature, > but they shouldn't have to know what they are doing. > > Patience, persistence, truth, > Dr. mike ===== end Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com From cypherpunk at whitech.net Thu May 30 08:43:43 2002 From: cypherpunk at whitech.net (cypherpunk_reader) Date: Thu, 30 May 2002 10:43:43 -0500 Subject: sources on steganography In-Reply-To: Message-ID: <000101c207f0$c82f3e40$1d02a8c0@na.webmd.net> I AM OSAMA Good one !!! lol -----Original Message----- From: owner-cypherpunks at ssz.com [mailto:owner-cypherpunks at ssz.com]On Behalf Of Hector Rosario Sent: Thursday, May 30, 2002 8:42 AM To: Morlock Elloi Cc: cypherpunks at lne.com Subject: Re: sources on steganography Why would I be interested in "fool[ing] [you]." All I asked was for some help with sources. If you cannot be of help, at least don't be a hindrance. Besides, don't claim to speak for others. If envy is what drives you, then I suggest that you work on that. hr On Wed, 29 May 2002, Morlock Elloi wrote: > > I am writing my dissertation on steganography. Basically I'm writing a > ^^^^ ^ ^ ^ ^ ^ > > You can't fool us. > > > > ===== > end > (of original message) > > Y-a*h*o-o (yes, they scan for this) spam follows: > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com From gbroiles at parrhesia.com Thu May 30 11:49:16 2002 From: gbroiles at parrhesia.com (Greg Broiles) Date: Thu, 30 May 2002 11:49:16 -0700 Subject: No law re electronic contracting? In-Reply-To: <3CF666DA.BC385452@acmenet.net> References: Message-ID: <5.1.0.14.2.20020530111845.0371b6e0@bivens.parrhesia.com> At 01:52 PM 5/30/2002 -0400, Steve Furlong wrote: >Summary: Recent laws have attempted to make electronic contracting >binding, but they have not addressed some of the fundamental principles >of contract law. These fundamental principles are often stretched or >broken in electronic contracting. There is no case law on electronic >contracts. I suspect that a contested electronic contract would be >easily voided. Nope. Back to the books for you. Here's a three-letter hint about the enforceability of "electronic contracts" - EDI. Also, take a look at these Internet-related cases - _Caspi v. The Microsoft Network LLC_, 323 N.J. Super. 118, 732 A.2d 528 (N.J. Super. Ct. App. Div. 1999) (at ) _Hotmail Corp. v. Van$ Money Pie_, 1998 U.S. Dist. LEXIS 10729; 47 U.S.P.Q.2D 1020 (N.D. Cal. 1998) (No. C98-20064 JW) (at ) _Groff v. America Online_ 1998 WL 307001 (R.I. Super. Ct. May 27, 1998) (at ) _Specht v. Netscape_ 150 F. Supp. 2d 585 (S.D.N.Y 2001) (at ) You might find _Law of the Internet_, Lexis Law Pub (2001) of interest. -- Greg Broiles -- gbroiles at parrhesia.com -- PGP 0x26E4488c or 0x94245961 From morlockelloi at yahoo.com Thu May 30 12:10:32 2002 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Thu, 30 May 2002 12:10:32 -0700 (PDT) Subject: sources on steganography In-Reply-To: Message-ID: <20020530191032.55914.qmail@web13208.mail.yahoo.com> > Why would I be interested in "fool[ing] [you]." All I asked was for some > help with sources. If you cannot be of help, at least don't be a I think that perception and sense of humour are sort of required for crypto work. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com From dmolnar at hcs.harvard.edu Thu May 30 09:18:54 2002 From: dmolnar at hcs.harvard.edu (dmolnar) Date: Thu, 30 May 2002 12:18:54 -0400 (EDT) Subject: Forward-secure public-key encryption eprint In-Reply-To: <971c23f5aeb930d822ef1bd6ddca7104@remailer.privacy.at> Message-ID: On Thu, 30 May 2002, Anonymous wrote: > David Hopwood writes: Did I miss a separate message in which David Hopwood followed up to my post? Cypherpunks is more reliable for me than it used to be, but it's not always all there. > > math is really advanced and not many implementors or users are likely > to understand it very well. Sure we've got a library but the kind of > people who want forward security would like to understand the principles > a little better. Thanks for the detailed summary! Even if the system may not be ready for prime time, I think it may still be worth looking at it and following future developments. -David From eresrch at eskimo.com Thu May 30 13:35:58 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Thu, 30 May 2002 13:35:58 -0700 (PDT) Subject: When encryption is also authentication... In-Reply-To: <3CF666DA.BC385452@acmenet.net> Message-ID: On Thu, 30 May 2002, Steve Furlong wrote: > Summary: Recent laws have attempted to make electronic contracting > binding, but they have not addressed some of the fundamental principles > of contract law. These fundamental principles are often stretched or > broken in electronic contracting. There is no case law on electronic > contracts. I suspect that a contested electronic contract would be > easily voided. Thanks, that was very enlightening. The URL is good too - they mention that "An electronic signature is defined as being: an electronic sound, symbol or process attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record. " I would never have thought of making a sound as part of a signature! but for voice prints, it might be a good idea. > OK, that's the way I think it is, currently in the US. The way I think > it _should_ be is much more caveat emptor, as Dr Mike and others have > said, but the legislators and judges have neglected to ask for my input. Yes, and even if we tried to give input nobody would listen to me :-) Most of the issues here are human interface, what is reasonable to expect for a valid contract. The only thing I've ever "signed" online is an order for parts via credit card, and so far it's never been a legal problem. But I see where there could be major problems if people aren't really damn careful, so I'll probably be a lot more careful than I thought I was before! Patience, persistence, truth, Dr. mike From sfurlong at acmenet.net Thu May 30 10:52:26 2002 From: sfurlong at acmenet.net (Steve Furlong) Date: Thu, 30 May 2002 13:52:26 -0400 Subject: When encryption is also authentication... References: Message-ID: <3CF666DA.BC385452@acmenet.net> Mike Rosing wrote: > > On Thu, 30 May 2002, cypherpunk_reader wrote: > > > If the end user insists on e-signing a document without having read it it is > > there perogative, > > but I think there should be a better system in place to insure that they > > either read it or that > > they did not read it but agree anyway. > > I don't think so. If they are fool enough to sign a document without > reading it, it's the same as using a pen to sign a contract without > reading it. ... > An e-signature can have the same weight in law as an ink one, and the > same rules apply. A fool and their money are soon parted. Here's my analysis of the current situation regarding electronic signatures in the United States. The following few paragraphs are the way things are as I see them, not necessarily how they should be. An e-signature in this situation would indicate assent to a contract. One of the key points to forming a valid contract is a meeting of minds between the parties. Another is authentication that the alleged contracting party was actually the person who agreed to the contract. Meeting of minds includes knowing, understanding, and agreeing to the terms of the putative contract. With paper contracts, even lengthy ones, knowledge and understanding are assumed if certain conventions are met, such as font size and emphasis of important terms, as well as opportunity to read the contract thoroughly. And the contracting party is assumed to be able to take the contract to a lawyer if he's uncertain about any part of it. Many electronic agreements fail on one or more of these points. These contracts are often very lengthy, the equivalent of several pages of printout, and are often viewed only through a very small window, and often have small or otherwise illegible fonts. In paper, this would be similar to a five-page contract being written out on post-its, with only one visible at a time. Many of the agreements cannot be printed out, which interferes with both reading and obtaining expert advice. The situation is made even worse by the mingling of technical jargon with the legal jargon; many software-related contracts are even less intellegible than other contracts. Meeting of minds is questionable under these circumstances. Authentication is similarly problematic. Ordinary contracts are commonly agreed to in person or with signatures. Electronic contracts are commonly agreed to with one or two mouse clicks. There is nothing to indicate that the "signer" was the person he alleged to be. Some laws (see below) attempt to make this irrelevant, essentially saying that if your computer agreed, you agreed, but this is unlikely to stand up in court on basic principles. I was unable to find any US case law (court cases which went to trial and verdict, and which were written up for publication) on this subject. Bear in mind that I no longer have access to Lexis or Westlaw, but google and such can usually find relevent cases. I suspect that there are no reported cases hinging on electronic signatures. This isn't surprising, because the oldest electronic signature law is less than six years old, and that's probably not enough time for a problem to have arisen, been litigated, been appealed, and been written up. The "e-sign" law of 2000 doesn't provide much help. It states simply that a contract may not be denied solely because it was electronically signed. Furthermore, it applies only to interstate and international contracts. (Though most electronic contracts for, eg, downloaded software will be interstate or international.) It doesn't provide standards or guidance for what makes a valid electronic contract. The Uniform Electronic Transactions Act (UETA) is a model law which about half of the states have enacted. Some, maybe most, of these states have modified UETA before passing it. It's not clear how this affects contracts in which only one party is in a UETA state. UETA says that an electronic record fulfills any requirements for a written contract document and that an electronic signature fulfills any requirement for a signature on the contract, and it outlines what constitutes an electronic record and an electronic signature. Interestingly, UETA states that an "agent", meaning a program, can fulfill the requirements for a signature, even without human participation. See http://www.ladas.com/BULLETINS/2002/0202Bulletin/USElectronicSignature.html for a decent summary, and http://www.uetaonline.com/ for more detail. Summary: Recent laws have attempted to make electronic contracting binding, but they have not addressed some of the fundamental principles of contract law. These fundamental principles are often stretched or broken in electronic contracting. There is no case law on electronic contracts. I suspect that a contested electronic contract would be easily voided. OK, that's the way I think it is, currently in the US. The way I think it _should_ be is much more caveat emptor, as Dr Mike and others have said, but the legislators and judges have neglected to ask for my input. -- Steve Furlong Computer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking From johns at worldwinner.com Thu May 30 11:27:52 2002 From: johns at worldwinner.com (John Saylor) Date: Thu, 30 May 2002 14:27:52 -0400 Subject: When encryption is also authentication... In-Reply-To: <3CF61C69.690FAA24@systemics.com> References: <3CF61C69.690FAA24@systemics.com> Message-ID: <20020530142752.F1181@johns.worldwinner.com> Hi > > However, I'd be interested to know just how many users out there > > would enter their card details on an unprotected site, despite the > > unclosed padlocks and the alert boxes. ( 02.05.30 08:34 -0400 ) Ian Grigg: > Huge numbers of them. You won't see it in security > lists, but most of your average people out there do > not understand the significance of the padlock, and > when merchants request credit card numbers, they > quietly forget to tell them. And even if they tried, network security is too arcane of a subject matter for them to care about. They just want that big dildo [or whatever it is that they're ordering]. One online merchant I know put big padlock .gifs on the site to reassure users that their transactions were secure. The padlocks on the browsers were there, but they weren't as reassuring to the customers as the images. -- \js "evolve real-time metrics" From keyser-soze at hushmail.com Thu May 30 14:47:54 2002 From: keyser-soze at hushmail.com (keyser-soze at hushmail.com) Date: Thu, 30 May 2002 14:47:54 -0700 Subject: F.B.I. Given Broad Authority to Monitor the Public Message-ID: <200205302147.g4ULlsj53409@mailserver2.hushmail.com> Get ready for the shit storm. I'm making a list, checking it twice, gonna found who's tree gets watered tonight... >F.B.I. Given Broad Authority to Monitor the Public >By THE ASSOCIATED PRESS >WASHINGTON (AP) -- Attorney General John Ashcroft on Thursday gave the FBI broad new authority to monitor Internet sites, libraries, churches and political organizations, calling restrictions on domestic spying ``a competitive advantage for terrorists.'' http://www.nytimes.com/aponline/national/AP-FBI-Reorganizing.html Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople From scribe at exmosis.net Thu May 30 06:57:25 2002 From: scribe at exmosis.net (Graham Lally) Date: Thu, 30 May 2002 14:57:25 +0100 Subject: sources on steganography References: Message-ID: <3CF62FC5.3040708@exmosis.net> Hector Rosario wrote: > Why would I be interested in "fool[ing] [you]." All I asked was for some > help with sources. If you cannot be of help, at least don't be a > hindrance. Besides, don't claim to speak for others. If envy is what > drives you, then I suggest that you work on that. > > hr > > On Wed, 29 May 2002, Morlock Elloi wrote: > > >>>I am writing my dissertation on steganography. Basically I'm writing a > ^^^^ ^ ^ ^ ^ ^ >> >>You can't fool us. ...or "I am storb." for the proportionally-gifted. From Honora7510v42 at nederlands.com Thu May 30 02:09:09 2002 From: Honora7510v42 at nederlands.com (Honora7510v42 at nederlands.com) Date: Thu, 30 May 2002 15:09:09 +0600 Subject: It could happen to you. Get your free EURO Message-ID: <024e28a28e2e$3864e5a8$8dc75da2@uwvcjp> On January 1st 2002, the European countries began using the new Euro. Never before have so many countries with such powerful economies united to use a single currency. Get your piece of history now! We would like to send you a FREE Euro and a FREE report on world currency. Just visit our site to request your Euro: http://81.9.8.4/TheEuroExchange/ In addition to our currency report, you can receive: * FREE trading software for commodities and currencies * FREE online trading advice via email * FREE trading system for stock and commodity traders Find out how the new Euro will affect you. If you are over age 18 and have some risk capital, it's important that you find out how the Euro will change the economic world. CLICK NOW! http://81.9.8.4/TheEuroExchange/ $5,000 minimum investment Please carefully evaluate your financial position before trading. Only risk capital should be used. Investors can and do lose money. http://81.9.8.4/ListOptOut/ To OptOut 9951HwDa4-625vweV0443jpAs8-465zJPc7568Haei4-421YKlP6663uiAc1-209uEOJ9612NvxBl72 From iang at systemics.com Thu May 30 12:56:33 2002 From: iang at systemics.com (Ian Grigg) Date: Thu, 30 May 2002 15:56:33 -0400 Subject: Making Veri$ign rich(er) References: Message-ID: <3CF683F1.3A3147F7@systemics.com> > Ian Grigg wrote: > > > Costs are still way too high. This won't change until > > browsers are shipped that treat self-signed certs as being > > valid. Unfortunately, browser manufacturers believe in > > cert-ware for a variety of non-security reasons. > [...] > > Jason Holt wrote: > > Self signed certs defeat the purpose of the certificate chain mechanism, which > is not just there to make Veri$ign rich. I understand that we are all working to make Veri$ign rich by pushing their cert-ware. Let me offer you a way in which we could make them richer. Believe me, they need our help. > Mallory can self-sign a cert for > bob.com, and hack Alice's DNS to point bob.com at her own site. But it's > (theoretically, anyway) much more difficult for her to convince Verisign that > she owns bob.com. If we trust Verisign to do that, then we know we're really > talking to Bob when we visit bob.com. What you describe above is an arcane theoretical attack. An MITM is an extraordinarily difficult thing to do. In practice, totally impractical in risk analysis terms. Its impracticality is because there are always easier pickings out there than conducting this attack. Consider the attack. You have to be able to so some spoofing, or some interception, or some hacking of critical infrastructures to do this. After all, you have to be able to insert yourself where Mallory needs to be in some sense, which means perverting the normal flow of packets. This is generally highly risky. It is also expensive and hard to control. Say you are attacking Amazon. If you pervert the DNS, as you suggest, you will have to be able to handle a lot of DNS requests. Also, there is a high chance that you will be noticed. Net techies and hackers and ISP people are looking at this sort of thing all the time. Now consider what you get: you can sit in the middle and manage some SSL traffic. So you'll need some capacity to sift through all the different sessions to snaffle the good data. At the end of the day, you'll be burning up a lot of CPU cycles to manage that traffic. (So you'll need access to some good sized hardware if you are attacking Amazon.) Finally, you manage to start farming those valuable CCs. Depending on how much hardware you've got that is managing the thousands of MITM sessions, you could pick up quite a bunch. But, if you do manage to get to the point of actually harvesting some CCs, you will by now have laid out such a road map that someone should be able to find you. So, you had better have a fast exit. Here's the thing: even if you get some, it wasn't worth it. Think like a crook. Any thing that you can do with SSL, you can do easier just by hacking into some poor NT box and accessing the database to read off the CCs. Then you get to walk away without leaving any tracks. Then you get the last month's takings, because the company already did the harversting for you. And, in practice this is how it goes. No thief ever bothers to do an MITM, even over *un*encrypted traffic. They simply hack into the machines and steal it all. That's why there has never been a case of CCs sniffed over the net and being used to commit a fraud (at least, no recorded ones). Change the analysis to small merchants, and it is even worse (of course Amazon will have a cert, so even its rich bounty is unavailable, you have to do this on small merchants). So, how do we make Veri$ign richer? Easy, switch browsers to accepting self-signed certs. To see this, we have to have tried or heard about small enterprises who have tried to set up their SSL certs. It's very expensive. Most don't do it. If we had the money we could ask Netcraft.com for the figures, but, last I checked, only 1% of servers have proper setups with proper certs. Why? because it is so expensive to set up. Most sites try and fail. They give up when they realise it isn't worth their time. So Veri$ign fails to sell the cert. And the site remains unencrypted, uncerted, unprotected only by the fact that nobody is watching. (Security by obscurity is indeed the greatest friend that we have, by actual saved amounts of money.) Now, if there was a halfway house, the site could at least be set up so that it is encrypted. Right there, is a big improvement in security. If we could do that, if we could encourage the browsers to accept the self-signed but encrypted web sites, that would let all the poor people in the world (the other 99% that can't afford all the hoo-haa of dealing with VeriSign and techies and ISPs and ...) have a go at setting up secure web sites. Secure by encryption that is. My guess is that it would get the number up to 10%. Why would that make Veri$ign richer? Because taking that 10% of encrypted sites would be a much more powerful target market. Veri$ign knows they care. Those sites just haven't got around to doing the work to get the cert set up. But they are encrypted. They are half way there. They want to be there! A decent, marketing approach to this user base would result in a pretty good conversion rate. We are talking 20-30% here, because we know they care. So, that expands the market for cert-ware by 2-3. Such doesn't work when you are dealing with a untargetted site base of 10 times that. All they have to do is understand that their MITM model, as learnt from the textbooks, does their market more harm than good. Sack the cryptographers, and employ some script kiddies to tell them what it is about. Should be worth a doubling of their share price. -- iang From jason at lunkwill.org Thu May 30 09:22:35 2002 From: jason at lunkwill.org (Jason Holt) Date: Thu, 30 May 2002 16:22:35 +0000 (UTC) Subject: When encryption is also authentication... Message-ID: Ian Grigg wrote: [...] >> SSL for commerce is readily in place without batting an eyelid these days. > > Costs are still way too high. This won't change until > browsers are shipped that treat self-signed certs as being > valid. Unfortunately, browser manufacturers believe in > cert-ware for a variety of non-security reasons. [...] Self signed certs defeat the purpose of the certificate chain mechanism, which is not just there to make Veri$ign rich. Mallory can self-sign a cert for bob.com, and hack Alice's DNS to point bob.com at her own site. But it's (theoretically, anyway) much more difficult for her to convince Verisign that she owns bob.com. If we trust Verisign to do that, then we know we're really talking to Bob when we visit bob.com. Now, the ability to add other CAs which we trust would be a nice feature, and if there were more trustworthy CAs which were added to the browsers by default, we could get the costs down closer to the actual overhead of verifying that the supplicant (er, applicant) actually owns the domain he's trying to get a cert for. But anyone can certify themselves as owning amazon.com, and it's critical that my browser tell me when some stranger makes such an assertion on their own. -J From nconc1 at lausd.k12.ca.us Thu May 30 19:38:41 2002 From: nconc1 at lausd.k12.ca.us (Natalia) Date: Thu, 30 May 2002 19:38:41 -0700 Subject: No subject Message-ID: <000a01c2084c$4a7ae560$4c260e0a@oemcomputer> QUIT -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 308 bytes Desc: not available URL: From jason at lunkwill.org Thu May 30 13:23:06 2002 From: jason at lunkwill.org (Jason Holt) Date: Thu, 30 May 2002 20:23:06 +0000 (UTC) Subject: Making Veri$ign rich(er) In-Reply-To: <3CF683F1.3A3147F7@systemics.com> Message-ID: On Thu, 30 May 2002, Ian Grigg wrote: [...] > And, in practice this is how it goes. No thief ever bothers > to do an MITM, even over *un*encrypted traffic. They simply > hack into the machines and steal it all. That's why there > has never been a case of CCs sniffed over the net and being > used to commit a fraud (at least, no recorded ones). > > Change the analysis to small merchants, and it is even worse > (of course Amazon will have a cert, so even its rich bounty > is unavailable, you have to do this on small merchants). > > > > So, how do we make Veri$ign richer? Easy, switch browsers > to accepting self-signed certs. To see this, we have to > have tried or heard about small enterprises who have tried > to set up their SSL certs. [...] If MITM attacks are so hard that you don't consider them a threat, why bother with SSL at all? SSL provides two things: * A certificate chain that demonstrates who you're talking to * Secrecy and message integrity between you and the person you're talking to You remove the first benefit by using self-signed certs. The second one is still nice, but if you're worried about me *watching* your traffic, shouldn't you also be worried about me intercepting your DNS lookup and replacing the response with my own IP? If we all use self-signed certs, you'll never be the wiser. Yes, the attack you describe where I get the root nameservers to redirect *all* amazon.com traffic to me is hard. And it can be pretty tough to watch and modify an individual user's traffic. But it's not nearly as tough as breaking the crypto behind SSL. If we use it right, that security extends to the domain I type into my browser. If we don't, we reduce it to the hardness of manipulating the wire. I certainly agree that merchants need to use better security on the server end. But that's orthogonal to the SSL issue. -J From measl at mfn.org Thu May 30 18:27:33 2002 From: measl at mfn.org (measl at mfn.org) Date: Thu, 30 May 2002 20:27:33 -0500 (CDT) Subject: sources on steganography In-Reply-To: Message-ID: Jesus christ Hector! What the fuck are you planning to be when you grow up? A funeral director or something? Grow a sense of humor for chrissakes. Or get lost, whichever is easier. On Thu, 30 May 2002, Hector Rosario wrote: > Date: Thu, 30 May 2002 09:41:54 -0400 (EDT) > From: Hector Rosario > Reply-To: cypherpunks at EINSTEIN.ssz.com > To: Morlock Elloi > Cc: cypherpunks at lne.com > Subject: CDR: Re: sources on steganography > > Why would I be interested in "fool[ing] [you]." All I asked was for some > help with sources. If you cannot be of help, at least don't be a > hindrance. Besides, don't claim to speak for others. If envy is what > drives you, then I suggest that you work on that. > > hr > > On Wed, 29 May 2002, Morlock Elloi wrote: > > > > I am writing my dissertation on steganography. Basically I'm writing a > > ^^^^ ^ ^ ^ ^ ^ > > > > You can't fool us. > > > > > > > > ===== > > end > > (of original message) > > > > Y-a*h*o-o (yes, they scan for this) spam follows: > > Yahoo! - Official partner of 2002 FIFA World Cup > > http://fifaworldcup.yahoo.com > > -- Yours, J.A. Terranson sysadmin at mfn.org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... -------------------------------------------------------------------- From cinnamon at netpaloffers.com Thu May 30 20:28:28 2002 From: cinnamon at netpaloffers.com (Netpaloffers.com) Date: Thu, 30 May 20:28:28 2002 -0700 Subject: BEAUTIFUL SKIN @ DermatologistRx.com !!! Message-ID: <83746778.5124133@mailhost> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5242 bytes Desc: not available URL: From vbi at insurancemail.net Thu May 30 18:22:02 2002 From: vbi at insurancemail.net (IQ - VBI) Date: Thu, 30 May 2002 21:22:02 -0400 Subject: A Unique Dual Income Opportunity Message-ID: <321e2b01c20841$913521b0$3201a8c0@insuranceiq.com> Life Insurance Settlements: A unique dual-income opportunity A Life Settlement is the sale of a life insurance policy that gives the policy owner a significant cash settlement. Earn substantial referral fees Sell more product Renewal Commissions of Original Policy Stay Intact A Value-Add to Your Existing Business DON'T CHANGE YOUR CURRENT WAY OF DOING BUSINESS Turn your existing book into an additional income stream with very little effort. Please fill out the form below for more information Name: E-mail: Phone: City: State: Call or e-mail us today! 800-871-9440 or visit us online at: www.Life-Settlements-Online.com We don't want anybody to receive our mailings who does not wish to receive them. This is professional communication sent to insurance professionals. To be removed from this mailing list, DO NOT REPLY to this message. Instead, go here: http://www.Insurancemail.net Legal Notice -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6161 bytes Desc: not available URL: From douglist at anize.org Thu May 30 19:44:33 2002 From: douglist at anize.org (Douglas F. Calvert) Date: 30 May 2002 22:44:33 -0400 Subject: sources on steganography In-Reply-To: References: Message-ID: <1022813073.1671.37.camel@allevil> On Thu, 2002-05-30 at 09:41, Hector Rosario wrote: > Why would I be interested in "fool[ing] [you]." All I asked was for some > help with sources. If you cannot be of help, at least don't be a > hindrance. Besides, don't claim to speak for others. If envy is what > drives you, then I suggest that you work on that. > Dude relax. He was making a joke. If you don't get the joke there are definitely going to be some problems with you writing a dissertation on stego. Here is a suggestion for you, don't bite the hand that feeds you. -- + Douglas Calvert http://anize.org/dfc + | Key Id 0xC9541FB2 http://anize.org/dfc-keys.asc | | http://imissjerry.org http://whoownsthisidea.org | +-| 0817 30D4 82B6 BB8D 5E66 06F6 B796 073D C954 1FB2 |-+ [demime 0.97c removed an attachment of type application/pgp-signature which had a name of signature.asc] From measl at mfn.org Thu May 30 20:49:39 2002 From: measl at mfn.org (measl at mfn.org) Date: Thu, 30 May 2002 22:49:39 -0500 (CDT) Subject: your mail In-Reply-To: <000a01c2084c$4a7ae560$4c260e0a@oemcomputer> Message-ID: On Thu, 30 May 2002, Natalia wrote: > QUIT More specific please? Quit diddling my data? Quit typing so loud after 10:00pm? Quit my job??? -- Yours, J.A. Terranson sysadmin at mfn.org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... -------------------------------------------------------------------- From ti9gylw3k133 at hotmail.com Fri May 31 10:52:13 2002 From: ti9gylw3k133 at hotmail.com (Rebecca) Date: Thu, 30 May 2002 22:52:13 -1900 Subject: Secretly Record all internet activity on any computer... AVZ Message-ID: <000025023163$000006ff$00001800@mx11.hotmail.com> FIND OUT WHO THEY ARE CHATTING/E-MAILING WITH ALL THOSE HOURS! Is your spouse cheating online? Are your kids talking to dangerous people on instant messenger? Find out NOW! - with Big Brother instant software download. Click on this link NOW to see actual screenshots and to order! http://213.139.76.142/bigbro/index.asp?Afft=M30 To be excluded from future contacts please visit: http://213.139.76.69/PHP/remove.php vercoe From imm48912 at ameritech.net Thu May 30 20:06:42 2002 From: imm48912 at ameritech.net (Lead Generation) Date: Thu, 30 May 2002 23:06:42 -0400 Subject: Lead Generation Message-ID: <200205310312.g4V3ChgT021751@ak47.algebra.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2838 bytes Desc: not available URL: From kiolkga3 at lycos.co.kr Thu May 30 07:17:12 2002 From: kiolkga3 at lycos.co.kr (ȣ) Date: Thu, 30 May 2002 23:17:12 +0900 Subject: [] ο οȭ Ұմϴ Message-ID: <200205301419.JAA23511@einstein.ssz.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3330 bytes Desc: not available URL: From test5572b57 at hotbot.com Thu May 30 16:25:31 2002 From: test5572b57 at hotbot.com (test5572b57 at hotbot.com) Date: Thu, 30 May 2002 23:25:31 -0000 Subject: Hi! 4350AFGh7-25-11 Message-ID: <023a50a87a4e$2145d7e4$8bb06eb4@vbwtrg> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2411 bytes Desc: not available URL: From latest4807e13 at yahoo.com Thu May 30 16:25:49 2002 From: latest4807e13 at yahoo.com (latest4807e13 at yahoo.com) Date: Thu, 30 May 2002 23:25:49 -0000 Subject: Don't delete this is important 1130Vlqx2-823MScK2904ziys6-5-26 Message-ID: <006c60b15d5e$8485b6b3$6ae14de8@pmnhlo> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2371 bytes Desc: not available URL: From thesaversclub at time-2-win.com Fri May 31 01:28:55 2002 From: thesaversclub at time-2-win.com (The Savers Club) Date: Fri, 31 May 01:28:55 2002 -0700 Subject: Got 5 Minutes? Message-ID: <58458781.3190275@mailhost> Got 5 Minutes? We have Jewelry, Computers, Electronics, Travel Packages, And Much More? Visit The Internet's Only Live 5 Minute Auctions - Start to End in Just 5 Minutes! All Auctions Start at $1 With No Minimum Reserve. YOU SET THE PRICE!!! BidZ.com, Home Of The $1.00 No Reserve Auctions! Register for your Free BidZ.com Account and Start Saving Today! (No credit card required!) http://secure.bidz.com/gifts/mindset2.asp Happy Bidding! http://secure.bidz.com/gifts/mindset2.asp ================================================ This has been brought to you by Time-2-Win.com. You are receiving this offer because you signed up with us directly or through one of our afiliates. If you feel this email has reached you by mistake, or you no longer wish to receive offers from Time-2-Win.com, please visit http://www.Time-2-Win.com and unsubscribe from these mailings. cypherpunks#einstein.ssz.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6191 bytes Desc: not available URL: From bill.stewart at pobox.com Fri May 31 02:12:42 2002 From: bill.stewart at pobox.com (Bill Stewart) Date: Fri, 31 May 2002 02:12:42 -0700 Subject: F.B.I. Given Broad Authority to Monitor the Public In-Reply-To: <200205302147.g4ULlsj53409@mailserver2.hushmail.com> Message-ID: <5.1.0.14.1.20020531020221.03aadcb0@idiom.com> > >F.B.I. Given Broad Authority to Monitor the Public > >By THE ASSOCIATED PRESS > > > WASHINGTON (AP) -- Attorney General John Ashcroft on Thursday > > gave the FBI broad new authority to monitor Internet sites, > > libraries, churches and political organizations, > > calling restrictions on domestic spying ``a competitive advantage for > terrorists.'' Maybe I'm missing something fundamental here, but where does either Ashcroft or Bush have the ability to give the FBI any authority? The Constitution can give the executive branch authority for things, or Congress can legislate authority if it's Constitutional, or the courts can rule that existing statutory or Constitutional authority extends to some use the executive branch wants to make of it, or the Commander In Chief can tell the military to do military things authorized by Congress under declarations of war or other statutes, but that's not what the politicians and their pet press agencies are saying. If Ashcroft wants his underlings to monitor the internet, TCP/IP will let him do lots of things, and Bugs will let him do more, but if he needs cooperation from ISPs or other online service or content providers, his choices are either subpoenas or extortion. And if he wants them to investigate churches, I'd recommend that he first try being as fundamentalist about the Constitution as he is about his personal religious views, and see if that leaves him any room for bothering them. > http://www.nytimes.com/aponline/national/AP-FBI-Reorganizing.html Which AP was that again, and how long have they been online? :-) From jerry8532w82 at aol.com Thu May 30 22:20:47 2002 From: jerry8532w82 at aol.com (jerry8532w82 at aol.com) Date: Fri, 31 May 2002 02:20:47 -0300 Subject: Success Marketing 8889ibFy5-030NXth-16 Message-ID: <014a45e60a2a$2145e5e4$2ec34be3@pnihqq> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2393 bytes Desc: not available URL: From zihu at intizen.com Thu May 30 10:41:15 2002 From: zihu at intizen.com () Date: Fri, 31 May 2002 02:41:15 +0900 Subject: [] ̻ ʰ ־󸮰 ־~ ^.* Message-ID: <200205301745.MAA25301@einstein.ssz.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1377 bytes Desc: not available URL: From vicky_computers_cryptography at yahoo.com Fri May 31 05:30:29 2002 From: vicky_computers_cryptography at yahoo.com (surinder pal singh makkar) Date: Fri, 31 May 2002 05:30:29 -0700 (PDT) Subject: How can i check the authenticity of a private key Message-ID: <20020531123029.75943.qmail@web21306.mail.yahoo.com> Hi List, I am a newbie in cryptography. What I have learnt till now is that in assymeric cryptography scenario we have a private key and we generate the public key corresponding to it and then we send it to the central agency. Suppose after sometime I have a private key and the public key. Is there some software tool which can tell me whether the public key is the same corresponding to the private key I am having. Also is there some tool which can tell me whether the keys have been curropted or not __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com From MO2502_20020528_798 at link2buy.com Fri May 31 05:42:28 2002 From: MO2502_20020528_798 at link2buy.com (EAASI) Date: Fri, 31 May 2002 05:42:28 -0700 (PDT) Subject: 2 for 1 & FREE Inkjet Cartridge Offer! Message-ID: <850218409.1022849903896.mu@link2buy.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4458 bytes Desc: not available URL: From eresrch at eskimo.com Fri May 31 06:18:52 2002 From: eresrch at eskimo.com (Mike Rosing) Date: Fri, 31 May 2002 06:18:52 -0700 (PDT) Subject: How can i check the authenticity of a private key In-Reply-To: <20020531123029.75943.qmail@web21306.mail.yahoo.com> Message-ID: On Fri, 31 May 2002, surinder pal singh makkar wrote: > I am a newbie in cryptography. What I have learnt till > now is that in assymeric cryptography scenario we have > a private key and we generate the public key > corresponding to it and then we send it to the central > agency. You don't have to send the public key to a repository, it's just convienient. > Suppose after sometime I have a private key and the > public key. Is there some software tool which can tell > me whether the public key is the same corresponding to > the private key I am having. Also is there some tool > which can tell me whether the keys have been curropted > or not With ECC you just recompute the public key from the private key and make sure it matches what's out in public. With RSA you just pick some random value (not zero or 1) and see if r^(e*d) = 1 mod N, or if you know p and q (where N = p*q) check that e*d = 1 mod (p-1)*(q-1). It's the same thing as encrypting/decrypting something to see if you get the same thing back. If not, something is wrong. I'm not sure how you can tell which key might be corrupted. For the public side, having the key reside in many places would do it - you can just check that they are all the same. so it may well be that saving the public key in a private place for that purpose is also useful. Patience, persistence, truth, Dr. mike From jtrjtrjtr2001 at yahoo.com Fri May 31 06:31:45 2002 From: jtrjtrjtr2001 at yahoo.com (gfgs pedo) Date: Fri, 31 May 2002 06:31:45 -0700 (PDT) Subject: How can i check the authenticity of a private key In-Reply-To: Message-ID: <20020531133145.63491.qmail@web21208.mail.yahoo.com> hi, I was helping a friend if mine with rsa key generation.if it helps u here it is. I am posting the mail which i sent to him. 1:>Choose 2 large prime numbers p & q 2:>choose n=p*q & z=(p-1)*(q-1) 3:>choose a number relatively prime to z anc call it d. two numbers (a,b) are said to be relatively prime if gcd(a,b)=1 eg: (5,25) are not relatively prime coz 5 is gcd & not 1 how ever (5,27) are relatively prime coz gcd is 1 In particualr a prime number is relatively prime to all the numbers except its multiples. 4:>find e such that e*d=1 mod z here ' = ' means equalance or congrurnce & not equal to. a ( congruent) b modulo c,if c/(a-b) or in other words if a/c gives remainder b 5:>to encrypt plain text p,cipher text c is calculated as if ^ denote exponent c=p^e (mod n) 6:>to decrypt, p=c^d(mod n) We take an example, It is just for the understanding of the reader & uses very small numbers. choose p=3 q=11 hence n=3*11=33 z=(3-1)*(11-1)=20 we find e,such that 7*e(congruent)1 (mod 20),yeilds e=3 I will try explain with the same example. 7*e=1 (mod 20) means,find e such that 20/( (7*e)-1) For this we use the euclidean algorithm & the euiler fermat theorom The eucledian algorithm simply find the gcd of 2 numbers. here our purpose of using it is to find gcd of 2 numbers & see if they are relatively prime. Accoring to euiler-fermat theorom if gcd(a,m)=1, that is they are relatively prime then the solution (unique mod m) of the linear congruence ax (congruent) b (mod m) is given by x (congruent) b* ( a^(phi(m)-1)) (mod m) where phi(m) is the euiler totient function or the euiler phi function. if(a,m)=d,then it will have d solutions modulo m. how ever we are only interested in (a,m)=1,hence 1 solution mod m. well,Just a few defenitions Defenition of Euiler Totient If n>=1 ,the euiler totient phi(n) is defined as the number of positive integers not exceeding n that are relatively prime to n. here are just a few examples if n=1 phi(1)=1 if n=2 phi(2)=1 (only 1 is relatively prime to 2) if n=3 phi(3)=2 (1 & 2 are relatively prime to 3) if n=4 phi(4)=3 (1,2,3 are ...) if n=5 phi(5)=4 (1,2,3,4 are...) if n=6 phi(6)=2 (1,5 are...) here is a usefull property 1 might need to apply some times phi(m*n)=phi(m)*phi(n) if gcd(m,n)=1 If a prime p does not divide a then a^(p-1) (congruent) 1 (mod p) now as in the example 7*e (congruent) 1 (mod 20) let us take e=x so, 7*x (congruent) 1 (mod 20) by eulier fermat theorom x(congruent) 1*(7^(phi(20)-1)) (mod 20) phi(20)=8.i.e there are 8 numbers less than 20 which are relatively prime to 20 This process of computing the euiler totoient is speeded up on a computer using the eucledian algorithm which finds gcd(a,b),for all a les than b & count those a which are relatively prime to b whose sum gives the euiler totient. ok,so x (congruent) 1*(7^(8-1)) (mod 20) x (congruent) (7^7)mod 20 x (congruent) 823543(mod 20) 823543/20 gives remainder 3,that is 823543(mod 20)=3 therefore x=3 or e=3. this is how e is actually obtained in the above example. the rest of the encryption & decryption are as mentioned above,i haven't continued the example with that part since i guess u only need to know how the key is generated. to encrypt we have 2 keys (e,n) to decrypt we have 2 keys (d,n) n=p*q is easy to calculate d is a number relatively prime to z choose a random d,test gcd(d,z) =1 using the euclidean algorithm,continue the process till u find one. the only othe key is e,which as above explained is found using the euiler-fermat theorom & the euclidean algorithm. In this manner e,n,d can be found for large primes as well. Data. --- Mike Rosing wrote: > On Fri, 31 May 2002, surinder pal singh makkar > wrote: > > > I am a newbie in cryptography. What I have learnt > till > > now is that in assymeric cryptography scenario we > have > > a private key and we generate the public key > > corresponding to it and then we send it to the > central > > agency. > > You don't have to send the public key to a > repository, > it's just convienient. > > > Suppose after sometime I have a private key and > the > > public key. Is there some software tool which can > tell > > me whether the public key is the same > corresponding to > > the private key I am having. Also is there some > tool > > which can tell me whether the keys have been > curropted > > or not > > With ECC you just recompute the public key from the > private > key and make sure it matches what's out in public. > With > RSA you just pick some random value (not zero or 1) > and > see if r^(e*d) = 1 mod N, or if you know p and q > (where > N = p*q) check that e*d = 1 mod (p-1)*(q-1). It's > the > same thing as encrypting/decrypting something to see > if > you get the same thing back. If not, something is > wrong. > > I'm not sure how you can tell which key might be > corrupted. > For the public side, having the key reside in many > places > would do it - you can just check that they are all > the same. > so it may well be that saving the public key in a > private > place for that purpose is also useful. > > Patience, persistence, truth, > Dr. mike > > __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com From ravage at ssz.com Fri May 31 05:11:10 2002 From: ravage at ssz.com (Jim Choate) Date: Fri, 31 May 2002 07:11:10 -0500 Subject: Slashdot | Surveillance Update Message-ID: <3CF7685E.4FF0B1EB@ssz.com> http://yro.slashdot.org/yro/02/05/31/1125245.shtml?tid=158 -- -- ____________________________________________________________________ A witty saying proves nothing. Voltaire ravage at ssz.com www.ssz.com jchoate at open-forge.org www.open-forge.org -------------------------------------------------------------------- From ravage at ssz.com Fri May 31 05:15:01 2002 From: ravage at ssz.com (Jim Choate) Date: Fri, 31 May 2002 07:15:01 -0500 Subject: Slashdot | Pardon, Is This Your File? (BSA, IP, Piracy) Message-ID: <3CF76945.BBA30878@ssz.com> http://yro.slashdot.org/yro/02/05/30/2053207.shtml?tid=95 -- -- ____________________________________________________________________ A witty saying proves nothing. Voltaire ravage at ssz.com www.ssz.com jchoate at open-forge.org www.open-forge.org -------------------------------------------------------------------- From s4p-zml at dv8now.net Fri May 31 05:32:50 2002 From: s4p-zml at dv8now.net (RED HOT CASH !) Date: Fri, 31 May 2002 07:32:50 -0500 Subject: EARN A FORTUNE with your own ADULT SITE ! Message-ID: <419.437407.56354375s4p-zml@dv8now.net> You are receiving this email because you have either answered a classified ad, posted to an ffa page, are on the same opt-in list or have sent me something in the past. If you'd like to be removed, see instructions at bottom of message. Best regards, Nick in England I'VE EARNED $3044.71 so far with this - VERY EASILY !!! I'm VERY happy to SEND YOU my payment stats to PROVE IT too. PLEASE just ask. For full details please click: mailto:s4p-zml at dv8now.net?subject=Info_Please and send the blank email This is a genuinely FANTASTIC opportunity DON'T MISS OUT...START EARNING TODAY... DO YOU REALISE just how EASY it is to earn a FAST INCOME from the $35 Billion a year Adult Entertainment industry ? Everyone knows there's HUGE money to be made and this company makes it's INCREDIBLY SIMPLE and VERY LOW COST, you honestly won't believe just how EASY this is !! I've tried many ways of making money online and this has honestly been the EASIEST and FASTEST way that I've EVER found. There's NO RISK, it's INCREDIBLY SIMPLE and I will personally teach you EVERYTHING you need to know and give you my FULL SUPPORT for as long as you need it, to make sure YOU start earning some CASH very quickly. You earn 50% commission recurring EVERY MONTH ! AND you GET PAID every 2 WEEKS - Guaranteed ! This is an established, highly reputable company, with 6 years experience running adult web sites online. They are debt free, listed on Dun & Bradstreet and specialize in allowing you to cash in, FAST and EASILY, on the exploding online adult entertainment business without any experience other than surfing the web. I apologise if you have received this in error. If you'd like to be removed, simply reply with REMOVE in the subject line and you will be removed immediately and receive no further mailings. This message is sent in compliance of the new email Bill HR 1910. Under Bill HR 1910 passed by the 106th US Congress on May 24, 1999, this message cannot be considered SPAM as long as I include a valid return address and the way to be removed. If you think you have received this unsolicited, please inform us by writing to: mailto:abuse at dv8now.net From hr111 at columbia.edu Fri May 31 04:46:41 2002 From: hr111 at columbia.edu (Hector Rosario) Date: Fri, 31 May 2002 07:46:41 -0400 (EDT) Subject: sources on steganography In-Reply-To: Message-ID: i guess my sense of humor was missed by most of you. i might have to practice some more before going public unless i remain anonymous (although it might be too late now). h On Thu, 30 May 2002 measl at mfn.org wrote: > > Jesus christ Hector! What the fuck are you planning to be when you grow > up? A funeral director or something? Grow a sense of humor for > chrissakes. Or get lost, whichever is easier. > > > > > On Thu, 30 May 2002, Hector Rosario wrote: > > > Date: Thu, 30 May 2002 09:41:54 -0400 (EDT) > > From: Hector Rosario > > Reply-To: cypherpunks at EINSTEIN.ssz.com > > To: Morlock Elloi > > Cc: cypherpunks at lne.com > > Subject: CDR: Re: sources on steganography > > > > Why would I be interested in "fool[ing] [you]." All I asked was for some > > help with sources. If you cannot be of help, at least don't be a > > hindrance. Besides, don't claim to speak for others. If envy is what > > drives you, then I suggest that you work on that. > > > > hr > > > > On Wed, 29 May 2002, Morlock Elloi wrote: > > > > > > I am writing my dissertation on steganography. Basically I'm writing a > > > ^^^^ ^ ^ ^ ^ ^ > > > > > > You can't fool us. > > > > > > > > > > > > ===== > > > end > > > (of original message) > > > > > > Y-a*h*o-o (yes, they scan for this) spam follows: > > > Yahoo! - Official partner of 2002 FIFA World Cup > > > http://fifaworldcup.yahoo.com > > > > > > -- > Yours, > J.A. Terranson > sysadmin at mfn.org > > If Governments really want us to behave like civilized human beings, they > should give serious consideration towards setting a better example: > Ruling by force, rather than consensus; the unrestrained application of > unjust laws (which the victim-populations were never allowed input on in > the first place); the State policy of justice only for the rich and > elected; the intentional abuse and occassionally destruction of entire > populations merely to distract an already apathetic and numb electorate... > This type of demogoguery must surely wipe out the fascist United States > as surely as it wiped out the fascist Union of Soviet Socialist Republics. > > The views expressed here are mine, and NOT those of my employers, > associates, or others. Besides, if it *were* the opinion of all of > those people, I doubt there would be a problem to bitch about in the > first place... > -------------------------------------------------------------------- > > From declan at well.com Fri May 31 05:37:27 2002 From: declan at well.com (Declan McCullagh) Date: Fri, 31 May 2002 08:37:27 -0400 Subject: Public support for federal workers falls to pre-Sept. 11 level Message-ID: <5.1.0.14.0.20020531083704.028fee50@mail.well.com> 3. Public support for federal workers falls to pre-Sept. 11 level By Brian Friel Americans support federal workers and trust the government less today than they did immediately after the Sept. 11 terrorist attacks, a new survey shows. The survey, issued Thursday by the Brookings Institution's Center for Public Service, found that support for federal workers had fallen to its pre-Sept. 11 level. The percentage of Americans who said they had a favorable opinion of federal workers fell from 76 percent in October 2001 to 69 percent this month, the same percentage that reported a favorable opinion in July 2001. The percentage of Americans who said they trust the federal government to do what is right just about always or most of the time fell from 57 percent in October 2001 to 40 percent this month. In July 2001, 29 percent of survey respondents said they had high levels of trust in the government. Full story:http://www.govexec.com/dailyfed/0502/053002b1.htm From InsightontheNews at broadbandpublisher.com Fri May 31 06:21:16 2002 From: InsightontheNews at broadbandpublisher.com (Insight on the News) Date: 31 May 2002 09:21:16 -0400 Subject: Insight on the News Email Edition Message-ID: <200205310921852.SM01140@broadbandpublisher.com> INSIGHT NEWS ALERT! New Stories From Insight on the News Are Now Online. http://www.insightmag.com ............................................... Folks, It�s been a busy week for Mike Waller. First he ruffled quite a few Washington feathers with his expose of how Clinton-era bureaucrats are still undermining our defense policy. http://www.insightmag.com/news/253607.html. Then he uncovered the shocking story that Castro is turning over his old Soviet bases to the Chinese http://www.insightmag.com/news/254144.html. Until Monday, then, I remain your newsman in Washington. ............................................... CHINA. . .SI! Michael Waller writes how Russian reports on Cuba detail a new Chinese invasion. http://www.insightmag.com/news/254144.html ............................................... ITALY TAPPED IN ON PRE-SEPT. 11 CHAT Italian authorities listened in on al Qaeda members in Europe for more than a year, as they repeatedly discussed a major plot aimed at the United States. http://www.insightmag.com/news/253962.html ............................................... CONSERVATIVES QUESTION DUBYA�S DIRECTION Jamie Dettmer asks if George W. Bush becoming the president who just can't say no? http://www.insightmag.com/news/253616.html ======================================== Pre-Publication Special � SAVE 30%! Prominent liberals -- desperate to gain even more political power in America -- pull no punches in their effort to defame and discredit conservatives. And their pals in the media are forever letting them get away with it. But finally someone is calling their bluff. In �Slander�, Ann Coulter exposes those carrying out this campaign and refutes their vicious slanders and outright lies. Order now and save 30%, click here: http://www.conservativebookservice.com/BookPage.asp?prod_cd=C5985&sour_cd=INT002701 ======================================== SPREADING THE BLAME FOR THE SEPT. 11 SECURITY FIASCO Brian Sullivan opines that perhaps if Norman Mineta or his subordinates had taken the time this past summer to conduct a simple but realistic risk assessment, the odds would have been improved for avoiding the tragedy of 9/11. http://www.insightmag.com/news/253643.html ............................................... PAKISTAN TESTS THIRD MISSILE How will India respond? http://www.insightmag.com/news/253786.html ............................................... HOW POLITICAL CORRECTNESS HAS DESTROYED REAL JOURNALISM Steve Goode interviews author and media critic William McGowan, who details how 'identity' politics has overtaken American newsrooms, turning journalists into cheerleaders instead of skeptics. http://www.insightmag.com/news/253623.html ======================================== SUBSCRIBE TO THE INSIGHT PRINT EDITION TODAY! And Save 72% (Off Our Newsstand Price) https://www.collegepublisher.com/insightsub/subform1.cfm ======================================= You have received this newsletter because you have a user name and password at Insight on the News. To unsubscribe from this newsletter, visit "http://www.insightmag.com/main.cfm?include=unsubscribe". You may also log into Insight on the News and edit your account preferences on the Web. If you have forgotten or don't know your user name and password, it will be emailed to you after visiting the following link: http://www.insightmag.com/main.cfm?include=emailPassword&serialNumber=16oai891z5&email=cypherpunks at ssz.com From mv at cdc.gov Fri May 31 10:31:33 2002 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 31 May 2002 10:31:33 -0700 Subject: How can i check the authenticity of a private key Message-ID: <3CF7B375.3432121F@cdc.gov> At 05:30 AM 5/31/02 -0700, surinder pal singh makkar wrote: >Hi List, > >I am a newbie in cryptography. What I have learnt till >now is that in assymeric cryptography scenario we have >a private key and we generate the public key >corresponding to it and then we send it to the central >agency. Correcting: You generate a key-pair, then you decide which half to keep secret. You publish the other half, where publish means gives to known associates. Or if you like encrypted spam, you publish to a well-known repository. You may repeat this and use different key-pairs with different groups of correspondents. >Suppose after sometime I have a private key and the >public key. Is there some software tool which can tell >me whether the public key is the same corresponding to >the private key I am having. Yes: encrypt a message using KeyA and decrypt with KeyB. If it decrypts, they are matching. Or you are extraordinarily unlucky :-) Generally the wrong key will decrypt to noise. Also is there some tool >which can tell me whether the keys have been curropted >or not Tools might include self-integrity info (CRCs, hashes, etc.) in their file formats; YMMV. If any bits in either half of the key data are changed, you lose. From ptrei at rsasecurity.com Fri May 31 07:40:47 2002 From: ptrei at rsasecurity.com (Trei, Peter) Date: Fri, 31 May 2002 10:40:47 -0400 Subject: FC: Hollywood wants to plug "analog hole," regulate A-D conve rters Message-ID: > ---------- > From: Nomen Nescio[SMTP:nobody at dizum.com] > Sent: Thursday, May 30, 2002 12:20 AM > To: cryptography at wasabisystems.com; cypherpunks at lne.com > Subject: Re: FC: Hollywood wants to plug "analog hole," regulate A-D > converters > > Peter Trei writes: > > My mind has been boggled, my flabbers have been ghasted. > > > > In the name of protecting their business model, the MPAA > > proposes that every analog/digital (A/D) converter - one of > > the most basic of chips - be required to check for US > > government mandated copyright flags. Quite aside from > > increasing the cost and complexity of the devices many, > > manyfold, it eliminates the ability of the US to compete > > in the world electronics market. > > This is absurd. In all the commentary on this issue, no one has made > the obvious point that the MPAA has no interest or intention in putting > watermark detectors into every ADC chip! They don't care about the ADC > chip in a digital thermometer or even a cell phone. All they care about > are things like PC video capture cards, which are high fidelty consumer > devices capable of digitizing copyright protected content. > > Their white paper is a brief summary of their goals and intentions and > does not go into full technical detail. But let's use a little common > sense here, folks. > This is the actual paragraph that people are refering to: [from http://judiciary.senate.gov/special/content_protection.pdf] - start quote - The primary means to address this issue, dubbed the "analog hole", is via embedded watermarks (which have additional applications as will be discussed below). In order to help plug the hole, watermark detectors would be required in all devices that perform analog to digital conversions. In such devices (e.g., PC video capture cards), the role of the watermark detector would be to detect the watermark and ensure that the device responds appropriately. - end quote - Note that is refers to "all devices that perform analog to digital conversions". I agree that compromising all a/d chip is probably not what the MPAA had in mind (their example is a video capture card, a much more complex beast), but overbroad language has gotten into too many laws for me to have any faith that it can't happen again. What's going to happen when someone publishes plans to remove the restrictions from a compromised vidcap card, and explains how to mail order standard DACs? Will trafficing in DAC chips become a DMCA violation? > It's pointless to try to shoot down this proposal by raising all these > horror stories about ADC chips in industrial and technical devices > being crippled by a watermark detector which will never be activated. > If you waste time developing this line of argument, you will be left > with nothing to say when the actual bill focuses only on the specific > devices that the content holders are worried about. > [...] > Please, let's use some common sense and not go overboard with an obviously > mistaken interpretation of the MPAA's intentions. That wastes everyone's > time. > I agree that the MPAA's reccomendation is laughable, but stupidity has never stopped politicians from passing laws. Peter Trei From ashwood at msn.com Fri May 31 11:38:01 2002 From: ashwood at msn.com (Joseph Ashwood) Date: Fri, 31 May 2002 11:38:01 -0700 Subject: How can i check the authenticity of a private key References: <20020531123029.75943.qmail@web21306.mail.yahoo.com> Message-ID: <008f01c208d2$bf770d40$6501a8c0@josephas> ----- Original Message ----- From: "surinder pal singh makkar" To: Sent: Friday, May 31, 2002 5:30 AM Subject: CDR: How can i check the authenticity of a private key > Hi List, > > I am a newbie in cryptography. What I have learnt till > now is that in assymeric cryptography scenario we have > a private key and we generate the public key > corresponding to it and then we send it to the central > agency. > Suppose after sometime I have a private key and the > public key. Is there some software tool which can tell > me whether the public key is the same corresponding to > the private key I am having. Also is there some tool > which can tell me whether the keys have been curropted > or not Sure, and it's fairly easy too. Choose some random data, encrypt with the public key, decrypt with the private key, if the data isn't corrupted, then they match. Of course this isn't a perfect way of telling, but with any given potential key pair it's steep odds. If you want to really be sure, pass it through a few times. Joe From ravage at einstein.ssz.com Fri May 31 11:14:53 2002 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 31 May 2002 13:14:53 -0500 (CDT) Subject: Commercial quantum crypto product - news article (fwd) Message-ID: ---------- Forwarded message ---------- Date: Fri, 31 May 2002 08:57:46 -0600 From: "Kossmann, Bill" To: cryptography at wasabisystems.com Subject: Commercial quantum crypto product - news article Anybody familiar with this product? This message is brought to you by IT World Canada Inc., publisher of ComputerWorld, Network World, CIO Canada, CxO and CIO Governments' Review. --------------------------------------------------------------- Daily ITwire from ITworldcanada.com Friday, May 31, 2002 A Swiss company has announced the commercial availability of what it says are the first IT products which exploit quantum effects rather than conventional physics to achieve their goals. (05/31/2002) http://itworld.ca/rpb.cfm?v=20021510001 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com From lloyd at acm.jhu.edu Fri May 31 10:29:21 2002 From: lloyd at acm.jhu.edu (Jack Lloyd) Date: Fri, 31 May 2002 13:29:21 -0400 (EDT) Subject: How can i check the authenticity of a private key In-Reply-To: Message-ID: On Fri, 31 May 2002, Mike Rosing wrote: > With ECC you just recompute the public key from the private > key and make sure it matches what's out in public. With > RSA you just pick some random value (not zero or 1) and > see if r^(e*d) = 1 mod N, or if you know p and q (where > N = p*q) check that e*d = 1 mod (p-1)*(q-1). It's the > same thing as encrypting/decrypting something to see if > you get the same thing back. If not, something is wrong. Also with RSA, if you know p/q, you should probably check to see if they're actually prime. :) For DSA, assuming only one of the keys has been changed, checking y == g^x mod p should detect it. Again, checking primality (and that q divides p-1) seems prudent. -Jack From teresamontgomery421100 at yahoo.com Fri May 31 11:43:08 2002 From: teresamontgomery421100 at yahoo.com (teresamontgomery421100 at yahoo.com) Date: Fri, 31 May 2002 14:43:08 -0400 Subject: discounted motgages 421100000000000 Message-ID: <200207150635.BAA19124@einstein.ssz.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 404 bytes Desc: not available URL: From teresamontgomery421100 at yahoo.com Fri May 31 11:43:08 2002 From: teresamontgomery421100 at yahoo.com (teresamontgomery421100 at yahoo.com) Date: Fri, 31 May 2002 14:43:08 -0400 Subject: discounted motgages 421100000000000 Message-ID: <200206101003.FAA27356@einstein.ssz.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 404 bytes Desc: not available URL: From ravage at einstein.ssz.com Fri May 31 12:56:31 2002 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 31 May 2002 14:56:31 -0500 (CDT) Subject: New Scientist - Europe approves long-term electronic surveillance (fwd) Message-ID: http://www.newscientist.com/news/news.jsp?id=ns99992350 -- ____________________________________________________________________ A witty saying proves nothing. Voltaire ravage at ssz.com www.ssz.com jchoate at open-forge.org www.open-forge.org -------------------------------------------------------------------- From keyser-soze at hushmail.com Fri May 31 16:36:00 2002 From: keyser-soze at hushmail.com (keyser-soze at hushmail.com) Date: Fri, 31 May 2002 16:36:00 -0700 Subject: 2 Challenge Gun Cases, Citing Bush Policy Message-ID: <200205312336.g4VNa0p35371@mailserver4.hushmail.com> http://www.nytimes.com/2002/05/31/politics/31GUNS.html WASHINGTON, May 30  Two men charged with carrying pistols without a license in the District of Columbia have invoked the Bush administration's position on guns to seek the dismissal of their cases. Reversing decades of Justice Department policy, the Bush administration told the Supreme Court this month that it believes the Second Amendment protects an individual's right to possess firearms. Lawyers for the two men, Michael Freeman and Manuel Brown, say the position is inconsistent with a ruling in the United States Court of Appeals for the District of Columbia Circuit. Today, the Justice Department urged the continued prosecution of the men. The controlling precedent upholds the city's firearm statutes, "even though it contains reasoning that is inconsistent with the position of the United States," the department said in court papers [What bullshit! Do not pay any attention to the man behind the curtain.] Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople From sexliadsfdh at jakgym.se=20 Fri May 31 15:40:54 2002 From: sexliadsfdh at jakgym.se=20 (sexliadsfdh at jakgym.se=20) Date: Fri, 31 May 2002 17:40:54 -0500 =20 Subject: DO YOU LIKE SEX!! =20 Message-ID: anton at email.ky FREE PORN ACCESS ALL THE PORN YOU CAN HANDLE!! DO ME NOW I WANT YOU TO CUM!!! http://www.now-host.com/ppp to opt out opt56788 at excite.com you will be removed instantly ybir2yvpx^rznvy(xl =20 =20 =20 --- Excite Mail Abuse wrote: >********** This is an automated reply to your message to Excite = Abuse.=3D20 >If you have reached the wrong email address at Excite, please go to: >http://mailit.excite.com/mailit/maincsform.jsp ********* > >Your message has been delivered to our email abuse department who = will=3D20 >investigate the matter and determine if the email that you reported was >in fact sent from an "@excite.com" email address or by way of computers >operated by The Excite Network. If we do determine that the message was >sent from or through our system, we will take the appropriate action. > >If you have not included the original message headers along with your >message, please do so by replying to this message, leaving the = subject=3D20 >line intact which contains our tracking identification, and including >all email headers. Email headers show specific details regarding the >source provider, path, originating program, and destination of the >message which is not shown within the TO: and FROM: address fields of >the email. > >Unfortunately, "spammers" use a variety of techniques to mask the = actual >point of origination such as forging information to make it appear as >though the email originated from a domain that is well recognized = across >the Internet. As with any widely recognized domain name, many = "spammers" >intentionally forge the email headers to make it appear that the = email=3D20 >originated from an Excite.com email account when, in fact, it did = not.=3D20 >Accordingly, the information in the header is very helpful in assisting >us in our investigation. > >We regret any inconvenience this may have caused and appreciate you >bringing this matter to our attention. > >Regards, >The Excite Email Abuse Department > > > > >Original Message Follows: >------------------------ > >PLEASE STOP SENDING ME THIS STUFF!!!!!!!!!!!!!!!!!!!!!! >TAKE ME OFF YOUR LISTS!!!!!! >----- Original Message ----- >From: anton at email.ky >To: opt56788 at excite.com >Sent: Saturday, June 01, 2002 9:57 PM >Subject: OPT OUT NOW!!!! >anton at email.ky >Do NOT send me these to the above address any more!!!!!!!!!! >FREE PORN ACCESS ALL THE PORN YOU CAN HANDLE!! >DO ME NOW I WANT YOU TO CUM!!! > http://www.now-host.com/ppp >to opt out opt56788 at excite.com you will be removed instantly >nagba^rznvy(xl ------=_NextPart_000_0084_01C209CA.4819F660 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I am sorry, but as you can see this = email is very=20 extensive. I have been trying to remove my address from these spammer = lists.=20 Please have a look at all the messages below to see what the problem is. = Could=20 you help to stop these spammers before they even get to my mailbox. I = don't want=20 to receive them at all. (Surely after all this effort someone will = listen (read)=20 and do something about this. If I wanted this stuff, no problem, but I = don't and=20 can't get rid of it.)
 
I have also sent an online contact = email to=20 netvisionsenterprises.com with:  "Please help to stop this spamming = to anton at email.ky: I have included some = of the=20 mail received from one of your clients. I have also included the email I = sent to=20 the abuse@ address for some of the domains listed.
 
These emails are harassment and = unsolicited. They=20 are deliberately programmed to not be able to opt out or = unsubscribe. They=20 also constantly use different email addresses. I want this to stop. = Please=20 help me."
I also got the following of the MARC = site ie: http://marc.theaimsgroup.com/?l=3Dcypherpunks&m=3D102= 232666819061&w=3D2
 
List:    =20 cypherpunks
Subject:  FREE PORN GET OFF=20 NOW!!
From:     susanwvwvjxmd at mailme.dk
Date:     2002-05-25 = 11:53:26
[Download message RAW]


=20 cypherpunks at algebra.com




FREE PORN ACCESS ALL THE PORN = YOU CAN=20 HANDLE!!

DO ME NOW I WANT YOU TO CUM!!!

  http://www.netvisionsenterprises.com/pp



to opt out removxcccc at excite.com you will be removed=20 instantly


plcurechaxf^nytroen(pbz





 
One of the last emails read as=20 follows:
 
From:  susanrctxigdu at mailme.dk
Reply-To: =20 <susanekmosrmm at mailme.dk>
To:  anton at email.ky =
Subject: =20 FREE PORN GET OFF NOW!!
Date:  Sun, 26 May 2002 01:27:09=20 -0500 
 anton at email.ky

FREE PORN ACCESS ALL THE PORN YOU CAN=20 HANDLE!!

DO ME NOW I WANT YOU TO CUM!!!

 =20 http://www.netvisionsenterprises.com/pp

to opt out = removxcccc at excite.com=20 you will be removed instantly


ybir2yvpx^rznvy(xl
 
----- Original Message -----=20
From: anton at email.ky
Sent: Saturday, June 01, 2002 10:32 PM
Subject: RE: Fw: OPT OUT NOW!!!! (KMM219200C0KM)

How do I stop this. These people have = been sending=20 me these spam emails for ages with different From and Reply address and = a=20 variety of weblinks like http://www.now-host.com/ppp or = http://www.netvisionsenterp= rises/ppp=20 which redirect to something like http://198.64.133.2/ppp. Not always = the same=20 address eg /ggg or something. Also always some or other excite.com email = to "opt=20 out with" which never works.
 
When you go back on to http://198.64.133.2 you get a site = titled=20
Test page for SSL/TLS-aware Apache Installation on Website starting=20 with:
Hey, it worked !
The SSL/TLS-aware Apache webserver=20 was
successfully installed on this website.
 
The latest original message had the = following=20 header and date:
 
From:   sexliadsfdh at jakgym.se =20
Reply-To:   <seximebthks at jakgym.se> = =20
To:   anton at email.ky =20
Subject:   DO YOU LIKE SEX!! 
Date:   = Fri, 31=20 May 2002 17:40:54 -0500 
 
anton at email.ky
 

FREE PORN ACCESS ALL THE PORN YOU CAN HANDLE!!
 
DO ME NOW I WANT YOU TO CUM!!!
 
  http://www.now-host.com/ppp
 
 
 
 
 
to opt out opt56788 at excite.com you=20 will be removed instantly
 

ybir2yvpx^rznvy(xl
 

 
 
 
 
 
 

--- Excite Mail Abuse <abusedept at cs.excite.com>=20 wrote:
>********** This is an automated reply to your message to = Excite=20 Abuse.=3D20
>If you have reached the wrong email address at = Excite, please=20 go to:
>http://mailit.excite.com/mailit/maincsform.jsp=20 *********
>
>Your message has been delivered to our email = abuse=20 department who will=3D20
>investigate the matter and determine if = the email=20 that you reported was
>in fact sent from an "@excite.com" email = address or=20 by way of computers
>operated by The Excite Network. If we do = determine=20 that the message was
>sent from or through our system, we will = take the=20 appropriate action.
>
>If you have not included the original = message=20 headers along with your
>message, please do so by replying to this = message, leaving the subject=3D20
>line intact which contains our = tracking=20 identification, and including
>all email headers. Email headers = show=20 specific details regarding the
>source provider, path, originating = program, and destination of the
>message which is not shown within = the TO:=20 and FROM: address fields of
>the = email.
>
>Unfortunately,=20 "spammers" use a variety of techniques to mask the actual
>point = of=20 origination such as forging information to make it appear = as
>though the=20 email originated from a domain that is well recognized across
>the = Internet. As with any widely recognized domain name, many=20 "spammers"
>intentionally forge the email headers to make it = appear that=20 the email=3D20
>originated from an Excite.com email account when, = in fact,=20 it did not.=3D20
>Accordingly, the information in the header is = very helpful=20 in assisting
>us in our investigation.
>
>We regret = any=20 inconvenience this may have caused and appreciate you
>bringing = this=20 matter to our attention.
>
>Regards,
>The Excite Email = Abuse=20 Department
>
>
>
>
>Original Message=20 Follows:
>------------------------
>
>PLEASE STOP = SENDING ME=20 THIS STUFF!!!!!!!!!!!!!!!!!!!!!!
>TAKE ME OFF YOUR=20 LISTS!!!!!!
>----- Original Message -----
>From: anton at email.ky
>To: opt56788 at excite.com
>Sent: = Saturday,=20 June 01, 2002 9:57 PM
>Subject: OPT OUT=20 NOW!!!!
>anton at email.ky
>Do NOT send me these to the above = address=20 any more!!!!!!!!!!
>FREE PORN ACCESS ALL THE PORN YOU CAN=20 HANDLE!!
>DO ME NOW I WANT YOU TO CUM!!!
http://www.now-host.com/ppp
&= gt;to opt=20 out opt56788 at excite.com you = will be=20 removed instantly
>nagba^rznvy(xl
------=_NextPart_000_0084_01C209CA.4819F660-- From ravage at einstein.ssz.com Fri May 31 16:34:23 2002 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 31 May 2002 18:34:23 -0500 (CDT) Subject: For-Profit Hospitals Present Greatest Risk Of Dying (fwd) Message-ID: Sort of blows a hole in the CACL 'profit is the best solution to all problems' approach... http://unisci.com/stories/20022/0528021.htm -- ____________________________________________________________________ A witty saying proves nothing. Voltaire ravage at ssz.com www.ssz.com jchoate at open-forge.org www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Fri May 31 16:35:00 2002 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 31 May 2002 18:35:00 -0500 (CDT) Subject: New Scientist - Serial numbers on UK bank notes rubs off (fwd) Message-ID: http://www.newscientist.com/news/news.jsp?id=ns99992334 -- ____________________________________________________________________ A witty saying proves nothing. Voltaire ravage at ssz.com www.ssz.com jchoate at open-forge.org www.open-forge.org -------------------------------------------------------------------- From nobody at remailer.privacy.at Fri May 31 09:57:04 2002 From: nobody at remailer.privacy.at (Anonymous) Date: Fri, 31 May 2002 18:57:04 +0200 (CEST) Subject: PKI: Only Mostly Dead Message-ID: <510c701dc5691bcf6b2706c29243c106@remailer.privacy.at> [Trying to get this posted to the moderated cryptography list...] Peter Gutmann should be declared an international resource. With one foot in the commercial world, one in the government world and one in the cypherpunk world, he has a rare perspective on the big security issues. His irreverance, iconoclasm, frankness and humor make his essays a joy to read. Having said that, his recent analysis[1] falls prey to the conventional wisdom in certain respects. This gives him a curious blindness which contrasts with his usual clear vision. He scrupulously shines his light on all the dirty corners which the powers-that-be would like to keep hidden, all the while ignoring the elephant standing in the middle of the room. First is the fundamental claim that PKI is not working. Peter goes into detail about all the problems that are keeping PKI from success: CRLs, user interface problems, cost issues, etc. It's a sad litany of failure. Only one little thing mars this picture. PKI IS A TREMENDOUS SUCCESS WHICH IS USED EVERY DAY BY MILLIONS OF PEOPLE. Of course this is in reference to the use of public key certificates to secure ecommerce web sites. Every one of those https connections is secured by an X.509 certificate infrastructure. That's PKI. One might even go so far as to say that PKI saved the internet, by allowing people to engage in commerce without fear. People have been trained to look for the lock icon which tells them that they have a secure connection and can safely enter their credit card information. Certainly it is true that the internet today would be vastly different if we did not have a deployed, successful, and heavily utilized public key infrastructure. Any discussion of PKI's supposed failure ought to at least recognize that it has been an overwhelming success in this extremely important market segment. Another, less fundamental but equally annoying, blind spot is Peter's allegience to what is conventional wisdom in certain circles, namely that global names do not exist. It's one thing for Carl Ellison to make such a claim; after all, he's worn his SPKI blinders for so long that they have practically grafted themselves onto his head. But someone like Peter ought to be capable of a little more independent thought. Peter even goes so far as to refer to "a locally unique identifier such as an email address." Anyone who would refer to an email address as being only locally unique is blinding himself most carefully. The truth is that we are surrounded by globally unique identifiers and we use them every day. URLs, email addresses, DNS host names, Freenet selection keys, ICQ numbers, MojoIDs, all of these are globally unique! "pgut001 at cs.auckland.ac.nz" is a globally unique name; you can use that address from anywhere in the world and it will get to the same mailbox. The existence of globally unique identifiers may not fit into some people's ideology but it is a matter of fact all the same. And likewise with the fact that there are extremely important areas where PKI has been massively successful. Let's hope that Peter's legendary clear vision will allow him to pierce the orthodoxy that comes from his friends as easily as that which comes from outsiders. === [1] http://www.cs.auckland.ac.nz/~pgut001/pubs/notdead.zip From if_daniels22 at email.com Fri May 31 19:00:08 2002 From: if_daniels22 at email.com (MR.IFEANYI DANIELS) Date: Fri, 31 May 2002 19:00:08 -0700 Subject: reply soon Message-ID: <200205311617.g4VGHfKG016000@ak47.algebra.com> ATTN: THE BENEFICIARY Dear Sir, Your contact was discretely sourced for among others with respect to your position as an international acclaimed personality; and we decided in your favour as a partner for this business proposal bearing in mind that you are of an outstanding reputation to usher you in as the beneficiary. However, I repose every confidence in you concerning your status by virtue of its nature as being utterly confidential and with the believe that you could be fully trusted to handle this business with the degree of confidence it deserves. I am MR. IFEANYI DANIELS an Audit Manager with the FEDERAL MINISTRY OF PETROLEUM & NATURAL RESOURCES under the Contract Tender Committee. My colleagues and I in the corporation need the services/assistance of a competent, trustworthy and reputable foreigner or company into whose account the sum of US $6,000,000M (Six Million United States Dollars) would be remitted before the Deregulation of the Oil sector. This fund originated from a deliberate over-estimation of contracts that was awarded by the Ministry to foreign companies for drilling, excavation and spot lifting of black gold (Crude oil) in Portnovo located in the tiny Republic of Benin. Since, they are not members of the Organization of Petroleum Exporting Country, they requested for our Ministry's (Federal Ministry of Petroleum & Natural Resources) assistance. This fund has been lying unclaimed at the Accounts Department of the Ministry because it has neither a beneficiary nor any file with the corporation. It is within this framework, that we have resolved to usher you in as the beneficiary of this fund by Legally subcontracting the entitlement to you or your company based on agreement with you. Moreover, the need to contact you or your company is deemed fit because the contracts were executed by foreign firms and the money cannot go into indigenous accounts because the Code of Conduct (COC) of the Federal Civil Servants here (Nigeria) restrict us to a certain level of Banking facilities which does not allow us to operate a Domiciliary account; however, it is imperative to usher you in as a foreign partner so as to avoid suspicion from unconcerned quarters and most importantly, for fear of loosing our jobs. Meanwhile, the original contractors of these projects had since collected their supposed payments accordingly after the commissioning of their works. Now, we want to remit this over-estimated amount to a reliable overseas account for our personal use and for investments opportunities. All the certificates and proper documentation to effect the transfer shall be provided to you for your perusal upon your pledge to do this business with us. Subsequently, your support will enable us make applications and lodge claims to the Ministry's Agencies enabling you to fit in as the beneficiary for the claims. Please, be informed that this business is closely knitted and 100% hitch free and so entails absolute confidentiality and in case you are not interested to assist, keep it to yourself. Your quick response upon your Expression Of Interest (EOI) will enable me stop further search for a beneficiary. Reply through email for further briefing on how to commence this transaction.I look forward to hearing from you and your cooperation would be highly acknowledged. Best regards, MR.IFEANYI DANIELS From DaveHowe at gmx.co.uk Fri May 31 12:56:12 2002 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Fri, 31 May 2002 20:56:12 +0100 Subject: Slashdot | EU to Require Opt-In for Commercial Email (fwd) References: Message-ID: <01d301c208dd$3802d6e0$01c8a8c0@p800> > http://yro.slashdot.org/yro/02/05/30/1640210.shtml?tid=111 It was a combo bill - the Spammers have to restrict themselves to Opt-In, but the Governments get to demand ISPs keep records of who does what where on demand. Of course, none of this has legal force until ratified in the countries own legislation - anyone want to guess how many countries rush in the ISP record bits, and conveniently forget the spam bits? From njohnsn at iowatelecom.net Fri May 31 18:59:43 2002 From: njohnsn at iowatelecom.net (Neil Johnson) Date: Fri, 31 May 2002 20:59:43 -0500 Subject: FC: Hollywood wants to plug "analog hole," regulate A-D In-Reply-To: <014001c20a9d$be90d060$6501a8c0@josephas> References: <001d01c20a91$483d2e60$84c5efd1@LUCKYVAIO> <014001c20a9d$be90d060$6501a8c0@josephas> Message-ID: On Sunday 02 June 2002 08:24 pm, Joseph Ashwood wrote: >> > The MPAA has not asked that all ADCs be forced to comply, only that those > in a position to be used for video/audio be controlled by a cop-chip. While > the initial concept for this is certainly to bloat the ADC to include the > watermark detection on chip, there are alternatives, and at least one that > is much simpler to create, as well as more benficial for most involved > (although not for the MPAA). Since I'm writing this in text I cannot supply > a wonderful diagram, but I will attempt anyway. The idea looks somewhat > like this: > > analog source ------>ADC------>CopGate----->digital > > Where the ADC is the same ADC that many of us have seen in undergrad > electrical engineering, or any suitable replacement. The CopGate is the new > part, and will not be normally as much of a commodity as the ADC. The > purpose of the CopGate is to search for watermarks, and if found, disable > the bus that the information is flowing across, this bus disabling is again > something that is commonly seen in undergrad EE courses, the complexity is > in the watermark detection itself. > > The simplest design for the copgate looks somewhat like this (again bad > diagram): > > in----|---------------buffergates----out > ----CopChip-----| > > Where the buffer gates are simply standard buffer gates. > > This overall design is beneficial for the manufacturer because the ADC does > not require redesign, and may already include the buffergates. In the event > that the buffer needs to be offchip the gate design is well understood and > commodity parts are already available that are suitable. For the consumer > there are two advantages to this design; 1) the device will be cheaper, 2) > the CopChip can be disabled easily. In fact disabling the CopChip can be > done by simply removing the chip itself, and tying the output bit to either > PWR or GND. As an added bonus for manufacturing this leaves only a very > small deviation in the production lines for inside and outside the US. This > seems to be a reasonable way to design to fit the requirements, without > allowing for software disablement (since it is purely hardware). > Joe Bzzzzztttt! Wrong Answer ! How do you prevent some hacker/pirate (digital rights freedom fighter) from disabling the "CopGate" (by either removing the CopChip, finding a way to bypass it, or figure out how to make it think it's in, "Government Snoop" mode ) ? Then the watermark can be removed. Remember it only requires ONE high-quality non-watermarked analog to digital copy to make it on the net and it's all over. -- Neil Johnson, N0SFH http://www.iowatelecom.net/~njohnsn http://www.njohnsn.com/ PGP key available on request. From ravage at einstein.ssz.com Fri May 31 19:30:25 2002 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 31 May 2002 21:30:25 -0500 (CDT) Subject: Cypherpunks node spewing blank messages again In-Reply-To: <5.1.0.14.1.20020531164210.033e7a80@idiom.com> Message-ID: The problem is algebra.com has a MX record problem, as a consequence the CDR Hub account gets bounces and they go out and the rest of the nodes send it on out. I've already sent one note out earlier today on it. On Fri, 31 May 2002, Bill Stewart wrote: > Jim - > Got a dozen of these this afternoon. > Looks like something's broken with the CDR again. > > Bill > > >Return-Path: owner-cypherpunks at lne.com > >Delivered-To: bill.stewart at pobox.com > >Received: from slack.lne.com (dns.lne.com [209.157.136.81]) > > by cali-3.pobox.com (Postfix) with ESMTP > > id 71C2C3E644; Fri, 31 May 2002 19:22:39 -0400 (EDT) > >Received: (from majordom at localhost) > > by slack.lne.com (8.11.0/8.11.0) id g4VNFth06997 > > for cypherpunks-goingout; Fri, 31 May 2002 16:15:55 -0700 > >X-Authentication-Warning: slack.lne.com: majordom set sender to > >owner-cypherpunks at lne.com using -f > >Cc: recipient list not shown: ; > >X-Mailsort: cypherpunks > >Date: Fri, 31 May 2002 18:18:54 -0500 > >From: CDR Hub Account > >Message-Id: <200205312318.SAA22480 at einstein.ssz.com> > >Sender: owner-cypherpunks at lne.com > >Precedence: bulk > >X-Loop: cypherpunks at lne.com > >X-UIDL: 5ea31b040cf49a9f9f6c29e5f5118b25 > > -- ____________________________________________________________________ A witty saying proves nothing. Voltaire ravage at ssz.com www.ssz.com jchoate at open-forge.org www.open-forge.org -------------------------------------------------------------------- From fe at insurancemail.net Fri May 31 18:37:44 2002 From: fe at insurancemail.net (IQ - FreeERISA.com) Date: Fri, 31 May 2002 21:37:44 -0400 Subject: Free Prospects...by the millions! Message-ID: <46d5b901c2090c$ed3fe3c0$6701a8c0@insuranceiq.com> FREE PROSPECTS ...by the millions! Online prospecting that works. FREE Retirement and Benefit Plan Data ERISA Form 5500 Filings Financial reports of qualified retirement and welfare benefit plans of U.S. employers IRS Form 5310 Companies who have applied to the IRS to terminate their retirement plan Public Pension Funds Summary data on pension funds for state, county and municipal government employees Terminating Pension Plans Defined benefit plans that recently teminated as filed with the Pension Benefit Guaranty Corporation EIN Finder Find that tax identification number you need! Over 1.3 million in our database Click Here to register for FREE Today! Free ERISA .com FreeERISA.com - Free access to pension and benefit data We don't want anyone to receive our mailings who does not wish to. This is professional communication sent to insurance professionals. To be removed from this mailing list, DO NOT REPLY to this message. Instead, go here: http://www.Insurancemail.net Legal Notice -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5108 bytes Desc: not available URL: From ravage at einstein.ssz.com Fri May 31 20:21:29 2002 From: ravage at einstein.ssz.com (Jim Choate) Date: Fri, 31 May 2002 22:21:29 -0500 Subject: Slashdot | Copy That Floppy? Go To Jahannum (Hell) Message-ID: <3CF83DB9.2FC8313E@ssz.com> http://slashdot.org/articles/02/05/31/1651254.shtml?tid=99 -- -- ____________________________________________________________________ A witty saying proves nothing. Voltaire ravage at ssz.com www.ssz.com jchoate at open-forge.org www.open-forge.org -------------------------------------------------------------------- From wizardlaw at yahoo.com Fri May 31 23:28:22 2002 From: wizardlaw at yahoo.com (wizardlaw at yahoo.com) Date: Fri, 31 May 2002 23:28:22 Subject: Experienced Help: Writing Your Appeal Message-ID: <200206010623.g516MbFb005840@ak47.algebra.com> EXPERIENCED, ECONOMICAL HELP: WRITING YOUR APPEAL State or Federal Court Appeals, United States Supreme Court Petition ---------------------------------------------------------------------------------------------------------------- Learn how to win in the legal system, without a lawyer: Video #1 Introduction to Courts and Civil Procedure $23.45 postpaid Video #2 The Appeal Process - Representing Yourself $23.45 postpaid Video #3 Power and Pitfalls of Federal Court $23.45 postpaid Video #4 Preparing for Trial $23.45 postpaid ----------------------------------------------------------------------------------------------------------------- Videotape orders (Visa, Mastercard, American Express): http://www.nolawyer.com/ntsecure/securecc.html Mail Orders, and discussions regarding appeal help: Robert Hirschfeld, JD PO Box 696 Lukeville AZ 85341 From wizardlaw at yahoo.com Fri May 31 23:28:29 2002 From: wizardlaw at yahoo.com (wizardlaw at yahoo.com) Date: Fri, 31 May 2002 23:28:29 Subject: Experienced Help: Writing Your Appeal Message-ID: <200206010626.BAA26196@einstein.ssz.com> EXPERIENCED, ECONOMICAL HELP: WRITING YOUR APPEAL State or Federal Court Appeals, United States Supreme Court Petition ---------------------------------------------------------------------------------------------------------------- Learn how to win in the legal system, without a lawyer: Video #1 Introduction to Courts and Civil Procedure $23.45 postpaid Video #2 The Appeal Process - Representing Yourself $23.45 postpaid Video #3 Power and Pitfalls of Federal Court $23.45 postpaid Video #4 Preparing for Trial $23.45 postpaid ----------------------------------------------------------------------------------------------------------------- Videotape orders (Visa, Mastercard, American Express): http://www.nolawyer.com/ntsecure/securecc.html Mail Orders, and discussions regarding appeal help: Robert Hirschfeld, JD PO Box 696 Lukeville AZ 85341 From nobody at remailer.privacy.at Fri May 31 15:44:05 2002 From: nobody at remailer.privacy.at (Anonymous) Date: Sat, 1 Jun 2002 00:44:05 +0200 (CEST) Subject: Bit commitment with hashes in Applied Cryptography References: Message-ID: <1ccca24792c6e7427c7aec99be86186e@remailer.privacy.at> Jason asks: > In Applied Cryptography, p. 87 (2nd ed., heading "Bit Commitment Using > One-Way Functions") Schneier specifies that Alice must generate 2 > random bit strings before hashing, and then send one along with the > hash as her commitment: > > commitment = H(R1, R2, b), R1 > > Is this to keep her from taking advantage of known collisions? No, it's just a mistake. AC's got more mistakes than a whore has crabs. Never rely on it. Always check the primary literature, or at least the HAC, http://www.cacr.math.uwaterloo.ca/hac/. Using R1 you're basically choosing from a parameterized family of hash functions. But that's not necessary for this; you can choose a fixed hash, junk R1, and just use the single random value R2.