From schear at attbi.com  Fri Nov  1 08:18:59 2002
From: schear at attbi.com (Steve Schear)
Date: Fri, 01 Nov 2002 08:18:59 -0800
Subject: Katy, bar the door
In-Reply-To: <4D4A80DB-ED5B-11D6-A13B-0050E439C473@got.net>
References: <5.1.0.14.2.20021031170646.043d1cf8@mail.attbi.com>
Message-ID: <5.1.0.14.2.20021101081633.0454d3e0@mail.attbi.com>


At 09:32 PM 10/31/2002 -0800, Tim May wrote:
>On Thursday, October 31, 2002, at 05:09  PM, Steve Schear wrote:
>>
>>Unfortunately, there are many gasses which kill or disable with only a 
>>small dosage (e.g., VX).  Unless the cabins are equipped with toxic air 
>>sensors (possible in a few years with all the biochip work underway) I 
>>think the masks may be be too little too late.
>
>I'm missing the gist of this scenario.
>
>If the attackers/hijackers cannot get into the cockpit and gain control of 
>the plane, then the most they can do with disabling/lethal/nerve gases is 
>to cause the plane to essentially crash randomly...which kills a few 
>hundred people, but probably not many more.

This may be more than sufficient to place a final nail in the airline 
industry coffin.  Killing NY sheeple in high rise buildings isn't the only 
way to hurt us.

steve




From marketing at 1st-agent-finder.com  Fri Nov  1 00:52:25 2002
From: marketing at 1st-agent-finder.com (First Agent Finder)
Date: Fri, 01 Nov 2002 09:52:25 +0100
Subject: Importers and Distributors news
Message-ID: <200211010851.gA18p6xx029600@ak47.algebra.com>

A new business-to-business contact venue is opened on the Internet.

First Agent Finder - b2b Contacts

That is the place where your advertisements are the highlights.
No banner ads, no pop-ups, no thousands of futile trade leads. 
Just plain businesses that want to get in contact with other business for lasting trade relationships.

Please have a look at the site: http://www.1st-agent-finder.com

If you would like to have an introduction offer to advertise on the site, please send an empty e-mail using this link: 
sales at 1st-agent-finder.com?subject=offer
Or reply to this e-mail and put the text "offer" in the subject line.

If you would like to be kept informed only about significant change on the site, please send an empty e-mail using this link: 
info at 1st-agent-finder.com?subject=info
Or reply to this e-mail and put the text "info" in the subject line.

In case you just do not want to hear more from us on the subject First Agent Finder, then please reply to this e-mail and put the word "remove" in the subject line.
In either case, we do appreciate your response, thank you.

Best regards

Torben Christensen
Sales manager at First Agent Finder.

ANTI SPAM policy - We dislike mail-spam as much as you do !!!!
So we did not buy one of the many available "tons-of-e-mail"-lists. We initiated a browse on the Internet for prospects.
We found your e-mail address while browsing the Internet for sites where the keywords distribution import and trade were present. We may have read your web presence wrong, thus added your e-mail to our marketing file by error. We also included more e-mails from the same company (domain) as it may have been difficult to decide on whom to approach.
In either case, please reply to this e-mail and put the word "error" in the subject line, then we will provide you with the search link to the web-URL where we found your mail, and delete you from our file.
  

From mv at cdc.gov  Fri Nov  1 11:38:08 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 01 Nov 2002 11:38:08 -0800
Subject: P2P ordered to monitor users, files
Message-ID: <3DC2D820.BAD8046C@cdc.gov>


Can't wait until some lawyer in a black robe tries to understand
Freenet...
which works with Java 1.4.0 on Win95, BTW


File-swapping 'Madster' must track songs

                Friday, November 1, 2002 Posted: 10:03 AM EST (1503 GMT)

                ALBANY, New York (AP) -- The
                file-sharing service Madster must
                keep a list of songs available through
                the system as part of a court order to
                block access to copyright works.

                U.S. District Judge Marvin Aspen in
                Chicago granted a preliminary injunction
                against the service Sept. 4. The judge
                sided with recording company officials
                who claimed Albany-based Madster
                violated copyright law just as Napster
                had before it.

                Aspen waited until this week, however,
                to release terms of the injunction to give
                the two sides time to suggest wording tailored to stop
only the transfer of
                copyright files.

                In addition to disabling access to copyright works,
Aspen directed Madster to
                monitor its system and keep a list of "any and all sound
recordings and musical
                compositions" being made available. That list must be
shared with recording
                companies upon five business days notice.

                Service must comply

                The service also must file regular reports detailing its
compliance.

                Madster founder Johnny Deep did not immediately return
calls Thursday. He has
                said that he didn't know of a way to filter copyright
files because the transferred
                material is encrypted.
<snip>
http://www.cnn.com/2002/TECH/biztech/11/01/madster.ruling.ap/index.html




From freeze at freegasdaily.com  Fri Nov  1 12:07:39 2002
From: freeze at freegasdaily.com (Freeze Wireless)
Date: Fri,  1 Nov 12:07:39 2002 -0800
Subject: 2 Nokia 3390`s with Long Distance & Roaming @ No Charge
Message-ID: <42149866.1598307@mailhost>

Get your FREE* Nokia 3390 Cell Phone! NOW!

Just one easy step and the hottest new cell phone on the market is all yours!!!

Order Now and Receive:

UNLIMITED Weekend Minutes
FREE Long Distance
& NO Roaming Charges!

Click below to learn more about the Free Nokia 3390

http://www.freegasdaily.com/clicknew.jsp?type=click&account=tmobile&campaign=tmobile1029&email=cypherpunks at minder.net&URL=http://linktrack.freezefinds.com/cgi-bin/wireless/linktrack/go.cgi?razor

This offer Includes the Get More Plus Plan 
- 500 Whenever Minutes 
- Unlimited Weekend Minutes 
- Free Nationwide Long Distance 
- Free Digital Roaming Nationwide 
- Voicemail with Messaging Alert 
- Caller ID, Call Waiting, Call Hold 
- Ping Pong- 50 Text Message 

Click below to learn more about the Free Nokia 3390 
or call 1-800-300-7066 and mention bonus code 17162 & ref code 1023

http://www.freegasdaily.com/clicknew.jsp?type=click&account=tmobile&campaign=tmobile1029&email=cypherpunks at minder.net&URL=http://linktrack.freezefinds.com/cgi-bin/wireless/linktrack/go.cgi?razor

 OR        Take advantage of this great offer

Get 2 Free* phones with unlimited calling between them and FREE long distance all on one bill!!!  Great for family or friends who want to stay in touch!

Click Below to learn more about getting 2 Free Nokia 3390's on the FamilyTime Plan
 
http://www.freegasdaily.com/clicknew.jsp?type=click&account=tmobile&campaign=tmobile1029&email=cypherpunks at minder.net&URL=http://linktrack.freezefinds.com/cgi-bin/wireless/linktrack/go.cgi?razorfam

* Phone free after instant rebate.  This offer is fulfilled by InPhonic, and authorized dealer for Voicestream Wireless and T-Mobile.  Offer subject to credit approval or deposit, and is available to customers activating a new line of service on a one-year contract with Voicestream Wireless.  Early termination fees may apply.  Not all US markets are served by Voicestream Wireless or T-Mobile.  If you are in a non-Voicestream Wireless or T-Mobile area you will receive another great offer from another major wireless company.  Other restrictions apply, see full offer for details.  Offer expires October 31, 2002.  Offer may vary.  Click to view the offer, Call the Toll free number provided above, or send offer inquiries to InPhonic, Inc., 9301 Peppercorn place, Largo, MD  20774.

====================================




















This is brought to you by FreeGasDaily. You are receiving this because of your participation in the FREE GAS FOR LIFE sweepstakes.If you feel this has reached you in error or if you would no longer like to be eligible and would like to stop receiving offers from us, please visit http://www.freegasdaily.com and click on unsubscribe. Thank you.
















c&y&p&h&e&r&p&u&n&k&s&%m&i&n&d&e&r&~n&e&t&

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4526 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021101/2156128a/attachment.txt>

From mv at cdc.gov  Fri Nov  1 15:02:50 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 01 Nov 2002 15:02:50 -0800
Subject: Flight security analysis (was Re: Confiscation of Anti-War
      Video)
Message-ID: <3DC3081A.74B07104@cdc.gov>


At 05:16 PM 11/1/02 -0500, Steve Furlong wrote:
>But Maj Variola made a questionable point, too:
>
>> At 30K feet, you have about half a minute before you pass out
>
>I just tested that, sort of. I emptied my lungs, then lifted weights
for
>30 seconds. It was a little painful toward the end, but I didn't grey
>out or anything.

I was unable to find my ref.  But I also know that muscles
can work anaerobically; also that asphyxiation-feeling is from
too much CO2, not a lack of O2.  Also, you can't really
empty your lungs.

I once saw a show about medicine.  In it, an M.D. rebreathed
his own CO2-scrubbed air as he wrote the alphabet, on camera.
Halfway through he started scribbling incoherently and fell over,
unawares.
(There were assistants to save him.)

FWIW




From kelsey.j at ix.netcom.com  Fri Nov  1 12:35:05 2002
From: kelsey.j at ix.netcom.com (John Kelsey)
Date: Fri, 01 Nov 2002 15:35:05 -0500
Subject: Katy, bar the door
In-Reply-To: <4D4A80DB-ED5B-11D6-A13B-0050E439C473@got.net>
References: <5.1.0.14.2.20021031170646.043d1cf8@mail.attbi.com>
Message-ID: <4.1.20021101151940.00a39aa0@pop.ix.netcom.com>


At 09:32 PM 10/31/02 -0800, Tim May wrote:
...
>If the attackers/hijackers cannot get into the cockpit and gain control 
>of the plane, then the most they can do with disabling/lethal/nerve 
>gases is to cause the plane to essentially crash randomly...which kills 
>a few hundred people, but probably not many more.
>
>Which is yet another reason why securing the cockpit door very, very 
>well is the single most important, and cheapest, solution.

Hmmm.  I agree, but if the attackers chose the right time (while the
plane's on autopilot) to release the gas or whatever, they might have an
hour or two to get through the cockpit door, with no resistance at all from
the now-dead passengers or crew.  Securing a cockpit door in those
circumstances is *much* harder than securing it against someone with a
shorter time to get through, and with the possibility of active resistance
from the other side.  (I seem to recall hearing some pilot comment that he
was very confident of his ability to keep someone from breaking through the
door, just by flying so that it's almost impossible to stay on your feet.
Certainly, trying to use a hacksaw or cutting torch or something wouldn't
be much fun while the pilot did loops or something.)  

On the other hand, the pilot or copilot pretty much just have to figure out
something is wrong and indicate this fact to the people on the ground, and
there will be a plane along shortly to shoot them down if necessary.  And I
don't think this kind of gassing attack would work all that smoothly in
practice--some people would be affected before others, due to nonuniformity
in the way air is distributed in the cabin and different levels of
susceptibility.  

The combination of a hard-to-break-into cockpit and some kind of response
to prevent these planes being used as low-tech cruise missiles seems like a
win.  Maybe it would make sense to add some kind of remote surveilance of
the cockpit, though I imagine this wouldn't be too popular with pilots, and
they'd definitely need to secure the channel properly.  

>--Tim May
 --John Kelsey, kelsey.j at ix.netcom.com // jkelsey at certicom.com




From camera_lumina at hotmail.com  Fri Nov  1 13:43:36 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Fri, 01 Nov 2002 16:43:36 -0500
Subject: LIDAR/Lasers
Message-ID: <F64rUPlZs7WVRvRQ8n0000107a0@hotmail.com>


"Some of these problems can be avoided by using very short pulses.

Again you get into dwell, the short pulses -must- be made up for by
increasing the PRR and this defeats the who purpose of the short pulses
since you need more of them (we're talking an integration effect here
so it doesn't take much to understand why duty cycle isn't as important
as you make it out to be"

IR is not particularly better than visible for most wavelengths, and fog is 
the real killer (as opposed to rain or even snow). But I know the LIDAR 
folks found that there ARE some nicer wavelength windows within the IR band.

As for pulsed lasers, here's where my knowledge of military applications 
fails me (I used to work in civilian ultrafast/femtosecond optics.) As for 
pulsing such a laser, I can't quite imagine WHY this would be attempted for 
damage reasons (reconaissance is a different sotry). If the pulsing is in 
the millisecond regime or faster, I would imagine this is only to allow for 
population re-inversion of the laser material (ie, to keep it lasing at 
higher peak power). But I assume the military's laser research in the 
wavelengths of interest are well beyond the need for this.

Of course, there's the easy possibility that the military does use fast 
pulses for the purpose of knocking out certain sensor materials via 2nd 
order/nonlinear processes. As we found out back in 92 or so (from some 
declassification), the military's optical research in Adaptive optics was in 
some ways 30 years ahead of the civilian world. Who the heck knows what 
they're doing with laser pulses.





_________________________________________________________________
Unlimited Internet access -- and 2 months free!  Try MSN. 
http://resourcecenter.msn.com/access/plans/2monthsfree.asp




From sfurlong at acmenet.net  Fri Nov  1 14:16:49 2002
From: sfurlong at acmenet.net (Steve Furlong)
Date: Fri, 1 Nov 2002 17:16:49 -0500
Subject: Flight security analysis (was Re: Confiscation of Anti-War
    Video)
In-Reply-To: <3DC2F38A.D1FCCA36@cdc.gov>
References: <3DC2F38A.D1FCCA36@cdc.gov>
Message-ID: <200211011716.49228.sfurlong@acmenet.net>


On Friday 01 November 2002 16:35, Major Variola (ret) wrote, in response 
to another of Choate's odd statements:

> Do the thermal conductivity/inertia calcs.  -40F *air* can't drop
> your coretemp in 30 seconds.  Do the math.  Or go up to the Dakotas
> this winter and step outside for half a minute.  It hurts but doesn't
> kill that quickly.

I was thinking the same, having been in -40 weather before. I haven't 
been in -40 with a 500MPH wind chill, though. On the other hand, we're 
not talking a convertible jumbo jet with the top down, so the wind 
chill might not be that big a factor. Bottom line, I think Choate was 
blowing smoke, as usual.

But Maj Variola made a questionable point, too:

> At 30K feet, you have about half a minute before you pass out

I just tested that, sort of. I emptied my lungs, then lifted weights for 
30 seconds. It was a little painful toward the end, but I didn't grey 
out or anything.


-- 
Steve Furlong    Computer Condottiere   Have GNU, Will Travel

Vote Idiotarian --- it's easier than thinking




From eugen at leitl.org  Fri Nov  1 10:59:14 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 1 Nov 2002 19:59:14 +0100 (CET)
Subject: Katy, bar the door
In-Reply-To: <5.1.0.14.2.20021101081633.0454d3e0@mail.attbi.com>
Message-ID: <Pine.LNX.4.33.0211011952200.2101-100000@hydrogen.leitl.org>


On Fri, 1 Nov 2002, Steve Schear wrote:

> This may be more than sufficient to place a final nail in the airline
> industry coffin.  Killing NY sheeple in high rise buildings isn't the

Doesn't have to be overnight. It would be already enough to arm the pilots
and issue an SOP to lock the doors before the plane starts rolling, and
keep them locked until the plane stops. But this means depriving the
pilots of stewardess company in flight, and installing toilets in the
cockpits, so it's a hard one.

> only way to hurt us.

Well, the next one is synchronous-release nerve gas in the subway rush
hour, a big stadium, or a nuke in Manhattan. Kinda difficult to achieve
enough scale otherwise using biological agents. You need a lot of
weapon-grade stuff, or get lucky to achieve sustainable burn within a
high-density high-interaction area, which restricts you to very exotic
agents. Doesn't appear very likely.




From hseaver at cybershamanix.com  Fri Nov  1 19:17:06 2002
From: hseaver at cybershamanix.com (Harmon Seaver)
Date: Fri, 1 Nov 2002 21:17:06 -0600
Subject: Flight security analysis (was Re: Confiscation of Anti-War
  Video)
In-Reply-To: <3DC2F38A.D1FCCA36@cdc.gov>
References: <3DC2F38A.D1FCCA36@cdc.gov>
Message-ID: <20021102031706.GA4909@cybershamanix.com>


On Fri, Nov 01, 2002 at 01:35:06PM -0800, Major Variola (ret) wrote:
> At 02:45 PM 11/1/02 -0600, Jim Choate wrote:
> >On Fri, 1 Nov 2002, Major Variola (ret) wrote:
> >
> >> At 30K feet, you have about half a minute before you pass out
> >
> >Which isn't the problem it's the -40F that kills you. You freeze
> >your ass off well before you ever die from lack of oxygen. The vast
> >majority of folks can hold their breath long enough for a jet to go
> >from 30k to 10k in a emergency dive. Less than 60s.
> 
> Wow, Choate biophysics now.
> 
> Do the thermal conductivity/inertia calcs.  -40F *air* can't drop your
> coretemp in 30 seconds.  Do the math.  Or go up to the Dakotas
> this winter and step outside for half a minute.  It hurts but
> doesn't kill that quickly.


   We lived for a long, long time in far northern MN in a cabin with no
electricity or running water. When I had to pee in the middle of the night, I'd
just run outside and pee in the yard. Summer or Winter, it made no difference,
and I never found it a problem standing out there buck naked and barefoot at 30
below. Can't imagine that 40 below would be much different. And since my wife
objected to yellow snow right by the house, I had to walk at bit away, not clear
to the outhouse, but a piece. 
   OTOH, I did once when we lived up about halfway between Jasper and Prince
George, BC fall thru the ice in the Fraser River up to my waist (fully clothed
tho) and my legs lost all feeling almost immediately. Of course, that river up
there was pretty close to being straight off a glacier and was too cold to swim
in even in July or August. I likewise went thru the ice to my waist in N. MN
once and it wasn't bad at all. 



-- 
Harmon Seaver	
CyberShamanix
http://www.cybershamanix.com

"War is just a racket ... something that is not what it seems to the
majority of people. Only a small group knows what its about. It is
conducted for the benefit of the very few at the expense of the
masses."  --- Major General Smedley Butler, 1933

"Our overriding purpose, from the beginning through to the present
day, has been world domination - that is, to build and maintain the
capacity to coerce everybody else on the planet: nonviolently, if
possible, and violently, if necessary. But the purpose of US foreign
policy of domination is not just to make the rest of the world jump
through hoops; the purpose is to faciliate our exploitation of
resources."
- Ramsey Clark, former US Attorney General
http://www.thesunmagazine.org/bully.html




From dwpmea3mmdnnd74i at freemail.org.mk  Fri Nov  1 22:41:41 2002
From: dwpmea3mmdnnd74i at freemail.org.mk (Pinelopi Jones)
Date: Fri, 1 Nov 2002 22:41:41 -0800
Subject: Derty Sweeeet Dirty Pink Cunt tmj
Message-ID: <200211020351.gA23pd2f073778@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1916 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021101/b12978fc/attachment.txt>

From araaqil at msn.com  Fri Nov  1 23:41:57 2002
From: araaqil at msn.com (Will Bandel)
Date: Fri, 01 Nov 2002 23:41:57 -0800
Subject: cypherpunks, $5.00 per 100MG dose for Gen*ric V*agra. Limited Time Free Doctor Consultation
Message-ID: <sbctggxovy@msn.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 10452 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021101/25a7917c/attachment.txt>

From mailers-wanted at Prosper.zzn.com  Sat Nov  2 02:40:29 2002
From: mailers-wanted at Prosper.zzn.com (mailers-wanted at Prosper.zzn.com)
Date: Sat, 2 Nov 2002 02:40:29 -0800
Subject: !!!EARN BIG $$$ POSTING GIO FLIERS!!!
Message-ID: <7F7DCC15A4695FC42B9697F21E6A07AE@mailers-wanted.Prosper.zzn.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 20212 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021102/048bec55/attachment.txt>

From adam at homeport.org  Sat Nov  2 09:09:19 2002
From: adam at homeport.org (Adam Shostack)
Date: Sat, 2 Nov 2002 12:09:19 -0500
Subject: What email encryption is actually in use?
In-Reply-To: <00c701c26928$b8b0d480$c71121c2@sharpuk.co.uk>
References: <h75hpus0qnbq0u871flqmemmmobpetopa0@4ax.com>
  <00c701c26928$b8b0d480$c71121c2@sharpuk.co.uk>
Message-ID: <20021102170918.GA67308@lightship.internal.homeport.org>


An interesting tidbit in the September Information Security Bulletin
is the claim from MessageLabs that only .005% of the mail they saw in
2002 is encrypted, up from .003% in 2000.  (MessageLabs is an
outsourcing email anti-virus company.)

At this thrilling rate of growth, it will be on the order of between
30 and 40 years before we see most email being encrypted.  And about
10 years before we start to see any real hope of a "fax effect."

Lets be sure to consider that the PGP model is working.  After all,
thats faster than the adoption of the, ummm, well, I'm sure someone
can take comfort from it.  Maybe even someone other than the
eavesdroppers.

Now, it may be that they have a unusual sampling because only a
nutcase company would send all its email through a 3rd party
processor.  But I don't believe that to be true.  Most companies send
their email unencrypted through a single ISP.  Messagelabs only has it
slightly easier when it comes to eavesdropping.  Last month, about 5%
of my email was sent PGP encrypted, about 2% STARTTLS encrypted, and
about 25% SSH encrypted to people on the same mail server, where POP
and IMAP only function via SSH.

I'd be interested to hear how often email content is protected by any
form of crypto, including IPsec, Starttls, ssh delivery, or PGP or
SMIME.  There's probably an interesting paper in going out and looking
at this.

Adam
-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From mv at cdc.gov  Sat Nov  2 16:38:57 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Sat, 02 Nov 2002 16:38:57 -0800
Subject: Katy, bar the door
Message-ID: <3DC47021.1F8A24BE@cdc.gov>


At 10:49 AM 11/2/02 -0800, Bill Frantz wrote:
>(A number of years ago, there was a case where a
>pilot, presumably asleep, flew right past Los Angles, over the Pacific
>ocean, and crashed.  ATC was very concerned, but couldn't do anything
to
>wake the pilot.)

Around a year ago a small private jet lost contact over the US.  A jet
was
dispatched, saw iced windows, no response to signals.  The plane was on
autopilot, eventually crashed
in the middle of nowhere.  The passengers/pilot are believed to have
passed out
from anoxia.  (The autopilot kept them at high altitude too!)

When that trucker kamakazi'd into the state capital in Sacramento last
year, they decided to put Jersey barriers
up.  Hard to do that in the air (Blimps with nets?)




From tcmay at got.net  Sat Nov  2 21:37:11 2002
From: tcmay at got.net (Tim May)
Date: Sat, 2 Nov 2002 21:37:11 -0800
Subject: What email encryption is actually in use?
In-Reply-To: <F15m6zlkP5Sj5xLrh0Y00012b30@hotmail.com>
Message-ID: <4CDB4755-EEEE-11D6-A13B-0050E439C473@got.net>


On Saturday, November 2, 2002, at 08:01  PM, Tyler Durden wrote:

> "Prior to that, the encrypted email I've sent in the past year or so 
> has almost always failed, because of version incompatibilities,"
>
> While in Telecom I was auditing optical transport gear, and we adopted 
> the practice of encrypting all of our audit reports to vendors. Of 
> course, the chance of there being an eavesdropper (uh...other than 
> NSA, that is) was a plank energy above zero, but it gave the vendors 
> the imporession we really cared a lot about their intellectual 
> property (if we determined a problem with their equipment, and if that 
> info ever leaked, it could have a major impact on them).

When I was at Intel we sent our designs for microprocessors to European 
branches and/or partners. One set of designs sent to MATRA/Harris, a 
partner in the 80C86, was stolen in transit. (The box of tapes arrived 
in Paris, but the tapes had been replaced by the suitable weight of 
bricks.)

The moral: 99.9999x % of traffic is of little interest to thieves or 
eavesdroppers. But some fraction is.

And it often isn't appreciated until after a theft or eavesdrop in 
which category the traffic lies. (Equivalent to people not thinking 
about backups until it's too late.)

Having said this, I, too, rarely encrypt. It should get easier, now 
that PGP 8 is well-integrated into the Mail program I use in OS X. 
(Years ago PGP stopped working in my mailer, and I had to encrypt and 
decrypt manually.)

It is odd that we mostly think crypto should be easy and painless. The 
military, with a real need for crypto, has full-time code clerks on 
ships and at bases, even out on the battlefield. And they have "code 
shacks" and "cipher rooms" and all sorts of procedure and rigamarole 
about envelopes, couriers, locks on doors, combo locks on safes, need 
to know, etc.

PK crypto has made a lot of things a lot easier, but expecting it all 
to work with a click of a button is naive. Of course, most of us don't 
actually have secrets which make protocols and efforts justifiable. 
There's the rub.

--Tim May




From camera_lumina at hotmail.com  Sat Nov  2 20:01:23 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Sat, 02 Nov 2002 23:01:23 -0500
Subject: What email encryption is actually in use?
Message-ID: <F15m6zlkP5Sj5xLrh0Y00012b30@hotmail.com>


"Prior to that, the encrypted email I've sent in the past year or so has 
almost always failed, because of version incompatibilities,"

While in Telecom I was auditing optical transport gear, and we adopted the 
practice of encrypting all of our audit reports to vendors. Of course, the 
chance of there being an eavesdropper (uh...other than NSA, that is) was a 
plank energy above zero, but it gave the vendors the imporession we really 
cared a lot about their intellectual property (if we determined a problem 
with their equipment, and if that info ever leaked, it could have a major 
impact on them).
That the mesages were decrypted I know for sure, and it was easy for the 
customers: we would verbally tell them the password for unpacking the 
encrypted file, and they merely typed it in a it extracted itself.
I think the encryption tool was installed directly into the file manager (or 
whatever it's called now), so it was easy to do.






>From: Steve Furlong <sfurlong at acmenet.net>
>To: cypherpunks at lne.com
>Subject: Re: What email encryption is actually in use?
>Date: Sat, 2 Nov 2002 12:41:55 -0500
>
>On Saturday 02 November 2002 12:09, Adam Shostack wrote:
> > An interesting tidbit in the September Information Security Bulletin
> > is the claim from MessageLabs that only .005% of the mail they saw in
> > 2002 is encrypted, up from .003% in 2000.
> >
> > ... Last month, about
> > 5% of my email was sent PGP encrypted, about 2% STARTTLS encrypted,
> > and about 25% SSH encrypted to people on the same mail server, where
> > POP and IMAP only function via SSH.
> >
> > I'd be interested to hear how often email content is protected by any
> > form of crypto, including IPsec, Starttls, ssh delivery, or PGP or
> > SMIME.  There's probably an interesting paper in going out and
> > looking at this.
>
>Well, here's a datum for you: in the past four or five months, I have
>sent exactly no encrypted email. There are several reasons, notably
>that most of my email correspondents are business types who can't
>handle encryption even after several lessons and checklists and even
>when the tools are integrated into the MUA.
>
>Prior to that, the encrypted email I've sent in the past year or so has
>almost always failed, because of version incompatibilities, human
>error, changes of email address, and what-not. Or because the recipient
>simply isn't bothering to decrypt mail any more because it's more
>trouble than it's worth for the low quality of information conveyed.
>
>The only business environment I've ever worked in which successfully
>used encrypted email mandated specific versions of mail client
>(Outlook, ecch) and PGP (integrated into Outlook), had a jackbooted
>thug to make sure everyone's keyring was up to date, and had a fairly
>small (couple dozen), mostly technically proficient, user base. And
>even there, half the time the encrypted message wasn't sensitive enough
>to be worth encrypting nor important enough to be worth decrypting.
>
>I have signed a few messages in the recent past, but that was probably
>even less worthwhile than encrypting them. For all I know, not a single
>one has been verified.
>
>--
>Steve Furlong    Computer Condottiere   Have GNU, Will Travel
>
>Vote Idiotarian --- it's easier than thinking


_________________________________________________________________
Unlimited Internet access for only $21.95/month.  Try MSN! 
http://resourcecenter.msn.com/access/plans/2monthsfree.asp




From mv at cdc.gov  Sun Nov  3 09:36:51 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Sun, 03 Nov 2002 09:36:51 -0800
Subject: Sending bricks through the mail
Message-ID: <3DC55EB3.95DD7E84@cdc.gov>


At 09:37 PM 11/2/02 -0800, Tim May wrote:
>When I was at Intel we sent our designs for microprocessors to European

>branches and/or partners. One set of designs sent to MATRA/Harris, a
>partner in the 80C86, was stolen in transit. (The box of tapes arrived
>in Paris, but the tapes had been replaced by the suitable weight of
>bricks.)

There exists a website by someone who enjoyed sending unusual things
through the US mail.  He once sent a brick, with proper postage,
no envelope.

The brick *eventually* arrived at its destination, sort of, but had been
broken
by the DEA according to the PO's paperwork.




From njohnsn at IowaTelecom.net  Sun Nov  3 07:41:05 2002
From: njohnsn at IowaTelecom.net (Neil Johnson)
Date: Sun, 3 Nov 2002 09:41:05 -0600
Subject: Katy, bar the door
In-Reply-To: <3DC47021.1F8A24BE@cdc.gov>
References: <3DC47021.1F8A24BE@cdc.gov>
Message-ID: <auto-000167723076@cgpf2.cgp.netins.net>


On Saturday 02 November 2002 06:38 pm, Major Variola (ret) wrote:
> Around a year ago a small private jet lost contact over the US.  A jet
> was
> dispatched, saw iced windows, no response to signals.  The plane was on
> autopilot, eventually crashed
> in the middle of nowhere.  The passengers/pilot are believed to have
> passed out
> from anoxia.  (The autopilot kept them at high altitude too!)

I remember that story, I think one of the passengers was some popular 
professional golfer.



-- 
Neil 




From boo at datashopper.dk  Sun Nov  3 02:51:34 2002
From: boo at datashopper.dk (Bo Elkjaer)
Date: Sun, 3 Nov 2002 11:51:34 +0100 (CET)
Subject: Interesting series of articles on GCHQ, Public Key etc.
Message-ID: <Pine.LNX.4.44.0211031148030.19951-100000@apollon.datashopper.dk>


List:

This Is Gloucestershire has published an interesting little series of
articles commemorating the GCHQ 50 years anniversary. The articles can be
found at:

http://www.thisisgloucestershire.co.uk/displayNode.jsp?nodeId=110560&command=newModule&sourceNode=84282


Yours
Bo Elkjaer, Denmark



<QUOTE>
In 1965, James Ellis, who worked for CSG (GCHQ's codemaking department),
went back to first principles to solve the problem and dreamed up the
unthinkable. His vision was sending secret messages without the need for
exchanging a key. Suppose Alice wants to send a message to Bob. Alice
looks up Bob's "public" key and encodes her message using a standard
algorithm. Bob receives the message and decodes it using his "private" key
and another standard algorithm.

Anyone can intercept the message because the public key is widely known,
but only possession of the private key enables the decoding step.

The private key remains in Bob's possession throughout and never has to be
passed to Alice, thus guaranteeing confidentiality.

By 1967 public key cryptography had hit a brick wall. Mr Ellis was not
able to come up with a private key function to bring his theory to life.

But in September 1973 bright young Cambridge graduate Clifford Cocks
joined GCHQ. After six weeks, the puzzle was presented to Mr Cocks and
within half an hour he came up with a solution - an algorithm that made Mr
Ellis' theory a real possibility.

In 1975, these ideas were refined further by Mr Cocks' colleague Malcolm
Williamson.

Because they were employees of GCHQ, they were sworn to secrecy and their
brilliant idea was never made public.

In 1976, a trio of American academics, Diffie, Hellman and Merkle, filed a
patent for their version of public key cryptography which they developed
independently. They went on to claim the glory for developing the system.
</QUOTE>




-- 


EOT




From tcmay at got.net  Sun Nov  3 12:41:11 2002
From: tcmay at got.net (Tim May)
Date: Sun, 3 Nov 2002 12:41:11 -0800
Subject: Integrated crypto sounds useful, but it's fragile and
  ultimately a lose
In-Reply-To: <A0953052-EF69-11D6-A13B-0050E439C473@got.net>
Message-ID: <96B87634-EF6C-11D6-A13B-0050E439C473@got.net>


On Sunday, November 3, 2002, at 12:19  PM, Tim May wrote:
> As with the situation a decade ago, there are:
>
> * several OSes in use (2-3 in Wintel world, 2 in Mac world, plus
> outliers)
> * various release versions of each
> * about 5-8 major mail programs covering these platforms
> * about 3-5 major newsreader programs

And I forgot to mention Linux...

Anyway, this is "tower of Babel" situation we have always faced with 
trying to tightly integrate crypto with apps and OSes.

> Several times over the past decade I have heard people urge others to
> change their mailer to one that is supported.
>
> This is even worse than "not one-click operation," as it asks users to
> abandon programs and OSes they like or need in order to obtain a
> marginal gain of sending a receiving encrypted messages with one click.


To expand on this point a bit, I suspect one of the main reasons people 
who once used PGP stop using it, either privately or at corporations 
(as we have heard folks here testify about), is because something 
changes and things "break."

They upgrade their OS, they get a new release of a mailer, and things 
break. And they don't have the time, energy, or inclination to track 
down all of the little gotchas that may have cause things to break. I 
know this happened to me several times over the years with various 
versions of PGP, Eudora, and Mac OS 7, 8, and 9.

And I expect that if and when I upgrade my OS, or Mail program, and PGP 
breaks, I'll be without PGP until it all becomes straightforward again.

Expecting people to use mailer and OSes other than the ones they 
already use just so they can get a bunch of "Hey, isn't this PGP rilly 
cool?" unsolicited messages is silly.

(Which is why, to harp on it, I would favor a very clean text-only 
approach. Then there would be a slight amount more work needed, but not 
the breakage we see.)




From tcmay at got.net  Sun Nov  3 17:15:46 2002
From: tcmay at got.net (Tim May)
Date: Sun, 3 Nov 2002 17:15:46 -0800
Subject: Intel's LaGrab
Message-ID: <F28DE361-EF92-11D6-A13B-0050E439C473@got.net>


"New PCs Likely to Cede Some Control
Sun Nov 3, 1:58 PM ET

By MATTHEW FORDAHL, AP Technology Writer

SAN JOSE, Calif. (AP) - To thwart hackers and foster online commerce, 
the next generation of computers will almost certainly cede some 
control to software firms, Hollywood and other outsiders.


That could break a long-standing tenet of computing: that PC owners 
ultimately control data on their own machines.


Microsoft calls its technology "Palladium." Intel dubs it "LaGrande."
"

I say we call it "LaGrab."



--Tim May
"Extremism in the pursuit of liberty is no vice."--Barry Goldwater




From sfurlong at acmenet.net  Sun Nov  3 14:28:09 2002
From: sfurlong at acmenet.net (Steve Furlong)
Date: Sun, 3 Nov 2002 17:28:09 -0500
Subject: Sending bricks through the mail
In-Reply-To: <A733FF9B1FB0F441B3A6209FF71030E50169B2F6@bondsteel2.areur.
  army.mil>
References: <A733FF9B1FB0F441B3A6209FF71030E50169B2F6@bondsteel2.areur.a
  rmy.mil>
Message-ID: <200211031728.09946.sfurlong@acmenet.net>


On Sunday 03 November 2002 17:17, Thoenen, Peter Mr. EPS wrote:
> Tried emailing direct but bounced so apologize to the list for the OT
> content :)

> > -----Original Message-----
> > From: Major Variola (ret) [mailto:mv at cdc.gov]

Peter, you might want to google on "variola major" (not "major 
variola"), note Maj Variola's alleged host, and consider the 
possibility it's a nym.

-- 
Steve Furlong    Computer Condottiere   Have GNU, Will Travel

Vote Idiotarian --- it's easier than thinking




From bill.stewart at pobox.com  Sun Nov  3 19:34:43 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Sun, 03 Nov 2002 19:34:43 -0800
Subject: What email encryption is actually in use?
In-Reply-To: <200211021241.55316.sfurlong@acmenet.net>
References: <20021102170918.GA67308@lightship.internal.homeport.org>
  <h75hpus0qnbq0u871flqmemmmobpetopa0@4ax.com>
  <00c701c26928$b8b0d480$c71121c2@sharpuk.co.uk>
  <20021102170918.GA67308@lightship.internal.homeport.org>
Message-ID: <5.1.1.6.2.20021103192918.04c1ee78@idiom.com>


At 12:41 PM 11/02/2002 -0500, Steve Furlong wrote:
>The only business environment I've ever worked in which successfully
>used encrypted email mandated specific versions of mail client
>(Outlook, ecch) and PGP (integrated into Outlook), had a jackbooted
>thug to make sure everyone's keyring was up to date, and had a fairly
>small (couple dozen), mostly technically proficient, user base. And
>even there, half the time the encrypted message wasn't sensitive enough
>to be worth encrypting nor important enough to be worth decrypting.

All of the business email I send from home is encrypted -
not by the mail user agent or mail transfer agent,
but by the VPN I use to reach my work intranet.
If it goes outside the company, it's normally not encrypted.

(Also, non-business email I send when VPN-connected is encrypted,
on the dialup portions, but not past that.)

What would be really nice, and would encrypt a large chunk of
the US's business email, would be for MS Exchange / Outlook mail servers
to adopt STARTTLS for their SMTP services.




From eaygoc at ibm.com  Sun Nov  3 20:59:50 2002
From: eaygoc at ibm.com (eaygoc at ibm.com)
Date: Sun, 03 Nov 2002 20:59:50 -0800
Subject: cypherpunks You Won $30.00 On Our Site Today!
Message-ID: <cwiqgdjinh@ibm.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1696 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021103/3070f09f/attachment.txt>

From DHodgin1661 at Rogers.com  Sun Nov  3 18:14:43 2002
From: DHodgin1661 at Rogers.com (David W. Hodgins)
Date: Sun, 03 Nov 2002 21:14:43 -0500
Subject: What email encryption is actually in use?
References: <C021C44C-EF61-11D6-A13B-0050E439C473@got.net>
Message-ID: <3DC5D813.3F37ADED@rogers.com>


-----BEGIN PGP SIGNED MESSAGE-----

The advantages really disappear, when the key used to sign the
message
isn't sent to the key servers {:.

Regards, Dave Hodgins.

Tim May wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----

> 
> (P.S. I'm going to do something I don't often do: sign a post.
> Reasons for not signing posts are manyfold. Advantages are few. But
> this is to 

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQEVAwUBPcXX8Is+asmeZwNpAQE9dQf/YKjY4AZRXEEdYmYDrDt+IAYmag8EhC31
tMpORG0FlZMzbIbwTCk0f4tAlvJHQXSDHSWLbJznmImMb2uRmYOkAOUdnYvTweCU
k65fBFC5ZM988/enSP5y4uJ0HW6iLvPTrUffojHh/gMJZlJ/DGh7BdIUpHKIzE7f
zqZB+Z5uyVGpDvYh+pRe1Js9k9XBo/HyYqO862sV8zPs4uVRtRCLwJlOnAsrAPcS
7cTlk2zF1LTr9LOBobNPSiWVq92vJY17kI/Xodasjhzk2/o7SlGCVjCtLlmiEey8
KOuiJfkPsUKNfm6Tn9Nw2hVR51qpBnVIc5KgBgebr/SR9xDjVBSMjQ==
=sWNd
-----END PGP SIGNATURE-----




From DHodgin1661 at Rogers.com  Sun Nov  3 19:52:49 2002
From: DHodgin1661 at Rogers.com (David W. Hodgins)
Date: Sun, 03 Nov 2002 22:52:49 -0500
Subject: What email encryption is actually in use?
References: <2132C606-EF9D-11D6-A13B-0050E439C473@got.net>
Message-ID: <3DC5EF11.A69DD2B7@rogers.com>


-----BEGIN PGP SIGNED MESSAGE-----

If you signed your messages on a regular basis, it would let me know 
whether or not you're the same Tim May, I've been reading since back
when toad.com was the only server for the list.

If you're key was signed by anyone I've dealt with, who I know will 
actually check your id, it would increase my confidence that you
really are Tim May, and not just a net persona.

It doen't make one iota of difference, whether you choose to 
distribute your key or not.  Your ideas are usually thought
provoking,
and consistent enough to form a persona in the minds of the list
readers. Or at least, in mine.

I know you know (whether or not you agree) with the above.  It just
struck me as humourous that you'd sign the post, with the comment 
to the effect that there isn't much point in doing so, with a key
that isn't on the servers.

Do you see the PGP web of trust as completly useless?

As to who I am, well...

I'm a programmer, living in London, Ont. Canada.

I've been lurking, off and on, since 94 or so.  I don't think I've
actually posted anything to the list since back in 96, when I 
wrote a freeware program to simplify using PGP with dos based
offline mail readers (MPI.ZIP).

While I normally promote privacy issues, only with those I meet
face to face, I still consider myself a cypherpunk.  I normally
only post to the list, when my point of view isn't being 
expressed by any of the regular posters.

Regards, Dave Hodgins.

Tim May wrote:
> 
> On Sunday, November 3, 2002, at 06:14  PM, David W. Hodgins wrote:
> 
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > The advantages really disappear, when the key used to sign the
> > message
> > isn't sent to the key servers {:.
> >
> 
> Those who need to know, know.
> 
> You, I've never seen before. Even if you found my key at the
> Liberal Institution of Technology, what would it mean?
> 
> Parts of the PGP model are ideologically brain-dead. I attribute
> this to left-wing peacenik politics of some of the early folks.
> 
- --Tim May

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQEVAwUBPcXu94s+asmeZwNpAQFQuAf+LbwrdQV8CPAc/lw2AF5HPvKLGopHCj3i
tFR+drfFAYDDA6UHMPJOFxzDdhFYrRbhQ3c3cSkExSSoI7Mce389KPdGimWQZTJZ
rCYyvnXtG+S//ya8yCELXC3SSwwra0+laPpoSz6lseIU6YJUYFyMLnnXaH5gpxHi
O7TtK8kfPFQVVdbBuJC4mp9SjNO3DqIM29UbPSrf9KZ1w2zPXA4eov9GL9jjU808
CzT+wncCYaE1EU8cT3C+TFJyd8r8B1S6CLbjX9hC71kIt5bVUt1EHMHUx8u2YaXZ
i4o2kKQGePbJvIIiOuwngIUOuwnbgLlGO7+zhsL4y2UuXeJ1/W5NVQ==
=8BJt
-----END PGP SIGNATURE-----




From shamrock at cypherpunks.to  Sun Nov  3 23:08:22 2002
From: shamrock at cypherpunks.to (Lucky Green)
Date: Sun, 3 Nov 2002 23:08:22 -0800
Subject: Intel's LaGrab
In-Reply-To: <F28DE361-EF92-11D6-A13B-0050E439C473@got.net>
Message-ID: <005d01c283d0$f7c982d0$6501a8c0@VAIO650>


Tim wrote:
> Microsoft calls its technology "Palladium." Intel dubs it 
> "LaGrande." "
> 
> I say we call it "LaGrab."

Has anybody on the list seen any official specs, datasheets, etc. for
Intel's LaGrande feature set? Any documents that could be donated to
Cryptome's collection? So far, all I have been able to locate are vague
press releases, marketing blather, and wild-eyed promises of
hack-proofing computers.

TIA,
--Lucky




From Peter.Thoenen at bondsteel2.areur.army.mil  Sun Nov  3 14:17:47 2002
From: Peter.Thoenen at bondsteel2.areur.army.mil (Thoenen, Peter  Mr.  EPS)
Date: Sun, 3 Nov 2002 23:17:47 +0100 
Subject: Sending bricks through the mail
Message-ID: <A733FF9B1FB0F441B3A6209FF71030E50169B2F6@bondsteel2.areur.army.mil>


Tried emailing direct but bounced so apologize to the list for the OT
content :)

You don't happen to have the url do you?  Think it would make an amusing
read.

-Peter

> -----Original Message-----
> From: Major Variola (ret) [mailto:mv at cdc.gov]
> Sent: Sunday, November 03, 2002 18:37
> To: cypherpunks at lne.com
> Subject: Sending bricks through the mail
> 
> 
> At 09:37 PM 11/2/02 -0800, Tim May wrote:
> >When I was at Intel we sent our designs for microprocessors 
> to European
> 
> >branches and/or partners. One set of designs sent to MATRA/Harris, a
> >partner in the 80C86, was stolen in transit. (The box of 
> tapes arrived
> >in Paris, but the tapes had been replaced by the suitable weight of
> >bricks.)
> 
> There exists a website by someone who enjoyed sending unusual things
> through the US mail.  He once sent a brick, with proper postage,
> no envelope.
> 
> The brick *eventually* arrived at its destination, sort of, 
> but had been
> broken
> by the DEA according to the PO's paperwork.




From Peter.Thoenen at bondsteel2.areur.army.mil  Sun Nov  3 14:44:58 2002
From: Peter.Thoenen at bondsteel2.areur.army.mil (Thoenen, Peter  Mr.  EPS)
Date: Sun, 3 Nov 2002 23:44:58 +0100 
Subject: Sending bricks through the mail
Message-ID: <A733FF9B1FB0F441B3A6209FF71030E50169B2F7@bondsteel2.areur.army.mil>


<--smax self :)

> -----Original Message-----
> From: Steve Furlong [mailto:sfurlong at acmenet.net]
> Sent: Sunday, November 03, 2002 23:28
> To: cypherpunks at lne.com
> Subject: Re: Sending bricks through the mail
> 
> 
> On Sunday 03 November 2002 17:17, Thoenen, Peter Mr. EPS wrote:
> > Tried emailing direct but bounced so apologize to the list 
> for the OT
> > content :)
> 
> > > -----Original Message-----
> > > From: Major Variola (ret) [mailto:mv at cdc.gov]
> 
> Peter, you might want to google on "variola major" (not "major 
> variola"), note Maj Variola's alleged host, and consider the 
> possibility it's a nym.
> 
> -- 
> Steve Furlong    Computer Condottiere   Have GNU, Will Travel
> 
> Vote Idiotarian --- it's easier than thinking




From mv at cdc.gov  Mon Nov  4 08:00:17 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Mon, 04 Nov 2002 08:00:17 -0800
Subject: Blacknet hits the trade press
Message-ID: <3DC69990.E11CF897@cdc.gov>


EWeek 21 Oct 2002 p 58, "High-tech products invite tech crimes" P.
Coffee

Writing about a consultant who tried to sell a client's software, and
got busted:
"Next time, a code theif may use a "BlackNet" brokerage (as envisioned
in the
widely circulated essay by Timothy May) to avoid such traps."

[He is commenting on whereas stolen chips are valuable to many, stolen
software
is valuable only to a few...]




From DaveHowe at gmx.co.uk  Mon Nov  4 01:29:01 2002
From: DaveHowe at gmx.co.uk (David Howe)
Date: Mon, 4 Nov 2002 09:29:01 -0000
Subject: What email encryption is actually in use?
References: <2132C606-EF9D-11D6-A13B-0050E439C473@got.net>
Message-ID: <00ba01c283e4$a1cddac0$c71121c2@sharpuk.co.uk>


at Monday, November 04, 2002 2:28 AM, Tim May <tcmay at got.net> was seen
to say:
> Those who need to know, know.
Which of course is a viable model, provided you are only using your key
for private email to "those who need to know"
if you are using it for signatures posted to a mailing list though, it
just looks silly.

> You, I've never seen before. Even if you found my key at the Liberal
> Institution of Technology, what would it mean?
it would at least give us a chance to check the integrity of your post
(what a sig is for after all) and anyone faking your key on the servers
would have to prevent you ever seeing one of your own posts (so that you
can't check the signature yourself)

> Parts of the PGP model are ideologically brain-dead. I attribute this
> to left-wing peacenik politics of some of the early folks.
The Web-of-Trust model is mildly broken - all you can really say about
it is that it is better than the alternatives (X509 is not only badly
broken, but badly broken for the purpose of hierachical control and/or
profit)
In the current case, one reason to sign important posts is to establish
a pattern of ownership for posts, independent of real-world identity. If
I know that posts a,b & c sent from nym x are all signed, I will be
reasonably confident that key y is owned by the normal poster of nym x.
that I don't know who that is in meatspace is pretty irrelevant.
Where both systems break down is when trying to assert that key y is
tied to anything but an email address (or possibly a static IP). There
is little to bind a key to anything or anyone in the real world, unless
you meet in person, know each other reasonably well (if only via third
parties that can identify you both) and exchange fingerprints. in fact,
WoT is simply an attempt to automate this process offline, so that you
can be "introduced" to someone by a third party without all three of you
having to meet; you still have to make a value judgement based on how
sure you are about the third party's reliability and how confident they
seem about the identity of x - however in the real world, both of those
are vague, hard-to-define values and in the WoT they are rigid (you have
a choice of two levels of trust for an introducer, and no way to encode
how much third parties should rely on your identification)




From ptrei at rsasecurity.com  Mon Nov  4 08:27:50 2002
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Mon, 4 Nov 2002 11:27:50 -0500 
Subject: What email encryption is actually in use?
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A041BAF04@exna07.securitydynamics.com>


> Tyler Durden[SMTP:camera_lumina at hotmail.com] writes:
> 
> 
> "Most the ones I've seen are IPSEC over IPv4. You might be able to glean
> some info from packet size, timing, and ordering, but not much. IPSEC
> takes a plaintext IP packet and treats the whole thing as a data block
> to be encrypted."
> 
> SO this would indicate that IPSEC creates a sort of blockage from seeing
> up 
> to Layers 4/5/6. Now when you say it takes the IP packet, is this just the
> 
> datagram or is it also he procotol bytes? (I'm assuming the layer-2 
> information remains intact.) If the protocol bytes are unencrypted, then 
> there's a LOT that can probably be determined about any IP session. If the
> 
> protocol bytes are encrypted, then this will ot be a very flexible
> session, 
> no? (More of a secure pipe I guess.)
> 
> And then, does IPSEC include specification for MPLS? I would assume that
> the 
> MPLS header information is not encrypted, simply because the headers have
> no 
> global significance...
> 
It's a pipe. The whole plaintext IP packet, from start to finish, including 
headers and checksum, gets treated as data, and encrypted.

The encrypted packet is the data for a new packet, which goes from one
firewall to another (and has only the firewall IP addresses exposed). The
packets visible on the outside only tell Eve that firewall A sent firewall
B an IPSEC packet of a certain size, with a particular Security Association.

(ie, the protocol field says 'this is an IPSEC packet').

A single SA can be used for many, many, internal connections.

Check the IPSEC RFCs for more info.

Peter Trei




From camera_lumina at hotmail.com  Mon Nov  4 11:35:21 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Mon, 04 Nov 2002 14:35:21 -0500
Subject: What email encryption is actually in use?
Message-ID: <F189bW1WMfO2iRSqQmH000176f0@hotmail.com>


Peter Trei wrote...

"Durden's question was whether a snooper on an IPSEC VPN can
tell (for example) an encrypted email packet from an encrypted
HTTP request.

The answer is no.

All Eve can tell is the FW1 sent FW2 a packet of a certain size.
The protocol of the encapsulated IP packet, it's true source
behind FW1, it's true destination behind FW2, and the true
destination port are all hidden."

Yes, this was indeed the gist of my question. I was aware that there are 
actually hard and soft switches that are aware all the way up to the 
application layer, apparently (I also know that some softswiches have 
actually been deployed in RBOC/Baby Bell territory.)

But from your previous email, you indicated that the secure IPSEC tunnel is 
created by taking the packets, encrypting S/A, D/A, payload and protocol 
fields (ie, pretty much everything) and then dumping them into the payload 
of another packet, and setting the Protocol field of the parent-packet to 
"IPSEC". All that is now visible are the firewall addresses.

That's a lot, methinks! In other words, there's practically a bright red 
flag sticking up saying "I'm encrypted! Look over here!"...it's child's play 
(well, if you consider making an ASIC child's play!) to then look at the S/A 
and D/a to see if they are interesting. If they belong to the IP spaces of 
two large companies, for instance, then look elsewhere (though I hear rumors 
that the NSAs of the world are branching out into industrial eavesdropping 
for their parent companies, ehr, for their parent countries).

If a secure VPN tunnel forms between al-Jazeera's firewall and, say, some 
ISP near Atlantic Avenue in Brooklyn (heavy Arab community), then all sorts 
of spyglasses could pop up.


Thus, I suspect a lot can be gleaned (and is) from communiques without 
actually de-encrypting...the philosohpy probably is, "why violate civil 
rights unless we really, really have to? Extract as much as we can without 
actually de-encrypting, and if the probably of something being "interesting" 
is high enough, then we'll send it downstairs to be opened" (and even then, 
determining how hard it is to open the communique might also be of 
interest...is it legal to open somebody else's email but not read it?)


Here's a little quote for ya, since it seems to be the in-thing to do...

"The revolution is right where we want it: out of our control."
(Royal Family and the Poor)



>From: "Trei, Peter" <ptrei at rsasecurity.com>
>To: cypherpunks at lne.com, "'Major Variola (ret)'" <mv at cdc.gov>
>Subject: RE: What email encryption is actually in use?
>Date: Mon, 4 Nov 2002 12:58:55 -0500
>
> > Major Variola (ret)[SMTP:mv at cdc.gov]
> >
> >
> > At 10:13 AM 11/4/02 -0500, Tyler Durden wrote:
> > >This is an interesting issue...how much information can be gleaned from
> >
> > >encrypted "payloads"?
> >
> > Traffic analysis (who, how frequently, temporal patterns)
> > Size of payload
> >
> > Is it possible for a switch or whatever that has
> > >visibility up to layers 4/5/6 to determine (at least) what type of file
> > is
> > >being sent?
> >
> > Yes.
> >
> > Modern network equiptment can examine all the way up to "layer 7".
> > Can tell that you're sending an .mp3 and will cut your QoS, if that's
> > the policy.
> >
>Durden's question was whether a snooper on an IPSEC VPN can
>tell (for example) an encrypted email packet from an encrypted
>HTTP request.
>
>The answer is no.
>
>All Eve can tell is the FW1 sent FW2 a packet of a certain size.
>The protocol of the encapsulated IP packet, it's true source
>behind FW1, it's true destination behind FW2, and the true
>destination port are all hidden.
>
>Peter


_________________________________________________________________
Unlimited Internet access -- and 2 months free!  Try MSN. 
http://resourcecenter.msn.com/access/plans/2monthsfree.asp




From lisa at holman.net  Mon Nov  4 13:22:22 2002
From: lisa at holman.net (Lisa)
Date: Mon, 4 Nov 2002 15:22:22 -0600 (CST)
Subject: Sending bricks through the mail
Message-ID: <Pine.LNX.4.44.0211041521280.26016-100000@holman.net>


I think this is what you're looking for:

http://www.improb.com/airchives/paperair/volume6/v6i4/postal-6-4.html

At 11:17 PM 11/3/02 +0100, Thoenen, Peter  Mr.  EPS wrote:
>Tried emailing direct but bounced so apologize to the list for the OT 
>content :)
>
>You don't happen to have the url do you?  Think it would make an
amusing
>read.




From mv at cdc.gov  Mon Nov  4 16:30:21 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Mon, 04 Nov 2002 16:30:21 -0800
Subject: Cointel is back: meet any new arabic-speaking guys in shiny
  shoes? 
Message-ID: <3DC7111D.9788BD4F@cdc.gov>


http://www.washtimes.com/national/20021104-81830128.htm
                     Officials attempt to get inside
                      cells of al Qaeda in U.S.

                      By Richard Sale
                      UNITED PRESS INTERNATIONAL

                           Local and federal law-enforcement agencies
are
                      attempting to infiltrate al Qaeda sleeper cells
operating in the
                      United States and are using disinformation
campaigns to
                      expose and neutralize the terror groups that
continue to
                      communicate with one another, U.S. intelligence
officials say.
                           FBI officials say recent
                      electronic intercepts of
                      communications between some al
                      Qaeda groups show that they are
                      "talking to each other."
                           "The cells are up and active,"
                      an FBI official said of the groups
                      believed to be embedded in most
                      U.S. cities with sizable Islamic
                      communities, such as New York,
                      Detroit and Los Angeles.
                           In a review of ongoing U.S.
                      operations, United Press
                      International was briefed on the al
                      Qaeda investigations by several
                      current and former intelligence
                      officers, all of whom asked not to be identified
by name.
                           Former CIA and Defense Intelligence Agency
officials say
                      the terrorists choose run-down neighborhoods
because "in a
                      place like that, you are invisible. People don't
care about you;
                      they don't want to look at you and don't look at
you," as one
                      put it.
                           A former senior U.S. intelligence official
explained: "The
                      members of cells don't think of themselves as
raiding parties
                      but as the front end of an invasion."
                           "If they can attack, blow things up and
disrupt society,
                      they believe there will be mass defections to
Islam and
                      society will collapse. They can then set up an
Islamic state."
                           The cells, these sources said, are made up of
U.S.-born
                      Muslims and immigrants from Pakistan, Saudi Arabia
and the
                      Persian Gulf states, and number in the thousands.
Most are
                      thought to have entered the country some time ago
and are
                      deeply entrenched in their communities.
                           To root them out, the FBI has been busy
developing a
                      network of informers in Muslim neighborhoods,
including
                      nightclub owners, waiters and merchants, a federal

                      law-enforcement official said.
                           Intelligence is the chief tool in the war on
terror, a senior
                      former Pentagon intelligence official said.
                           "Intelligence is really just a giant research
operation where
                      you rely on huge archival files," he said. "It's
the most
                      effective weapon you've got."
                           The next and best weapon in the war against
the cells is
                      infiltration. A longtime covert operations
specialist said law
                      enforcement is using agents who are Arabs and
fluent in
                      Arabic, who then look for ways to get inside the
community
                      where the cell members worship.
                           Their next goal is "to find out about the
social structure:
                      Where do they worship, where do they entertain,
what do
                      they talk about?" he said.
                           If it is known where they socialize and there
is probable
                      cause, local police might be able to place
eavesdropping
                      devices on the premises, he said. The goal is to
identify and
                      eliminate leaders, a former CIA official said.
                           As the FBI and other law-enforcement agencies
gain
                      knowledge, any rivalries among group members can
be
                      exploited, using disinformation to convince some
cell
                      members that others are informers or traitors.
                           One FBI official explained that the purpose
is to "disrupt"
                      hostile organizations, and that FBI tactics go
back to 1956,
                      when the FBI established its Cointelpro
(counterintelligence
                      program.) This official said the program pitted
one group 
                      or even members of a single group  against
another "like
                      gladiators in ancient Rome."
                           The program has been used successfully
against such
                      groups as the Black Panthers and the Ku Klux Klan,
he said




From earn at pickyourflick.com  Mon Nov  4 21:45:03 2002
From: earn at pickyourflick.com (Earn 150 an hour)
Date: Mon,  4 Nov 21:45:03 2002 -0800
Subject: Get paid for your opinions
Message-ID: <23793537.9393242@mailhost>

===============================================
** Get Paid For Your Opinions! **
===============================================

====> Earn up to $150 For an Hour of Work!
http://www.ab4000.com/cgi-bin/redir.pl?rd_target=23&code=gpraz1104

<a href="http://www.ab4000.com/cgi-bin/redir.pl?rd_target=23&code=gpraz1104">
AOL Users Click Here</a>


Find out how your ideas and insight can work for you!
http://www.ab4000.com/cgi-bin/redir.pl?rd_target=23&code=gpraz1104

<a href="http://www.ab4000.com/cgi-bin/redir.pl?rd_target=23&code=gpraz1104">
AOL Users Click Here</a>



Click Here Now!
Start Earning Today!
http://www.ab4000.com/cgi-bin/redir.pl?rd_target=23&code=gpraz1104

<a href="http://www.ab4000.com/cgi-bin/redir.pl?rd_target=23&code=gpraz1104">
AOL Users Click Here</a>



=============================================



















Now Showing: PickYourFlick! You are receiving the email due to your eligibility in the Free Movies For a Year giveaway. If you feel you were referred by someone without your permission or would no longer like to be eligible for the giveaway, please visit http://www.PickYourFlick.com to remove yourself from the giveaway and these mailings.








c&y&p&h&e&r&p&u&n&k&s&%m&i&n&d&e&r&~n&e&t&

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1702 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021104/b54189b3/attachment.txt>

From guest at guest.com  Mon Nov  4 06:30:01 2002
From: guest at guest.com (=?GB2312?B?z+u9qNW+vs29+MC0v7Q=?=)
Date: Mon, 4 Nov 2002 22:30:01 +0800
Subject: =?GB2312?B?zfjVvr2oyei/1bzk0/LD+w==?=
Message-ID: <GIGANTICLqN33HFnwpG0000003b@levee.minder.net>


 中国服务全球专业的域名注册提供商，现推出主机、域名注册优惠服务：

       “特惠1+1企业上网套餐”是中国服务器网络有限公司为您推出的超值服务，

       “先服务，后收费！”内容包括：

 　　  30M asp cgi,php +ACCESS 数据库,送国际顶级域名一个 250元/年 (送五个邮箱)

       100M asp cgi,php +ACCESS 数据库,送国际顶级域名一个，只需 350元/年(送六个邮箱)

       200N  asp cgi,php +ACCESS 数据库,送国际顶级域名一个,只需 600元/年  

       特惠1+1上网套餐是企业上网，企业商务化的理想选择，现正火爆选购中

       快速度申请(请点击）： http://www.linemail.net/host/index.asp
    
       =====================================================================
       百度竞价、新浪排名、搜狐排名、网易排名等服务，使您的网站知名度大大提

       高。系列超值赠送服务，不可不看！
       
       马上申请: http://www.linemail.net/special/index.asp

       ====================================================================== 
       欢迎访问我司网站进一步了解：

       http://www.linemail.net

       联系电话:0592-2180338   传真:0592-2516932




From CCREDIT_1-SA at CareCredit.com  Mon Nov  4 23:05:39 2002
From: CCREDIT_1-SA at CareCredit.com (System Attendant)
Date: Mon, 4 Nov 2002 23:05:39 -0800 
Subject: ScanMail Message: To Sender, virus found and action taken.
Message-ID: <F44FF2BC8F65D411835100508B9A52210279B16F@CCREDIT_1>


ScanMail for Microsoft Exchange has blocked a file attachment(s).

Place = garmstrong at carecredit.com
Sender = cypherpunks
Subject = If you would like to apply online from the
Delivery Time = November 04, 2002 (Monday) 23:05:38

Action on file attachment(s):

Message from recipient's administrator:
Warning to sender. ScanMail detected a virus in an email attachment you
sent.




From nobody at dizum.com  Mon Nov  4 19:20:13 2002
From: nobody at dizum.com (Nomen Nescio)
Date: Tue,  5 Nov 2002 04:20:13 +0100 (CET)
Subject: Cointel is back: meet any new arabic-speaking guys in shiny
  shoes?
Message-ID: <23578a98680c8b1b7cd9120a99b1c8ff@dizum.com>


mv at cdc.gov (Major Variola ret) writes:

> http://www.washtimes.com/national/20021104-81830128.htm
> Officials attempt to get inside cells of al Qaeda in U.S.
>
> By Richard Sale
> UNITED PRESS INTERNATIONAL
>
> Local and federal law-enforcement agencies are attempting to
> infiltrate al Qaeda sleeper cells operating in the United States
> and are using disinformation campaigns to expose and neutralize the
> terror groups that continue to communicate with one another, U.S.
> intelligence officials say. FBI officials say recent electronic
> intercepts of communications between some al Qaeda groups show that
> they are "talking to each other." "The cells are up and active," an
> FBI official said of the groups believed to be embedded in most U.S.
> cities with sizable Islamic communities, such as New York, Detroit
> and Los Angeles. In a review of ongoing U.S. operations, United Press
> International was briefed on the al Qaeda investigations by several
> current and former intelligence officers, all of whom asked not to
> be identified by name. Former CIA and Defense Intelligence Agency
> officials say the terrorists choose run-down neighborhoods because
> "in a place like that, you are invisible. People don't care about
> you; they don't want to look at you and don't look at you," as one
> put it. A former senior U.S. intelligence official explained: "The
> members of cells don't think of themselves as raiding parties but as
> the front end of an invasion." "If they can attack, blow things up and
> disrupt society, they believe there will be mass defections to Islam
> and society will collapse. They can then set up an Islamic state."
> The cells, these sources said, are made up of U.S.-born Muslims and
> immigrants from Pakistan, Saudi Arabia and the Persian Gulf states,
> and number in the thousands. Most are thought to have entered the
> country some time ago and are deeply entrenched in their communities.
> To root them out, the FBI has been busy developing a network of
> informers in Muslim neighborhoods, including nightclub owners,
> waiters and merchants, a federal law-enforcement official said.
> Intelligence is the chief tool in the war on terror, a senior former
> Pentagon intelligence official said. "Intelligence is really just
> a giant research operation where you rely on huge archival files,"
> he said. "It's the most effective weapon you've got." The next and
> best weapon in the war against the cells is infiltration. A longtime
> covert operations specialist said law enforcement is using agents who
> are Arabs and fluent in Arabic, who then look for ways to get inside
> the community where the cell members worship. Their next goal is "to
> find out about the social structure: Where do they worship, where do
> they entertain, what do they talk about?" he said. If it is known
> where they socialize and there is probable cause, local police might
> be able to place eavesdropping devices on the premises, he said. The
> goal is to identify and eliminate leaders, a former CIA official said.
> As the FBI and other law-enforcement agencies gain knowledge, any
> rivalries among group members can be exploited, using disinformation
> to convince some cell members that others are informers or traitors.
> One FBI official explained that the purpose is to "disrupt" hostile
> organizations, and that FBI tactics go back to 1956, when the FBI
> established its Cointelpro (counterintelligence program.) This
> official said the program pitted one group or even members of a single
> group against another "like gladiators in ancient Rome." The program
> has been used successfully against such groups as the Black Panthers
> and the Ku Klux Klan, he said




From DaveHowe at gmx.co.uk  Tue Nov  5 03:17:07 2002
From: DaveHowe at gmx.co.uk (David Howe)
Date: Tue, 5 Nov 2002 11:17:07 -0000
Subject: What email encryption is actually in use?
References: <Pine.LNX.4.30.QNWS.0211022155590.13838-100000@thetis.deor.o
   rg> <C021C44C-EF61-11D6-A13B-0050E439C473@got.net>
  <20021104203510.GB7017@infosyndicate.net>
Message-ID: <016b01c284c1$0ffd2c80$c71121c2@sharpuk.co.uk>


On Sun, Nov 03, 2002 at 11:23:36AM -0800, Tim May wrote:
> - -- treat text as text, to be sent via whichever mail program one
> uses, or whichever chatroom software (not that encrypted chat rooms
> are likely...but who knows?), or whichever news reader software
Hmm. I know of at least one irc server (and nntp server, as it happens,
on the same box) that only allows access by ssh tunnel...




From sbrands at videotron.ca  Tue Nov  5 10:56:22 2002
From: sbrands at videotron.ca (Stefan Brands)
Date: Tue, 05 Nov 2002 13:56:22 -0500
Subject: "patent free(?) anonymous credential system pre-print" - a simple
 attack and other problems
In-Reply-To: <Pine.LNX.4.44.0211051819100.21586-100000@potato.zayda.com>
Message-ID: <000f01c284fd$08d58b00$127bca18@stefanhome>


The paper shows some promise but, apart from being insecure, has other
drawbacks that should be addressed:

- The system is subject to a simple attack. The problem lies with the
multiplication of the  hashes. Let's take the Chaum blinding as an
example, something similar work for the "Laurie"  protocol. The simple
idea is to take 

   X1 = [ \prod hash(bogus_att, salt_i) ] \times [hash(correct_att,
salt)]^{-n/2} modulo pq

   X2 = X3 = ... = Xn = hash(correct_att, salt)

Submit the blinded Xi's. Assuming X1 will not have to be opened (prob =
1/2 or 1, depending on  whether or not protocol is interactive), one
obains X1^d modulo pq from the signer, which  contains consistently all
the bogus attributes. Here is a suggestion for a "fix" to repair  this
total break. Make sure to that the signer, in additional to the
consistency check for the  opened blinded candidates, also checks that
the opened blinded candidates have _different_  values. Of course,
serious analysis needs to be done to ensure that this is enough to
guarantee security. I do not have the time to look into this, but my gut
feeling is that  variations of the attack based on the same principle
will still work, but with lower success  probability; this will have to
be compensated for by making n bigger, which makes the protocol  even
more inefficient. My advice is to the author is to analyze the proposed
fix, and explore  other possible fixes, before distributing an updated
version. 

- My work certainly does provide for "revocable anonymity" and "pooling"
prevention. For  pooling protection, see paragraph 2 on page 193,
section 5.11 page 210 paragraph 2, and  section 5.5.2 on page 211. For
not needing separate signing exponents for each attribute, see  page 266
last paragraph on the page. For recovable anonymity, see the e-cash
references on  page 264/5.

- The proposed hashing technique for selective disclosure was introduced
by myself in 1999.  Quoting from page 27 of my MIT Press book titled
"Rethinking Public Key Infrastructures":  "Another attempt to protect
privacy is for the CA to digitally sign (salted) oneway hashes of
attributes, instead of (the concatenation of) the attributes themselves.
When transacting or  communicating with a verifier, the certificate
holder can selectively disclose only those  attributes needed.22 {22
Lamport [244] proposed this hashing construct in the context of
one-time signatures. When there are many attributes, they can be
organized in a hash tree to  improve efficiency, following Merkle
[267].} This generalizes the dual signature technique  applied in SET
[257]." Since this technique is merely at the level of an observation,
and  because it is a simple generalization of the SET technique, I in
fact decided at the time to  put the entire paragraph under section
header 1.2.2 of my book, titled "Previous  privacy-protection efforts
and their shortcomings". 

- More seriously, the simple hash technique has numerous drawbacks, as I
explain on page page  27 of my MIT Press book, in the very same
paragraph: "Although certificate holders now have  some control over
which attributes they reveal to verifiers, they are forced to leave
behind 
digital signatures. Furthermore, they are seriously restricted in the
properties they can  demonstrate about their attributes; Boolean
formulae, for instance, are out of the question.  Worse, nothing
prevents the CA and others from tracing and linking all the
communications and  transactions of each certificate holder." Other
techniques, such as lending prevention and  limited-show, do not work
either. It was for these and other reasons that I was motivated to  work
on the more sophisticated selective disclosure in the first place. 

- In addition to various other drawbacks pointed out by of Dr. Adam Back
(see
www.mail-archive.com/cypherpunks-moderated at minder.net/msg02752.html),
the proposal does not  offer a wallet-with-observer mode, discarding
protection, anonymous recertification /  updating, multi-application
certificates, etcetera. 

Hope this helps,

Stefan Brands




From info at ccstrade.com  Tue Nov  5 16:37:14 2002
From: info at ccstrade.com (Capitol Commodity Services, Inc.)
Date: Tue, 5 Nov 2002 18:37:14 -0600 (CST)
Subject: Special situation commodity moves
Message-ID: <20021106003714.2EEDF836F7@mesmo.fldna.net>

An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021105/1197b535/attachment.ksh>

From pawcyf at msn.com  Tue Nov  5 18:55:12 2002
From: pawcyf at msn.com (Howell Corritore)
Date: Tue, 05 Nov 2002 18:55:12 -0800
Subject: cypherpunks, Try Gen*ric Blue Pill for only $5.00 per 100MG dose
Message-ID: <yekwdtuswlc@msn.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 32 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021105/b30a03cc/attachment.txt>

From oil9783hj2157h37 at cs.com  Tue Nov  5 02:28:28 2002
From: oil9783hj2157h37 at cs.com (oil9783hj2157h37 at cs.com)
Date: Tue, 05 Nov 2002 20:28:28 +1000
Subject: Respond for Your FREE Euro!
Message-ID: <004e38a07d0e$6645a2e4$3bb27ac4@erbnrx>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1251 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021105/1ae7fee7/attachment.txt>

From nobody at dizum.com  Tue Nov  5 14:30:06 2002
From: nobody at dizum.com (Nomen Nescio)
Date: Tue,  5 Nov 2002 23:30:06 +0100 (CET)
Subject: patent free(?) anonymous credential system pre-print
Message-ID: <9f58fe6dd91e14e72a8f079ec6a0c58e@dizum.com>


Stefan Brands writes regarding http://eprint.iacr.org/2002/151/:

> The paper shows some promise but, apart from being insecure, has other
> drawbacks that should be addressed:
>
> ... My work... introduced by myself... my MIT press book...
>
> In addition to various other drawbacks pointed out by of Dr. Adam Back
> (see www.mail-archive.com/cypherpunks-moderated at minder.net/msg02752.html),
> the proposal does not  offer a wallet-with-observer mode, discarding
> protection, anonymous recertification /  updating, multi-application
> certificates, etcetera.

And balanced against all these numerous shortcomings, there is one
inescapable, overwhelming fact:

THE AUTHORS ARE MAKING THE FRUITS OF THEIR LABOR AVAILABLE FREELY FOR
THE WORLD TO USE.

With all of your patents, and your writings, and your self-promotion,
how many people are using your certificates in the real world?  Think how
much you could have accomplished, how much of a difference you could have
made, if you had been willing to sacrifice the hope of great riches.
Instead you have followed in the footsteps of your mentor Chaum, and
both of you have withheld your talent from the world.

What is it about cash and credential systems that everyone who works
in the area thinks they should patent their results?  All you have
accomplished is to make sure that no implementations exist!  What good
are your great ideas if no one can use them?

Look at Chaum!  Is that where you want to be in 20 years?  Bitter and
barren?  Cut off from the cryptographic community?  Reduced to publishing
via the government patent office?

That's no life for a great mind.  Creativity demands interaction with
an active and vital intellectual community.  You have to give in order
to take.  Building walls around your intellectual property shuts others
out even as you shut yourself in.

If you really want to accomplish something meaningful, rather than
continuing to hype and shill for a system which no one can use without
entering into delicate financial negotiations, why not make it available
on some basis for people to experiment with?  Maybe a non-commercial,
open-source GPL implementation could be a starting point.  There is
considerable interest in reputation systems among the P2P community
and credentials could be a part of that.  You can still protect your
commercial interests while letting people get familiar with the technology
by making a non-commercial library available.

That's just one possibility.  The point is, your ideas are going nowhere
using your present strategy.  Either this technology won't be used at
all, or inferior but unrestricted implementations will be explored,
as in the recent work.  If you want things to happen differently, you
must change your strategy.




From ESavers at usairways.com  Wed Nov  6 00:00:00 2002
From: ESavers at usairways.com (ESavers at usairways.com)
Date: Wed, 6 Nov 2002 02:00:00 -0600
Subject: US Airways' Domestic E-Savers
Message-ID: <200211060815.gA68F8eU015471@ak47.algebra.com>


Dear E-Savers Subscriber,

US Airways is pleased to present this weekend's Domestic E-Savers offers:

************************************************************
1. This Weekend's Domestic E-Savers
2. Earn Up To 7,000 Bonus Miles
3. Last-Minute Hotel Deals
4. Dividend Miles Offers
5. E-Savers Fare Requirements
6. Subscription Information

************************************************************
1. THIS WEEKEND'S DOMESTIC E-SAVERS
************************************************************

We will not be offering Domestic E-Savers for travel during the weekends of Nov. 30, Dec. 28 and Jan. 4 due to the upcoming holiday season. But you can still take advantage of other great travel deals at 
http://www.usairways.com/promotions

Here are this week's E-Savers for travel departing Saturday, November 9 and returning Sunday, November 10; Monday, November 11; or Tuesday, November 12.

For travel this weekend, make your reservations online at 
http://www.usairways.com/promotions/esavers/offers_nov9.htm 
These special fares can also be purchased by calling 1-888-359-3728. Tickets must be purchased at the time of reservation.

                                                    ROUNDTRIP
FROM:                     TO:                       FARE:
-------------------------------------------------------------
Atlanta, GA               San Francisco, CA         $198 (C)

Baltimore, MD             Los Angeles, CA           $228 (C)

Birmingham, AL            Charlotte, NC             $138 

Boston, MA                Buffalo, NY               $128 (#4)
Boston, MA                Cincinnati, OH            $128 (*)(C)
Boston, MA                Richmond, VA              $128 (*)(#4)

Buffalo, NY               Los Angeles, CA           $218 (C)
Buffalo, NY               Philadelphia, PA          $128 

Charleston, SC            Boston, MA                $148 (C)

Charlotte, NC             Baltimore, MD             $148 
Charlotte, NC             Chattanooga, TN           $128 (#6)
Charlotte, NC             Chicago O'Hare, IL        $158 (*)
Charlotte, NC             Cincinnati, OH            $138 (*)(#8)
Charlotte, NC             Manchester, NH            $138 
Charlotte, NC             Newark, NJ                $168 
Charlotte, NC             San Francisco, CA         $238 

Chicago O'Hare, IL        Charlotte, NC             $158 (*)
Chicago O'Hare, IL        Pittsburgh, PA            $138 (*)

Cincinnati, OH            Boston, MA                $128 (*)(C)
Cincinnati, OH            Charlotte, NC             $138 (*)(#8)

Columbus, OH              Philadelphia, PA          $138 (*)

Dallas/Ft. Worth, TX      Baltimore, MD             $168 (C)

Denver, CO                Philadelphia, PA          $198 

Greensboro, NC            Hartford, CT              $148 (C)

Greenville/Spart., SC     Hartford, CT              $148 (C)

Harrisburg, PA            New York LaGuardia, NY    $108 (#1)

Houston, TX               Philadelphia, PA          $168 

Indianapolis, IN          Pittsburgh, PA            $118 

Jacksonville, FL          Philadelphia, PA          $148 

Knoxville, TN             Washington National, DC   $128 (#7)

Los Angeles, CA           New York LaGuardia, NY    $228 (C)

Manchester, NH            Philadelphia, PA          $138 

Miami, FL                 Pittsburgh, PA            $158 

Milwaukee, WI             Rochester, NY             $138 (C)

Minneapolis/St. Paul, MN  Boston, MA                $178 (C)

Nashville, TN             Pittsburgh, PA            $128 

New York LaGuardia, NY    Cincinnati, OH            $118 (C)
New York LaGuardia, NY    Richmond, VA              $108 (#2)
New York LaGuardia, NY    Washington Dulles, DC     $128 (#3)

Norfolk, VA               Atlanta, GA               $118 (C)

Philadelphia, PA          Boston, MA                $118 
Philadelphia, PA          Chicago O'Hare, IL        $148 
Philadelphia, PA          Columbia, SC              $138 (#5)
Philadelphia, PA          Columbus, OH              $138 (*)
Philadelphia, PA          Los Angeles, CA           $228 
Philadelphia, PA          Raleigh/Durham, NC        $138 

Pittsburgh, PA            Chicago O'Hare, IL        $138 (*)
Pittsburgh, PA            Dayton, OH                $118 (#7)
Pittsburgh, PA            Greensboro, NC            $138 
Pittsburgh, PA            Hartford, CT              $128 
Pittsburgh, PA            Los Angeles, CA           $228 
Pittsburgh, PA            New York LaGuardia, NY    $148 

Portland, ME              Philadelphia, PA          $128 

Providence, RI            Cincinnati, OH            $138 (C)

Raleigh/Durham, NC        New York LaGuardia, NY    $148 (#4)

Richmond, VA              Boston, MA                $128 (*)(#4)

Rochester, NY             Pittsburgh, PA            $118 

San Francisco, CA         New York LaGuardia, NY    $228 (C)

Washington National, DC   Boston, MA                $148 
Washington National, DC   Raleigh/Durham, NC        $128 (#8)
Washington National, DC   Rochester, NY             $138 (#1)

West Palm Beach, FL       Charlotte, NC             $148 


Roundtrip purchase required.

(*) Indicates available for travel originating in either city
(C) Indicates travel requires a connecting flight
(#) Indicates travel is wholly on US Airways Express, served by the following carriers:
    1. Allegheny
    2. Allegheny/Chautauqua
    3. Allegheny/Colgan
    4. Chautauqua
    5. Chautauqua/Mesa/PSA
    6. Mesa/Piedmont
    7. Mesa/PSA
    8. Piedmont/PSA
   
Fares shown are based on roundtrip Coach travel on US Airways/US Airways Express, during the period specified above. Depending upon your travel needs, alternative routings may be available at the same fares, with part of the service on regional aircraft operated by US Airways Express carriers Allegheny, Air Midwest, CCAIR, Chautauqua, Colgan, Mesa, Piedmont, PSA, Shuttle America or Trans States.

************************************************************
2. EARN UP TO 7,000 BONUS MILES
************************************************************

Apply for the Dividend Miles Visa Platinum Credit Card from Bank of America and start earning free travel on US Airways and our airline partners. Receive up to 7,000 bonus miles after making your first purchase. And then each time you make a purchase, you will earn one mile for every dollar spent and two miles for every dollar spent on purchases made directly from US Airways*. For details or to apply, call 1-800-335-4340 or visit 
http://www.bankofamerica.com/adtrack/index.cgi?adlink=00030200514952973951

*Dividend Miles Visa Platinum Credit Card Terms & Conditions
Earn one mile for every dollar spent, less any purchase credits other than payments ("Net Purchases"). Double miles apply to the purchase of all US Airways goods and services purchased directly from US Airways. Double miles do not apply to the purchase of US Airways Vacations. Mileage accumulation may be subject to certain limitations, restrictions and exclusions. Other terms and conditions may apply.

************************************************************
3. LAST-MINUTE HOTEL DEALS
************************************************************

US Airways has teamed up with hoteldiscounts.com to offer E-Savers subscribers great discounts at hotels in this weekend's E-Savers destinations. Simply visit 
http://www.hoteldiscounts.com/usairways/index.html 
and click on the E-Savers destination you're planning to visit. hoteldiscounts.com will list a variety of hotels offering a wide range of rates for you to choose from. Book your room online or call hoteldiscounts.com directly at 1-800-645-6144. 

Here's a sample of this week's special rates from hoteldiscounts.com:

Baltimore from       $75.95
Charlotte from       $49.95
Hartford from        $65.95
Newark from          $69.95
San Francisco from   $49.95

************************************************************
4. DIVIDEND MILES OFFERS
************************************************************

Did you know you could earn thousands of Dividend Miles when you buy, sell, and/or finance your home or obtain an auto loan through LendingTree? It's one of the most generous mileage offers around. Visit http://www.lendingtree.com/usairways/default.asp?source=esavers 
for complete details.

Already a Dividend Miles member? You can earn triple miles on every US Airways Shuttle flight you fly through December 31, 2002. Plus, your bonus miles will count towards earning Preferred status. Register before you take your next US Airways Shuttle flight at 
http://www.usairways.com/dividendmiles/5236.htm

Reminder: Make sure your Dividend Miles account number is in your E-Savers reservation, so you can earn miles for worldwide award travel on US Airways and our partners. To enroll in Dividend Miles, go to http://www.usairways.com/
To earn even more miles, book E-Savers using your US Airways Dividend Miles Visa card. To apply for the Dividend Miles Visa card issued by Bank of America, please visit us at 
http://www.usairways.com/dmcreditcards

Please note:  Mileage bonus for booking online does not apply to E-Savers.  

************************************************************
5. E-SAVERS FARE REQUIREMENTS
************************************************************

- Restrictions: Seats are limited and are not available on all flights/days. Fares cannot be combined with other fares, discounts, promotions or coupons. Travel must begin and end in the same city. One-way travel, stopovers, waitlisting and standbys are not permitted. Tickets must be purchased at the time of reservation. Fares will not be honored retroactively or in conjunction with the exchange of any partially used ticket.

- Travel: Depart Saturday, 11/9/02, and return Sunday, Monday or Tuesday, 11/10-11/12/02.

- Taxes/Fees: Fares do not include a $3 federal excise tax which will be imposed on each flight segment of your itinerary. A flight segment is defined as a takeoff and a landing. Fares for Canada do not include total government-imposed taxes and fees of up to $65. Depending on the itinerary, passenger facility charges of up to $18 and the September 11th Security Fee of up to $10 may apply in addition to the fare. 

- Changes: Tickets become non-refundable 24 hours after making initial reservation, and may be changed prior to the departure of each flight segment for a minimum $100 fee. If changes are not made prior to the departure date/time of each flight, the entire remaining ticket will have no further value.

- Miscellaneous: Lower fares may be available in these markets. Other conditions apply.

************************************************************
6. SUBSCRIPTION INFORMATION
************************************************************

This is a post-only mailing sent to CYPHERPUNKS at ALGEBRA.COM. If you would like to change your e-mail address, you will need to unsubscribe and resubscribe at the E-Savers Enrollment page:
http://www.usairways.com/promotions/esavers/enroll/index.htm

To unsubscribe from this list, please click here:
http://www.usairways.com/cgi-bin/delete.cgi?email=CYPHERPUNKS at ALGEBRA.COM

To change your departure city preferences, please visit:
http://www.usairways.com/promotions/esavers/enroll/index.htm

Please do not respond to this message.


Copyright US Airways 1996-2002.  All rights reserved.







From jason at lunkwill.org  Tue Nov  5 21:18:40 2002
From: jason at lunkwill.org (Jason Holt)
Date: Wed, 6 Nov 2002 05:18:40 +0000 (UTC)
Subject: "patent free(?) anonymous credential system pre-print" - a simple
 attack and other problems
In-Reply-To: <200211052004.gA5K43s12960@baskerville.CS.Arizona.EDU>
Message-ID: <Pine.LNX.4.44.0211052114070.10429-100000@potato.zayda.com>



(Re: my paper at http://eprint.iacr.org/2002/151/ )

Stefan Brands wrote:
> - The system is subject to a simple attack. The problem lies with the
> multiplication of the  hashes. Let's take the Chaum blinding as an
[...]

	(For our readers at home, that was the vulnerability I mentioned in my 
response to Adam).

[...]
> - My work certainly does provide for "revocable anonymity" and "pooling"
> prevention. For  pooling protection, see paragraph 2 on page 193,
> section 5.11 page 210 paragraph 2, and  section 5.5.2 on page 211. For
[...]

	When I speak of pooling credentials, I'm talking about Alice
presenting her student ID along with the senior-citizen ID Bob loaned her (or
for which Bob is answering clandestine-ly), as if they both belonged to her,
in order to get both discounts on her movie tickets.  In my system, you get
your credentials issued in a set associated with a single identity, and it's
hard for Alice to get Bob's credentials included in one of her own sets.  It
works even if the CAs don't trust each other.

	Page 211 of your book talks about discouraging lending, which doesn't
help in the case when Bob answers in Alice's behalf when she shows his
credentials.  In any case, section 5.5.2 only adds liability to pooling - it
doesn't prevent it mathematically.  (As to lending in general, I think you're
right that discouragement may be the best we can do).

	Page 193 and 210 do talk about having an identifying value encoded in
the credentials which the holder can prove is or isn't the same as in other
credentials.  However, the discussion on page 193 is with respect to building
digital pseudonyms, and the discussion on page 210 seems to be about showing
that values are *not* the same, following a scenario in which a pseudonym
holder has been identified as a misbehaver. I can think of ways in which this
feature might be leveraged to create otherwise-unlinkable sets of credentials
from different (distrusting) CAs, but it's never addressed directly that I can
see, and would need some specifics filled in.  Nonetheless, I'll point out in
my paper that it's a possibility in your system.
	

> - The proposed hashing technique for selective disclosure was introduced
> by myself in 1999.  Quoting from page 27 of my MIT Press book titled
[...]

	Pages 27 and 184 of your book are now both referenced in my section on
selective disclosure.


> - More seriously, the simple hash technique has numerous drawbacks, as I
> explain on page page  27 of my MIT Press book, in the very same
> paragraph: "Although certificate holders now have  some control over
> which attributes they reveal to verifiers, they are forced to leave
> behind digital signatures. ...
[...]

	What do you mean by "forced to leave behind digital signatures"?  


> ...  Worse, nothing prevents the CA and others from tracing and linking all
> the communications and transactions of each certificate holder." ...
[...]

	This is of course overcome in my system with blinding and
cut-and-choose.

> [
>   Snipped discussion of features which Brands' system has and my system 
>   doesn't: boolean formulae, lending prevention, limited show,
>   wallet-with-observer, discarding protection, anonymous recertification /
>   updating, multi-application certificates, etc.
> ]

	From my response to Adam Back:

I'm glad that was clear in my text.  This isn't a do-everything system like
Brands' - rather, it has 2 aims.  1: show how to do simple selective
disclosure in a Chaum/Fiat/Naor-like system using X.509v3 credentials as a
base, and 2: show how to link credentials from multiple issuers to the same
identity without compromising anonymity.

	And actually, I forgot to mention the original goal of my paper, which
was to create a system not encumbered by your patents or Chaum's.

	I'll expand my related work section to point out that your system and
others have lots of features which my system doesn't attempt to provide.  My
apologies if my terse treatment mischaracterized your work.

						-J




From webmaster at chinaedunet.com  Tue Nov  5 13:27:19 2002
From: webmaster at chinaedunet.com (hk)
Date: Wed, 6 Nov 2002 05:27:19 +0800
Subject: =?GB2312?B?ysC958LD087N+Lu2063E+iE=?=
Message-ID: <200211052124.gA5LNs2g011641@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3034 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021106/56ae3ebb/attachment.txt>

From jmusa4 at myself.com  Tue Nov  5 21:43:05 2002
From: jmusa4 at myself.com (jmusa4 at myself.com)
Date: Wed, 6 Nov 2002 05:43:05 +0000
Subject: ****Business Proposal****
Message-ID: <200211070443.gA74hS2f097000@locust.minder.net>




NATIONAL ELECTRIC POWER AUTHORITY 
NIGERIAN WATER WAYS APAPA,
LAGOS.NIGERIA
CELL PHONE:234-804-213-8559
REPLY TO:  jmusa at myself.com   

DEAR FRIEND,

YOUR COMPANY'S NAME AND ADDRESS WAS GOTTEN FROM A
BUSINESS DIRECTORY IN MY SEARCH FOR  A WELL KNOWN
BUSINESSMAN WHO HAS NO QUESTIONABLE CHARACTER AND MUST
BE A SUCCESSFUL BUSINESSMAN.  

AS A MATTER OF FACT, I AM JUSTICE MUSA , A
DIRECTOR IN THE NATIONAL ELECTRIC POWER AUTHORITY
(N.E.P.A).  ALSO I WAS PRIVILEGED TO BE A MEMBER OF
TENDER'S BOARD THAT AWARDED AND SUPERVISED THE
EXECUTION OF A MULTIMILLION U.S. DOLLARS CONTRACT IN
1998.  THE CONTRACT  HAS BEEN COMPLETED AND
COMMISSIONED IN AUGUST 1996,AND ORIGINAL CONTRACT
VALUE PAID IN OCTOBER 2000, TO THE FOREIGN FIRM THAT
ACTUALLY EXECUTED THE CONTRACT. 

HOWEVER, AS A RESULT OF OVER-INVOICING AND SERIES OF
REVISION CARRIED OUT IN THE COURSE OF THE CONTRACT
EXECUTION, THERE NOW EXISTS A FLOATING SUM OF
US$45.5M(FORTY FIVE MILLION FIVE HUNDRED THOUSAND  U.S
DOLLARS ONLY).  THIS MONEY IS NOW DUE FOR PAYMENT IN
THE GOVERNMENT QUARTERLY PAYMENT SCHEDULE AND WE WISH
TO REMIT THIS FUND INTO YOUR DESIGNATED PERSONAL OR
CORPORATE ACCOUNTS OVERSEAS.
 
WE SHALL SECURE THE PAYMENT APPROVALS FROM THE
RELEVANT OFFICE/MINISTRIES HERE FOR THE RELEASE OF
THIS CONTRACT SUM IN FAVOUR OF YOUR COMPANY WITH
DOCUMENT AND INFORMATION WE SHALL REQUEST FROM YOU
TOO, WE HAVE NOW CONCLUDED ARRANGEMENTS IN THE CENTRAL
BANK OF NIGERIA TO REMIT THIS MONEY AS SUM REALIZED BY
A COMPANY THROUGH LEGITIMATE MEANS IN NIGERIA.  

TERMS AND CONDITIONS 

THE FUND WILL BE SHARED 35% FOR YOU AND 60% FOR US. 
THE  REMAINING  5% TAKES CARE OF ALL INCIDENTAL
EXPENSES.  TO FORMALISE THIS TRANSACTION IN NIGERIA IN
FAVOUR OF YOUR DESIGNATED COMPANY WE REQUIRE
YOUTOFORWARD THE FOLLOWING: 

1. AN ASSURANCE OF YOUR ABILITY, WILLINGNESS AND
READINESS TO FULLY CORPORATE WITH US DURING
DISBURSEMENT     OVERSEAS AND TO MAINTAIN THE MAXIMUM
CONFIDENTIALITY REQUIRED IN A BUSINESS OF THIS NATURE
IN ALL  PLACES AT ALL TIMES ON BOTH SIDES. 

2. PARTICULARS OF YOUR BANKS INCLUDING NAME OF BANK,
ADDRESS, ACCOUNT NUMBERS, TELEX AND FAX
NUMBERSANDE-MAIL NUMBER OF YOUR BANK. 
3.YOUR PRIVATE TELEX, FAX AND TELEPHONE NUMBERS FOR
SAFE, QUICK AND EFFECTIVE  COMMUNICATION INCLUDING
HOME AND MOBILE PHONES (IF ANY). 

4.WILLINGNESS & READINESS TO ASSIST ME IN PROCURING
RELEVANT DOCUMENTS/APPROVALS.  

THIS REMITTANCE IS GUARANTEE IN LESS THAN 14(FOURTEEN)
WORKING DAYS UPON RECEIPT OF THE ABOVE MENTION
PARTICULARS BY FAX, HOWEVER, IT REQUIRES THE HIGHEST
CO-OPERATION,  SERIOUSNESS, MUTUAL TRUST, HONEST 
AND STRICTLY CONFIDENTIAL ON BOTH SIDES TO AVOID
JEOPARDIZING THE POSITION OF THE OFFICERS WHO ARE TOP
GOVERNMENT FUNCTIONARIES.  ALSO WE WANT TO USE PART OF
OUR PERCENTAGE TO IMPORT ANY QUICK SELLING GOODS WITH
YOUR ASSISTANCE AFTER THE FUND HAS BEENTRANSFERREDINTO
YOUR BANK ACCOUNT.  

LOOKING FORWARD TO HEARING FROM YOU THROUGH MY
TELEPHONE:234-804-213-8559 OR REPLY TO: jmusa at myself.com 

BEST REGARD.   

JUSTICE MUSA







From ptrei at rsasecurity.com  Wed Nov  6 08:22:50 2002
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Wed, 6 Nov 2002 11:22:50 -0500 
Subject: Did you *really* zeroize that key?
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A041BAF0F@exna07.securitydynamics.com>


>From RISKS:
http://catless.ncl.ac.uk/Risks/22.35.html#subj6

Those of us who write code need to be reminded of this 
now and then.

Peter Trei

---------------
Software leaves encryption keys, passwords lying around in memory

       Monty Solomon <monty at roscom.com> 
       Wed, 30 Oct 2002 22:31:46 -0500


         http://online.securityfocus.com/archive/82/297827

       Date: Thu, 31 Oct 2002 05:11:31 +1300 (NZDT)
       From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
       Subject: Software leaves encryption keys, passwords lying around in
memory

       The following problem was first pointed out (in private mail) by
Michael
       Howard from Microsoft.  His writeup is now available at
 
http://msdn.microsoft.com/library/en-us/dncode/html/secure10102002.asp.
       From a representative check of a few widely-used open source crypto
       programs, this affects quite a bit of software.

       The problem he points out is that clearing sensitive information such
as
       encryption keys from memory may not work as expected because an
optimising
       compiler removes the memset() if it decides it's redundant.  Consider
for
       example the following:

       int encrypt( const void *key )
         {
         puts( key );     /* Normally we'd encrypt here */
         }

       void main( void )  /* Because we can */
         {
         char key[ 16 ];

         strcpy( key, "secretkey" );
         encrypt( key );
         memset( key, 0, 16 );
         }

       When compiled with any level of optimisation using gcc, the key
clearing
       call goes away because of dead code elimination (see the MSDN article
for
       more details on this, which uses VC++ to get the same effect).  While
you
       can kludge enough stuff around a custom memory-clear call to fool the
       optimiser (hacks with 'volatile', touching the memory after it's
cleared and
       hoping the optimiser is fooled, etc etc) there's no guarantee that
it'll
       work for anything but the compiler(s) you happen to test it with -
any
       future enhancement to the optimiser may turn it back into a nop.
What it
       really needs is the addition of a #pragma
dont_remove_this_code_you_bastard
       in the compiler.  Until then, a lot of security code will be affected
by
       this problem.

         [In RISKS, I tend never to alter British spellings.  However,
         in American English, an "optimiser" must be the ultimate miser.]




From schear at attbi.com  Wed Nov  6 11:30:13 2002
From: schear at attbi.com (Steve Schear)
Date: Wed, 06 Nov 2002 11:30:13 -0800
Subject: German Wiretappers Bill Victims
In-Reply-To: <Pine.LNX.4.33.0211060803220.28659-100000@hydrogen.leitl.or
  g>
References: <5.1.1.6.2.20021105075811.04c44078@idiom.com>
Message-ID: <5.1.0.14.2.20021106112744.045005a0@mail.attbi.com>


At 08:09 AM 11/6/2002 +0100, Eugen Leitl wrote:
>On Tue, 5 Nov 2002, Bill Stewart wrote:
>
> > http://www.theregister.co.uk/content/5/27917.html
> >
> > German secret service taps phones, bills buggees


I wonder if its possible if this billing incident wasn't a mistake, but an 
activist "pulling down the pants" of their security services.

steve




From skquinn at speakeasy.net  Wed Nov  6 13:35:48 2002
From: skquinn at speakeasy.net (Shawn K. Quinn)
Date: Wed, 6 Nov 2002 15:35:48 -0600
Subject: Did you *really* zeroize that key?
In-Reply-To: <F504A8CEE925D411AF4A00508B8BE90A041BAF0F@exna07.securitydy
  namics.com>
References: <F504A8CEE925D411AF4A00508B8BE90A041BAF0F@exna07.securitydyn
  amics.com>
Message-ID: <200211061535.48396.skquinn@speakeasy.net>


On Wednesday November 6 2002 10:22, Trei, Peter wrote:
> What it really needs is the addition of a #pragma
> dont_remove_this_code_you_bastard in the compiler.  
> Until then, a lot of security code will be affected by this problem.

Somehow I don't think they'll quite call it this. But you've got to 
admit it is cute. :-)

How about either: 

#pragma no_optimize

or

#pragma security

-- 
Shawn K. Quinn




From hseaver at cybershamanix.com  Wed Nov  6 16:34:27 2002
From: hseaver at cybershamanix.com (Harmon Seaver)
Date: Wed, 6 Nov 2002 18:34:27 -0600
Subject: Amsterdam loses electricity, lots of internet service
In-Reply-To: <5.1.1.6.2.20021106155820.02b204f0@idiom.com>
References: <5.1.1.6.2.20021106155820.02b204f0@idiom.com>
Message-ID: <20021107003427.GF6075@cybershamanix.com>


On Wed, Nov 06, 2002 at 04:02:54PM -0800, Bill Stewart wrote:
> Reported on the NANOG list
> > There's been an explosion in a power distribution center in amsterdam,
> over
> > half the city is without power, and, as far as I know, the Nikhef building
> > is competely powerless, Telecity is running on backup generators. Redbus
> > building seems at least partially up, but the link between Telecity and
> > Redbut is dead. Power company is working on the problem, but as yet, its a
> > big mess.
> 
> ---
> >> http://www.ams-ix.com/hugegraph.html
> >> That can only be an error, I heard ams-ix got a power outage at the 
> moment...
> 
> > 80% of Amsterdam is without power, one AMS-IX site is without no-break
> > power for an other few weeks, others are running out of UPS capacity.



   Shit! Holy Shit! What will happen to all those grow rooms? This is an
unparalled disaster.



-- 
Harmon Seaver	
CyberShamanix
http://www.cybershamanix.com

"War is just a racket ... something that is not what it seems to the
majority of people. Only a small group knows what its about. It is
conducted for the benefit of the very few at the expense of the
masses."  --- Major General Smedley Butler, 1933

"Our overriding purpose, from the beginning through to the present
day, has been world domination - that is, to build and maintain the
capacity to coerce everybody else on the planet: nonviolently, if
possible, and violently, if necessary. But the purpose of US foreign
policy of domination is not just to make the rest of the world jump
through hoops; the purpose is to faciliate our exploitation of
resources."
- Ramsey Clark, former US Attorney General
http://www.thesunmagazine.org/bully.html




From jamesd at echeque.com  Wed Nov  6 23:57:22 2002
From: jamesd at echeque.com (James A. Donald)
Date: Wed, 06 Nov 2002 23:57:22 -0800
Subject: New Protection for 802.11
In-Reply-To: <aqcak8$3dk$1@abraham.cs.berkeley.edu>
Message-ID: <3DC9AC62.6570.38653A1@localhost>

    --
Reading the Wifi report,
http://www.weca.net/OpenSection/pdf/Wi-
Fi_Protected_Access_Overview.pdf 
it seems their customers stampeded them and demanded that the
security hole be fixed, fixed a damned lot sooner than they
intended to fix it.

I am struck the contrast between the seemingly strong demand 
for wifi security, compared to the almost complete absence of 
demand for email security.

Why is it so? 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     IWe4JFeDeor04Pxb96ZsQ7xX+JAwxSs8HQfoAeG5
     4rQX6tgLhAvAwLjF+SXlRswSmphBhw4cOXLe9Y4r5


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From eresrch at eskimo.com  Thu Nov  7 06:18:35 2002
From: eresrch at eskimo.com (Mike Rosing)
Date: Thu, 7 Nov 2002 06:18:35 -0800 (PST)
Subject: New Protection for 802.11
In-Reply-To: <3DC9AC62.6570.38653A1@localhost>
Message-ID: <Pine.GSU.4.44.0211070614490.25382-100000@eskimo.com>


On Wed, 6 Nov 2002, James A. Donald wrote:

>     --
> Reading the Wifi report,
> http://www.weca.net/OpenSection/pdf/Wi-
> Fi_Protected_Access_Overview.pdf
> it seems their customers stampeded them and demanded that the
> security hole be fixed, fixed a damned lot sooner than they
> intended to fix it.
>
> I am struck the contrast between the seemingly strong demand
> for wifi security, compared to the almost complete absence of
> demand for email security.
>
> Why is it so?

Because e-mail goes over a wire and Wifi is broadcast.
Tapping wires is harder than setting up an antenna in
a truck outside your building.

It has a lot to do with psycology and magazine articles.  It has nothing
to do with security.  If a lot of people were getting screwed because
their e-mail was being read, and it got written up in PC magazine,
security would be a much bigger issue.  A lot of Wifi users have been
screwed and it's showed up in trade journals.  That's all!

Patience, persistence, truth,
Dr. mike




From mv at cdc.gov  Thu Nov  7 09:20:40 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Thu, 07 Nov 2002 09:20:40 -0800
Subject: Amerikan Military: All Your Children Are Belong To Us
Message-ID: <3DCAA0E8.F91E0D7F@cdc.gov>


Sharon Shea-Keneally, principal of Mount Anthony Union High School in
                   Bennington, Vermont, was shocked when she received a
letter in May
                   from military recruiters demanding a list of all her
students, including names,
                   addresses, and phone numbers. The school invites
recruiters to participate
                   in career days and job fairs, but like most school
districts, it keeps student
                   information strictly confidential. "We don't give out
a list of names of our
                   kids to anybody," says Shea-Keneally, "not to
colleges, churches,
                   employers -- nobody."

                   But when Shea-Keneally insisted on an
                   explanation, she was in for an even bigger
                   surprise: The recruiters cited the No Child Left
                   Behind Act, President Bush's sweeping new
                   education law passed earlier this year. There,
                   buried deep within the law's 670 pages, is a
                   provision requiring public secondary schools to
                   provide military recruiters not only with access
                   to facilities, but also with contact information for
                   every student -- or face a cutoff of all federal
                   aid.
<snip>
http://www.motherjones.com/news/outfront/2002/45/ma_153_01.html




From ptrei at rsasecurity.com  Thu Nov  7 06:58:43 2002
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Thu, 7 Nov 2002 09:58:43 -0500 
Subject: New Protection for 802.11
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A041BAF17@exna07.securitydynamics.com>

> James A. Donald[SMTP:jamesd at echeque.com] wrote:
> 
> 
> Reading the Wifi report,
> http://www.weca.net/OpenSection/pdf/Wi-
> Fi_Protected_Access_Overview.pdf 
> it seems their customers stampeded them and demanded that the
> security hole be fixed, fixed a damned lot sooner than they
> intended to fix it.
> 
> I am struck the contrast between the seemingly strong demand 
> for wifi security, compared to the almost complete absence of 
> demand for email security.
> 
> Why is it so? 
> 
>     --digsig
>          James A. Donald
> 
How many stories have you read in the last year about
non-LEOs stealing email?

How many stories in the last year have you read about
wardriving?

Further, tapping into 802.11b nets 

	* gives the attacker access to your internal
	  network. You already know what you're
	  sending in email, and eavesdropping on 
	  data you've already decided to send to someone
	  else feels different than someone trolling through
	  your file system without your knowledge.

	* requires that the tapper be more or less
	  nearby physically. This feels a lot
	  different than worrying that a distant
	  router is compromised.

Peter Trei



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From dahonig at cox.net  Thu Nov  7 10:13:52 2002
From: dahonig at cox.net (David Honig)
Date: Thu, 07 Nov 2002 10:13:52 -0800
Subject: Did you *really* zeroize that key? 
In-Reply-To: <20021107145526.3EC867B68@berkshire.research.att.com>
Message-ID: <3.0.5.32.20021107101352.0083fa60@pop.west.cox.net>

At 03:55 PM 11/7/02 +0100, Steven M. Bellovin wrote:
>Regardless of whether one uses "volatile" or a pragma, the basic point 
>remains:  cryptographic application writers have to be aware of what a 
>clever compiler can do, so that they know to take countermeasures.

Wouldn't a crypto coder be using paranoid-programming 
skills, like *checking* that the memory is actually zeroed? 
(Ie, read it back..)  I suppose that caching could still
deceive you though?

I've read about some Olde Time programmers
who, given flaky hardware (or maybe software), 
would do this in non-crypto but very important apps. 









---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From AECProfessional at edge.zwa.com  Thu Nov  7 08:59:04 2002
From: AECProfessional at edge.zwa.com (AECWorkForce Professional News)
Date: Thu, 7 Nov 2002 11:59:04 -0500
Subject: AECWorkForce Professional News (November 8, 2002)
Message-ID: <LYRIS-473917-23774-2002.11.07-23.50.00--cypherpunks#minder.net@edge.aecworkforce.com>


===========================================================================
AECWorkForce Professional News

Where great careers in design 
and construction are built                http://www.AECWorkForce.com
==========================================================================

Friday, November 8, 2002

THIS WEEK
1. JOB SEARCH STRATEGIES - RESIGNING PROFESSIONALLY
2. AEC CAREER TRENDS -  STAYING ON TOP OF THE JOB MARKET
3. CAREER MENTOR - "IS THIS GOING TO BE ON THE TEST?"
4. HOT FIRM - TRANSYSTEMS CORPORATION
5. HOT JOBS - MORE HOT LISTINGS FROM AECWORKFORCE.COM

Questions about your subscription to AECWorkForce Professional News? Check
the end of this message for information.

*********************************************************** 

1. AEC JOB SEARCH STRATEGIES
RESIGNING PROFESSIONALLY
So you've finally decided to quit your lousy job. Here are some tips on
how to keep your professionalism intact during your resignation.
MORE: http://www.aecworkforce.com/magazine/jobsearch/current.htm


2. AEC CAREER TRENDS
STAYING ON TOP OF THE JOB MARKET
Today, more and more qualified, experienced professionals are actively
testing the job market to see what it has to offer-while they're still
employed. Learn why that's not a bad idea.
MORE: http://www.aecworkforce.com/magazine/careers/current.htm


ADVERTISEMENT ********************************************** 

NEW! A CAREER GUIDE JUST FOR DESIGN AND CONSTRUCTION PROS

ONLY $23.95!

Are you looking for a new job in the design and construction field? Then
the AECWorkForce Guide to Finding the Right Job in the Design &
Construction Industry is the perfect resource! From the job search
experts at AECWorkForce.com, this guide is a must-have for any AEC
industry job seeker looking for an edge. To learn more, visit us online at http://www.aecworkforce.com/guide

***********************************************************


3. AEC CAREER MENTOR
"IS THIS GOING TO BE ON THE TEST?"
Dear AEC Career Mentor: Recently, I interviewed with a great firm for the
position of  project manager. I have the experience, but they want me to
take a WRITING TEST! I'm bugged-is this the norm?
MORE: http://www.aecworkforce.com/magazine/mentor/current.htm


4. HOT FIRM
TRANSYSTEMS CORPORATION
KANSAS CITY, MO

With 700 employees and 26 offices, TranSystems Corporation has been a
leader in providing nationwide transportation engineering, planning and
architectural services for over 30 years. Their dynamic, entrepreneurial
environment has created engineering opportunities for entry-level and
experienced professionals in their offices throughout the United States. 
Learn more about this hot firm by clicking here:
http://www.aecworkforce.com/cgi-bin/wc.dll?Enter~?ShowProfile~_0B212XIA7 


5. HOT JOBS

ELECTRICAL ENGINEER : C & I ENGINEERING : LOUISVILLE, KY
http://www.aecworkforce.com/cgi-bin/wc.dll?Enter~?ViewPosting$_0ST10D9LX
 
PROJECT ENGINEER : EPOCH ENVIRONMENTAL GROUP LLC : LINO LAKES, MN
http://www.aecworkforce.com/cgi-bin/wc.dll?Enter~?ViewPosting$_0T00QMQ3U
 
STRUCTURAL PM / ENGINEER : STRUCTURE STUDIO : MORRISTOWN, NJ
http://www.aecworkforce.com/cgi-bin/wc.dll?Enter~?ViewPosting$_0SV0M2D9R
 
ENG TECH III : VA DEPT OF TRANSPORTATION : COLONIAL HEIGHTS, VA
http://www.aecworkforce.com/cgi-bin/wc.dll?Enter~?ViewPosting$_0SU0TMKRV
 
TRAFFIC ENG : CALVIN GIORDANO & ASSOCIATES INC : FORT LAUDERDALE, FL
http://www.aecworkforce.com/cgi-bin/wc.dll?Enter~?ViewPosting$_0SO0UY9WQ
 
ENGINEERING MANAGER : FACILITY ENGINEERING ASSOCIATES P.C. : HOUSTON, TX
http://www.aecworkforce.com/cgi-bin/wc.dll?Enter~?ViewPosting$_0SR0ZB0CR
 
INSIDE SALES MANAGER : JACOBS FACILITY INC : ARLINGTON, VA
http://www.aecworkforce.com/cgi-bin/wc.dll?Enter~?ViewPosting$_0SM10F4VD
 
PE : GEORGE MILES & BUHR ENGINEERS & ARCHITECTS : SALISBURY, MD
http://www.aecworkforce.com/cgi-bin/wc.dll?Enter~?ViewPosting$_0SR0ZOWCB
 
LEAD CIVIL ENGINEER : ENVIRONMENTAL LIABILITY MANAGEMENT : PRINCETON, NJ
http://www.aecworkforce.com/cgi-bin/wc.dll?Enter~?ViewPosting$_0SY0Y93JY
 
PROJECT MANAGER : L. ROBERT KIMBALL & ASSOCIATES : ALTOONA, PA
http://www.aecworkforce.com/cgi-bin/wc.dll?Enter~?ViewPosting$_0SU0M8QJ8

***********************************************************
===========================================================================
Copyright 2002, AECWorkForce

AECWorkForce Professional News is a bi-weekly update on AEC trends, careers,
and job search strategies for professionals in architecture, engineering, 
construction, and allied professions.

Please do not reply to this address. Send inquiries to 
mailto:info at AECWorkForce.com. 

TO OPT OUT: If you received this in error, we apologize. To remove yourself
from future AECWorkForce Professional News mailings, send a blank email 
to mailto:leave-aecprofessional-473917S at edge.aecworkforce.com.

TELL A FRIEND: To subscribe to AEC WorkForce Professional News, just send 
an email to AECProfessional at edge.AECWorkForce.com with the word SUBSCRIBE 
in the body of your message...

Get career ideas and a whole lot more at AECWorkForce.com. It's the 
fastest-growing career portal for design and construction professionals. 
It's free, it's powerful, it's packed with news and helpful advice,
and lots and lots of jobs!

Start your next search today.

AECWorkForce
Where great careers in design and construction are built               
http://www.AECWorkForce.com

===========================================================================




From qkwghifg at aol.com  Thu Nov  7 13:23:33 2002
From: qkwghifg at aol.com (Harold Coppedge)
Date: Thu, 07 Nov 2002 13:23:33 -0800
Subject: cypherpunks, Refinance with bad credit! 2700 lender network can help
Message-ID: <ixdwtwwiser@aol.com>


Sorry about that. My hosting went down
I had hosting problems: http://www.votersurvey.com/ms2/index.htm

Do you have tons of debts and want to refinance_your home I guaruntee that I can do it fast and easy and your credit score doesn't matter! Please  just fill out this form and I'll call you immediately. http://www.votersurvey.com/ms2/index.htm I have more credit programs than the large companies. You will not be dissappointed. 

I'll work my butt off for you!!!!!!
Roger Staples




From bill.stewart at pobox.com  Thu Nov  7 13:44:43 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Thu, 07 Nov 2002 13:44:43 -0800
Subject: Amerikan Military: All Your Children Are Belong To Us
In-Reply-To: <3DCAA0E8.F91E0D7F@cdc.gov>
Message-ID: <5.1.1.6.2.20021107122832.05693b08@idiom.com>


At 09:20 AM 11/07/2002 -0800, our local weapon of mass destruction forwarded:
>Sharon Shea-Keneally, principal of Mount Anthony Union High School in
>Bennington, Vermont, was shocked when she received a
>letter in May from military recruiters demanding a list of all her
>students, including names,
>                    .....
>                    But when Shea-Keneally insisted on an
>                    explanation, she was in for an even bigger
>                    surprise: The recruiters cited the No Child Left
>                    Behind Act, President Bush's sweeping new
>                    education law passed earlier this year. There,
>                    buried deep within the law's 670 pages, is a
>                    provision requiring public secondary schools to
>                    provide military recruiters not only with access
>                    to facilities, but also with contact information for
>                    every student -- or face a cutoff of all federal
>                    aid.
><snip>
>http://www.motherjones.com/news/outfront/2002/45/ma_153_01.html

George HW Bush said he'd be the Education President,
and he certainly was an education.
You just have to parse his statements carefully.

The new Bush isn't as good at grammar, so sometimes he's harder to parse,
but as he says "fool me once, shame on you, um, fool me um,,
can't get fooled again".   He isn't really the same as the old boss,
because the old boss was competent as well as evil...

More seriously, though, it's another example of the difference between
data protected by technology and data protected by laws.
The old Buckley Amendment had some really hard-core protection for
student records, though it probably had holes in it for things like
military recruiting, and the military certainly did use any approach it could
to keep track of potential draftees and potential recruits.
But that's all gone now - it wasn't Constitutionally set in stone,
and most of it probably wasn't directly driven by court orders,
so the legislature can bounce it any time they want,
even if they don't realize what they're signing.




From k-elliott at wiu.edu  Thu Nov  7 13:48:12 2002
From: k-elliott at wiu.edu (Kevin Elliott)
Date: Thu, 7 Nov 2002 13:48:12 -0800
Subject: Did you *really* zeroize that key?
In-Reply-To: <01f001c28694$205f6640$c71121c2@sharpuk.co.uk>
References: <3.0.5.32.20021107101352.0083fa60@pop.west.cox.net>
  <01f001c28694$205f6640$c71121c2@sharpuk.co.uk>
Message-ID: <p05200f00b9f07c6d726f@[12.246.100.116]>


At 19:30 +0000  on  11/7/02, David Howe wrote:
>at Thursday, November 07, 2002 6:13 PM, David Honig <dahonig at cox.net>
>was seen to say:
>>  Wouldn't a crypto coder be using paranoid-programming
>>  skills, like *checking* that the memory is actually zeroed?
>That is one of the workarounds yes - but of course a (theoretical)
>clever compiler could realise that
>
>int myflag;
>myflag=0;
>if (myflag!=0) { do stuff } ;
>
>can be optimised away entirely as the result is constant.
>
>the problem isn't so much a question of what would work now, but "is it
>possible that your zeros could be optimised away by a theoretical future
>compiler, and how do we make portable code that nevertheless can't be
>optimised away?"

The point is though, that according to C99 today

volatile int myflag;
myflag=0;
if (myflag!=0) { do stuff } ;

does _exactly_ what you want, per the spec.  The only compilers that 
don't work this way are by definition out of spec, so adding new 
stuff isn't going to help.

Having said that, most of what your talking about pragma wise is 
boils down to controlling the optimizer.  Most compilers offer 
options to control this, but it's vendor specific.  I can see how 
adding this to the spec would be worthwhile.  But it's not essential 
to fix the problem above.
-- 
_____________________________________________
Kevin Elliott <mailto:kelliott at mac.com> ICQ#23758827




From mab at research.att.com  Thu Nov  7 10:50:43 2002
From: mab at research.att.com (Matt Blaze)
Date: Thu, 07 Nov 2002 13:50:43 -0500
Subject: Did you *really* zeroize that key? 
In-Reply-To: Message from David Honig <dahonig@cox.net>  of "Thu, 07 Nov
  2002 10:13:52 PST."
  <3.0.5.32.20021107101352.0083fa60@pop.west.cox.net> 
Message-ID: <200211071850.gA7Ioir28484@fbi.crypto.com>


> At 03:55 PM 11/7/02 +0100, Steven M. Bellovin wrote:
> >Regardless of whether one uses "volatile" or a pragma, the basic point 
> >remains:  cryptographic application writers have to be aware of what a 
> >clever compiler can do, so that they know to take countermeasures.
> 
> Wouldn't a crypto coder be using paranoid-programming 
> skills, like *checking* that the memory is actually zeroed? 
> (Ie, read it back..)  I suppose that caching could still
> deceive you though?'

And, of course, the very act of putting in the check could cause a compiler
to not optimize out the zeroize code.  (Writing a proper test program for
such behavior is very difficult).

Like most programming language discussions, it's hard to tell whether the
arguments support writing critical code languages that abstract at a
higher level or a lower level.


> 
> I've read about some Olde Time programmers
> who, given flaky hardware (or maybe software), 
> would do this in non-crypto but very important apps. 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From sbrands at videotron.ca  Thu Nov  7 10:51:45 2002
From: sbrands at videotron.ca (Stefan Brands)
Date: Thu, 07 Nov 2002 13:51:45 -0500
Subject: "patent free(?) anonymous credential system pre-print" - a
 simpleattack and other problems
Message-ID: <000001c2868e$ba693410$6401a8c0@stefanhome>

Hello Jason:

>"Page 193 and 210 do talk about having an identifying 
>value encoded in the credentials which the holder can 
>prove is or isn't the same as in other credentials. However, 
>the discussion on page 193 is with respect to building 
>digital pseudonyms"

No, not at all. The paragraph on page 193 that I referred to is the one
starting with "In some PKIs it is desirable that certificate holders can
anonymously prove to be the originator of several showing protocol
executions." It _preceeds_ the paragraph on digital pseudonyms, which
starts with "A special application of the latter technique are
credential systems in which certificate holders [...] establish digital
pseudonyms with organizations". 

>I can think of ways in which this feature might be leveraged to 
>create otherwise-unlinkable sets of credentials from different 
>(distrusting) CAs, but it's never addressed directly that I can 
>see, and would need some specifics filled in."

There are no specifics to be filled in, the paragraph on 193 states
everything there is to it. If the credential holder engages in several
showing protocols (whether in sequence or in parallel, and regardless of
whether at the same time or at different times -- the paragraph applies
to any situation), all that is needed to prove that no pooling is going
on is the abovementioned proof that the credentials all contain the same
hidden identifier. 

Note that the prover can _hide_ this identifier, thereby allowing him to
prevent linkability with other showing protocol executions for which no
link needs to be established. Of course, the technique also works if
there are many Cas. The user can even prevent the CAs from learning the
built-in identifier that is central to all (or a subset of) his/her
credentials.  (A special CA could issue restrictively blindeded versions
of the user's "identity", which the user then submits to different Cas
who encode it into the certificates they issue.)

>Page 211 of your book talks about discouraging lending, which doesn't
>help in the case when Bob answers in Alice's behalf when she shows his
>credentials. 

Discouraging lending is not the same as preventing pooling. The lending
prevention technique was not intended to address pooling, the technique
on page 193 does a much more effective job at that. However, in your
approach, what prevents me from giving my credentials to someone else
who then uses them to gain access to a service without needing to pool
in any other credentials than the one I lent to him? 

Note also that when all credential attributes are specified within the
same certificate, and the verifier requires authorization information to
be contained within a single attribute certificate, pooling is
inherently prevented. 

>What do you mean by "forced to leave behind digital signatures"?  

There is no zero-knowledge variant of your protocol; the verifier ends
up with undisputable evidence (towards third parties) of the
transaction, and in particular of which attribute values have been shown
by the credential holder. Any digital signatures that are made by
certificate holders can be added to their dossiers; they form
self-signed statements that cannot be repudiated, proving to the whole
world who is the originator of a message and possibly what information
they were willing to give up in return for a service. Doing a
zeroknowledge variant of your proposal requires one to prove knowledge
in zk of various elements rather than showing them in the clear; this
requires extrmely inefficient zk techniques, such as for proving
knowledge of a pre-image under a specific hash function.

>I'll expand my related work section to point out that your system and
>others have lots of features which my system doesn't attempt to
provide. 
>My apologies if my terse treatment mischaracterized your work.

I realize that many of the features of my work are described in a very
dense manner in the book, and therefore it is easy to overlook them. For
example, on the same page 193 there is a sentence "Using our techniques
it is also straightforward for several certificate holders to jointly
demonstrate that their showing protocol executions did not all originate
from
the same certificate holder, or for one certificate holder to show that
he or she was
not involved in a fraudulent transaction." The same applies to my
describtion of the simple hash selective disclosure technique on page
27, which only gets two sentences, and many others
techniques/functionalities. The only excuse I have for this is that the
book is a minor revision of my PhD thesis, and so the technical parts
had to be targetted towards an expert audience; while skilled
cryptographers will indeed find the dense statements more than
sufficient, and may even consider some of them as trivial applications
of the general techniques, I can see that this may not always be the
case for readers in general. 

Good luck with your research!
Stefan Brands


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From owner-cypherpunks at minder.net  Wed Nov  6 22:09:13 2002
From: owner-cypherpunks at minder.net (owner-cypherpunks at minder.net)
Date: Thu, 7 Nov 2002 14:09:13 +0800
Subject: =?GB2312?B?1tC5+r3M0/3N+KO6ycfNt7Tz0afR0L6/yfrV/dTa1dDJ+g==?=
Message-ID: <200211040609.gA469J2g088763@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4495 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021107/68ce634b/attachment.txt>

From pgut001 at cs.auckland.ac.nz  Wed Nov  6 18:07:21 2002
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Thu, 7 Nov 2002 15:07:21 +1300 (NZDT)
Subject: Did you *really* zeroize that key?
Message-ID: <200211070207.PAA88426@ruru.cs.auckland.ac.nz>

>[Moderator's note: FYI: no "pragma" is needed. This is what C's "volatile"
> keyword is for. 

No it isn't.  This was done to death on vuln-dev, see the list archives for
the discussion.

[Moderator's note: I'd be curious to hear a summary -- it appears to
work fine on the compilers I've tested. --Perry]

Peter.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From smb at research.att.com  Thu Nov  7 06:55:26 2002
From: smb at research.att.com (Steven M. Bellovin)
Date: Thu, 07 Nov 2002 15:55:26 +0100
Subject: Did you *really* zeroize that key? 
Message-ID: <20021107145526.3EC867B68@berkshire.research.att.com>


In message <200211070207.PAA88426 at ruru.cs.auckland.ac.nz>, Peter Gutmann writes
:
>>[Moderator's note: FYI: no "pragma" is needed. This is what C's "volatile"
>> keyword is for. 
>
>No it isn't.  This was done to death on vuln-dev, see the list archives for
>the discussion.
>
>[Moderator's note: I'd be curious to hear a summary -- it appears to
>work fine on the compilers I've tested. --Perry]
>
Regardless of whether one uses "volatile" or a pragma, the basic point 
remains:  cryptographic application writers have to be aware of what a 
clever compiler can do, so that they know to take countermeasures.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)




From ptrei at rsasecurity.com  Thu Nov  7 13:36:05 2002
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Thu, 7 Nov 2002 16:36:05 -0500 
Subject: Did you *really* zeroize that key? 
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A041BAF1A@exna07.securitydynamics.com>


> ----------
> From: 	Dave Howe[SMTP:DaveHowe at gmx.co.uk]
> Sent: 	Thursday, November 07, 2002 3:46 PM
> To: 	Email List: Cypherpunks
> Subject: 	Re: Did you *really* zeroize that key? 
> 
> David Honig wrote:
> > I was thinking more in terms of arrays
> >
> > memset( arr, 0, sizeof(arr)) // zero
> > unsigned int v=1;
> > for (int i=0; i< arr_size; i++) v += arr[i]; // check
> > if ( v>0 && v<2 ) // test
> > sanity();
> > else
> > insanity();
> >
> > But I suppose that if compilers can be arbitrarily 'clever'
> > (eg about memset() and the additive properties of zero)
> > you'll have to check the assembly code...
> >
> > Perhaps
> >
> > for (int i=0; i< arr_size; i++) arr[i]=i; // "zero"
> > unsigned int v=0;
> > for (i=0; i< arr_size; i++) v += arr[i]; // check
> > if ( v != expected_value( arr_size ) ) insanity();
> > else sanity();
> >
> > is better?  (In the sense that this code will be treated
> > as worth-keeping.)
> as an abstract, probably not - there is always a chance that *any* given
> structure will be optimised away in a future compiler that is both
> arbitarily "smart" but stupid enough not to understand you are going to
> extreme effort to try and avoid the optimiser removing a clear.
> about all I can think of that could not be optimised away would be a
> dynamic
> library call - if a library call "int clearthismem(void pointer*, long
> lengthinbytes);" is used, as the optimising compiler can't look inside the
> code for it to see exactly what it does with the passed variable, it can't
> optimise it away - and the compiler that compiled the "blank passed mem to
> zero" code won't know that it isn't used once the subroutine is exited
> (and
> in fact, it could also be used as a convenient way to force-initialise an
> array or string to zeros if execution time wasn't an issue)
> 
The #pragma fixes are good, but non-portable.

None of the portable fixes can be trusted against an arbitrarily smart
optimizer. and they have space and performance hits.

The 'volatile' keyword seems to have poorly defined behaviour.

Perhaps the next 'C' standard needs a new keyword, 'always'
which tells the compiler that this line *must* be included:

always memset(arr,0,sizeof(arr));

...but this seems to break the rules, in that it's really a 
standard-defined #pragma in disguise.

This is one fun Heisenbug :-)

Peter




From mrscottk at go.com  Thu Nov  7 17:41:41 2002
From: mrscottk at go.com (Scott K)
Date: Thu, 7 Nov 2002 17:41:41
Subject: New Scott shows how to globalize your business.
Message-ID: <200211071043.gA7AgxPC028939@ak47.algebra.com>


Hi cypherpunks at Algebra.COM,

Have you known it yet? A perfect globalization tool for your business.
It's the best marketing tool that save your time, money and increase your
revenue!

http://www.thcity.com/importerlist/directory.html

- Every worry how to sell the products to other countries?
- Finding the customers in a specified industry from around the world?
- Searching the potential customers in a country?
- Expanding your business in other regions of the world?

***** NOW YOU CAN MAKE IT EASILY! with the World Importer Directory *****

A bulk of interesting world importer directories are here
http://www.thcity.com/importerlist/directory.html

Over 152,000 importers from around the world are here. They are from 6
regions, over 150 countries, assembling in a single file for each directory.
To meet your need as much as possible, they are designed and classified by
country, region and industry.

The data contain company name, e-mail, URL, contact address, contact person,
telephone number, fax number, product imports. The World Importer
Directories are available in 4 file formats, i.e. Application (.exe), MS
Excel (.xls), Acrobat Reader (.pdf) and Text (.txt). You can choose upon
your preference.

http://www.thcity.com/importerlist/directory.html


BEST SELLER!!!
************
Email of Importer Directory contains 11,900 email records. Interested? CLICK
HERE to buy it.

Don't be delay, the gold opportunity is on your hand right now!
http://www.thcity.com/importerlist/directory.html


Your sincerely,
Scott Kayler




From patrick at loom.cc  Thu Nov  7 16:36:41 2002
From: patrick at loom.cc (Patrick Chkoreff)
Date: Thu, 07 Nov 2002 19:36:41 -0500
Subject: Did you *really* zeroize that key?
In-Reply-To: <p05200e1fb9f07d122771@[66.149.49.6]>
Message-ID: <5.1.1.6.0.20021107192236.04242008@loom.cc>


>From: "Trei, Peter" <ptrei at rsasecurity.com>
>
>[Moderator's note: FYI: no "pragma" is needed. This is what C's
>"volatile" keyword is for. Unfortunately, not everyone writing in C
>knows the language. --Perry]

Thanks for the reminder about "volatile."  It is an ancient and valuable 
feature of C and I suppose it's implemented correctly under gcc and some of 
the Windoze compilers even with high optimization options like -O2.

> >From RISKS:
>http://catless.ncl.ac.uk/Risks/22.35.html#subj6
>
>Those of us who write code need to be reminded of this
>now and then.

Everybody probably also knows about the gnupg trick, where they define a 
recursive routine called "burn_stack":

static void
burn_stack (int bytes)
{
     char buf[64];

     memset (buf, 0, sizeof buf);
     bytes -= sizeof buf;
     if (bytes > 0)
         burn_stack (bytes);
}

Then there's the vararg technique discussed in Michael Welschenbach's book 
"Cryptography in C and C++":

static void purgevars_l (int noofvars, ...)
{
   va_list ap;
   size_t size;
   va_start (ap, noofvars);
   for (; noofvars > 0; --noofvars)
     {
       switch (size = va_arg (ap, size_t))
         {
           case 1:  *va_arg (ap, char *) = 0;
                    break;
           case 2:  *va_arg (ap, short *) = 0;
                    break;
           case 4:  *va_arg (ap, long *) = 0;
                    break;
           default:
                    memset (va_arg(ap, char *), 0, size);
         }
     }
   va_end (ap);
}

Here's an example of how you might call the routine:

   purgevars_l(2, sizeof (la), &la,
                    sizeof (lb), &lb);


But hey, if "volatile" keyword works then so much the better.  I would 
recommend examining the assembly language output of your compiler to verify 
that it honours "volatile."

-- Patrick
http://fexl.com




From patrick at loom.cc  Thu Nov  7 16:54:57 2002
From: patrick at loom.cc (Patrick Chkoreff)
Date: Thu, 07 Nov 2002 19:54:57 -0500
Subject: Did you *really* zeroize that key?
Message-ID: <5.1.1.6.0.20021107194436.042ece58@loom.cc>


>>From: "Trei, Peter" <ptrei at rsasecurity.com>
>>
>>[Moderator's note: FYI: no "pragma" is needed. This is what C's
>>"volatile" keyword is for. Unfortunately, not everyone writing in C
>>knows the language. --Perry]
>
>Thanks for the reminder about "volatile."  It is an ancient and valuable 
>feature of C and I suppose it's implemented correctly under gcc and some 
>of the Windoze compilers even with high optimization options like -O2.

Oops, I missed your real point, which is that "volatile" ought to suffice 
as a compiler guide and there is no need for an additional pragma.  By 
declaring a variable as volatile, the compiler would also leave untouched 
any code which refers to that variable.

Too bad that volatile is not guaranteed to work in all major ANSI-compliant 
compilers.  Oh well.  I wonder how gcc does with it?

[Moderator's note: I've quoted chapter and verse -- if it follows the
current standards, it is required to honor "volatile". It isn't
compliant by definition if it does not. gcc does indeed honor
"volatile", as do almost all other C compilers I have access to. --Perry]

I guess we should stick with either the recursive routine trick or the 
var-arg trick.

-- Patrick
http://fexl.com


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From DaveHowe at gmx.co.uk  Thu Nov  7 15:46:19 2002
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Thu, 7 Nov 2002 23:46:19 -0000
Subject: Did you *really* zeroize that key?
References: <3.0.5.32.20021107101352.0083fa60@pop.west.cox.net> 
  <01f001c28694$205f6640$c71121c2@sharpuk.co.uk>
  <p05200f00b9f07c6d726f@[12.246.100.116]>
Message-ID: <007301c286b7$f6845500$01c8a8c0@davehowe>


Kevin Elliott wrote:
> The point is though, that according to C99 today
>
> volatile int myflag;
> myflag=0;
> if (myflag!=0) { do stuff } ;
>
> does _exactly_ what you want, per the spec.  The only compilers that
> don't work this way are by definition out of spec, so adding new
> stuff isn't going to help.
Yup, granted.
however, saying after a security breach "this wasn't my fault, the compiler
was out of spec" isn't going to help much.
in the real world, murphys law applies more often than anyone elses; you can
virtually guarantee you will meet up *sometime* with an out of spec compiler
that assumes it knows at compile time if a volatile is actually volatile (in
the example above, such a compiler may treat a volatile as such *only* after
its pointer has been passed to an external subroutine or a fork... ok, that
is out of spec but in the real world would probably work without problems)

> Having said that, most of what your talking about pragma wise is
> boils down to controlling the optimizer.
I doubt that the pragma in question was actually meant to be taken seriously
as a suggestion - but was a bit of humour appended to a fairly serious
warning.




From blackdiskusa at ciaoweb.it  Fri Nov  8 02:08:17 2002
From: blackdiskusa at ciaoweb.it (bewe--The Editors)
Date: Fri, 8 Nov 2002 02:08:17 -0800
Subject: Can you handle the TRUTH?                                                               Code: qsxsu
Message-ID: <200211080649.gA86mXpV031554@ak47.algebra.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 7307 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021108/b887d04d/attachment.txt>

From ESavers at usairways.com  Fri Nov  8 01:00:00 2002
From: ESavers at usairways.com (ESavers at usairways.com)
Date: Fri, 8 Nov 2002 03:00:00 -0600
Subject: US Airways E-Savers to Frankfurt
Message-ID: <200211080944.gA89iAM2006895@ak47.algebra.com>


Dear E-Savers Subscriber,

US Airways is pleased to present this special International E-Savers offer:

************************************************************
1. This Week's International E-Savers
2. US Airways Vacations Deals
3. Dividend Miles Offers
4. E-Savers Fare Requirements
5. Subscription Information

************************************************************
1. THIS WEEK'S INTERNATIONAL E-SAVERS
************************************************************

You may depart on Sundays to Thursdays, between November 10 and November 28, 2002. Return travel is Mondays to Fridays, between November 18 and December 6, 2002. Travel is not permitted to Frankfurt on November 27. Travel is not permitted from Frankfurt on December 2. Saturday night stay is required. Tickets must be purchased by November 13, 2002.

For travel, make your reservations online at 
http://www.usairways.com/promotions/esavers/offer_fra.htm 
These special fares can also be purchased by calling 1-888-359-3728. Tickets must be purchased at the time of reservation. For more information on Frankfurt, please visit
http://www.usairways.com/travel/destinations/europe/fra.htm 

                                                    ROUNDTRIP
FROM:                     TO:                       FARE:
-------------------------------------------------------------
Baltimore, MD             Frankfurt, Germany        $255 

Boston, MA                Frankfurt, Germany        $255 

Buffalo, NY               Frankfurt, Germany        $265 

Charlotte, NC             Frankfurt, Germany        $235 

Columbus, OH              Frankfurt, Germany        $285 

Greensboro, NC            Frankfurt, Germany        $265 

Greenville/Spart., SC     Frankfurt, Germany        $265 

Hartford, CT              Frankfurt, Germany        $255 

Indianapolis, IN          Frankfurt, Germany        $285 

Los Angeles, CA           Frankfurt, Germany        $315 

New York LaGuardia, NY    Frankfurt, Germany        $255 

Philadelphia, PA          Frankfurt, Germany        $235 

Pittsburgh, PA            Frankfurt, Germany        $235 

Providence, RI            Frankfurt, Germany        $255 

Raleigh/Durham, NC        Frankfurt, Germany        $265 

Richmond, VA              Frankfurt, Germany        $265 

Rochester, NY             Frankfurt, Germany        $265 

San Francisco, CA         Frankfurt, Germany        $315 

Syracuse, NY              Frankfurt, Germany        $265 

Washington National, DC   Frankfurt, Germany        $255 


Fares shown are based on roundtrip Coach travel on US Airways/US Airways Express, during the period specified above. Depending upon your travel needs, alternative routings may be available at the same fares, with part of the service on regional aircraft operated by US Airways Express carriers Allegheny, Air Midwest, CCAIR, Chautauqua, Colgan, Mesa, Piedmont, PSA, Shuttle America or Trans States.

************************************************************
2. US AIRWAYS VACATIONS DEALS
************************************************************

US Airways Vacations is pleased to offer Frankfurt land packages to provide a complete vacation experience. Vacations include hotel accommodations, breakfast daily, hotel taxes and service charges. A variety of optional features including  attraction admissions and sightseeing tours are available. US Airways Vacations offers packages to 80+ destinations.

EXPERIENCE FRANKFURT!!!
-----------------------
Land only based on per person, per night from:
Excelsior                                    $47
Heidelberg Marriott                          $57
Monopol                                      $62
Rudesheimer Schloss - Rudesheim am Rhein     $77

Purchase these land packages online at http://www.usairwaysvacations.com/pricing_res.htm  Simply enter your origin and destination cities, departure date, number of adults, children's ages and click "Search For Vacation." Choose "Hotel Vacations for 1-59 nights," confirm your departure date and indicate the number of nights for your vacation. Click "Check Availability" and continue with your choices for hotels and options as the system presents them until you reach the final price. You may then purchase your vacation with a secure credit card transaction. If you prefer to speak with a reservations agent, call 1-800-352-8747.

Rates shown are per person, per night based on double occupancy for departures 11/10/02 through 12/6/02. Hotel space is limited and may not be available at all hotels on all days. Additional travel dates, hotels and rates are available. Prices are subject to change with or without notice and do not include miscellaneous hotel charges typically paid by the customer directly to the hotel. Substantial restrictions apply for refunds. Other conditions may apply.

************************************************************
3. DIVIDEND MILES OFFERS - EARN 500 MILES WITH E-STATEMENTS
************************************************************

"Sign Up For E-Statements, Get 500 Miles"

If you like E-Savers, you will really like Dividend Miles E-Statements. E-Statements are sent monthly via e-mail and include your account summary along with exclusive bonus mile offers, US Airways news, special discount travel awards and other offers. Earn 500 miles when you sign up for E-Statements at usairways.com/estatements now through December 31, 2002. E-Statements = More Miles, More Offers, More Awards and Your Statement, More Often."

Reminder: Make sure your Dividend Miles account number is in your E-Savers reservation, so you can earn miles for worldwide award travel on US Airways and our partners. To enroll in Dividend Miles, go to http://www.usairways.com/
To earn even more miles, book E-Savers using your US Airways Dividend Miles Visa card. To apply for the Dividend Miles Visa card issued by Bank of America, please visit us at 
http://www.usairways.com/dmcreditcards

Please note:  Mileage bonus for booking online does not apply to E-Savers.

************************************************************
4. E-SAVERS FARE REQUIREMENTS
************************************************************

- Restrictions: Roundtrip purchase required. Seats are limited and are not available on all flights/days. Fares cannot be combined with other fares, discounts, promotions or coupons. Travel must begin and end in the same city. One-way travel, stopovers, waitlisting and standbys are not permitted. Tickets must be purchased at the time of reservation. Fares will not be honored retroactively or in conjunction with the exchange of any partially used ticket. 

- Travel: Depart to Frankfurt 11/10-11/28/02, Sunday-Thursday, and return from Frankfurt 11/18-12/6/02, Monday-Friday, except for the following blackout dates: Travel is not permitted to Frankfurt on November 27 and travel is not permitted from Frankfurt on December 2. Saturday night stay required. All travel must be completed by 12/6/02.

- Ticketing: Tickets must be purchased by 11/13/02.

- Taxes/Fees: Depending on the itinerary, passenger facility charges of up to $18 and the September 11th Security Fee of up to $10 may apply in addition to the fare. Fares shown do not include total government-imposed taxes/fees/surcharges of up to $105.

- Changes: Tickets become non-refundable 24 hours after making initial reservation, and may be changed prior to the departure of each flight segment for a minimum $200 fee. If changes are not made prior to the departure date/time of each flight, the entire remaining ticket will have no further value.

- Miscellaneous: Lower fares may be available in these markets. Other conditions apply. 

************************************************************
5. SUBSCRIPTION INFORMATION
************************************************************

This is a post-only mailing sent to CYPHERPUNKS at ALGEBRA.COM. If you would like to change your e-mail address, you will need to unsubscribe and resubscribe at the E-Savers Enrollment page:
http://www.usairways.com/promotions/esavers/enroll/index.htm

To unsubscribe from this list, please click here:
http://www.usairways.com/cgi-bin/delete.cgi?email=CYPHERPUNKS at ALGEBRA.COM

To change your departure city preferences, please visit:
http://www.usairways.com/promotions/esavers/enroll/index.htm

Please do not respond to this message.


Copyright US Airways 1996-2002.  All rights reserved.







From ESavers at usairways.com  Fri Nov  8 03:24:03 2002
From: ESavers at usairways.com (ESavers at usairways.com)
Date: Fri, 8 Nov 2002 05:24:03 -0600
Subject: US Airways E-Savers to Frankfurt
Message-ID: <200211081330.gA8DUi1w019946@ak47.algebra.com>


Dear E-Savers Subscriber,

US Airways is pleased to present this special International E-Savers offer:

************************************************************
1. This Week's International E-Savers
2. US Airways Vacations Deals
3. Dividend Miles Offers
4. E-Savers Fare Requirements
5. Subscription Information

************************************************************
1. THIS WEEK'S INTERNATIONAL E-SAVERS
************************************************************

You may depart on Sundays to Thursdays, between November 10 and November 28, 2002. Return travel is Mondays to Fridays, between November 18 and December 6, 2002. Travel is not permitted to Frankfurt on November 27. Travel is not permitted from Frankfurt on December 2. Saturday night stay is required. Tickets must be purchased by November 13, 2002.

For travel, make your reservations online at 
http://www.usairways.com/promotions/esavers/offer_fra.htm 
These special fares can also be purchased by calling 1-888-359-3728. Tickets must be purchased at the time of reservation. For more information on Frankfurt, please visit
http://www.usairways.com/travel/destinations/europe/fra.htm 

                                                    ROUNDTRIP
FROM:                     TO:                       FARE:
-------------------------------------------------------------
Baltimore, MD             Frankfurt, Germany        $255 

Boston, MA                Frankfurt, Germany        $255 

Buffalo, NY               Frankfurt, Germany        $265 

Charlotte, NC             Frankfurt, Germany        $235 

Columbus, OH              Frankfurt, Germany        $285 

Greensboro, NC            Frankfurt, Germany        $265 

Greenville/Spart., SC     Frankfurt, Germany        $265 

Hartford, CT              Frankfurt, Germany        $255 

Indianapolis, IN          Frankfurt, Germany        $285 

Los Angeles, CA           Frankfurt, Germany        $315 

New York LaGuardia, NY    Frankfurt, Germany        $255 

Philadelphia, PA          Frankfurt, Germany        $235 

Pittsburgh, PA            Frankfurt, Germany        $235 

Providence, RI            Frankfurt, Germany        $255 

Raleigh/Durham, NC        Frankfurt, Germany        $265 

Richmond, VA              Frankfurt, Germany        $265 

Rochester, NY             Frankfurt, Germany        $265 

San Francisco, CA         Frankfurt, Germany        $315 

Syracuse, NY              Frankfurt, Germany        $265 

Washington National, DC   Frankfurt, Germany        $255 


Fares shown are based on roundtrip Coach travel on US Airways/US Airways Express, during the period specified above. Depending upon your travel needs, alternative routings may be available at the same fares, with part of the service on regional aircraft operated by US Airways Express carriers Allegheny, Air Midwest, CCAIR, Chautauqua, Colgan, Mesa, Piedmont, PSA, Shuttle America or Trans States.

************************************************************
2. US AIRWAYS VACATIONS DEALS
************************************************************

US Airways Vacations is pleased to offer Frankfurt land packages to provide a complete vacation experience. Vacations include hotel accommodations, breakfast daily, hotel taxes and service charges. A variety of optional features including  attraction admissions and sightseeing tours are available. US Airways Vacations offers packages to 80+ destinations.

EXPERIENCE FRANKFURT!!!
-----------------------
Land only based on per person, per night from:
Excelsior                                    $47
Heidelberg Marriott                          $57
Monopol                                      $62
Rudesheimer Schloss - Rudesheim am Rhein     $77

Purchase these land packages online at http://www.usairwaysvacations.com/pricing_res.htm  Simply enter your origin and destination cities, departure date, number of adults, children's ages and click "Search For Vacation." Choose "Hotel Vacations for 1-59 nights," confirm your departure date and indicate the number of nights for your vacation. Click "Check Availability" and continue with your choices for hotels and options as the system presents them until you reach the final price. You may then purchase your vacation with a secure credit card transaction. If you prefer to speak with a reservations agent, call 1-800-352-8747.

Rates shown are per person, per night based on double occupancy for departures 11/10/02 through 12/6/02. Hotel space is limited and may not be available at all hotels on all days. Additional travel dates, hotels and rates are available. Prices are subject to change with or without notice and do not include miscellaneous hotel charges typically paid by the customer directly to the hotel. Substantial restrictions apply for refunds. Other conditions may apply.

************************************************************
3. DIVIDEND MILES OFFERS - EARN 500 MILES WITH E-STATEMENTS
************************************************************

"Sign Up For E-Statements, Get 500 Miles"

If you like E-Savers, you will really like Dividend Miles E-Statements. E-Statements are sent monthly via e-mail and include your account summary along with exclusive bonus mile offers, US Airways news, special discount travel awards and other offers. Earn 500 miles when you sign up for E-Statements at usairways.com/estatements now through December 31, 2002. E-Statements = More Miles, More Offers, More Awards and Your Statement, More Often."

Reminder: Make sure your Dividend Miles account number is in your E-Savers reservation, so you can earn miles for worldwide award travel on US Airways and our partners. To enroll in Dividend Miles, go to http://www.usairways.com/
To earn even more miles, book E-Savers using your US Airways Dividend Miles Visa card. To apply for the Dividend Miles Visa card issued by Bank of America, please visit us at 
http://www.usairways.com/dmcreditcards

Please note:  Mileage bonus for booking online does not apply to E-Savers.

************************************************************
4. E-SAVERS FARE REQUIREMENTS
************************************************************

- Restrictions: Roundtrip purchase required. Seats are limited and are not available on all flights/days. Fares cannot be combined with other fares, discounts, promotions or coupons. Travel must begin and end in the same city. One-way travel, stopovers, waitlisting and standbys are not permitted. Tickets must be purchased at the time of reservation. Fares will not be honored retroactively or in conjunction with the exchange of any partially used ticket. 

- Travel: Depart to Frankfurt 11/10-11/28/02, Sunday-Thursday, and return from Frankfurt 11/18-12/6/02, Monday-Friday, except for the following blackout dates: Travel is not permitted to Frankfurt on November 27 and travel is not permitted from Frankfurt on December 2. Saturday night stay required. All travel must be completed by 12/6/02.

- Ticketing: Tickets must be purchased by 11/13/02.

- Taxes/Fees: Depending on the itinerary, passenger facility charges of up to $18 and the September 11th Security Fee of up to $10 may apply in addition to the fare. Fares shown do not include total government-imposed taxes/fees/surcharges of up to $105.

- Changes: Tickets become non-refundable 24 hours after making initial reservation, and may be changed prior to the departure of each flight segment for a minimum $200 fee. If changes are not made prior to the departure date/time of each flight, the entire remaining ticket will have no further value.

- Miscellaneous: Lower fares may be available in these markets. Other conditions apply. 

************************************************************
5. SUBSCRIPTION INFORMATION
************************************************************

This is a post-only mailing sent to CYPHERPUNKS at ALGEBRA.COM. If you would like to change your e-mail address, you will need to unsubscribe and resubscribe at the E-Savers Enrollment page:
http://www.usairways.com/promotions/esavers/enroll/index.htm

To unsubscribe from this list, please click here:
http://www.usairways.com/cgi-bin/delete.cgi?email=CYPHERPUNKS at ALGEBRA.COM

To change your departure city preferences, please visit:
http://www.usairways.com/promotions/esavers/enroll/index.htm

Please do not respond to this message.


Copyright US Airways 1996-2002.  All rights reserved.







From owner-cypherpunks at minder.net  Thu Nov  7 17:23:46 2002
From: owner-cypherpunks at minder.net (owner-cypherpunks at minder.net)
Date: Fri, 8 Nov 2002 09:23:46 +0800
Subject: =?GB2312?B?1tC5+r3M0/3N+KO6vKrB1szYsvq437XI16i/xtGn0KPV/dTa1dDJ+qOh?=
Message-ID: <200211050122.gA51M9Q16558@waste.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4805 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021108/7b08ace2/attachment.txt>

From mv at cdc.gov  Fri Nov  8 09:42:50 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 08 Nov 2002 09:42:50 -0800
Subject: Aussies to censor web
Message-ID: <3DCBF79A.A1BC5010@cdc.gov>


                     Ellison to pull plug on protest websites
                     Sean Parnell and Matthew Fynes-Clinton
                     07nov02

                     THE Federal Government plans to stop Australians
gaining access to
                     websites used to organise protests.

                     The move is part of a major crackdown on
Internet-assisted crime.

                     Justice Minister Chris Ellison, acting on a request
from NSW Police Minister
                     Michael Costa, will look at upgrading federal
powers to block certain
                     websites.

                     A police ministers meeting in Darwin this week
agreed it was "unacceptable
                     websites advocating or facilitating violent protest
action be accessible from
                     Australia".
<snip>
http://www.couriermail.news.com.au/common/story_page/0,5936,5437553%5E8362,00.html




From vincent.penquerch at artworks.co.uk  Fri Nov  8 02:20:50 2002
From: vincent.penquerch at artworks.co.uk (Vincent Penquerc'h)
Date: Fri, 8 Nov 2002 10:20:50 +0000
Subject: Did you *really* zeroize that key?
In-Reply-To: <5.1.1.6.0.20021107192236.04242008@loom.cc>; from
  patrick@loom.cc on Thu, Nov 07, 2002 at 07:36:41PM -0500
References: <p05200e1fb9f07d122771@[66.149.49.6]>
  <5.1.1.6.0.20021107192236.04242008@loom.cc>
Message-ID: <20021108102049.E1136@BLENDER>


On Thu, Nov 07, 2002 at 07:36:41PM -0500, Patrick Chkoreff wrote:
> Everybody probably also knows about the gnupg trick, where they define a 
> recursive routine called "burn_stack":
[...]
> Then there's the vararg technique discussed in Michael Welschenbach's book 
> "Cryptography in C and C++":

How about a simple alloca/memset ? Though it would possibly be more
subject to `optimizations'.

-- 
Vincent Penquerc'h




From patrick at loom.cc  Fri Nov  8 11:01:25 2002
From: patrick at loom.cc (Patrick Chkoreff)
Date: Fri, 08 Nov 2002 14:01:25 -0500
Subject: Did you *really* zeroize that key?
In-Reply-To: <20021108142226.A1204@BLENDER>
References: <5.1.1.6.0.20021108082748.00b15e30@loom.cc>
  <5.1.1.6.0.20021107192236.04242008@loom.cc>
  <p05200e1fb9f07d122771@[66.149.49.6]>
  <5.1.1.6.0.20021107192236.04242008@loom.cc>
  <20021108102049.E1136@BLENDER>
  <5.1.1.6.0.20021108082748.00b15e30@loom.cc>
Message-ID: <5.1.1.6.0.20021108133739.00b15e30@loom.cc>


At 02:22 PM 11/8/2002 +0000, Vincent Penquerc'h wrote:

>while (!is_all_memory_zero(ptr)) zero_memory(ptr);


Right, unfortunately the compiler might be insightful enough just to 
optimize that whole thing to skip() -- Dijkstra's null statement.

Even Welschenbach calls "ispurged" immediately after "purgevars" to make 
sure the memory is actually zero.  The ispurged routine is also defined 
using va_list, and if you turn on assertion checking it dies if the memory 
is nonzero.

The problem is you NEVER KNOW if the compiler is just being clever and 
optimizing the assertion away, e.g.:

sensitive = 0;
if (sensitive) abort();

The compiler will simply "know" to optimize this whole thing to skip().

However, it is highly unlikely the compiler will be able to see through 
va_list manipulations.  This problem is a real bear.  I guess you just have 
to check the assembler output, eh?

-- Patrick
http://fexl.com




From mv at cdc.gov  Fri Nov  8 14:52:06 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 08 Nov 2002 14:52:06 -0800
Subject: [Anonymity, Blacknet, Mil secrecy] Photos in transport plane of
   prisoners
Message-ID: <3DCC4016.C251A8D5@cdc.gov>


Note that the Cypherpunks Image/Postscript Document Examination
Laboratories should be able
to amplify some of the (US; the unPOWs are black-bagged) faces in the
pix..

Pentagon Seeks Source of  Photos

                         By PAULINE JELINEK
                         Associated Press Writer

                         WASHINGTON (AP)--The Pentagon was
                         investigating Friday to find out who took and
                         released photographs of terror suspects as
                         they were being transported in heavy
                         restraints aboard a U.S. military plane.

                         Four photographs of prisoners--handcuffed,
                         heads covered with black hoods and bound
                         with straps on the floor of a plane _ appeared
                         overnight on the Web site of radio talk show
host Art Bell.

                         ``Anonymous mailer sends us photos taken inside
a military C-130 transporting
                         POWS,'' the headline said.
http://www.ocnow.com/news/newsfd/shared/news/ap/ap_story.html/Washington/AP.V7764.AP-Guantanamo-Pris.html




From sunder at sunder.net  Fri Nov  8 12:33:03 2002
From: sunder at sunder.net (Sunder)
Date: Fri, 8 Nov 2002 15:33:03 -0500 (est)
Subject: Did you *really* zeroize that key?
In-Reply-To: <v03110703b9f0d9918384@[192.168.1.5]>
Message-ID: <Pine.BSO.4.21.0211081507520.10168-100000@anon7.arachelian.com>


> Back in the early days of compiler benchmarks, one fancy compiler noticed
> that the result of a lengthy calculation wasn't being used, and dutifully
> removed the calculations.  That calculation was, of course, the kernel of
> the benchmark.  The solution was to print the result.

Or you do something like using binary OR from both ends of the
memory chunk simultaneously, so when they finish, you're guaranteed to
have 0xff (all 1's) all over your memory.


This is off the top of my head, so bugs may exist, etc.

int zapmem(uint8 *mem, size_t size)
{

int i,j,a,b;

 for (a=0xaa,b=0x55,i=0, j=size-1; i<size, i++,j--)
  {
   a|=mem[i]; mem[i]=a;
   b|=mem[j]; mem[j]=b;
  }
return a|b;
}

At the end of the loop, mem will be 0xff.  Why?  Because we use OR, and
since one half is using 010101 and the other half is using 10101010, as
i,j pass each other and OR themselves, you're guaranteed to have 0xff
(11111111) as output.  You could also use 0xf0 and 0x0f or any other
complementary values for the initial a and b values.

There's a return value, the compiler has to return it, and thus can't
easily optimize it out.  I don't think there exist smart compilers that
will figure out what this does - if you can write such a compiler that can
figure out what you indend in all cases, you will be a very rich man.  Of
course if some compiler writer decides to make the above a special case
and optimize it out, all bets are off.




From pgut001 at cs.auckland.ac.nz  Thu Nov  7 20:40:02 2002
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Fri, 8 Nov 2002 17:40:02 +1300 (NZDT)
Subject: Did you *really* zeroize that key?
Message-ID: <200211080440.RAA102091@ruru.cs.auckland.ac.nz>

David Honig <dahonig at cox.net> writes:

>Wouldn't a crypto coder be using paranoid-programming skills, like 
>*checking* that the memory is actually zeroed? (Ie, read it back..)
>I suppose that caching could still deceive you though?

You can't, in general, assume the compiler won't optimise this away
(it's just been zeroised, there's no need to check for zero).  You 
could make it volatile *and* do the check, which should be safe from 
being optimised.

It's worth reading the full thread on vuln-dev, which starts at
http://online.securityfocus.com/archive/82/297827/2002-10-29/2002-11-04/0.
This discusses lots of fool-the-compiler tricks, along with rebuttals
on why they could fail.

Peter.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From frantz at pwpconsult.com  Fri Nov  8 17:40:15 2002
From: frantz at pwpconsult.com (Bill Frantz)
Date: Fri, 8 Nov 2002 17:40:15 -0800
Subject: Did you *really* zeroize that key?
In-Reply-To: <200211080440.RAA102091@ruru.cs.auckland.ac.nz>
Message-ID: <v03110701b9f215367c1e@[192.168.1.5]>

At 8:40 PM -0800 11/7/02, Peter Gutmann wrote:
>It's worth reading the full thread on vuln-dev, which starts at
>http://online.securityfocus.com/archive/82/297827/2002-10-29/2002-11-04/0.
>This discusses lots of fool-the-compiler tricks, along with rebuttals
>on why they could fail.

In that discussion, Dan Kaminsky wrote:
>You also need to ignore that bizarre corner case where the same memory
>   address is mapped to multiple *physical* addresses -- such a memory
>   architecture could simply alter one of the addresses and tag the rest as
>   "tainted" without in fact clearing them.  But I don't think anyone
>   actually does this -- I'm at least significantly more sure of that than
>   I am of the precise semantics of "volatile" vis-a-vis dead code
>elimination.
>
>   Yours Truly,
>
>       Dan Kaminsky
>       DoxPara Research
>       http://www.doxpara.com

There is a common example of this corner case where the memory is paged.
The page containing the key is swapped out, then it is read back in and the
key is overwritten, and then the page is deallocated.  Many OSs will not
zero the disk copy of the key.

Crypto coders have discussed many kludges to ensure that keys are not
swapped out, but they are all quite system specific.  Since the problem we
were trying to solve is different environments producing different results,
I don't feel we are any closer to safe, portable code.

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz           | The principal effect of| Periwinkle -- Consulting
(408)356-8506         | DMCA/SDMI is to prevent| 16345 Englewood Ave.
frantz at pwpconsult.com | fair use.              | Los Gatos, CA 95032, USA



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From patrick at loom.cc  Fri Nov  8 15:19:39 2002
From: patrick at loom.cc (Patrick Chkoreff)
Date: Fri, 08 Nov 2002 18:19:39 -0500
Subject: Did you *really* zeroize that key?
In-Reply-To: <p05200e15b9f1dce99d42@[66.149.49.6]>
Message-ID: <5.1.1.6.0.20021108181236.04163128@loom.cc>


>From: "James A. Donald" <jamesd at echeque.com>
>...
>If the optimizer ever optimizes away a write to volatile
>memory, device drivers will fail.  Most device drivers are
>written in C.  If anyone ever produces a C compiler in which
>"volatile" does not do what we want, not only are they out of
>spec, but smoke will start coming out of hardware when the
>device drivers are recompiled.

Good point #1.  Excellent point, in fact.


>From: "Dave Howe" <DaveHowe at gmx.co.uk>
>...
>Yup, granted.
>however, saying after a security breach "this wasn't my fault, the compiler
>was out of spec" isn't going to help much.
>in the real world, murphys law applies more often than anyone elses; you can
>virtually guarantee you will meet up *sometime* with an out of spec compiler
>...

Good point #2.  Excellent point, in fact.

So, given 1 and 2, it sounds like a good strategy might be:

a.  Declare your sensitive variables volatile and zero them normally.
b.  Check the assembler output because you have to do that anyway  :-)
c.  If (b) exposes an out-of-spec compiler, report it far and wide to all 
available e-mail lists.  Then preferably use a different compiler.  If 
that's not an option, try the va_list trick and go to (b).

-- Patrick
http://fexl.com




From deals at discountcertificates.com  Fri Nov  8 18:28:09 2002
From: deals at discountcertificates.com (Great Deals)
Date: Fri,  8 Nov 18:28:09 2002 -0800
Subject: Don`t Miss Out: Name your price with NO obligation to buy!
Message-ID: <48934541.535386@mailhost>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5690 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021108/8b0f13e9/attachment.txt>

From gil_hamilton at hotmail.com  Fri Nov  8 10:50:28 2002
From: gil_hamilton at hotmail.com (Gil Hamilton)
Date: Fri, 08 Nov 2002 18:50:28 +0000
Subject: Did you *really* zeroize that key?
Message-ID: <F167Hg0Q5B71GmFs40S00002b43@hotmail.com>


Peter Gutmann writes:
>"James A. Donald" <jamesd at echeque.com> writes:
>
> >If the optimizer ever optimizes away a write to volatile
> >memory, device drivers will fail.  Most device drivers are
> >written in C.  If anyone ever produces a C compiler in which
> >"volatile" does not do what we want, not only are they out of
> >spec, but smoke will start coming out of hardware when the
> >device drivers are recompiled.
>
>The people who assume that any compiler which compiles their code gets
>an obscure feature like volatile exactly as per the spec are probably the
>same ones who assume that fixed-size buffers will never be exceeded.

I don't understand this extraordinary level of concern  As both James
and Perry have tried to point out, 'volatile' is *not* an obscure
feature.  Maybe it was obscure back in the mid-1980s, but every C
compiler I've seen in years supports volatile.  Its behavior has been
part of the C std for a long time now, and it's a critical part of a
large body of code on pretty much every platform.

It's interesting that you bring up the subject of "fixed size buffers"
being overrun.  That also results from ignorance and carelessness on
the programmer's part *not* from incorrect compiler implementation.

>It's my job to be paranoid.  I will assume that an arbitrary compiler
>gets a while() loop right (it'd be obvious if it didn't), but I won't
>gamble my crypto keys over assumptions about the correct handling of
>volatile in all compilers.

It sounds like the problem is more a lack of understanding of what
'volatile' means.  Nowhere in this thread (or from what I can tell,
the thread on vuln-dev) has anyone alleged that an actual compiler
didn't handle 'volatile' correctly.

- GH


_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail




From martinabolles60 at bigfoot.com  Sat Nov  9 09:04:23 2002
From: martinabolles60 at bigfoot.com (Dale Hoff)
Date: Fri, 08 Nov 2002 22:04:23 -1900
Subject: Debt termination
Message-ID: <00006135275d$00005078$000064f8@mail.bigfoot.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 407 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021108/84c70245/attachment.txt>

From cw5456hjm at biogate.com  Sat Nov  9 00:58:57 2002
From: cw5456hjm at biogate.com (Nicole Kiddmen)
Date: Sat, 9 Nov 2002 00:58:57 -0800
Subject: Mature Audience Only elm
Message-ID: <200211090608.gA968UQ17661@waste.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1864 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021109/34e53e93/attachment.txt>

From chuhonec at delphi.com  Fri Nov  8 19:47:14 2002
From: chuhonec at delphi.com (chriscafe)
Date: Sat, 9 Nov 2002 03:47:14 +0000
Subject: Bulk Email Sending & Bullet Proof Web Hosting
Message-ID: <68613890f|skhusxqnvCdojheud1frp@prodigy.com>


We offer you databases of e-mail addresses for advertisement 
mailing; we sell databases, carry out mailing 
the advertising projects. We can work on a turnkey project 
create a site with original design, 
contents. Our databases are daily updated with e-mail addresses 
from all over the world. 
Their validity and originality are verified. Today they contain 
over 50 million addresses. We use our own mailing 
be ideally adjusted for any customer. We have a wide channel 
and a high power server. The 
allows us to keep the prices low. 

http://www.e-mailpromo.net

Please contact us. We�ll be glad to answer any questions.
HTTP: www.e-mailpromo.net 
E-mail: info at e-mailpromo.net
ICQ: 130982

We received your address from a public place.
We apologies if this letter have reached you by mistake. We'll 
not disturb you any more.
NB. This message is sent in compliance of the new email bill 
section 301. Under Bill S.
US Congress. This message cannot be considered
we include the way to be Removed, Paragraph (a)(c) of S. 1618.
TO REMOVE: send message to info at e-mailpromo.net with "Remove" 
in Subject.




From owner-cypherpunks at minder.net  Fri Nov  8 20:40:34 2002
From: owner-cypherpunks at minder.net (owner-cypherpunks at minder.net)
Date: Sat, 9 Nov 2002 12:40:34 +0800
Subject: =?GB2312?B?1tC5+r3M0/3N+KO6vKrB1szYsvq437XI16i/xtGn0KMyMDAzxOrV0Mn6?=
Message-ID: <200211060439.gA64d42g035663@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4805 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021109/78a7ea35/attachment.txt>

From DaveHowe at gmx.co.uk  Sat Nov  9 10:28:22 2002
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Sat, 9 Nov 2002 18:28:22 -0000
Subject: Did you *really* zeroize that key?
References: <v03110701b9f215367c1e@[192.168.1.5]>
Message-ID: <01a601c2881d$ce65c380$01c8a8c0@davehowe>

Bill Frantz wrote:
> There is a common example of this corner case where the memory is
> paged. The page containing the key is swapped out, then it is read
> back in and the key is overwritten, and then the page is deallocated.
> Many OSs will not zero the disk copy of the key.
Given the nature of this problem, perhaps a *better* solution would be to
work on getting the spec updated to include a "security-sensitive"
declaration for variables in c/c++? such variables could be held in such a
way that they (where the os permits)
a) are never swapped to disk
b) are automagically wiped with three passes of pseudo-random data when
destroyed
c) are in a "security data" area of memory that can't be accessed by
programs not owning the data there
d) are register variables when possible (for security, not speed)

the "always wipe when the variable is discarded" functionality shouldn't be
that hard to impliment, and would remove the only real reason we don't want
optimisation for those variables - that we want to be able to blank them.

not sure a #pragma Leave_This_Intact_You_Bastard is the right solution
though :)


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From eresrch at eskimo.com  Sat Nov  9 20:10:22 2002
From: eresrch at eskimo.com (Mike Rosing)
Date: Sat, 9 Nov 2002 20:10:22 -0800 (PST)
Subject: Photos in transport plane of prisoners: Time for eJazeera?
In-Reply-To: <3DCDBC2B.B9D4C1E9@cdc.gov>
Message-ID: <Pine.GSU.4.44.0211092001050.27381-100000@eskimo.com>


On Sat, 9 Nov 2002, Major Variola (ret) wrote:

> Specific use-cases can be written: the GI who took the picture; the
> photo-developer-tech who
> kept copies; the bored netop who intercepted the pix; an activist who is
> under <insert type>
> surveillance.
>
> >Anyone interested? And what does it mean (if anything) to do this
> within the
> >context of the Cypherpunk list?
>
> Dis be da place, at least for talk :-)

If you can actually build links between service personell and the public,
you don't need a document that says how to do shit.  You use what ya got
and ship the best you can do out to the real world.

As long as there are people in the military who are willing and able to
inform us on what they are *really* doing, we actually can feel pretty
comfortable with their missions.  It's gonna take a full polilce state
to prevent the dissemination of this kind of info.

Having known safe places and methods to send the info so the sender is
always anonyomous is hard.  Trash bags in parks isn't such a bad method
:-)

Patience, persistence, truth,
Dr. mike




From camera_lumina at hotmail.com  Sat Nov  9 17:32:18 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Sat, 09 Nov 2002 20:32:18 -0500
Subject: Photos in transport plane of prisoners: Time for eJazeera?
Message-ID: <F201qNVAp0sX5FUPPCF000041d0@hotmail.com>


The subject line says it all, if one remembers Variola's clever dare.
As far as I'm concerned, this big brother bullshit should work two ways: any 
tyrrany should expect that any public actions will make it onto the net 
somewhere. Of course, one day they'll probably begin a set of countermoves, 
but think of it like a chess match.

So I'm still playing with the idea of a publically-accessible document that 
outlines the strategies, technologies, aims and requirements for somehow 
uploading images and data to public repositorioes. (DAMN I'm typing like 
shit...must be that Chimay beer I was drinking.) The most obvious target app 
is large public demonstrations where video/film is likely to be confiscated.

Anyone interested? And what does it mean (if anything) to do this within the 
context of the Cypherpunk list?

And if there's interest, how do we proceed? As an engineer (well, until very 
recently!), a "drill-down" approach seems good: Start with an outline (I can 
take a stab at that), and then after the outline is agreed upon, send out 
the sections for various individuals to work. After the first draft of the 
document is finished, then the whole thing is somehow re-worked by all 
concerned.

Of course, I would think it's not necessary for everyone to agree on every 
section or every word...different sections can contain contradicotory 
information...I see no real problem with that, except if PR is a 
consideration (in the end, this should be basically a cookbook...the users 
can decide upon which recipes thery want to use). Oh, and open issues are 
perfectly fine, and if well-identified can be a strength to a document.

Of course, when I look at this email later I may regret that I sent it out 
before coming down from the Belgian high. I'm hoping, however, that this 
will be because I started a ball rolling that SHOULD be rolling, and that I 
would have not set to rolling had it not been for the good ole' Chimay 
trappists.

So now to click the send button and YAH!





>From: "Major Variola (ret)" <mv at cdc.gov>
>To: "cypherpunks at lne.com" <cypherpunks at lne.com>
>Subject: [Anonymity, Blacknet, Mil secrecy] Photos in transport plane of   
>prisoners
>Date: Fri, 08 Nov 2002 14:52:06 -0800
>
>Note that the Cypherpunks Image/Postscript Document Examination
>Laboratories should be able
>to amplify some of the (US; the unPOWs are black-bagged) faces in the
>pix..
>
>Pentagon Seeks Source of  Photos
>
>                          By PAULINE JELINEK
>                          Associated Press Writer
>
>                          WASHINGTON (AP)--The Pentagon was
>                          investigating Friday to find out who took and
>                          released photographs of terror suspects as
>                          they were being transported in heavy
>                          restraints aboard a U.S. military plane.
>
>                          Four photographs of prisoners--handcuffed,
>                          heads covered with black hoods and bound
>                          with straps on the floor of a plane _ appeared
>                          overnight on the Web site of radio talk show
>host Art Bell.
>
>                          ``Anonymous mailer sends us photos taken inside
>a military C-130 transporting
>                          POWS,'' the headline said.
>http://www.ocnow.com/news/newsfd/shared/news/ap/ap_story.html/Washington/AP.V7764.AP-Guantanamo-Pris.html


_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus




From morlockelloi at yahoo.com  Sun Nov 10 00:51:17 2002
From: morlockelloi at yahoo.com (Morlock Elloi)
Date: Sun, 10 Nov 2002 00:51:17 -0800 (PST)
Subject: Photos in transport plane of prisoners: Time for eJazeera?
In-Reply-To: <Pine.GSU.4.44.0211092001050.27381-100000@eskimo.com>
Message-ID: <20021110085117.5627.qmail@web40603.mail.yahoo.com>

<<< No Message Collected >>>




From adam at homeport.org  Sun Nov 10 06:03:00 2002
From: adam at homeport.org (Adam Shostack)
Date: Sun, 10 Nov 2002 09:03:00 -0500
Subject: Photos in transport plane of prisoners: Time for eJazeera?
In-Reply-To: <Pine.GSU.4.44.0211092001050.27381-100000@eskimo.com>
References: <3DCDBC2B.B9D4C1E9@cdc.gov>
  <Pine.GSU.4.44.0211092001050.27381-100000@eskimo.com>
Message-ID: <20021110140300.GB85217@lightship.internal.homeport.org>


On Sat, Nov 09, 2002 at 08:10:22PM -0800, Mike Rosing wrote:
| As long as there are people in the military who are willing and able to
| inform us on what they are *really* doing, we actually can feel pretty
| comfortable with their missions.  It's gonna take a full polilce state
| to prevent the dissemination of this kind of info.

A full police state can't prevent anything, it can just make some
things less common.  For example, samizdat in the USSR still got
copied and passed around.  Drug use is a problem in US prisons.  Etc.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From eresrch at eskimo.com  Sun Nov 10 14:56:04 2002
From: eresrch at eskimo.com (Mike Rosing)
Date: Sun, 10 Nov 2002 14:56:04 -0800 (PST)
Subject: Photos in transport plane of prisoners: Time for eJazeera?
In-Reply-To: <20021110140300.GB85217@lightship.internal.homeport.org>
Message-ID: <Pine.GSU.4.44.0211101452590.9766-100000@eskimo.com>


On Sun, 10 Nov 2002, Adam Shostack wrote:

> A full police state can't prevent anything, it can just make some
> things less common.  For example, samizdat in the USSR still got
> copied and passed around.  Drug use is a problem in US prisons.  Etc.

that kind of info can be limited by simply shooting everyone who was
close enough to take pictures.  No other military personell are going to
risk taking more.

Drugs are different than info.  there's real cash transfered, so guards
can quadruple their paychecks in a week.  But maybe that's a hint on how
to keep info flowing :-)

Patience, persistence, truth,
Dr. mike




From camera_lumina at hotmail.com  Sun Nov 10 12:44:53 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Sun, 10 Nov 2002 15:44:53 -0500
Subject: eJazeera?
Message-ID: <F188f3sllNY30kkZIhT000003bb@hotmail.com>


Well, the rason d'etre of 'eJazeera' as I see it is primarily for 
publically-taken photos and videos to be quickly "gypsied" away from their 
port of origination (ie, the camera that took them), so that they can 
eventually make it into a public place on ye old 'Net. The enabling 
technology as I see it here is802.11b, Wi-Fi. A typical scenario is the case 
of public demonstrations where the local "authorities" are called in, and 
where they get, shall we say, a little overzealous. In many such cases 
(here, New York City, Here, USA, and there--China, etc...), such authorities 
will attempt to confiscate devices that could have captured the events or 
captured the perpetrators (and their badge numbers, if applicable) in photo 
or video.

The ultimate aim of eJazeera is to make even the thought of "capturing" such 
video non-existent, due to the commonplace practices outlined in an 
eJazeera-type document (or eventually tribal knowledge). Short of that, it 
is of course in itself desirable for such events to get onto the public 
'Net.

The methods can be various, but the easiest one was (I think) described by 
Tim May. Bob and Alice are pre-known to each other. Bob holds a camera, 
Alice has a Wi-Fi enabled laptop operational in her knapsack. After Bob 
takes the photos/video, he transfers the images to ALice, who walks off and 
moves the data to a secure and public site.

Other methods seek to eliminate the need for various levels of pre-knowledge 
between Bob and Alice, and to also stave off the "round up" scenario where a 
large group is examined and cleansed of all electronica, before data can 
make it onto the public net. (Less likely in US now, but easily possible 
elsewhere).

ALso to be addressed in the document are (possibly) suggested technologies, 
down to the actual gadgets and manufacturers, and recommended spacial 
resolutions vs distances in order to record, say, badge numbers and facial 
features. Also, powering requirements won't hurt, as well as suggested 
methods for mitigating power issues.

(Hey--this might be way beyond what's needed or desirable, butI still think 
like an engineer).

In a reasonably just world, such images might be used in he short run to 
prosecute those that overstepped their legal bounds. Inthe long run, the 
commonplace practice of uploading such images should act as a deterrent to 
such overzealousness.

As it turns out, however, those POWs being transported were photographed in 
such a way as to not need something like eJazeera (unless the scope as I 
imagine it is broadened...is it worthwhile to consider the robust creation 
of image links etc... on the 'Net?).

-TD







>From: "Major Variola (ret)" <mv at cdc.gov>
>To: "cypherpunks at lne.com" <cypherpunks at lne.com>
>Subject: Re: Photos in transport plane of prisoners: Time for eJazeera?
>Date: Sat, 09 Nov 2002 17:53:48 -0800
>
>At 08:32 PM 11/9/02 -0500, Tyler Durden wrote:
> >So I'm still playing with the idea of a publically-accessible document
>that
> >outlines the strategies, technologies, aims and requirements for
>somehow
> >uploading images and data to public repositorioes.
>
>Such a document should enumerate the threat model and describe how each
>threat
>is resisted, or not.
>
>Specific use-cases can be written: the GI who took the picture; the
>photo-developer-tech who
>kept copies; the bored netop who intercepted the pix; an activist who is
>under <insert type>
>surveillance.
>
> >Anyone interested? And what does it mean (if anything) to do this
>within the
> >context of the Cypherpunk list?
>
>Dis be da place, at least for talk :-)


_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail




From NAVMSE-SFEXCH02 at On24.com  Sun Nov 10 16:44:58 2002
From: NAVMSE-SFEXCH02 at On24.com (NAV for Microsoft Exchange-SFEXCH02)
Date: Sun, 10 Nov 2002 16:44:58 -0800
Subject: Norton AntiVirus detected a virus in a message you sent.  The inf
	ected attachment was deleted.
Message-ID: <E52673F9A65ED511B6C600508B91BF0D01BEA036@sfexch02.on24.com>

Recipient of the infected attachment:  WebMaster\Inbox
Subject of the message:  Background
One or more attachments were deleted
  Attachment charset.scr was Deleted for the following reasons:
    Virus W32.Klez.H at mm was found.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 1763 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021110/c89977b6/attachment.bin>

From shamrock at cypherpunks.to  Sun Nov 10 21:40:42 2002
From: shamrock at cypherpunks.to (Lucky Green)
Date: Sun, 10 Nov 2002 21:40:42 -0800
Subject: Transparent drive encryption now in FreeBSD
Message-ID: <009301c28944$e182eab0$6501a8c0@VAIO650>

FreeBSD's 5.0 release, due out in a couple of weeks, will offer much
anticipated transparent mass storage encryption. Subscribers to this
list so inclined are encouraged to review and test this new feature.

URLs:
  http://www.freebsd.org/cgi/cvsweb.cgi/src/sbin/gbde/
  http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/geom/bde/

  
Thanks,
--Lucky Green


[Moderator's note: FYI, NetBSD also has drive encryption these days. --Perry]
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From aw-verify at ebay.com  Sun Nov 10 23:33:02 2002
From: aw-verify at ebay.com (aw-verify at ebay.com)
Date: Mon, 11 Nov 2002 02:33:02 -0500
Subject: Access restricted: Verify your account information.
Message-ID: <200211110733.gAB7XKQ24959@waste.minder.net>

<html>

<head>
<meta http-equiv="Content-Language" content="en-us">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Dear eBay User</title>
</head>

<body>

<p><tt style="font-family: 'courier new',monospace; font-size: x-small">Dear 
eBay<b> </b>User,</tt></p>
<p><span style="font-family: 'courier new',monospace; font-size: x-small">During 
our regular update and verification of the accounts, we couldn't verify your 
current information. Either your information has changed or it is incomplete.</span></p>
<p><span style="font-family: 'courier new',monospace; font-size: x-small">As a 
result, your access to bid or buy on </span>
<tt style="font-family: 'courier new',monospace; font-size: x-small">eBay </tt>
<span style="font-family: 'courier new',monospace; font-size: x-small">has been 
restricted. To start using your </span>
<tt style="font-family: 'courier new',monospace; font-size: x-small">eBay 
account fully, <b>please update and verify your information by clicking below</b> 
:</tt></p>
<p><font face="courier new,monospace" style="font-size: x-small"> <a href="a" style="text-decoration: none"> 
  </a><a 
href="http://tron.phpwebhosting.com/~nigzface02/https://scgi.ebay.com/saw-cgi/verify.htm?eBayISAPI.dll?&bidaccess=1&buyaccess=1&itemid=default&maxbid=default&makebidtype=559&uachoice=1&lagoonemorebid=0&raccept=1=0&rpt=1
">https://scgi.ebay.com/saw-cgi/eBayISAPI.dll?VerifyInformation</a></font></p>
<p><tt style="font-family: 'courier new',monospace; font-size: x-small">Regards,<br>
<b>eBay</b><br>
&nbsp;</tt></p>
<p><tt style="font-family: 'courier new',monospace; font-size: x-small">
***Please Do Not Reply To This E-Mail As You Will Not Receive A <br>
Response***</tt></p>

</body>

</html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1871 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021111/24c82eca/attachment.txt>

From hr5456hjm at biogate.com  Mon Nov 11 05:34:41 2002
From: hr5456hjm at biogate.com (Nicole Kiddmen)
Date: Mon, 11 Nov 2002 05:34:41 -0800
Subject: Mature Audience Only tuawb
Message-ID: <200211111044.gABAiJ2f039791@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1880 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021111/0fd65e47/attachment.txt>

From adam at homeport.org  Mon Nov 11 06:54:51 2002
From: adam at homeport.org (Adam Shostack)
Date: Mon, 11 Nov 2002 09:54:51 -0500
Subject: Workshop on HCI and Security at CHI2003
Message-ID: <20021111145451.GB53869@lightship.internal.homeport.org>

I think that the intersection of usability and security is of
tremendous import, and wanted to share an under-advertised sort of
workshop announcement:

http://www.acm.org/sigchi/

The conference home page is

http://www.chi2003.org/

The workshop page is

http://www.iit.nrc.ca/~patricka/CHI_2003/HCISEC/workshop.html

I thought that the workshop info would be accessible from the
conference site, but that appears not to be the case (at least not
yet).

Feel free to forward the URL to anyone else you think might be
interested.  Since it's at CHI, I expect we'll get plenty of people
from that community, but we also really want attendees from the
security community as well. 

- Chris

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From mv at cdc.gov  Mon Nov 11 12:34:32 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Mon, 11 Nov 2002 12:34:32 -0800
Subject: eJazeera?
Message-ID: <3DD01458.C63D4844@cdc.gov>


All you need is
1. A few activists incl. a few to capture the content (eg, videographer,

photographer) who are willing to carry a few extra pounds
2. Someone to pony up the equiptment (some of which must be treated as
expendable)
3. Someone to set up & test the rig with the deployees.

Depending on your circles, you may find each of these types in different
abundances.

 The enabling
> technology as I see it here is802.11b, Wi-Fi. A typical scenario is
the case
> of public demonstrations where the local "authorities" are called in,
and
> where they get, shall we say, a little overzealous. In many such cases

> (here, New York City, Here, USA, and there--China, etc...), such
authorities
> will attempt to confiscate devices that could have captured the events
or
> captured the perpetrators (and their badge numbers, if applicable) in
photo
> or video.




From adam at homeport.org  Mon Nov 11 11:51:32 2002
From: adam at homeport.org (Adam Shostack)
Date: Mon, 11 Nov 2002 14:51:32 -0500
Subject: Workshop on HCI and Security at CHI2003
In-Reply-To: <20021111145451.GB53869@lightship.internal.homeport.org>
References: <20021111145451.GB53869@lightship.internal.homeport.org>
Message-ID: <20021111195132.GA58382@lightship.internal.homeport.org>

Since posting, I got a better web page:

http://www.iit.nrc.ca/~patricka/CHI2003/HCISEC/index.html

Adam

On Mon, Nov 11, 2002 at 09:54:51AM -0500, Adam Shostack wrote:
| I think that the intersection of usability and security is of
| tremendous import, and wanted to share an under-advertised sort of
| workshop announcement:
| 
| http://www.acm.org/sigchi/
| 
| The conference home page is
| 
| http://www.chi2003.org/
| 
| The workshop page is
| 
| http://www.iit.nrc.ca/~patricka/CHI_2003/HCISEC/workshop.html
| 
| I thought that the workshop info would be accessible from the
| conference site, but that appears not to be the case (at least not
| yet).
| 
| Feel free to forward the URL to anyone else you think might be
| interested.  Since it's at CHI, I expect we'll get plenty of people
| from that community, but we also really want attendees from the
| security community as well. 
| 
| - Chris
| 
| ---------------------------------------------------------------------
| The Cryptography Mailing List
| Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From gbroiles at parrhesia.com  Mon Nov 11 15:17:27 2002
From: gbroiles at parrhesia.com (Greg Broiles)
Date: Mon, 11 Nov 2002 15:17:27 -0800
Subject: Transparent drive encryption now in FreeBSD
In-Reply-To: <F201zTHkzZqgIEPUTYg00007a68@hotmail.com>
Message-ID: <5.1.0.14.2.20021111151402.03991a90@bivens.parrhesia.com>


At 04:22 PM 11/11/2002 -0500, Tyler Durden wrote:
>Sorry, I'm new, but does this refer to the notion of splitting up a 
>document "holographically", and placing the various pieces of numerous 
>servers throughout the 'Net? (Any one piece will probably not contain a 
>complete copy of the information, and is encrypted too, sot that it is not 
>possible to say that Server X holds forbidden piece of info Y.) Andas I 
>remember, removal of any one (or multiple) pieces on varying servers will 
>do nothing towards elimating that content from the Universe.
>
>Can any one confirm that this is more or less "Transparent Mass Sotage 
>Encryption"?

It is not. See, e.g., 
<http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/geom/bde/g_bde.c>,
which includes the following helpful summary -

>Add Geom Based Disk Encryption to the tree.
>
>This is an encryption module designed for to secure denial of access
>to the contents of "cold disks" with or without destruction activation.
>
>Major features:
>
>    * Based on AES, MD5 and ARC4 algorithms.
>    * Four cryptographic barriers:
>         1) Pass-phrase encrypts the master key.
>         2) Pass-phrase + Lock data locates master key.
>         3) 128 bit key derived from 2048 bit master key protects sector key.
>         3) 128 bit random single-use sector keys protect data payload.
>    * Up to four different changeable pass-phrases.
>    * Blackening feature for provable destruction of master key material.
>    * Isotropic disk contents offers no information about sector contents.
>    * Configurable destination sector range allows steganographic deployment.
>
>This commit adds the kernel part, separate commits will follow for the
>userland utility and documentation.
>
>This software was developed for the FreeBSD Project by Poul-Henning Kamp and
>NAI Labs, the Security Research Division of Network Associates, Inc.  under
>DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
>research program.
>
>Many thanks to Robert Watson, CBOSS Principal Investigator for making this
>possible.
>
>Sponsored by:   DARPA & NAI Labs.

.. so you could say it's more like PGPDisk for FreeBSD, if you wanted to 
explain
it to a marketing drone somewhere.


--
Greg Broiles -- gbroiles at parrhesia.com -- PGP 0x26E4488c or 0x94245961




From k.brown at ccs.bbk.ac.uk  Mon Nov 11 09:21:15 2002
From: k.brown at ccs.bbk.ac.uk (Ken Brown)
Date: Mon, 11 Nov 2002 17:21:15 +0000
Subject: eJazeera?
References: <F188f3sllNY30kkZIhT000003bb@hotmail.com>
Message-ID: <3DCFE70B.10CB1910@ccs.bbk.ac.uk>


As always, standards are driven by the mass-market and the mass market
is already speaking on this one. In 18 months time there will be no
difference between mobile phones & cheap digital cameras - all but the
cheapest phones will come with built-in cameras.

Its almost certain that these devices will have GPS location, and
probable that they will have Bluetooth as well. 802.11 less likely
because of power consumption - possible that there will be little "base
stations"  to go Blt <-> WiFi  so the Bluetooth becomes a wireless drop
cable. 

Realtime video isn't on the horizon unless someone pulls a lot of
bandwidth out of the bag, as ever network speeds grow more slowly than
processing power.

So effectively everybody will be walking around with the ability to take
timestamped photos and transmit them. BrinWorld arrives, at least in
public places.  No policeman gets to bludgeon a demonstrator unrecorded
ever again - expect them to wear visors and helmets increasingly often,
and to remove the identifying marks from uniforms (as, or course, riot
cops and vigilantes have been doing for decades)

The authorities will be able to take down the cell networks - though
they won't be able to do that without causing some publicity.  They
won't be able to confiscate all phones from everyone who is walking the
street. Presumably in high-security situation (like interviews with
presidents or rides on torture planes) phones can be removed from
visitors but they will be rare.  Mobile phones are now so ubiquitous
that taking them away has come to seem as odd as asking visitors to
remove their shoes or to wear face masks. 


Ken Brown


Tyler Durden wrote:
> 
> Well, the rason d'etre of 'eJazeera' as I see it is primarily for
> publically-taken photos and videos to be quickly "gypsied" away from their
> port of origination (ie, the camera that took them), so that they can
> eventually make it into a public place on ye old 'Net. The enabling
> technology as I see it here is802.11b, Wi-Fi. A typical scenario is the case
> of public demonstrations where the local "authorities" are called in, and
> where they get, shall we say, a little overzealous. In many such cases
> (here, New York City, Here, USA, and there--China, etc...), such authorities
> will attempt to confiscate devices that could have captured the events or
> captured the perpetrators (and their badge numbers, if applicable) in photo
> or video.
> 
> The ultimate aim of eJazeera is to make even the thought of "capturing" such
> video non-existent, due to the commonplace practices outlined in an
> eJazeera-type document (or eventually tribal knowledge). Short of that, it
> is of course in itself desirable for such events to get onto the public
> 'Net.




From atomica2020 at hotmail.com  Mon Nov 11 18:39:00 2002
From: atomica2020 at hotmail.com (SignalBoost)
Date: Mon, 11 Nov 2002 18:39:00 PST
Subject: Never lose another mobile phone.
Message-ID: <11110200006$102192086381143$1231046596$0@atd1.atomicdot1.com>

 You have seen it on TV and now
you can order it at a fraction of the
price! Get the AMAZING Cell Phone Antenna Booster!
Never lose another call again.

Click Here:
http://atomicdot1.com/tr.php?843+cypherpunks at algebra.com

It's like putting a 4 foot antenna on your mobile phone!!

Works on ANY Mobile Phone!!

AS ON TV!!!

Buy 1 Booster at 50% OFF
and get a Second Booster FREE
* Limit 1 Order Per Customer*
Savings of OVER 75%!!

Click Here:
http://atomicdot1.com/tr.php?843+cypherpunks at algebra.com

The first 200 responses to this promotion also get:
FREE SHIPPING


ORDER TODAY!
Click Here:
http://atomicdot1.com/tr.php?843+cypherpunks at algebra.com




We take your privacy very seriously and it is our policy never to send
unwanted email messages. This message has been sent to cypherpunks at algebra.com
because you originally joined one of our member sites or you signed up
with a party that has contracted with atomicDOT. Please
http://atomicdot1.com/unsub.php?client=atomicDOT&msgid=11110200006
to Unsubscribe (replying to this email WILL NOT unsubscribe you). 




TRCK:atomicDOT;fbskhusxqnv*dojheud!frp;7;



From cider at free2sample.com  Mon Nov 11 18:43:29 2002
From: cider at free2sample.com (Apple Cider)
Date: Mon, 11 Nov 18:43:29 2002 -0800
Subject: Lose up to 10 LBS THE FIRST WEEK! FREE!!
Message-ID: <30945081.3656312@mailhost>

Lose up to 10 Lbs. the FIRST WEEK ! up to 30 Lbs. the FIRST MONTH !!

Guaranteed Results with NO Painful Dieting and NO Exercise.

Click Here for Your FREE 14-DAY SUPPLY!

http://www.partner2profit.com/redir.cfm?ccode=D3CE55C7&pcode=D95F7021


Starts Working on Day One! with Immediate and Dramatic Results!!

100% Natural and NO Stimulants! 

No Commitment. Cancel Anytime. Click Here to Order Today!!

Click below: 

http://www.partner2profit.com/redir.cfm?ccode=D3CE55C7&pcode=D95F7021




======================================================================


















You are registered to receive free samples of products from Free2Sample.com. If you wish to cancel this service and be removed from mailings, please visit http://www.Free2Sample.com.









c&y&p&h&e&r&p&u&n&k&s&%m&i&n&d&e&r&~n&e&t&

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 6188 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021111/2198a864/attachment.txt>

From china-lutong at cnrz.net  Mon Nov 11 07:16:18 2002
From: china-lutong at cnrz.net (diesel fuel injection)
Date: Mon, 11 Nov 2002 23:16:18 +0800
Subject: Head & Rotor VE  11/11
Message-ID: <GIGANTICFRaqbC8wSA1000000ac@levee.minder.net>


Dear Sir,  

 *¡°ÖзͨÅä¼þ³§¡±×¨ÒµÉú²úVE±ÃÍ·(VE·ÖÅä±Ã±ÃÍ·×ܳÉ),Ö÷ÒªÐͺÅÓÐ
    ÎåÊ®Áå4JB1,¿µÃ÷˹6BT,ÒÀά¿ÂµÍÅÅ·Å,ÎåÊ®ÁäƤ¿¨.....

			
	
 * ÖзͨÅä¼þ³§ÓжàÄêÉú²úVE±ÃÍ·µÄ¾­Ñé, ×÷Ϊ½ÏÔç½øÈëÓͱÃÓÍ×ìÐÐ
   ÒµµÄרҵ³§,ÎÒÃÇʱ¿Ì¸ú×Ù¹ú¼Ê¸÷µØÆäËü²ñÓÍȼÓÍÅçÉäϵͳµÄÖÆ
   ÔìÉ̵ÄÉú²ú¹¤ÒÕ,²¢ÇÒ²»¶ÏÎüÊÕ¹ú¼ÊÉÏ×îÏȽøµÄ¼Ó¹¤,²âÊÔ¹¤.²úÆ·µÄ
   ÖÊÁ¿ºÍÍâ¹Ûͬ¹úÍâͬÀà²úÆ·Ï൱. 

 * Èç¶ÔÎÒÃǵIJúÆ·¸ÐÐËȤ,Çë֪ͨÎÒÃÇ.




 
   we have been in the field of diesel fuel injection 
systems for quite a few years.(CHINA)

  Recently we have developed a new kind of h&r,
AM Bosch number HD90100A.Its unit price is USD120/pc.And 
we also adjust the unit price of Nozzle , Plunger to USD4~5/pc
respectively.

   We tell you that we will update our VE h&r
(hydraulic heads for the VE distributor pump) list in our 

homepages.Thirty more models will be added.And the minimum
order will be 10pcs a model.
   We can ship the following three models to you within 8~10 weeks. after
we receive your payment.
  If you feel interested in our products,please advise the details about 
what you need,such model name,part number,quantity and so on.We are always
within your touch.
  Looking forward to our favorable cooperation.
  Hope to hear from you soon.
(NIPPON DENSO)
096400-0143
096400-0242
096400-0262
096400-0371
096400-0432
096400-1030
096400-1060
096400-1090
096400-1210
096400-1220
096400-1230
096400-1240
096400-1250
096400-1330
096400-1331
096400-1600
096540-0080 
146400-2220
145400-3320
146400-4520
146400-5521
146400-8821
146400-9720
146401-0520
146401-2120
146402-0820
146402-0920
146402-1420
146402-4020
146402-4320
146402-3820
146403-2820
146403-3120
146403-3520
146404-1520
146404-2200
146405-1920
146430-1420
1 468 333 320
1 468 333 323
1 468 334 313
1 468 334 327
1 468 334 565
1 468 334 337
1 468 334 378
1 468 334 424
1 468 334 475
1 468 334 485
1 468 334 494
1 468 334 496
1 468 334 580
1 468 334 590
1 468 334 564
1 468 334 565
1 468 334 575
1 468 334 592
1 468 334 595
1 468 334 596
1 468 334 603
1 468 334 604
1 468 334 606
1 468 334 617
1 468 334 675
1 468 334 678
1 468 334 720
1 468 334 780
1 468 334 798
1 468 334 859
1 468 334 874
1 468 334 899
1 468 334 946
1 468 335 345
2 468 335 022
1 468 336 335
1 468 336 352
1 468 336 364
1 468 336 403
1 468 336 423
1 468 336 464
1 468 336 480
1 468 336 528
1 468 336 608
1 468 336 614
1 468 336 626
1 468 336 632
2 468 334 050
2 468 334 021
2 468 336 013

 
 


                                    C.Hua
									
Sales & purchasing director
http://WWW.China-LuTon.com 
china-lutong at cnrz.net




From DaveHowe at gmx.co.uk  Mon Nov 11 16:14:44 2002
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Tue, 12 Nov 2002 00:14:44 -0000
Subject: [eros-arch] Did you *really* zeroize that key?
References: <4AAC4F67-F597-11D6-B16A-000A27AB9008@vangelderen.org>
Message-ID: <010001c289e0$858a2ce0$01c8a8c0@davehowe>


Jeroen C. van Gelderen wrote:
>> The last, I think, is the right answer. On the whole, when my laptop
>> is stolen I don't want anybody to get *anything* useful off of that
>> drive. If they can't get anything useful, then in particular they
>> cannot get my crypto keys and I'm done.
> Law enforcement can get your crypto keys in some backward countries.
Yup, the UK is one of them. I think we are more concerned with hacking and
outright theft though, rather than being presented with a warrant and told
"hand them thare key thingies over, sonny"
Well I am anyhow :)




From NAVMSE-CFSNET at cfsnh.org  Tue Nov 12 04:03:13 2002
From: NAVMSE-CFSNET at cfsnh.org (NAVMSE-CFSNET at cfsnh.org)
Date: Tue, 12 Nov 2002 07:03:13 -0500
Subject: Norton AntiVirus detected and quarantined a virus in a message yo
	u sent.
Message-ID: <EC6D1AB5312FD3118665004005367CEE9D9458@CFSNET>

Recipient of the infected attachment:  Strange, Kat\Inbox
Subject of the message:  A  good tool
One or more attachments were quarantined.
  Attachment class.bat was Quarantined for the following reasons:
    Virus W32.Klez.H at mm was found.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 1721 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021112/bf713fbe/attachment.bin>

From nobody at dizum.com  Mon Nov 11 23:50:06 2002
From: nobody at dizum.com (Nomen Nescio)
Date: Tue, 12 Nov 2002 08:50:06 +0100 (CET)
Subject: Yodels, new anonymous e-currency
Message-ID: <d7edc5082a53f8bf0672245b88c73609@dizum.com>


According to this link,
http://www.infoanarchy.org/?op=displaystory;sid=2002/11/11/4183/2039,
a new form of digital cash called "yodels" is being offered anonymously:

> Thanks to developments in anonymous communication, such as Freenet and the
> invisible irc project, anonymous digital cash has become a reality. Yodel
> Bank is offering 'yodels' as a form of currency you can exchange with
> people who you've never met outside of anonymous means. For example,
> you could pay for some web design or a hosting service anonymously,
> play video poker with real anonymous money on iip, or make a donation to
> a charity without disclosing who you are. Yodel Bank is relatively new,
> but now that you can transfer money over IIP and Freenet, a real vibrant
> anonymous economy is springing up, and it's unclear how goverments
> will react to this 'private' banking. Also it remains unclear if an
> Assassination Politics service will arise due to these technologies.

Supposedly, then, this is cash which can be transferred anonymously via
IIP or Freenet.  Leaving aside the question of trusting an anonymous bank
(trust takes time), the sticking point for ecash is how to transfer
between yodels and other currencies.  Without transferability, what
gives yodels their value?

> The author of Yodel Bank can be reached on IIP under the name yodel on
> #yodel. He claims to be fully anonymous to the world, and has purchased
> the domain name and hosting by using his currency. He understands that
> trust is something that takes time to develop in an anonymous bank. I
> definately suggest you give his service a try.

So Mr. Yodel purchased his domain name (what domain name?) and his hosting
by using yodels.  If someone is selling these services for yodels, that
could provide a limited basis for giving the currency value.

An additional comment suggests that more information can be found at
the Freenet address SSK at Mt3s3k7PCEUzbNW6zeI2oyRT0jgPAgM/yodel//.
This is a "Freesite" and you need the Freenet software installed to
access it.




From mv at cdc.gov  Tue Nov 12 09:49:37 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Tue, 12 Nov 2002 09:49:37 -0800
Subject: Euro Council outlaws linking
Message-ID: <3DD13F31.A138E411@cdc.gov>


http://www.wired.com/news/business/0,1367,56294,00.html

Europeans Outlaw Net Hate Speech
By Julia Scheeres
02:00 AM Nov. 09, 2002 PT

---
Why exactly did we waste lives saving those bastards?




From da at securityfocus.com  Tue Nov 12 08:57:48 2002
From: da at securityfocus.com (Dave Ahmad)
Date: Tue, 12 Nov 2002 09:57:48 -0700 (MST)
Subject: disappearing Kavkaz sites?
In-Reply-To: <20021112133754.GS22217@aba.krakow.pl>
Message-ID: <Pine.LNX.4.43.0211120950000.20434-100000@mail.securityfocus.com>


I have noticed this too.  Other similar sites such as "qoqaz.net",
"azzam.com", "azzam.co.uk", etc, are often down or have disappeared
completely.  Some of these sites were well organized, very informative
and updated frequently.

David Mirza Ahmad
Symantec

0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB  AB F0 1E 67 C6 1A 26 00 57 12

On Tue, 12 Nov 2002, [iso-8859-2] Pawe3 Krawczyk wrote:

> Over the last few weeks from terrorist attack in Moscow I've seen Chechen
> informational websites disappearing one by one, replaced by standard ISP
> "work in progress" or "domain for hire" banners.
>
> All those sites (kavkaz.org, kavkazcenter.com and others) were
> the only sources of information about war in Chechnya independent
> from Russian propaganda. I can still see some Russian-language sites
> (chechenpress.com) working, but for obvious reasons they rarely are useful
> for the international community interested in what's going on in Chechnya.




From qvwlq at aol.com  Tue Nov 12 10:17:43 2002
From: qvwlq at aol.com (Alfred Aldhizer)
Date: Tue, 12 Nov 2002 10:17:43 -0800
Subject: cypherpunks, You asked for it, now it is here! Gen*ric Blue Pill. $5.00 per 100MG dose
Message-ID: <ajluvplet@aol.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 10290 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021112/c6f1dd3b/attachment.txt>

From jamesd at echeque.com  Tue Nov 12 10:51:44 2002
From: jamesd at echeque.com (James A. Donald)
Date: Tue, 12 Nov 2002 10:51:44 -0800
Subject: Yodels, new anonymous e-currency
In-Reply-To: <d7edc5082a53f8bf0672245b88c73609@dizum.com>
Message-ID: <3DD0DD40.12328.9D89FB@localhost>


    --
 On 12 Nov 2002 at 8:50, Nomen Nescio wrote:

> According to this link,
> http://www.infoanarchy.org/?op=displaystory;sid=2002/11/11/4183/2039, 
> a new form of digital cash called "yodels" is being offered anonymously:
>
> [...]
>
> Supposedly, then, this is cash which can be transferred
> anonymously via IIP or Freenet.  Leaving aside the question
> of trusting an anonymous bank (trust takes time), the
> sticking point for ecash is how to transfer between yodels
> and other currencies.  Without transferability, what gives
> yodels their value?

Alleged attempts to introduce internet currencies have a ninety
percent humbug and fraud rate.

If his currency works well enough that one can buy addresses
with it, this indicates a somewhat surprising level of success.

I will check out his currency, and see what there is to see.

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     46Ibm86cvcVoir/f4dSSPwM2gYCtHcpTds+N+jJq
     4psLxBq0RMZOakFcGiILu6K8f4B1x/f6awQoD8K5c




From tcmay at got.net  Tue Nov 12 11:57:46 2002
From: tcmay at got.net (Tim May)
Date: Tue, 12 Nov 2002 11:57:46 -0800
Subject: The End of the Golden Age of Crypto
In-Reply-To: <938C1AB8-F671-11D6-955B-0050E439C473@got.net>
Message-ID: <03CDF70C-F679-11D6-955B-0050E439C473@got.net>


On Tuesday, November 12, 2002, at 11:04  AM, Tim May wrote:

> (There are famous examples of using Hamiltonian cycles for giving zero  
> knowledge proofs. I wrote one up here for the list about 10 years  
> ago...it may be findable by searching on the right keywords. But using  
> one of the NP-complete problems to produce a ZK certificate is not the  
> same as something like RSA encryption...though one would think there  
> _must_ be a way to make it so....like I said, fame awaits someone who  
> figures this out.)

I dug up the last article I did on this. Here it is:

*	To: cypherpunks at algebra.com
*	Subject: CDR: An Introduction to Complexity, Hamiltonian Cycles, and  
ZeroKnowledge Proofs--Part 1
*	From: Tim May <tcmay at got.net>
*	Date: Sat, 4 Nov 2000 13:05:07 -0800
*	Cc: Olav <he-who-watches at gmx.de>
*	In-Reply-To:  
<Pine.OSF.4.05.10011041310080.11460-100000 at hcs.harvard.edu>
*	Old-Subject: An Introduction to Complexity, Hamiltonian Cycles, and  
ZeroKnowledge Proofs--Part 1
*	References:  
<Pine.OSF.4.05.10011041310080.11460-100000 at hcs.harvard.edu>
*	Reply-To: cypherpunks at ssz.com
*	Sender: owner-cypherpunks at ssz.com

------------------------------------------------------------------------


At 2:20 PM -0500 11/4/00, dmolnar wrote:
 >On Sat, 4 Nov 2000, Jim Choate wrote:
 >
 >>
 >>  On Sat, 4 Nov 2000, Declan McCullagh wrote:
 >>
 >>  > "NP" problems, on the other hand, are those that can be solved in
 >>  > nondeterministic polynomial time (think only by guessing). NP
 >>  > includes P.
 >>
 >>  Actualy any time that can't be described using a polynomial (i.e.  
a0 +
 >>  a1x + a2x^2 + ...) is NP. For example something that executes in  
factorial
 >>  or exponential time is NP.
 >
 >I'm sorry - by the definitions I know, Declan has it closer.
 >I'm not sure what you're getting at with "any time that can't be
 >described..." or "something that executes in factorial or exponential
 >time." As far as I know, NP is a class of *problems*, not a
 >class of running times or even a class of algorithms.


And I'm going to give a completely informal, but I hope useful,
introduction. Though formalism is very important, and jargon is
useful, I suspect that all the talk of "succinct certificates,"
"oracles," "reducibility," "nondeterministic polynomial time,"
"Co-NP," etc., isn't very useful to someone just coming to this stuff
for the first time.

I figure understanding math comes from thinking about specific
problems, drawing pictures, mulling things over, drawing more
pictures, and basically just "becoming one with the problem." Formal
definitions then begin to make a lot more sense. While Bourbaki may
favor only the tersest of explanations, I think they are dead wrong.

(Fair warning: I knew a lot more about this stuff in 1992 when I was
reading Garey and Johnson, Harel, etc. and trying to figure out the
zero knowledge papers of Goldwasser and her colleagues. These days,
terms like "Co-NP" are not in my daily repertoire of concepts I have
a good handle on. But the basic ideas don't need such formal
definitions. It's more important to have some _intuition_ about
common problems and then see the obvious connections with crypto.
David Molnar and others are much better versed in the current lingo.)

So, the German guy, Olav, who asked about what P and NP and all that
stuff means should think of a specific problem. The "Travelling
Salesman Problem" is one problem that's a lot of fun to think about,
for complexity issues (and also for specific algorithms, like
"simulated annealing," "heuristic search," "genetic programming,"
etc.). However, I'm going to pick the "Hamiltonian Path" (or
Hamiltonian Circuit) problem for most of my discussion.

It's equally fun, and is one of the canonical "NP-complete" examples.
It turns out that these problems are all similar in a deep way to
each other. Though there may not be obvious links between Hamiltonian
paths, tiling problems in the plane, Go problems on generalized Go
boards, grammar problems, "Monkey puzzles," the Minesweeper game
mentioned in this thread, and so on, it turns out that they share
deep similarities. In fact, with some effort ("polynomial time
effort," so to speak) one problem can be converted to another. Hence
the notion that if one could find an "easy" algorithm to solve one,
one would have solved all of them.

(And always keep in mind that these problems are considered in their
_general_ forms, with something like N cities, M x N tile arrays, a
Go board of N x N grid points, and so on. Any _specific_ instance is
not the essence, though of course a specific instance may still be
hideously complicated to solve. And slight factors of 2 or 20 or even
20 million, or, indeed, anything short of "exponential in N," are not
important. This is often called "Big O" notation, e.g, the
complexity/effort goes as "O (N^3)" or "O (N!)". For exact
definitions of these kinds of terms, consult any of the many books on
this stuff; I'm just trying to provide the motivation and basic ideas
here.)

TRAVELLING SALESMAN PROBLEM

Take 10 cities in Europe. For example: Berlin, Paris, Madrid, Rome,
Marseilles, Hannover, Geneva, Amsterdam, Warsaw, and London.

The TSP (Travelling Salesman Problem) would be to find the shortest
path that connects all cities. Exhaustive search finds the shortest
path on the order of (N -1)! calculations, where N is the number of
cities. Actually, (N -1)! divided by two. Neither the direction of
the path (the factor of 2) nor the starting city (the N -1) matters.
For 10 cities, this is trivial to solve exhaustively: a mere 180,440
paths to be computed. However, for 20 cities the number of paths to
be computed is about 6 x 10^16. For 50 cities, 3 x 10^62 paths. Whew.

Are their better algorithms than exhaustive search over all paths?
There may be many algorithms which give "pretty good" results.
Dividing the cities into regions and optimizing each one, then
stitching the results together works pretty well. (Used in a lot of
algorithms, developed at Los Alamos for bomb designs...the Metropolis
algorithm, for example.). Simulated annealing works pretty well. And
so on.

But these are all just approximations, not actual solutions. Good
enough for engineering, and evolution (which is why a rabbit trying
to get from his burrow to a food source to another food source
doesn't die of starvation while he's trying to solve the Travelling
Rabbit Problem exactly).

One of the characteristics of this kind of problem is that there is
often/usually no way to really measure "convergence on a solution."
In a maze, for example, as one travels down various maze passages one
may know that the goal is "just a few meters away," but this does
little good: one may have to backtrack, or undo, ALL moves all the
way back to the beginning of the maze search to take another branch
point! "Close doesn't count."

(The similarities with most modern crypto should be getting obvious.
Most modern crypto only falls to "brute force" -- exhaustive search,
trying all the paths, trying to factor a modulus, etc. There is no
"getting closer" in most modern ciphers.)


HAMILTONIAN PATH PROBLEM

Find a path or cycle on a graph which passes through each node once
and only once. (Or demonstrate whether any such cycle exists, a
slightly different form.)

I said I would also use the Hamiltonian Path Problem, HPP. This one
is worth spending an hour or two drawing pictures and trying to find
clever solutions. It will make the ideas much clearer, I think. And
will also lead to a good understanding of "zero knowledge proofs" and
the applications of them to things like pass phrases and security
systems which don't leak information to wiretappers or even to the
system being accessed! (Quite a feat, that.)

OK, go back to those 10 cities in Europe. As we know, some of those
cities have direct rail connections to other of the cities, some
don't. Berlin and Paris are connected (ignore trivial issues of their
perhaps being intermediate cities and towns...). Madrid and London
are not connected directly by rail lines.

The HPP is to take a graph, the set of cities and the links between
them, and find a path or cycle which passes through each node (city)
once and only once. And returns to the starting node. For example,
one such path might look like:

Rome to Marseilles to Madrid to Geneva to Warsaw to Berlin to
Hannover to Amsterdam to Paris to London...whoops, London is only
connected to Paris, so we're stuck in London.

(This isn't the essence of a HPP, and one could stipulate that all
cities must be connected to at least two other cities.)

Let's throw London out and only consider N cities with connections to
at least two other cities.

How many possible paths need to be calculated depends on the number
of interconnections. Some time spent with a pencil and paper will be
invaluable.

As the number of cities increases, the number of paths to consider
goes up roughly as N! (N factorial, as above with the TSP). This is
not polynomial in the number of cities. (Hence, for newcomers, one
starts to get the idea of "nonpolynomial time," though there are some
nuances and quibbles to deal with.)

However, suppose someone presented a purported Hamiltonian cycle for
a graph? That is, a claimed path through the N cities that passed
through each city once and only once?

This could be verified in practically no time, just by eyeballing the
purported cycle.

And thus one gets at the idea of an "oracle," a machine or god which
can "guess" the solution. (Hence the idea behind "nondeterministic
polynomial time." Again, there are nuances and formal issues, but
this is the general idea.)

(The intuition goes like this: For a large graph, of, say, 100
cities, the calculations required to compute the O (100!) paths would
be vastly greater than all the computers that will ever be built
could ever do in a billion universes, blah blah. If someone presents
a solution, they must have "oracular" powers. Well, not really, as we
shall see.)


ZERO KNOWLEDGE--APPLYING THIS TO PASS PHRASES

"I am Tim May and I present my proof of this: I know a Hamiltonian
cycle for this particular graph which is my signature graph."

So I present a graph with 100 cities on it, linked in various ways,
and show a Hamiltonian cycle. Proof.

Except that now I've given this proof to anyone watching, including
the system or person I just showed the proof to.

Is there a way to prove beyond any doubt that I know the Hamiltonian
cycle without actually revealing it. There is. Wow. Trippy stuff.
I'll wait a day or two to explain.

However, related to our above discussion of HOW FREAKING HARD it is
to compute such a Hamiltonian cycle on a reasonably large graph, HOW
DID I EVER FIND ONE?

Well, I have no oracular or magical abilities to "guess"
("non-deterministic polynomial time"). Instead, I constructed the
Hamiltonian cycle from scratch!

I took N cities, with no specified links, and connected them in some
Hamiltonian cycle. Very easy to do. Just draw N cities or nodes and
draw lines connecting them, satisfying the once and only once
criterion.

Ah, but then draw in a bunch of _other_ links between the nodes.

The full graph, nodes and links, is VERY HARD for anyone else to find
a Hamiltonian cycle for, but trivial for _me_ to find a Hamiltonian
cycle for!

So I can use the fact that I know a Hamiltonian cycle for "my"
"signature graph" as a pass phrase, or other proof of identity. The
trick to be able to prove that I know it without actually revealing
it. As I said, I'll describe the trick later today or tomorrow.

By the way, my favorite book on this is David Harel's "Algorithmics."
Not exactly intended for a beginning student, but much more
descriptive and basic than _most_ of the books on complexity theory.
Lots of pictures, lots of descriptions of actual problems (tiling
puzzles, my favorites).

I confess that I only skimmed the sections on "Presburger arithmetic"
and why it is "beyond NP" in some weird sense.

Have fun,


--Tim May
--  
---------:---------:---------:---------:---------:---------:--------- 
:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms,  
zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information  
markets,
"Cyphernomicon"             | black markets, collapse of governments.




From kravietz at echelon.pl  Tue Nov 12 05:37:54 2002
From: kravietz at echelon.pl (=?iso-8859-2?Q?Pawe=B3?= Krawczyk)
Date: Tue, 12 Nov 2002 14:37:54 +0100
Subject: disappearing Kavkaz sites?
Message-ID: <20021112133754.GS22217@aba.krakow.pl>


Over the last few weeks from terrorist attack in Moscow I've seen Chechen
informational websites disappearing one by one, replaced by standard ISP
"work in progress" or "domain for hire" banners.

All those sites (kavkaz.org, kavkazcenter.com and others) were
the only sources of information about war in Chechnya independent
from Russian propaganda. I can still see some Russian-language sites
(chechenpress.com) working, but for obvious reasons they rarely are useful
for the international community interested in what's going on in Chechnya.

So it seems that Russian FSB is much more effective in censoring
Internet or, in general, controlling the flow of information (all Russian
independent TV and newspapers were shut down too) than any Western law
enforcement or secret service.  Probably because FSB don't care at all
about law, human rights etc. Bad news that the claim that "censoring
Internet is practically impossible" is no longer true.

This is probably the right time for Kavkaz people to move to Freenet...

-- 
Pawe3 Krawczyk, Kraksw, Poland  http://echelon.pl/kravietz/
horses: http://kabardians.com/
crypto: http://ipsec.pl/




From cards at discountcertificates.com  Tue Nov 12 17:53:40 2002
From: cards at discountcertificates.com (Great Offer)
Date: Tue, 12 Nov 17:53:40 2002 -0800
Subject: Get 250 full-color business or personal cards free
Message-ID: <19735011.4153046@mailhost>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 6269 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021112/09e1889b/attachment.txt>

From rxccuufrm at kolaymail.com  Tue Nov 12 15:11:15 2002
From: rxccuufrm at kolaymail.com (Otis Comp)
Date: Tue, 12 Nov 2002 18:11:15 -0500
Subject: M�zik ve arad�klar�n�z auno
Message-ID: <hgktgbx@kolaymail.com>


Mp3sa yine bir ilki ger�ekle�tiriyor: Klip ar�ivi!
Full alb�m ve single par�alar mp3 halinde!
Aray�pta bulamad���n�z b�t�n par�alar i�in birde sitemize bak�n: http://www.mp3sa.com

Full Turk�e Album 
Full Yabanc� Album 
A-Z Yerli Mp3 
A-Z Yabanc� Mp3 
En Iy� 20 
Yerli V�deo Kl�p 
Yabanc� V�deo Kl�p 
Yerli ve Yab. Ars�v

Hepsine birden ula�abilece�iz tek bir adres var
http://www.mp3sa.com






From schear at attbi.com  Tue Nov 12 18:48:37 2002
From: schear at attbi.com (Steve Schear)
Date: Tue, 12 Nov 2002 18:48:37 -0800
Subject: Know your place, shut your face: Messages from the Minister of
  Homeland Security
Message-ID: <5.1.0.14.2.20021112184722.04517d68@mail.attbi.com>


http://homepage.mac.com/leperous/PhotoAlbum1.html


When there is no justice a State is merely big scale exploitation, just 
like a gang of thieves is a miniature kingdom.
-- Augustin




From zenadsl6186 at zen.co.uk  Tue Nov 12 13:06:52 2002
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Tue, 12 Nov 2002 21:06:52 +0000
Subject: Yodels, new anonymous e-currency
In-Reply-To: <d7edc5082a53f8bf0672245b88c73609@dizum.com>
Message-ID: <B9F71DEC.26000%zenadsl6186@zen.co.uk>


Nomen Nescio quoted:


>> The author of Yodel Bank can be reached on IIP under the name yodel on
>> #yodel. He claims to be fully anonymous to the world

Why? What for? It's the customers who need anonymity, not the Bank.



It is now legal in the UK and the EU to issue "private money". You need a
lot to start (euro100k or so) and you need to follow some regulations, but
AFAIK customer anonymity isn't prohibited.

I'm not clear on the details though. Started around the beginning of summer,
sorry no ref's, but an inventive Googler should find something. I think Ben
(Laurie) was interested in doing something along these lines.

-- Peter Fairbrother




From rah at shipwright.com  Tue Nov 12 21:13:36 2002
From: rah at shipwright.com (R. A. Hettinga)
Date: Tue, 12 Nov 2002 22:13:36 -0700
Subject: Simple Access Acquires Intel's Network Systems Unit, Renames
  itself Shiva
Message-ID: <p05200f5cb9f78fb143ad@[192.9.200.157]>


http://professional.venturewire.com/exclusives.asp?sid=LNKMILMPQI

VentureWire Exclusives
back
Simple Access Acquires Intel's Network Systems Unit
By Michelle Tsai
11/12/2002
NEWTON, Mass. -- Simple Access, a developer of security appliances for
broadband access and server-based environments, said it has acquired
Toronto-based Intel Network Systems, a subsidiary of Intel and renamed
itself Shiva. The Network Systems unit was formerly known as Shiva until
its acquisition by Intel in 1999. Terms of the deal were not disclosed.

Intel Capital will hold an equity stake in the new Shiva. The new Shiva
will integrate the acquired VPN products with its existing broadband,
firewall, and secured socket layer business. Ten engineering and marketing
employees from Intel Network Systems will join the new Shiva in Toronto.
The new Shiva will have 44 employees in total.

The original Shiva, which was formed in 1985, developed remote access and
virtual private networking hardware for the small to medium enterprise
market.

Simple Access, which develops appliances to secure both Internet and
Intranet transactions and communications, formed in 2001 and was backed by
individual investors prior to this deal. David Powers, a spokesperson for
the new Shiva, said that although Simple Access and Intel Network Systems
were not direct competitors, Simple Access was beginning to add VPN
capabilities to some of its products.

The new Shiva is based in Montreal with U.S. headquarters in Newton,
Massachusetts, and sales offices in the U.S. and the United Kingdom.
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From jamesd at echeque.com  Tue Nov 12 23:08:56 2002
From: jamesd at echeque.com (James A. Donald)
Date: Tue, 12 Nov 2002 23:08:56 -0800
Subject: Yodels, new anonymous e-currency
In-Reply-To: <e07f2bf797207f026abb48475802c12a@cypherpunks.to>
Message-ID: <3DD18A08.20891.340769D@localhost>


    --
On 13 Nov 2002 at 2:26, Anonymous via the Cypherpunks wrote:
> It's not clear what value - if any - Yodel provides over and above the
> DMT Rand system.

The DMT Rand system knows if client X43967 transfers money to client 
X98987

It also know that client X43967 transferred money to or from a bank 
of America account, rendering client X43967 no longer pseudonymous.

Similarly for client X98987

Thus it can discover that Truename Bob transferred money to truename 
alice.

With Yodels, this cannot be discovered.

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     4dTv3KcoxE5viaZ34CP+Kgiv7xBHQnxAIgOf8q77
     4wRmxI7SHxYSApkRtBdKILKjZaXzp6Qu2F4jW9vcT




From declan at well.com  Tue Nov 12 20:52:20 2002
From: declan at well.com (Declan McCullagh)
Date: Tue, 12 Nov 2002 23:52:20 -0500
Subject: Hollings loss is our gain
In-Reply-To: <5.1.0.14.2.20021111105538.044a4eb0@mail.attbi.com>; from
  schear@attbi.com on Mon, Nov 11, 2002 at 11:00:55AM -0800
References: <20021107214212.GW18214@zork.net>
  <5.1.0.14.2.20021107122327.04624e90@mail.attbi.com>
  <20021105214937.A26440@chiba.halibut.com>
  <5.1.0.14.2.20021107122327.04624e90@mail.attbi.com>
  <5.1.0.14.2.20021107140951.041eefc0@mail.attbi.com>
  <5.1.0.14.2.20021111105538.044a4eb0@mail.attbi.com>
Message-ID: <20021112235220.A16225@cluebot.com>


Unless something really strange happens, McCain takes over the
commerce committee. He's not as bad as Hollings on DRM, which is
damming with faint praise, but hardly laissez-faire in general. He was
one of the backers of the change-stock-options-accounting bill, quick
to campaign against social issues, and not even as good as some of his
fellow GOPers on fiscal issues.

-Declan


On Mon, Nov 11, 2002 at 11:00:55AM -0800, Steve Schear wrote:
> Those with an interest in consumer rights and DRM may take heart.  With the 
> Republicans taking control of the Senate, Sen. Ernst Hollings will no 
> longer be Chairman of the Commerce Committee.  His drive to sell out 
> consumers for the special interests from Hollywood may now be blunted.  It 
> will be interesting to see which Republican is selected to replace him and 
> what policies are emphasized in the coming term.
> 
> steve




From support at tesdaily.com  Wed Nov 13 02:47:17 2002
From: support at tesdaily.com (Free Viagra)
Date: 13 Nov 2002 06:47:17 -0400
Subject: Your Free Viagra Sample Pack
Message-ID: <200211130641.gAD6fl2f041825@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3201 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021113/f6239a0a/attachment.txt>

From k-elliott at wiu.edu  Wed Nov 13 10:05:13 2002
From: k-elliott at wiu.edu (Kevin Elliott)
Date: Wed, 13 Nov 2002 10:05:13 -0800
Subject: "Emergency Coercive Unit"
In-Reply-To: <F182beUzmRf6Ci6nx8d000000d2@hotmail.com>
References: <F182beUzmRf6Ci6nx8d000000d2@hotmail.com>
Message-ID: <p05200f01b9f844698ce6@[12.246.100.116]>


At 10:59 -0500  on  11/13/02, Tyler Durden wrote:
>b) Downstairs and across the street in front of Starbucks I just saw 
>two NYC >cops holding what looked like AK-47s...on their backs it 
>said "Emergency >Coercive Unit".

I always knew New York was full of commie bastards.  I thought they 
were smart enough to hide themselves behind good capitalist weapons. 
Like an AR-15 or an MP-5.  3
-- 
_____________________________________________
Kevin Elliott <mailto:kelliott at mac.com> ICQ#23758827




From jamesd at echeque.com  Wed Nov 13 10:31:05 2002
From: jamesd at echeque.com (James A. Donald)
Date: Wed, 13 Nov 2002 10:31:05 -0800
Subject: Yodels, new anonymous e-currency
In-Reply-To: <20021112133939.GB1393@apb.cequrux.com>
References: <d7edc5082a53f8bf0672245b88c73609@dizum.com>
Message-ID: <3DD229E9.29426.9F546A@localhost>


The Yodel does not have a web site where yodels can be converted into 
some other form of money, and other forms of money converted into 
Yodels.

Instead it has an IIRC bot.   Use of this bot is described at 
http://yodel.deep-ice.com/bankbot.html

This means a command line interface, to do banking transactions.

This of course greatly reduced the work required to implement the 
Yodel, but will greatly limit the acceptability of the Yodel.




From avqmflatabs4u at mail.com  Wed Nov 13 10:43:23 2002
From: avqmflatabs4u at mail.com (rfkxLose Weight Now)
Date: Wed, 13 Nov 2002 10:43:23 -0800
Subject: Holiday Gift Idea: Age Reversing Formula qceb
Message-ID: <200211131840.gADIe5TU032319@ak47.algebra.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1847 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021113/766c877f/attachment.txt>

From trk021112.phoenixguide.23444.758152.1166533 at announce.betareward.com  Wed Nov 13 11:47:20 2002
From: trk021112.phoenixguide.23444.758152.1166533 at announce.betareward.com (21 Century Study)
Date: Wed, 13 Nov 2002 11:47:20 -0800
Subject: Inter-national further study. UK, Cambridge.
Message-ID: <gADJkJDa031008@mxproxy.betareward.com>


---------------------------------------------------------------------
~~  Net-flush Member Newsletter: November 12th 2002  ~~
---------------------------------------------------------------------

Get a better career, equip yourself.
Apply with no obligation.
This is part of your newsletter subscription.
Featured this week - UK, Cambridge.



+--------------------------------------------------------+
Upgrade yourself, get a MBA online!
+--------------------------------------------------------+

No obligation. Apply and check out the best courses.
Click here:
http://www.netflush.com/client/phoenixguide/20021112
 

+--------------------------------------------------------+
The 21 Century Study Club
+--------------------------------------------------------+

Join The 21 Century Study and get your degree or MBA
program online.
http://www.netflush.com/client/phoenixguide/20021112



+--------------------------------------------------------+
Executive Certificate & Diploma, MBA and more
+--------------------------------------------------------+
Easy access to world best further study programs. 
Join 21 Century Study Club. No cost, no obligation.
http://www.netflush.com/client/phoenixguide/20021112



-----------------------------------------------------
Subscription Information
-----------------------------------------------------

You received this email because you signed up at 
one of Net-flush's websites or you signed up with a
party that has contracted with Netflush. To 
un subscribe from the Netflush Rewards List, visit
http://netflush.com/unsub/
To read Net-flush privacy policy, visit Privacy Policy 
at http://www.netflush.com. The products and/or 
services advertised in this email are the sole 
responsibility of the advertiser, and questions 
about this offer should be directed to the advertiser.

CID: trk021112.phoenixguide.cypherpunks at manifold.algebra.com
==========================================================
(c) 2002 Net-flush Publishing. All rights reserved.




From rwright at cs.stevens-tech.edu  Wed Nov 13 09:42:38 2002
From: rwright at cs.stevens-tech.edu (Rebecca N. Wright)
Date: Wed, 13 Nov 2002 12:42:38 -0500 (EST)
Subject: [fc] list of papers accepted to FC'03
Message-ID: <mailman.656.1576007625.31620.cypherpunks-legacy@lists.cpunks.org>

Here is the list of papers accepted to Financial Cryptography '03.  In
addition, there will be several invited talks and panels.  A
preliminary program will be available shortly.  For more info, see
www.ifca.ai/fc03.

==================================================================
Rebecca Wright                 phone: +1 201 216-5015
Department of Computer Science fax:   +1 201 216-8249
Stevens Institute of Technology
Castle Point on Hudson	       e-mail: rwright at cs.stevens-tech.edu
Hoboken, NJ 07030            Web: www.cs.stevens-tech.edu/~rwright
==================================================================

List of papers accepted to FC'03
--------------------------------

A Micro-Payment Scheme Encouraging Collaboration in Multi-Hop Cellular
Networks
Markus Jakobsson and Jean-Pierre Hubaux and Levente Buttyan

Using Trust Management to Support Transferable Hash-Based
Micropayments
Simon N Foley

Fully Private Auctions in a Constant Number of Rounds
Felix Brandt

Verifiable Secret Sharing for General Access Structures, with
Application to Fully Distributed Proxy Signatures
Javier Herranz and Germ�n S�ez

Cryptanalysis of the OTM signature scheme from FC'02
Jacques Stern and Julien P. Stern

Squealing Euros: Privacy Protection in RFID-Enabled Banknotes
Ari Juels and Ravikanth Pappu

Preventing Tracking and ''Man in the Middle'' Attacks on Bluetooth
Devices
Dennis K�gler

Traversing Hash Chain with Constant Computation
Yaron Sella

Retrofitting Fairness on the Original RSA-Based E-Cash
Shouhuai Xu and Moti Yung

Fault based cryptanalysis of the Advanced Encryption Standard (AES)
Johannes Bl�mer and Jean-Pierre Seifert

How Much Security is Enough to Stop a Thief?
Stuart E. Schechter and Michael D. Smith

Fair Off-Line e-Cash made easier
Matthieu Gaud and Jacques Traor�

Asynchronous Optimistic Fair Exchange Based on Revocable Item
Holger Vogt

Secure Generalized Vickrey Auction using Homomorphic Encryption
Koutarou Suzuki and Makoto Yokoo

Non-interactive Zero-Sharing with Applications to Private Distributed
Decision Making
Aggelos Kiayias and Moti Yung

Timed Fair Exchange of Arbitrary Signatures
Juan Garay and Carl Pomerance

On the Economics of Anonymity
Alessandro Acquisti and Roger Dingledine and Paul Syverson
_______________________________________________
fc mailing list
fc at ifca.ai
http://mail.ifca.ai/mailman/listinfo/fc

--- end forwarded text

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From ged at wei.com  Tue Nov 12 21:47:52 2002
From: ged at wei.com (ged at wei.com)
Date: Wed, 13 Nov 2002 13:47:52 +0800
Subject: Email marketing!!!!!!!
Message-ID: <200211130547.gAD5lQ2g040180@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 15292 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021113/f602b019/attachment.txt>

From bogus@does.not.exist.com  Wed Nov 13 03:59:00 2002
From: bogus@does.not.exist.com (KopitekKopyalamaSistemleri)
Date: Wed, 13 Nov 2002 13:59:00 +0200
Subject: Fotokopi + Faks
Message-ID: <GIGANTICaJswFCHOzyf000000e2@levee.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 6359 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021113/329b5e73/attachment.txt>

From xxxmovies at readyopt.com  Wed Nov 13 06:54:07 2002
From: xxxmovies at readyopt.com (PornoMoviesOnline)
Date: Wed, 13 Nov 2002 14:54:07 -0000
Subject: Free Pass - Adult Movie Mega Site!
Message-ID: <1nlisg$42v69e@ex13.essoc.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3875 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021113/6afebb95/attachment.txt>

From diho at etang.com  Tue Nov 12 23:08:25 2002
From: diho at etang.com (=?GB2312?B?ueG7qsrQs6HR0L6/uavLvg==?=)
Date: Wed, 13 Nov 2002 15:08:25 +0800
Subject: =?GB2312?B?xa7Q1Mio0ua197Lpzsq+7Q==?=
Message-ID: <200211130708.gAD78Q2g042837@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 8937 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021113/af21b810/attachment.txt>

From diho at etang.com  Tue Nov 12 23:10:35 2002
From: diho at etang.com (=?GB2312?B?ueG7qsrQs6HR0L6/uavLvg==?=)
Date: Wed, 13 Nov 2002 15:10:35 +0800
Subject: =?GB2312?B?xa7Q1Mio0ua197Lpzsq+7Q==?=
Message-ID: <200211130710.gAD7AcQ26045@waste.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 8937 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021113/bafa5764/attachment.txt>

From camera_lumina at hotmail.com  Wed Nov 13 12:46:57 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Wed, 13 Nov 2002 15:46:57 -0500
Subject: Codetalking in the South Pacific?
Message-ID: <F145GJ2TUSzbAUfKRfc0000022f@hotmail.com>


Oh yeah, another thing I wanted to ask about, before I forget.

It's somewhat well-known that throughout the South pacific, there are "radio 
stations" that do nothing but broadcast the real-time reading of number 
sequences, but no one seems to know just why. And these number sequences do 
not seem to be recordings...every station has a different voice, and the 
number sequences never repeat. So it would seem that they are being read in 
real time by natives employed at various islands.

Anyone know what the heck those things are? There's actually a 3-CD 
collection available of the number broadcasts.







>From: "Major Variola (ret)" <mv at cdc.gov>
>To: "cypherpunks at lne.com" <cypherpunks at lne.com>
>Subject: Codetalking, private business, harassment, EEOC, freedom of   
>speech/association
>Date: Tue, 12 Nov 2002 16:01:25 -0800
>
>[Summary: Navajo is banned by employer because employees are being rude
>in that language.
>So the EEOC objects.  Ironies: Navajo, codetalkers, feds.  EEOC
>harassing employer who is trying to prevent harassment (in Navajo) of
>others.]
>
>
>
>English group enters Navajo language fray
>
>From the National Desk
>Published 11/12/2002 5:59 PM
>View printer-friendly version
>
>PHOENIX, Nov. 12 (UPI) -- The legal dispute over an Arizona restaurant's
>rule banning employees from
>speaking Navajo on the job drew the participation Tuesday of a national
>organization that advocates English
>as the official language of the United States. The suit was the first
>filed by the EEOC to involve a Native
>American language.
>
><snip>
>http://www.upi.com/view.cfm?StoryID=20021112-044422-7977r
>
>[Libscoop: since neither employers nor employees should be coerced, the
>employers can morally
>require what they want, and the employees can shop for employment
>uncoerced too.  Meddling
>DC-bureaucrats should be tomahawked at the door; after being told to
>leave in Esperanto.]


_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* 
http://join.msn.com/?page=features/junkmail




From GaryJeffers at aol.com  Wed Nov 13 14:33:11 2002
From: GaryJeffers at aol.com (GaryJeffers at aol.com)
Date: Wed, 13 Nov 2002 17:33:11 EST
Subject: OPPOSE THE WAR! We are going to ruin Iraq to get the oil. Who's next?
Message-ID: <141.290dff8.2b042d27@aol.com>

       OPPOSE THE WAR! We are going to ruin Iraq to get the oil. Who's next?

My fellow Cypherpunks,

   The purpose of the coming Iraq war is to steal their oil. After we get 
Iraq oil, which arab country
is next? If U. State can get away with the theft of Iraq, then why not just 
keep on stealing?

 The beneficiaries of this war are:

1. United State: This has a double benefit. A. The U.S. (as a (w)hole) is 
bankrupt on paper and our economy is going to hell. Stealing the Arabian oil 
fields will stave off a U.S. collapse for at least several years. B. The U.S. 
State (im)proper. In various ways, U State will get more powerful and richer 
from this.

2. Corporations, connected. They will benefit both from war expenditures and 
from associating
with the oil.

3. The ruling elite families. They will get even richer from the oil money 
funneled from the chosen
corporations. Also, as the State gets power, they get power.

4. The Zionists. Israel will probably get more land and oil fields unless the 
treacherous Bush 
family betrays them.  The Israeli Jews will probably just suffer. The ruling 
Elites really don't 
care about their sponsors :-(  Well, at least the Jews will get a symbolic 
victory :-)

   For proofs and more information visit the excellent site:

http://www.WHATREALLYHAPPENED.com

Yours Truly,
Gary Jeffers

BEAT STATE!!!!
and the ruling elites.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1648 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021113/c1c9f374/attachment.txt>

From shamrock at cypherpunks.to  Wed Nov 13 18:18:23 2002
From: shamrock at cypherpunks.to (Lucky Green)
Date: Wed, 13 Nov 2002 18:18:23 -0800
Subject: "Emergency Coercive Unit"
In-Reply-To: <F182beUzmRf6Ci6nx8d000000d2@hotmail.com>
Message-ID: <008d01c28b84$201a3e90$6701a8c0@VAIO650>


Tyler wrote:
> b) Downstairs and across the street in front of Starbucks I 
> just saw two NYC 
> cops holding what looked like AK-47s...on their backs it said 
> "Emergency 
> Coercive Unit".

A URL with pictures of that team would be appreciated.

--Lucky




From bill.stewart at pobox.com  Wed Nov 13 19:13:13 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Wed, 13 Nov 2002 19:13:13 -0800
Subject: Yodels, new anonymous e-currency
In-Reply-To: <3DD0DD40.12328.9D89FB@localhost>
References: <d7edc5082a53f8bf0672245b88c73609@dizum.com>
Message-ID: <5.1.1.6.2.20021113191246.02b27a58@idiom.com>


At 10:51 AM 11/12/2002 -0800, James A. Donald wrote:
>
>Alleged attempts to introduce internet currencies have a ninety
>percent humbug and fraud rate.

And the other 10% have unsustainable business plans....


:-)




From jock521 at hotmail.com  Wed Nov 13 03:29:44 2002
From: jock521 at hotmail.com (jock521 at hotmail.com)
Date: Wed, 13 Nov 2002 19:29:44 +0800
Subject: =?GB2312?B?ztK5q8u+1eazz7XE0bDH87T6wO3JzA==?=
Message-ID: <GIGANTICU1Gj03oHMwV000000df@levee.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3540 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021113/52344929/attachment.txt>

From eresrch at eskimo.com  Wed Nov 13 19:50:29 2002
From: eresrch at eskimo.com (Mike Rosing)
Date: Wed, 13 Nov 2002 19:50:29 -0800 (PST)
Subject: The End of the Golden Age of Crypto
In-Reply-To: <B9F8658F.C57%kayakwcc@comcast.net>
Message-ID: <Pine.GSU.4.44.0211131944430.17049-100000@eskimo.com>


On Wed, 13 Nov 2002, Sam Ritchie wrote:

> That's the whole deal with the bible, and its various internal
> contradictions. If anything can be proven true in the bible, then there's no
> room for faith anymore, which nullifies religious "beliefs"; and if anything
> can be proven false, then there's no god, and religion is crushed under the
> heel of reason. Hurrah, Enlightenment!
> ~SAM

Don't bet on it.  I was in a discussion group a week or so ago and one
lady who is super devout (of some christian sect, I'm not really sure
which one) claimed that she was always "testing her faith" every day.
It really shook me up because I have faith in testing.  Religion and
reason are not in the same universe!

My favorite response on the subject of god is "I have no need of that
hypothisis".  I forget who it's attributed to, but I think it was from the
late 1800's.

Patience, persistence, truth,
Dr. mike




From marshall at idio.com  Wed Nov 13 20:33:15 2002
From: marshall at idio.com (Marshall Clow)
Date: Wed, 13 Nov 2002 20:33:15 -0800
Subject: OPPOSE THE WAR! We are going to ruin Iraq to get the oil.  
  Who's ne
In-Reply-To: <F132agTcSokxtX0WsWo0000e108@hotmail.com>
References: <F132agTcSokxtX0WsWo0000e108@hotmail.com>
Message-ID: <p05300541b9f8d16eeac7@[129.46.157.212]>


[ I know I shouldn't feed the trolls, but there might be someone out there who could benefit from this. ]

Tyler Durden wrote:
>Aside from this is the issue of continued American dependence on oil, a dependence that could be greatly reduced if we put our minds to it, but we seem to be so addicted to our current lifestyle that we would rather launch wars rather than face our internal issues.

You blithely say "if we put our minds to it", as if that were a simple thing.
[ Hint: Minds have been "put to it" before. ]

For your amusement, here are a few dates from history:

November 7, 1973
	President Nixon launches Project Independence, with the goal of achieving energy self-sufficiency by 1980.

April 18, 1977
	President Carter announces National Energy Plan in his first major energy speech.
Goal is to reduce oil imports by 65%, and to reduce energy growth to 2%/year.

March 17, 1987
	President Reagan's Energy Security Report outlines the
Nation's increasing dependence on foreign oil.

February 20, 1991
	President Bush presents the Department's National Energy Strategy
to Congress and the American people.
-- 
-- Marshall

Marshall Clow     Idio Software   <mailto:marshall at idio.com>
Hey! Who messed with my anti-paranoia shot?




From marketing at gamblersparlor.com  Tue Nov 12 22:02:39 2002
From: marketing at gamblersparlor.com (marketing at gamblersparlor.com)
Date: Wed, 13 Nov 2002 22:02:39 +1600
Subject: GamblersParlor - 100% Match Bonus Up To $150 Free
Message-ID: <20021114060239.A33B315CDD4@gamblersparlor.com>


note: If you received this email as unsolicited,
please notify webmaster at gamblersparlor.com immediately.

8888888888888888888888888888888888888888888888888888

 GamblersParlor - 100% Match Bonus Up To $150 Free!

8888888888888888888888888888888888888888888888888888

###
### $100 JOINING BONUS AT UK CASINO CLUB!
###
UKCasinoClub offers you the very best in online gaming.
Stylish, secure and sophisticated, we have 43 authentic
casino games including all your favourites - Blackjack,
Roulette, Poker, Keno, Slots and more. Our members enjoy
personal account managers, fast cashins, excellent payouts,
a loyalty club, 24hr support, free VIP bonuses and $1000's
every week in promotions. We accept a wide range of methods
for purchasing and cashing-in your casino tokens; we also
offer play in either USD or GBP (Euros coming soon). So why
not enjoy the comfort, security and reliability of the
Internet's Premiere Casino - UKCasinoClub

Click the link below to sign up:
http://www.gamblingpot.com/scripts/redir/ref.pl?refer=101&cd=gpr&ec=Q1lQSEVSUFVOS1NAQUxHRUJSQS5DT00=
<a href="http://www.gamblingpot.com/scripts/redir/ref.pl?refer=101&cd=gpr&ec=Q1lQSEVSUFVOS1NAQUxHRUJSQS5DT00=">
AOL Users Click Here To Sign Up!</A>

###
### 100% MATCH BONUS - UP TO $100 FREE!
###
You'll enjoy twice the action at Golden Comps Casino with
our proven 100% match reward system. Your bonus is credited
to your account within minutes, with no waiting - just
playing! Becoming a Golden Comps Casino member automatically
enrolls you in our fabulous Comp points program, where every
hand you play, wheel you spin, or coin you drop earns you
valuable Golden Comps!

Click the link below to sign up:
http://www.gamblingpot.com/scripts/redir/ref.pl?refer=202&cd=gpr&ec=Q1lQSEVSUFVOS1NAQUxHRUJSQS5DT00=
<a href="http://www.gamblingpot.com/scripts/redir/ref.pl?refer=202&cd=gpr&ec=Q1lQSEVSUFVOS1NAQUxHRUJSQS5DT00=">
AOL Users Click Here To Sign Up!</A>

###
### 125% MATCH BONUS! AT FIVE ROSES CASINO!
###
When you open an account with a $100 deposit, the Five Roses
Casino will more than double your bankroll with a 125% bonus!
You will receive an enormous $125 FREE to experience our
casino first-hand as a player.  Welcome to Five Roses! Five
Roses Casino brings the glamour and excitement of real casino
action to your desktop. Fast payouts, generous comps, and
around-the-clock friendly customer support make Five Roses
the premiere destination for wagering online. Be our guest
today as a real player and discover the finest virtual gaming
in the privacy of your own home.

Click the link below to sign up:
http://www.gamblingpot.com/scripts/redir/ref.pl?refer=178&cd=gpr&ec=Q1lQSEVSUFVOS1NAQUxHRUJSQS5DT00=
<a href="http://www.gamblingpot.com/scripts/redir/ref.pl?refer=178&cd=gpr&ec=Q1lQSEVSUFVOS1NAQUxHRUJSQS5DT00=">
AOL Users Click Here To Sign Up!</A>

###
### $150 FREE BONUS CASH FROM ONLUCK CASINO!
###
OnLuck Casino brings stunning action and exotic casino
games to your desktop 24 hours a day.  Experience the most
realistic gaming action from the comfort of your own home,
while playing in a secure, safe environment. As a guest of
OnLuck Casino you will be treated to friendly service as
well as VIP comps, starting with this HUGE 100% Match Bonus
up to $150!

Click the link below to sign up:
http://www.gamblingpot.com/scripts/redir/ref.pl?refer=177&cd=gpr&ec=Q1lQSEVSUFVOS1NAQUxHRUJSQS5DT00=
<a href="http://www.gamblingpot.com/scripts/redir/ref.pl?refer=177&cd=gpr&ec=Q1lQSEVSUFVOS1NAQUxHRUJSQS5DT00=">
AOL Users Click Here To Sign Up!</A>

UNSUBSCRIBE INFORMATION
=======================
You are receiving the Gamblers Parlor newsletter because you
have subscribed to it through our gambling affiliates.
If you wish to cancel your subscription, please reply to
this message and type REMOVE in the subject line.




From HomeworkersAssociation1989 at yahoo.com  Wed Nov 13 20:11:16 2002
From: HomeworkersAssociation1989 at yahoo.com (Nery Mester)
Date: Wed, 13 Nov 2002 23:11:16 -0500
Subject: >>WORK AT HOME...START TODAY!
Message-ID: <B0000224156@icarus.movist>



          GET STARTED WORKING FROM HOME TODAY!

This message contains valuable information about our
organization and qualified specialists who have
extensive knowledge and experience in WORKING
FROM HOME.

We have spent the last decade researching home employment options 
available to the public. After spending thousands of hours in research, we can 
confidently promise you that NO ONE has better information on this subject.  

---WORK IN THE COMFORT OF YOUR OWN HOME--- 
               
    ***WIDE SELECTION OF JOBS...TOP PAY***

       --REAL JOBS WITH REAL COMPANIES--

Plus receive your very own "Computer Cash Disk" FREE!

Every day thousands of people just like you are getting
started working at home in fields of computer work, sewing, 
assembling products, crafts, typing, transcribing, mystery shopping,
getting paid for their opinion, telephone work and much more!

          WHO ARE HOME WORKERS?

They are regular, ordinary people who earn an excellent
living working at their own pace and make their own hours.
They are fortunate people who have found an easier way
to make a living. They had absolutely no prior experience
in this field. They earn a good weekly income in the comfort 
of their own home and you can be next!

Companies all over the United States want to hire you as an
independent home-worker. You are a valuable person to
these companies because you will actually be saving them
a great amount of money.

These companies want to expand their business, but do not
want to hire more office people. If they hired more office
employees, they would have to supervise them, rent more 
office space, pay more taxes and insurance, all involving
more paperwork. It is much easier for them to set it up so
you can earn an excellent income working in the comfort of
your own home.

    -------------------LIVE ANYWHERE--------------------

You can live anywhere and work for most of these companies.
The companies themselves can be located anywhere.
For computer work, the companies provide you with
assignments, usually data entry or similar tasks. You
then complete the project and get paid for each task.
You receive step by step instructions to make it easier 
for you and to insure you successfully complete the job.

After you're finished, you ship the completed assignments
back to the company at no charge to yourself. Upon receiving
your assignments, the company will then mail you a check
along with more assignments. It's that easy!

All the other home-based work (sewing, merchandising, surveys,
product assembly, typing, telephone work, transcribing, and mystery shopping)
are  done in a similar way. After contacting the companies you will
be given step by step instructions and information on what you
need to do. Upon completion of the task, they mail you a check.

You have the potential to work for nearly every company in our 
guide. The only jobs that require equipment is computer work 
(computer needed), typing (typewriter or computer). All other 
work requires no equipment of your own.

          $$$EARN EXTRA INCOME AT HOME$$$

All business can be done by mail , phone, or online. You can START
THE SAME DAY you receive "The Guide to Genuine Home
Employment."

     *****ONLY REAL COMPANIES OFFERING REAL JOBS!*****

The companies in our guide are legitimate and really need
home workers. There is over two hundred of the top companies
included in our guide offering an opportunity for you to make
extra income at home. Unlike other insulting booklets or lists you
may see, our guide only includes up to date information of
companies who pay top dollar for your services and will hire you.
WITHOUT CHARGING YOU FEES TO WORK FOR THEM, 
GUARANTEED!

**UPDATE.....Now our guide explains and goes into detail
about each company and what they have to offer you!
You are guaranteed to find home based work in our guide.
No problem!

**UPDATE.....Our new edition offers an entirely new category 
of work. It reveals a new, unique way to get paid for your opinion
online. Just surf to the proper website and get paid to fill out opinion
surveys! What could be easier!

We urge you to consider this extraordinary opportunity. Don't delay
or you could miss out! This is like no other offer you've ever seen.

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

This is an opportunity to become an independent
HOME WORKER. Remember, this is NOT a get-rich-
quick-scheme. It is an easy way for you to earn money
while filling the needs of a company who needs
you. This makes it easy to work at your OWN
PACE and in the comfort of YOUR HOME.

***HERE'S HOW TO GET STARTED IMMEDIATELY***

Print the form below, fill in your information and mail it to us, 
along with the small one time fee for the guide. We will ship 
the "Guide To Genuine Home Employment" out the same 
day we receive your reply form!

Order within 15 days and the complete, updated, sure-fire,
Genuine Home Employment Guide is yours for the special low
price of just $29.95! That's over 27% off our normal price of
$39.95.

**Don't delay one more minute, START NOW!!!**

**FREE BONUS....."COMPUTER CASH DISK" (MAC & IBM 
compatible) 167 business reports. Tips, tricks and secrets on starting 
and operating a successful home based business and how to avoid
dishonest marketing offers. Comes with full reproduction rights!
READ THEM, SELL THEM AND BANK THE MONEY. Never pay
us any royalties. Sells for $69.00, but it's worth a whole lot more than
that. Get yours today...FREE!


>>>FULL 60 DAY RISK FREE MONEY-BACK GUARANTEE!

Test our material out for a free trial period and if it isn't everything
we said it is, just send it back and we will gladly refund your
money. We've helped thousands of people like yourself get started
working at home over the last eight years. You can be the next!

THINK WHAT AN EXTRA INCOME COULD DO FOR YOU!

LET US HEAR FROM YOU TODAY!

THIS COULD EASILY CHANGE YOUR LIFE FOREVER!

DON'T LET THIS EXTRAORDINARY OPPORTUNITY
PASS!! 

THESE OPPORTUNITIES ARE PROFITABLE
AND EASY.  

ACT NOW!!!

HERE'S HOW TO GET STARTED......

Send Check or Money Order for $29.95 and the 
completed form below us at:

Cybernet HWA
PO Box 914
North Branford, CT 06471
-----------------------------------------------------------------------------

EZ ORDER FORM

_____  Yes! I am interested in a REAL home job. I
am ordering within 15 days. Here is my $29.95. Please
rush me my package today including "The Guide to
Genuine Home Employment" and your "Free Computer
Cash Disk"!!

(Please PRINT all information CLEARLY)

NAME________________________________________

ADDRESS ____________________________________

CITY _________________________________________

STATE ____________________  ZIP _______________

EMAIL ______________________ at __________________

PHONE  (             )   _____________________________





From Corenepba at katamail.com  Thu Nov 14 06:43:51 2002
From: Corenepba at katamail.com (Lurline Bulger)
Date: Thu, 14 Nov 2002 09:43:51 -0500
Subject: Money for cypherpunks
Message-ID: <atnnxoo@katamail.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2106 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021114/966e23ba/attachment.txt>

From eresrch at eskimo.com  Thu Nov 14 10:13:11 2002
From: eresrch at eskimo.com (Mike Rosing)
Date: Thu, 14 Nov 2002 10:13:11 -0800 (PST)
Subject: The End of the Golden Age of Crypto
In-Reply-To: <E18CMB0-0000Et-00@ion.eris.pt>
Message-ID: <Pine.GSU.4.44.0211141008490.27425-100000@eskimo.com>


On Thu, 14 Nov 2002, [iso-8859-1] Andri Isidoro Fernandes Esteves wrote:

>
> The religious person is always battling against reality wich with a minimum
> of inteligence from the observer always bring doubts on the truth of his
> faith.
>
> It's a state of mind wich  can only be compared with mental ilness...
> (I've read that there are even some neurological similarities between the
> faithful and the mentaly ill)

I won't disagree, but I think we better live in a bunker!

> The author of that statement: "I have no need of that hipotheses" was
> Laplace, french mathematician on answering Napoleon's question in why is book
> on newtonian mechanics didn't call for god.

thank you!  Looks like my date was off by 100 years :-)

Patience, persistence, truth,
Dr. mike




From Vincent.Penquerch at artworks.co.uk  Thu Nov 14 02:13:27 2002
From: Vincent.Penquerch at artworks.co.uk (Vincent Penquerc'h)
Date: Thu, 14 Nov 2002 10:13:27 -0000
Subject: OPPOSE THE WAR! We are going to ruin Iraq to get the oil.
  Who 's ne
Message-ID: <B14C9D7F1977D111AD740060970ACBDAFACAF0@warhol>


> How can anyone claim that the U.S. or Israel or corporations or rich
> Americans are morally worse than the likes of Hussein?

...I have to bow to the urge to answer....

Note that everything that was proposed is bombing. Killing innocents,
in an attempt to make them revolt and overthrow their leaders so you
don't have to do it. Nothing was attempted (or was said on this) for
killing the only person.

George W Bush is a criminal. He should be jailed. This doesn't mean
I will bomb the hell out of the US until the Americans jail him.

The US have a long history of killing other people (note, not just
"bad/immoral/evil/whatever" people, just the ones that happen to
stand between the current government of a country and a US client
government (which is *not* a democratic government most of the time
a you can see from history).
Thus, why should I think the US is right attacking Iraq ? I see it
as yet another shameless power grab accompanied by lots of PR to
make it seem like the US are punishing the nasty villain.

Somebody tell Dubya this ain't Hollowood.

-- 
Vincent Penquerc'h 




From kenhirsch at myself.com  Thu Nov 14 08:31:23 2002
From: kenhirsch at myself.com (Ken Hirsch)
Date: Thu, 14 Nov 2002 11:31:23 -0500
Subject: OPPOSE THE WAR! We are going to ruin Iraq to get the oil. 
  Who's ne
References: <7fb93e98b657175c65820064244da9a7@dizum.com>
  <20021114030849.GA5139@cybershamanix.com>
Message-ID: <OE32j6Jn9EGeN6TKJz8000084b9@hotmail.com>


Harmon Seaver wrote:

>   I don't see that Saddam is any less moral than Dubbya and Asscruft.

What can you possibly mean by saying this?  You lose all credibility for
real criticism when you utter such inanities.  It's like comparing a
shoplifter with Jeffrey Dahmer.  Either you're ignorant of what Saddam is
about or you have no sense of proportion.

Or maybe I'm just not paying attention.  Was I not watching the news the
night when Bush, after seizing power, marched onto the floors of Congress in
front of cameras and had 21 top officials hauled off for summary execution,
as Saddam did in 1979?  (btw, the U.S. had nothing to do with Saddam taking
power)

Did I miss it when Bush had Colin Powell's brother tortured to death, like
Saddam did with his foreign minister's son?
http://www.guardian.co.uk/Iraq/Story/0,2763,801613,00.html

I must have missed the revelation of the prison where Bush is holding
children hostage, like Saddam's prison which was too horrible for Scott
Ritter to talk about.
(http://www.time.com/time/nation/article/0,8599,351165,00.html)

I must have missed the testimony about Bush crippling and maiming children
with torture.
(http://news.bbc.co.uk/1/hi/world/from_our_own_correspondent/2058253.stm or
http://tinyurl.com/2p21)

I must have missed the thousands of political prisoners executed.  I must
have missed it when Bush invaded Canada AND Mexico.  I think my radio was
broken the day Bush gassed Berkeley.

Get a clue!  Check out Amnesty International's annual report on Iraq.
http://www.amnesty.org/ailib/aireport/ar99/mde14.htm or ANY OTHER YEAR!




From sunder at sunder.net  Thu Nov 14 08:59:41 2002
From: sunder at sunder.net (Sunder)
Date: Thu, 14 Nov 2002 11:59:41 -0500 (est)
Subject: Where's Osama? (Re: OPPOSE THE WAR! We are going to ruin Iraq
  to get the oil.  Who's next)
In-Reply-To: <F132agTcSokxtX0WsWo0000e108@hotmail.com>
Message-ID: <Pine.BSO.4.21.0211141130570.23081-100000@anon7.arachelian.com>


On Wed, 13 Nov 2002, Tyler Durden wrote:

> Anyone guess where's Waldo (Osama) now? My guess he's on the end of a bungee 
> being kicked into Iraq right now! (The other end of the bungee is in a US 
> chopper!)

Osama is wherever Bush wants him to be.  Once we're done with Iraq
(assuming that we'd win that Vietnam**2 war - Ha!), Osama will magically
produce yet another audio or video tape from North Korea or whatever
nation Bush wants to make his next bitch.

At this point, we do have the technology to alter both video and audio,
and to build fake clips at will.  I don't believe that the latest audio
bite has been forged by us, but rather that the technology exists.  Likely
Osama is either dead or has had cosmetic surgery enough for him to live
the rest of his days in the French riviera, and what sound bites and
videos we have seen and will see are pre-recorded ones.


While I'm opposed to us going to war since I believe that between
Afghanistan and Iraq, we're opening ourselves up for a far worse beating
than Vientam in the long term, I'm far more opposed to the outright lies
being presented as reasons for doing so, and the sheer bald faced freedom
and privacy grabs that this is an excuse for.

Even if we pull a victory like we did in Japan and both democratise and
capitalize Afghanistan and Iraq, in the long term, they'll become economic
competition.  If we "do" Afghanistan again, like we did them after Russia
fell and abadon them without further support, it'll turn out the same as
it did, like Somalia and other failed abandoned overthrown states.

In the end, that will produce far more terrorists than we have seen to
date, more of our freedoms will be taken away unil an equilibrium of
rights will exist between the USA and dictatorships like Iraq.

Luckily there's only two more years before the next election...




From ged at wei.com  Wed Nov 13 20:52:45 2002
From: ged at wei.com (ged at wei.com)
Date: Thu, 14 Nov 2002 12:52:45 +0800
Subject: Email marketing!!!
Message-ID: <200211140452.gAE4qH2g092922@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 32 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021114/e2104311/attachment.txt>

From fm at st-kilda.org  Thu Nov 14 13:14:12 2002
From: fm at st-kilda.org (Fearghas McKay)
Date: Thu, 14 Nov 2002 13:14:12 -0800
Subject: Fwd: [fc] list of papers accepted to FC'03
Message-ID: <mailman.657.1576007625.31620.cypherpunks-legacy@lists.cpunks.org>


--- begin forwarded text



From NAVMSE-CFSNET at cfsnh.org  Thu Nov 14 11:19:30 2002
From: NAVMSE-CFSNET at cfsnh.org (NAVMSE-CFSNET at cfsnh.org)
Date: Thu, 14 Nov 2002 14:19:30 -0500
Subject: Norton AntiVirus detected and quarantined a virus in a message yo
	u sent.
Message-ID: <EC6D1AB5312FD3118665004005367CEEB0D53B@CFSNET>

Recipient of the infected attachment:  Strange, Kat\Inbox
Subject of the message:  ACCESSKEY
One or more attachments were quarantined.
  Attachment MEULA.bat was Quarantined for the following reasons:
    Virus W32.Klez.H at mm was found.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 1717 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021114/fae61119/attachment.bin>

From Aife at netvisao.pt  Thu Nov 14 06:31:41 2002
From: Aife at netvisao.pt (=?iso-8859-1?q?Andr=E9=20Isidoro=20Fernandes=20Esteves?=)
Date: Thu, 14 Nov 2002 14:31:41 +0000
Subject: The End of the Golden Age of Crypto
In-Reply-To: <Pine.GSU.4.44.0211131944430.17049-100000@eskimo.com>
References: <Pine.GSU.4.44.0211131944430.17049-100000@eskimo.com>
Message-ID: <E18CMB0-0000Et-00@ion.eris.pt>


On Thursday 14 November 2002 03:50, you wrote:
> On Wed, 13 Nov 2002, Sam Ritchie wrote:
> > That's the whole deal with the bible, and its various internal
> > contradictions. If anything can be proven true in the bible, then there's
> > no room for faith anymore, which nullifies religious "beliefs"; and if
> > anything can be proven false, then there's no god, and religion is
> > crushed under the heel of reason. Hurrah, Enlightenment!
> > ~SAM
>
> Don't bet on it.  I was in a discussion group a week or so ago and one
> lady who is super devout (of some christian sect, I'm not really sure
> which one) claimed that she was always "testing her faith" every day.
> It really shook me up because I have faith in testing.  Religion and
> reason are not in the same universe!
>
> My favorite response on the subject of god is "I have no need of that
> hypothisis".  I forget who it's attributed to, but I think it was from the
> late 1800's.
>
> Patience, persistence, truth,
> Dr. mike

The religious person is always battling against reality wich with a minimum 
of inteligence from the observer always bring doubts on the truth of his 
faith.

It's a state of mind wich  can only be compared with mental ilness...
(I've read that there are even some neurological similarities between the 
faithful and the mentaly ill)

The author of that statement: "I have no need of that hipotheses" was 
Laplace, french mathematician on answering Napoleon's question in why is book 
on newtonian mechanics didn't call for god.

Andri Esteves




From lynx at u.washington.edu  Thu Nov 14 15:04:40 2002
From: lynx at u.washington.edu (Adam Stenseth)
Date: Thu, 14 Nov 2002 15:04:40 -0800 (PST)
Subject: Where's Osama? (Re: OPPOSE THE WAR! We are going to ruin 
  Iraq to get the oil.  Who's next)
In-Reply-To: <NLEDJANGEMGKNFKNBKMHIEMJCKAA.alopata@darkwing.uoregon.edu>
Message-ID: <Pine.A41.4.44.0211141502540.78314-100000@dante28.u.washington.edu>


Interesting points.

Now, the corollary questions:  How -much- worse?   Long, drug out,
lots-of-body-bags-coming-home and nasty political scandal worse, or
Vietnam-style lots-of-dead-american-conscripts worse?

-adam


On Thu, 14 Nov 2002, Andrew John Lopata wrote:

> Short answer: yes.
>
> Long answer:
> I'm no expert, but a friend of mine in the military suggested that invading
> Iraq now would be a lot different than the Gulf War.  He said that urban
> combat, which will be necessary to depose Hussein, is the most difficult and
> dangerous type of combat there is.  The Gulf War was fought on a flat plane
> with no obstructions or terrain differences (the desert) where superior fire
> power has a great advantage.  Other reasons to think that invading Iraq this
> time will be much more difficult and likely cause many more U.S. causalities
> include:
> 1.  The troops the U.S. fought against in the Gulf War were mainly recent
> conscripts with little training or motivation.  Taking Baghdad will require
> fighting veteran republican guard troops.
> 2.  There is no clear objective to this invasion of Iraq besides deposing
> Hussein.  Ignoring the long-term consequences of this invasion (which is the
> usual practice), the short-term prospects aren't good.  There is no readily
> available alternate government to install in Hussein's place.  The resulting
> destabilization in the region will likely result in a U.S. military presense
> in the country for a much longer time than in the Gulf War.
>
> -Andy




From keith at nullify.org  Thu Nov 14 13:24:00 2002
From: keith at nullify.org (Keith Ray)
Date: Thu, 14 Nov 2002 15:24:00 -0600
Subject: Assassination Politics: Coming soon?
Message-ID: <1037309040.3dd41470a49bb@mail.nullify.org>


It's been a number of years since Jim Bell wrote his infamous "Assassination
Politics" essay.  If someone were to try to implement the system today and not
share Jim Bell's fate, they would need absolute anonymity and security.  The
technical requirements for implementing the system are:

1. Anonymous and secure communication between the organization and the
contributors and guessors.

2. Anonymous payment system.

3. Anonymous public presense of the organization to solicit contributions and
display bounties to potential assassins.

At the time AP was written, only the first requirement could have been met using
the mixmaster remailer network.  The last two requirements were not yet
available.   However, two new systems, DMT and Freenet, could be used to meet
the anonymous payment and anonymous public presense requirements.

If someone did want to implement AP, would DMT/Yodel, Freenet, and Mixmaster be
good enough to keep the TLA's from shutting the system down?  

 --
Keith Ray <keith at nullify.org> -- OpenPGP Key: 0x79269A12




From jamesd at echeque.com  Thu Nov 14 16:04:19 2002
From: jamesd at echeque.com (James A. Donald)
Date: Thu, 14 Nov 2002 16:04:19 -0800
Subject: Poker
In-Reply-To: <E18CMB0-0000Et-00@ion.eris.pt>
References: <Pine.GSU.4.44.0211131944430.17049-100000@eskimo.com>
Message-ID: <3DD3C983.15115.1BE54A0@localhost>


    --
Internet Poker is a big money activity.

A major problem with this activity is that the site can choose
to allow certain privileged players to cheat.

In principle it should be possible to create poker playing
software where the server cannot cheat, but it is not obvious
to me how this can be done.

Does anyone know of a cheat proof algorithm?

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     d4omBF08eFWhHQd6CDKVp4lJjfAS5GR56iMNcbAA
     4XIes5IiykHpRT31kmyvZJTH0pPeUGMmBmORhd56d




From rah at shipwright.com  Thu Nov 14 15:37:28 2002
From: rah at shipwright.com (R. A. Hettinga)
Date: Thu, 14 Nov 2002 16:37:28 -0700
Subject: Fwd: [fc] list of papers accepted to FC'03
Message-ID: <p05200fc6b9f9e295b2ac@[192.9.200.157]>


--- begin forwarded text



From morlockelloi at yahoo.com  Thu Nov 14 19:37:51 2002
From: morlockelloi at yahoo.com (Morlock Elloi)
Date: Thu, 14 Nov 2002 19:37:51 -0800 (PST)
Subject: The End of the Golden Age of Crypto
In-Reply-To: <E18CMB0-0000Et-00@ion.eris.pt>
Message-ID: <20021115033751.96751.qmail@web40602.mail.yahoo.com>


> It's a state of mind wich  can only be compared with mental ilness...
> (I've read that there are even some neurological similarities between the 
> faithful and the mentaly ill)

The belief (faith) center is somewhere in the frontal cortex and that mutation
was essential for development of the civilisation as we know it, which
basically boils down to brainwashing believers into beating the shit out of
nonbelievers (and these, being independent individuals, never managed to
properly organise to resist), which is evolutionary sustainable (when the shit
gets beaten out of you it takes your mind of sex.)

So, technically speaking, it's more specialisation than mental illness.


=====
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com




From camera_lumina at hotmail.com  Thu Nov 14 18:04:38 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Thu, 14 Nov 2002 21:04:38 -0500
Subject: The End of the Golden Age of Crypto
Message-ID: <F160iGtXsL1c00goZol00010ebd@hotmail.com>


"Indeed, I've heard the same. One could argue that for someone to believe in 
something (religion) so intensely as to shun all moral explanation against 
this hypothesis and to persist in those beliefs without any proof is akin to 
schizophrenia."

Well, I'm sure this is not an issue that Cypherpunks is going to want to 
spend a ton of time on, but let's be clear here. There's "belief", and then 
there's "faith". With belief,the believer refuses to acknowledge and accpet 
facts that disagree with their (narrow) worldview. I can't help but put the 
"Creationists" in this category. (Even a cursory look at their "science" 
makes it clear that there's TONS of information they ignored or explain away 
with absurd notions.)

Faith is a different matter. With faith, the faithful see the "facts" (as 
they are commonly understood) and still find a way to believe in something 
unseen. Belief contradicts reason, faith operates in parallel. I would argue 
that great scientists operated with a decent amount of the latter, and 
Galileo is a good example. At the time, the geocentric theory was still able 
to predict most celestial events better than a heliocentric one. But Galileo 
had a deeper intuitive sense that something was "wrong" with that geocentric 
theory, and its clumsy and mind-boggling complexity.

Likewise, every now and then one encounters religious people who recognize 
the "unreasonabilty" of what they believe. (Indeed, it's not easy to believe 
in a God that allows, for instance, the Holocaust to occur). I find these 
people very different from the "believer" category, and would place folks 
like Michelangelo, Kepler, Newton, Maxwell, Kierkegaard, Galileo, St John of 
the Cross (a Spanish mystic tortured by the inquisition) and many others in 
this category.

As for being akin to Schizophrenia, I'd point out that Schizophrenia is not 
a "mental" disorder per se, but a genetically triggered even that causes a 
measurable, physical degradation in the brain (a Schizophrenic's brain can 
be identified in autopsies).






>From: Sam Ritchie <kayakwcc at comcast.net>
>To: Andri Isidoro Fernandes Esteves  <Aife at netvisao.pt>,   Mike Rosing 
><eresrch at eskimo.com>
>CC: Cypherpunks <cypherpunks at lne.com>
>Subject: Re: The End of the Golden Age of Crypto
>Date: Thu, 14 Nov 2002 19:41:40 -0500
>
> > From: Andri Isidoro Fernandes Esteves <Aife at netvisao.pt>
> > Date: Thu, 14 Nov 2002 14:31:41 +0000
> > To: Mike Rosing <eresrch at eskimo.com>
> > Cc: cypherpunks at lne.com
> > Subject: Re: The End of the Golden Age of Crypto
> >
> > On Thursday 14 November 2002 03:50, you wrote:
> >> On Wed, 13 Nov 2002, Sam Ritchie wrote:
> >>> That's the whole deal with the bible, and its various internal
> >>> contradictions. If anything can be proven true in the bible, then 
>there's
> >>> no room for faith anymore, which nullifies religious "beliefs"; and if
> >>> anything can be proven false, then there's no god, and religion is
> >>> crushed under the heel of reason. Hurrah, Enlightenment!
> >>> ~SAM
> >>
> >> Don't bet on it.  I was in a discussion group a week or so ago and one
> >> lady who is super devout (of some christian sect, I'm not really sure
> >> which one) claimed that she was always "testing her faith" every day.
> >> It really shook me up because I have faith in testing.  Religion and
> >> reason are not in the same universe!
> >>
> >> My favorite response on the subject of god is "I have no need of that
> >> hypothisis".  I forget who it's attributed to, but I think it was from 
>the
> >> late 1800's.
> >>
> >> Patience, persistence, truth,
> >> Dr. mike
> >
> > The religious person is always battling against reality wich with a 
>minimum
> > of inteligence from the observer always bring doubts on the truth of his
> > faith.
> >
> > It's a state of mind wich  can only be compared with mental ilness...
> > (I've read that there are even some neurological similarities between 
>the
> > faithful and the mentaly ill)
> >
>Indeed, I've heard the same. One could argue that for someone to believe in
>something (religion) so intensely as to shun all moral explanation against
>this hypothesis and to persist in those beliefs without any proof is akin 
>to
>schizophrenia. But that's a whole new kettle of fish.
>~SAM
> > The author of that statement: "I have no need of that hipotheses" was
> > Laplace, french mathematician on answering Napoleon's question in why is 
>book
> > on newtonian mechanics didn't call for god.
> >
> > Andri Esteves


_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. 
http://join.msn.com/?page=features/virus




From bill.stewart at pobox.com  Fri Nov 15 00:41:14 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Fri, 15 Nov 2002 00:41:14 -0800
Subject: Poker
In-Reply-To: <7e1b975a86255429f9df4dac66b0fe59@dizum.com>
Message-ID: <5.1.1.6.2.20021115003536.047fc3c8@idiom.com>

<<< No Message Collected >>>




From firlink at chinaren.com  Thu Nov 14 10:45:21 2002
From: firlink at chinaren.com (=?GB2312?B?xvPStcnPzfi/1bzk0/LD+w==?=)
Date: Fri, 15 Nov 2002 02:45:21 +0800
Subject: =?GB2312?B?xvPStcnPzfi/1bzk0/LD+w==?=
Message-ID: <GIGANTIC4S8Uq5nlhRy00000100@levee.minder.net>


   全面优惠通知:
           
       中国服务全球专业的域名注册提供商，现推出主机、域名注册优惠服务：

       “特惠1+1企业上网套餐”是中国服务器网络有限公司为您推出的超值服务，

       “先服务，后收费！”内容包括：

 　　  100M asp cgi,php +ACCESS 数据库,送国际顶级域名一个 300元/年 (送五个邮箱)

       200M asp cgi,php +ACCESS 数据库,送国际顶级域名一个，只需 350元/年(送六个邮箱)

       300N  asp cgi,php +ACCESS 数据库,送国际顶级域名一个,只需 500元/年  

       特惠1+1上网套餐是企业上网，企业商务化的理想选择，现正火爆选购中

       快速度申请(请点击）： http://www.linemail.net/host/index.asp
    
       =====================================================================
       百度竞价、新浪排名、搜狐排名、网易排名等服务，使您的网站知名度大大提

       高。系列超值赠送服务，不可不看！
       
       马上申请: http://www.linemail.net/special/index.asp

       ====================================================================== 
       欢迎访问我司网站进一步了解：

       http://www.linemail.net




From nobody at dizum.com  Thu Nov 14 20:40:03 2002
From: nobody at dizum.com (Nomen Nescio)
Date: Fri, 15 Nov 2002 05:40:03 +0100 (CET)
Subject: Poker
Message-ID: <7e1b975a86255429f9df4dac66b0fe59@dizum.com>


James Donald writes:
> In principle it should be possible to create poker playing
> software where the server cannot cheat, but it is not obvious
> to me how this can be done.
>
> Does anyone know of a cheat proof algorithm?

Sure, there are any number of poker algoerithms which prevent the server
from cheating.  See the many literature references on Mental Poker.
One recent protocol is Kurosawa et al, IEICE Transactions on Fundamentals,
Vol E00-A, No. 1, January 1997.  It is available from citeseer.

The problem is that although you can stop the server from cheating, you
can't stop players from colluding outside the scope of the game protocols.
Two players could communicate by phone, revealing their cards to each
other and influencing the betting.  This kind of cheating can't be
prevented, and it can be significant in an n-player poker game.




From iang at systemics.com  Fri Nov 15 07:55:29 2002
From: iang at systemics.com (IanG)
Date: Fri, 15 Nov 2002 10:55:29 -0500
Subject: Fwd: [fc] list of papers accepted to FC'03
References: <p05200fc6b9f9e295b2ac@[192.9.200.157]>
Message-ID: <3DD518F1.B6694BAC@systemics.com>


> List of papers accepted to FC'03
> --------------------------------

I see pretty much a standard list of crypto papers
here, albeit crypto with a waving of finance salt.

What ever happened to Financial Cryptography?  The
organisers did say they were going to look at wider
accessibility for the coming year, but I see only
these papers that are, from the titles at least,
anything that speaks to non-cryptographers:

> Fully Private Auctions in a Constant Number of Rounds
> Felix Brandt

> Squealing Euros: Privacy Protection in RFID-Enabled Banknotes
> Ari Juels and Ravikanth Pappu

> How Much Security is Enough to Stop a Thief?
> Stuart E. Schechter and Michael D. Smith

> On the Economics of Anonymity
> Alessandro Acquisti and Roger Dingledine and Paul Syverson

Even they're a stretch.  All are specialised, and
none are of interest to the non-deep-techies.

On a related front, how much interest is there in
running EFCE this coming June?

-- 
iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From jamesd at echeque.com  Fri Nov 15 13:56:58 2002
From: jamesd at echeque.com (James A. Donald)
Date: Fri, 15 Nov 2002 13:56:58 -0800
Subject: Fwd: [fc] list of papers accepted to FC'03
In-Reply-To: <3DD518F1.B6694BAC@systemics.com>
Message-ID: <3DD4FD2A.368.1706CDE@localhost>

    --


On 15 Nov 2002 at 10:55, IanG wrote:

>
> > List of papers accepted to FC'03 
> > --------------------------------
>
> I see pretty much a standard list of crypto papers here,
> albeit crypto with a waving of finance salt.

Theory of what could be implemented has run well ahead of what
has in fact been implemented.

This has doubtless reduced enthusiasm for the theory. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     XmqKAbnJ3zxWonUYjLQTEauIWVuczMy3fiZXjszK
     4BOXbFJHRJ+piLFRffQdmB84zd8OiOgRKr7wytw+r


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From ravage at einstein.ssz.com  Fri Nov 15 14:11:20 2002
From: ravage at einstein.ssz.com (Jim Choate)
Date: Fri, 15 Nov 2002 16:11:20 -0600 (CST)
Subject: News: House votes life sentences for hackers (fwd)
In-Reply-To: <F100hUCP0bztb0i3eLs0000efef@hotmail.com>
Message-ID: <Pine.LNX.4.33.0211151610490.12096-100000@einstein.ssz.com>


You only need to send it to the list, I'll get it ;)

I don't really like getting private email from total strangers. For
obvious reasons.


 --
    ____________________________________________________________________

    We don't see things as they are,                      ravage at ssz.com
    we see them as we are.                                   www.ssz.com
                                                  jchoate at open-forge.org
    Anais Nin                                         www.open-forge.org

    --------------------------------------------------------------------

On Fri, 15 Nov 2002, Tyler Durden wrote:

> Holy Shit!
>
> Does that mean that some 18-year-old script kiddie could get LIFE?
>
> If this wasn't such an immense pile of stupidity, I'd get angry over the
> obvious invasions of privacy, etc...
>
> Having worked in many a company, I KNOW how most management systems work.
> Let's say there's something as simple as a DoS attack that could take down
> Company A. Programmer Joe Shmo recognizes this and tells his boss, who wants
> to cover his own ass and tells HIS boss about the problem. This boss will
> then think about the issue for 3 seconds, and reply "well, hackers get life
> in prison now so no one will ever try it". Meanwhile, guys who don't care
> about getting life (Osama's posse, who probably won't even live in the US
> for this) will say: "Shit these guys are stupid! We just found a way to take
> down the whole US economy with 20 lines of code!"
>
> Send script kiddies away for life? How about sending the CTOs of publically
> traded companies away for life if something as simple as a DoS attack robs
> little old ladies of their retirement $?
>
>
>
>
>
>
>
>
> >From: Jim Choate <ravage at einstein.ssz.com>
> >To: <cypherpunks at einstein.ssz.com>
> >CC: <hell at einstein.ssz.com>, <austin-cpunks at einstein.ssz.com>
> >Subject: News: House votes life sentences for hackers (fwd)
> >Date: Fri, 15 Nov 2002 07:31:38 -0600 (CST)
> >
> >http://zdnet.com.com/2100-1105-965750.html
> >
> >
> >  --
> >     ____________________________________________________________________
> >
> >     We don't see things as they are,                      ravage at ssz.com
> >     we see them as we are.                                   www.ssz.com
> >                                                   jchoate at open-forge.org
> >     Anais Nin                                         www.open-forge.org
> >
> >     --------------------------------------------------------------------
>
>
> _________________________________________________________________
> MSN 8 with e-mail virus protection service: 2 months FREE*
> http://join.msn.com/?page=features/virus




From stuart at eecs.harvard.edu  Sat Nov 16 06:24:42 2002
From: stuart at eecs.harvard.edu (Stuart Schechter)
Date: Sat, 16 Nov 2002 09:24:42 -0500
Subject: Fwd: [fc] list of papers accepted to FC'03
References: <p05200fc6b9f9e295b2ac@[192.9.200.157]>
  <3DD518F1.B6694BAC@systemics.com>
Message-ID: <00a201c28d7b$e7de8910$63065f12@eecs.harvard.edu>


> What ever happened to Financial Cryptography?  The
> organisers did say they were going to look at wider
> accessibility for the coming year, but I see only
> these papers that are, from the titles at least,
> anything that speaks to non-cryptographers:
...
> > How Much Security is Enough to Stop a Thief?
> > Stuart E. Schechter and Michael D. Smith
...
> Even they're a stretch.  All are specialised, and
> none are of interest to the non-deep-techies.

   I don't think you'll find our paper to be overly technical - at least not
from a computer science or cryptographic perspective.  We wrote this paper
because we believe that determining the level of security necessary to deter
an adversary is a problem of more general interest.

   Best regards

   Stuart Schechter




From traw at arcormail.de  Sat Nov 16 15:00:51 2002
From: traw at arcormail.de (T. Wolf)
Date: Sun, 17 Nov 2002 00:00:51 +0100
Subject: Fun with Rosslyn Chapel, or, What *was* the Templar's Cipher,
Message-ID: <mailman.658.1576007625.31620.cypherpunks-legacy@lists.cpunks.org>

anyway?

Dear RAH,

I just found the old attached message of yours doing a web search.
Coincidentally, I'm currently looking for the very the same thing (i.e. the
ciphers the Templars used for their bearer certificates).

Since your message is two years old already, I'm hoping you found the
solution by now. If you did, PLEASE PLEASE PLEASE tell me!

Thanks,
Thomas

-----
Your old message
(http://archives.neohapsis.com/archives/crypto/2000-q2/0315.html)
-----
I'm dong an IBUC shirt for EFCE2K, and, given that we're in Edinburgh, and
Rosslyn Chapel, the famous Templar, um, Mecca, is here, and the Templars
ran the original money transfer business, using cryptography no less,
Fearghas and I popped out to Roslin to root around for stuff to stick on
the aforesaid shirt.


Close, but, more or less, no cigar. We saw the faded remains of a Templar
floriated cross on the Earl of St. Clair's supposed crypt-cover (kinda
small, people speculate about all kinds of goodies in there), which might
have been cool, but it was all eroded and I haven't found line art of one
on the web and it's late.


I've gotten a couple kinda-crypto things, of which I'll pick one for the
shirt tomorrow morning before we mail it out to the silkscreener, but what
I'd *really* like to know, if it's not one of the many "secrets" of the
Templars [like the shroud of Turin is DeMolay, or that the Templars were
Masons, or vice versa, or that they had the head of John the Baptist (or
christ, or Joseph, or the original Green Man) or that they *really* had the
Ark of the Covenent, or the Holy Grail, or that DeMolay was the Second
Gunman on the Grassy Knoll :-), or, whatever] is...


Has anyone ever figured out, or "discovered" or whatever, what kind of
cryptosystem the Templars used to encrypt, decrypt, sign/modify the chits
(dare I say bearer certificates? ;-)) they used so that people could go
from preceptory to preceptory, getting cash/food/whatever, all the way to
the holy land (and get the remains of their money back, or a bill :-), when
they returned home?


Cheers,
RAH,
Who, oddly enough, and by the sheerest coincidence (and I swear on a stack
of Illuminati), lives in the Roslindale section of Boston, named for
Roslin, home of Rosslyn Chapel....

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From rah at shipwright.com  Sat Nov 16 21:15:00 2002
From: rah at shipwright.com (R. A. Hettinga)
Date: Sun, 17 Nov 2002 00:15:00 -0500
Subject: Fun with Rosslyn Chapel, or, What *was* the Templar's Cipher,
 anyway?
Message-ID: <p05200f05b9fcd6358b80@[192.9.200.157]>


--- begin forwarded text



From tdhgb at yahoo.com  Sun Nov 17 03:51:36 2002
From: tdhgb at yahoo.com (Mallory Akkermans)
Date: Sun, 17 Nov 2002 03:51:36 -0800
Subject: Hello cypherpunks, Get This Stock Now!
Message-ID: <ybwskmh@yahoo.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 8389 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021117/f4ab726e/attachment.txt>

From atomicDOT at lists.atomicdot1.com  Sun Nov 17 07:42:50 2002
From: atomicDOT at lists.atomicdot1.com (CloneDVDs)
Date: Sun, 17 Nov 2002 07:42:50 PST
Subject: Copy DVD Movies - FREE Software Included
Message-ID: <17110200001$102192086381143$134567748$0@atd1.atomicdot1.com>

COPY DVD MOVIES � CONVERT VHS TO DVD

With the Replicant� Deluxe DVD Copying Suite, you can:

-Copy DVD Movies to CD-R!
-Watch the copies on your home DVD Player!
-Access to Tech Support and Customer Service
-30-DAY RISK-FREE TRIAL
-INCLUDES THE FREE SOFTWARE LISTED BELOW
-FREE SOFTWARE INCLUDED!
-Converzion� (A $39.99 Value-FREE)
-Converzion turns VHS and other video sources into DVD you can watch on
your home DVD Player.

Click Here: http://atomicdot1.com/tr.php?894+cypherpunks at algebra.com


PictureShow� (A $34.99 Value-FREE)
PictureShow makes multimedia slideshows from all your pictures and other
digital media.

An Exclusive Gold List
LIMITED TIME OFFER
20% OFF

Click Here: http://atomicdot1.com/tr.php?894+cypherpunks at algebra.com

AS IF THAT WASN'T ENOUGH...
AS PART OF THIS EXCLUSIVE OFFER, YOU'LL GET A 20% DISCOUNT WHEN YOU
PURCHASE THE REPLICANT DELUXE DVD COPYING SUITE TODAY.

WHAT ARE YOU WAITING FOR? CHECK IT OUT!

Click Here: http://atomicdot1.com/tr.php?894+cypherpunks at algebra.com
 




We take your privacy very seriously and it is our policy never to send
unwanted email messages. This message has been sent to cypherpunks at algebra.com
because you originally joined one of our member sites or you signed up
with a party that has contracted with atomicDOT. Please
http://atomicdot1.com/unsub.php?client=atomicDOT&msgid=17110200001
to Unsubscribe (replying to this email WILL NOT unsubscribe you). 




TRCK:atomicDOT;fbskhusxqnv*dojheud!frp;7;

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 6325 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021117/41c4a013/attachment.txt>

From abuse at bizmailsrvcs.net  Sun Nov 17 08:55:17 2002
From: abuse at bizmailsrvcs.net (abuse at bizmailsrvcs.net)
Date: Sun, 17 Nov 2002 10:55:17 -0600
Subject: Virus Alert
Message-ID: <200211171655.KAA06986@oe-iscan2pub.managedmail.com>


We have detected a virus (WORM_KLEZ.H) in your mail traffic sent from info at entertainmenteventsinc.com in the file MAPSTATS.scr on 11/17/2002 10:55:14. We took the action delete. If you have questions regarding files or updating/installing Anti-virus protection on your PC, please contact your e-mail administrator or help desk.




From Dee7580 at aol.com  Sun Nov 17 09:48:45 2002
From: Dee7580 at aol.com (Dee7580 at aol.com)
Date: Sun, 17 Nov 2002 12:48:45 EST
Subject: learning how to hace
Message-ID: <151.178d0769.2b09307d@aol.com>


<PRE>hey u printed an article a couple of years ago on how to have are there any 
updates for newbies that dont no the computer language and how do remailers 
work where they cant trace your address on your computer any information you 
can give me would be great thanks.  ghostridertwo at yahoo.com




From lg at lgoods.com  Sat Nov 16 21:02:32 2002
From: lg at lgoods.com (lgoods)
Date: Sun, 17 Nov 2002 13:02:32 +0800
Subject: =?gb2312?q?=C4=FA=CF=EB=BF=AA=B8=F6=CD=F8=C9=CF=C9=CC=B5=EA=D7=AC=C7=AE=C2=F0=A3=BF?=
Message-ID: <GIGANTICFRaqbC8wSA100000163@levee.minder.net>

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>开个网上商店来赚钱</title>
</head>

<body>

<p><b><font color="#FF0000">开个网上商店来赚钱－－猎商商城（网上商店）招商招租</font></b></p>
<p style="line-height: 110%"><font size="2"><b>一、猎商网上商城招商开办网上商店：</b>全心全意为企业、个人在猎商开办网上商店服务。<b><font color="#FF0000"><br>
</font>
二、哪些单位和个人可在猎商商城开办网上商店：</b>企业、家庭、个人、个体户。工人、农民、市民、职员、打工者、下岗工人、学生等都可开店。<b><font color="#008000"><br>
</font>
三、为什么要开办网上商店：</b><b><br>
1．</b>网络联接全世界和千家万户，您的商品更容易销售。<b>2．</b>网上开店几乎不要投资，您只要有张网页发布信息就行。<b>3．</b>网上开店是虚拟商店，无需存货、仓库等。<b>4．</b>免去昂贵的店面租金或投资。<b>5．</b>货源充足且容易组织。你可以卖本企业、本地、自己和他人的商品。<b>6．</b>转行经营快，你可以随时转行经营别类商品。<b>7．</b>节约人手和时间，你不需站柜台，也不需营业员，只需抽空上网看看订单就行。<b>8．</b>适应性广。企业、家庭、个人、个体户都可开店，个人工作之余也可开个商店来赚钱。<b>9．</b>成本低。不言而喻。<b>10．</b>收益大。不言而喻。<b>11．</b>展现自我。你可以无拘无束地在网上展示你的敏锐创意和聪明才智。<b>12．</b>拥有网上商店，你就拥有全世界！<b><font color="#FF0000"><br>
</font>
四、为什么选择猎商商城开办网上商店：<font color="#008000"><br>
</font></b>1．猎商是大型网站。2．猎商是经济网站。3．猎商云齐了众多的公司企业。4．猎商商城规模大，商家多，商品全。5．猎商网店收费低廉。6．猎商商城入驻手续简单。7．猎商服务诚恳周到。8．猎商的声誉和智慧能为店主营造巨大的商机。<b><font color="#008000"><br>
</font>
五、有意开办网上商店者，请与猎商联系：</b><br>
1．由此进入猎商网站：<a href="http://www.lgoods.com/index.htm">www.lgoods.com</a><br>
2．由此观看猎商商城招商详情：<a href="http://www.lgoods.com/lgoodsservice/shop.htm">www.lgoods.com/lgoodsservice/shop.htm</a><br>
3．电话联系：北京：010-65075309&nbsp; 杭州：0571-87795645&nbsp; 江苏：0514-7323652<br>   
4．Email：<a href="mailto:info at lgoods.com">info at lgoods.com</a></font></p>

</body>

</html>
  

From afrhodv601 at cs.com  Sat Nov 16 22:44:09 2002
From: afrhodv601 at cs.com (afrhodv601 at cs.com)
Date: Sun, 17 Nov 2002 14:44:09 +0800
Subject: Dateless?                                                                1812ASxD5-494bpjE7-17
Message-ID: <021e05e10d5b$2675a1b5$5db54de6@lcuypo>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4211 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021117/ab26cbb7/attachment.txt>

From asd at sdf.hjhjjhgjghj  Sun Nov 17 04:26:04 2002
From: asd at sdf.hjhjjhgjghj (asd at sdf.hjhjjhgjghj)
Date: Sun, 17 Nov 2002 20:26:04 +0800
Subject: =?GB2312?B?vczE49GnxKfK9Q==?=
Message-ID: <200211171227.gAHCQZQ20412@waste.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 174 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021117/b2bd2fb6/attachment.txt>

From Somebody  Sun Nov 17 19:40:59 2002
From: Somebody (Somebody)
Date: Sun, 17 Nov 2002 22:40:59 -0500
Subject: AIR TRAVELER ID REQUIREMENT CHALLENGED
Message-ID: <mailman.659.1576007625.31620.cypherpunks-legacy@lists.cpunks.org>

Bob,

I was browsing some of my old mail when I came across this.  What's the
status of Gilmore's case?

Has there been a secret trial?


<Somebody>

----- Original Message -----
From: "R. A. Hettinga" <rah at shipwright.com>
To: "Digital Bearer Settlement List" <dbs at philodox.com>
Sent: Friday, July 19, 2002 2:51 PM
Subject: AIR TRAVELER ID REQUIREMENT CHALLENGED


>
> --- begin forwarded text
>
>
> Status: RO
> Date: Fri, 19 Jul 2002 14:12:25 -0400
> To: cypherpunks at lne.com
> From: "Duncan Frissell" <frissell at panix.com>(by way of Duncan Frissell
>   <frissell at panix.com>)
> Subject: AIR TRAVELER ID REQUIREMENT CHALLENGED
> Sender: owner-cypherpunks at lne.com
>
> <http://cryptome.org/freetotravel.htm>Gilmore v. Ashcroft -- FAA ID
Challenge
> AIR TRAVELER ID REQUIREMENT CHALLENGED
> Secret rule demanding 'Your Papers Please' claimed unconstitutional
>
> San Francisco - Civil libertarian John Gilmore today challenged as
> unconstitutional a secret federal rule that requires domestic US travelers
> to identify themselves.
>
>
>
>
>
> Smooth move. Attempt to board a flight to DC on July 4th "to petition the
> government for redress of grievances". Even if not successful, it will be
> annoying and will be worthwhile if it manages to crack out copies of the
> secret security directives (like FAA SD 96-05)establishing the system.
>
> Keep in mind that until the end of the first Clinton administration, it
was
> perfectly legal to fly domestically without ID.
>
> --
> Posted by Duncan Frissell to <http://technoptimist.blogspot.com>The
> Technoptimist at 7/18/2002 11:12:20 AM
>
> Powered by <http://pro2.blogger.com>Blogger Pro
>
> --- end forwarded text
>
>
> --
> -----------------
> R. A. Hettinga <mailto: rah at ibuc.com>
> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
> 44 Farquhar Street, Boston, MA 02131 USA
> "... however it may deserve respect for its usefulness and antiquity,
> [predicting the end of the world] has not been found agreeable to
> experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
>

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From gnu at toad.com  Sun Nov 17 23:16:12 2002
From: gnu at toad.com (John Gilmore)
Date: Sun, 17 Nov 2002 23:16:12 -0800
Subject: AIR TRAVELER ID REQUIREMENT CHALLENGED 
In-Reply-To: <p05200f0fb9fe27949d0e@[66.149.49.6]> 
Message-ID: <200211180716.gAI7GCC30425@new.toad.com>

> I was browsing some of my old mail when I came across this.  What's the
> status of Gilmore's case?

The regulations I'm challenging purport to require air and train
travelers to show a "government issued ID".  Every traveler has been
subjected to these "requirements", but it turns out that they aren't
really required by any published law or regulation.  And if you refuse
to meet the supposed requirements, you find out that there are
alternative requirements, that they weren't telling you about.

The government has responded, as have the airlines.  Their response is
to ask the court to dismiss the case, as expected.  See the web site

   http://cryptome.org/freetotravel.htm

for copies of their motions.

The Federal one has the most interesting arguments.  In summary, they
argue that I can't challenge the no-fly list or anything other than
the ID demand because, having not shown ID, the no-fly list was not
applied to me; that I can't sue in a District Court anyway because the
Court of Appeals is supposed to have original jurisdiction; that the
government can make any rule it wants which relates to air security,
and penalize the public over violations, without ever telling the
public what the rule is; that being refused passage unless I present
an ID does not infringe my constitutional right to travel anyway; that
being prevented from traveling anoymously does not implicate any First
Amendment interests; that every possible form of airport security is a
fully constitutional 4th-Amendment search; and that since my right
to travel is not being infringed, these searches give me equal
protection just like all members of the public, because any 'rational'
reason for singling out anonymous travelers will suffice.

If everyone shows ID to fly, and they can get away with preventing
anonymous travel, it becomes easy for the government to single out
e.g. members of the Green Party.  (If no ID was required, any
persecuted minority would soon learn to book their tickets under
assumed names.)  The Nixon Administration had its "enemies list", who
it subjected to IRS audits and other harassment.  But even that evil
President didn't prevent his "enemies" from moving around the country
to associate with anyone they liked.  The Bush Administration's list
interferes with freedom of association and with the constitutional
right to travel.

As my experience on July 4th, 2002, in the San Francisco airport
demonstrated, citizens are free to not show ID to fly, if they spend
half an hour arguing with security personnel over what the secret
rules actually say.  But then, catch-22, the citizen can board the
plane only if they'll submit to a physical search like the ones that
Green Party members and other "on the list" people are subjected to.

So, you can identify yourself to them and be harassed for your
political beliefs, unconstitutionally.  Or you can stand up for your
right to travel anonymously, and be searched unconstitutionally.  Or
you can just not travel.  That's why I'm suing Mr. Ashcroft and his
totalitarian buddies.

The government motion to dismiss my case is filed at:

  http://cryptome.org/gilmore-v-usa-fmd.pdf

The index to all the related documents is at:

  http://cryptome.org/freetotravel.htm

> Has there been a secret trial?

No.  We will file a response to this motion by approx Dec 1.  Then
they will file their reply in mid December or so.  Both of those will
go on the web site.  (If anybody wants to OCR the PDFs of the gov't
documents, please go for it and email me the text.)  Then the court
will read all this stuff, and we'll have a hearing, which is
tentatively scheduled for mid-January.

	John

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From gnu at toad.com  Sun Nov 17 23:29:59 2002
From: gnu at toad.com (John Gilmore)
Date: Sun, 17 Nov 2002 23:29:59 -0800
Subject: Why we spent a decade+ building strong crypto & security
Message-ID: <mailman.660.1576007625.31620.cypherpunks-legacy@lists.cpunks.org>

The US government's moves to impose totalitarian control in the last
year (secret trials, enemies lists, massive domestic surveillance) are
what some of the more paranoid among us have been expecting for years.
I was particularly amused by last week's comments from the
Administration that it'll be too hard to retrain the moral FBI agents
who are so careful of our civil rights -- so we'll need a new
domestic-spying agency that will have no compunctions about violating
our civil rights and wasting our money by spying on innocent people.

While there's plenty of fodder for argument among the details, the
overall thrust of the effort seems pretty clear.

Now's a great time to deploy good working encryption, everywhere you
can.  Next month or next year may be too late.  And even honest ISPs,
banks, airlines (hah), etc, may be forced by law or by secret pressure
to act as government spies.  Make your security work end-to-end.

Got STARTTLS?
Got IPSEC?
Got SSH?

Use it or lose it.

	John Gilmore


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
majordomo at wasabisystems.com

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From iqsoftware at export2000.ro  Sun Nov 17 13:30:45 2002
From: iqsoftware at export2000.ro (iqsoftware at export2000.ro)
Date: Sun, 17 Nov 2002 23:30:45 +0200
Subject: Romanian Software Production
Message-ID: <eaep.3.0.reg.CorMKN.37577.9393899306@server.export2000.ro>

A non-text attachment was scrubbed...
Name: not available
Type: text/plain charset=us-ascii
Size: 5540 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021117/c5851878/attachment.bin>

From GaryJeffers at aol.com  Sun Nov 17 20:33:56 2002
From: GaryJeffers at aol.com (GaryJeffers at aol.com)
Date: Sun, 17 Nov 2002 23:33:56 EST
Subject: How NSA access was built into Windows   
Message-ID: <17b.11bd6bdc.2b09c7b4@aol.com>

My fellow Cypherpunks,

   While reading the excellent site:
http://www.WHATREALLYHAPPENED.com

I found the interesting following article:
http://www.heise.de/tp/english/inhalt/te/5263/1.html

Yours Truly,
Gary Jeffers

BEAT STATE!!!!
and the RULING ELITES!!!!

see
http://www.WHATREALLYHAPPENED.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 481 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021117/a9dd1c12/attachment.txt>

From rah at shipwright.com  Sun Nov 17 21:15:19 2002
From: rah at shipwright.com (R. A. Hettinga)
Date: Mon, 18 Nov 2002 00:15:19 -0500
Subject: AIR TRAVELER ID REQUIREMENT CHALLENGED
Message-ID: <p05200f0fb9fe27949d0e@[66.149.49.6]>


--- begin forwarded text



From eresrch at eskimo.com  Mon Nov 18 07:46:47 2002
From: eresrch at eskimo.com (Mike Rosing)
Date: Mon, 18 Nov 2002 07:46:47 -0800 (PST)
Subject: (Being able to) sell votes
In-Reply-To: <20021118153728.GA61346@lightship.internal.homeport.org>
Message-ID: <Pine.GSU.4.44.0211180743110.21779-100000@eskimo.com>


On Mon, 18 Nov 2002, Adam Shostack wrote:

> Ross Perot demonstrated that you can buy your way into an election
> now.  Maybe we should just admit that that's the case.  Could it be
> worse than the unofficially sold elections and gerrymandered districts
> we have now?

I think it's pretty well demonstrated the person with the most money wins.
It would be a good way to build more respect for the dead, that's all :-)
Wouldn't change the outcome of any election, but it might improve the
living standards of those who least vote.  At least for a day or so...

Patience, persistence, truth,
Dr. mike




From mdiehl at dominion.dyndns.org  Mon Nov 18 14:58:11 2002
From: mdiehl at dominion.dyndns.org (Mike Diehl)
Date: Mon, 18 Nov 2002 17:58:11 -0500
Subject: Assassination Politics: Coming soon?
In-Reply-To: <Pine.LNX.4.30.QNWS.0211181603460.20685-100000@thetis.deor.
  org>
References: <Pine.LNX.4.30.QNWS.0211181603460.20685-100000@thetis.deor.o
  rg>
Message-ID: <20021118233912.11A678214@dominion.dyndns.org>


On Monday 18 November 2002 07:24 pm, Meyer Wolfsheim wrote:
     > On Thu, 14 Nov 2002, Keith Ray wrote:
     > > It's been a number of years since Jim Bell wrote his infamous
     > > "Assassination Politics" essay.  If someone were to try to implement
     > > the system today and not share Jim Bell's fate, they would need
     > > absolute anonymity and security.  The technical requirements for
     > > implementing the system are:

I'm not well informed.  What was Jim Bell's fate?

-- 
Mike Diehl
PGP Encrypted E-mail preferred.
Public Key via: http://dominion.dyndns.org/~mdiehl/mdiehl.asc




From lg at lgoods.com  Mon Nov 18 02:03:35 2002
From: lg at lgoods.com (lgoods)
Date: Mon, 18 Nov 2002 18:03:35 +0800
Subject: =?gb2312?q?=C4=FA=CF=EB=BF=AA=B8=F6=CD=F8=C9=CF=C9=CC=B5=EA=D7=AC=C7=AE=C2=F0=A3=BF?=
Message-ID: <GIGANTICFRaqbC8wSA100000179@levee.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2174 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021118/b62e8929/attachment.txt>

From lg at lgoods.com  Mon Nov 18 04:15:33 2002
From: lg at lgoods.com (lgoods)
Date: Mon, 18 Nov 2002 20:15:33 +0800
Subject: =?gb2312?q?=C4=FA=CF=EB=BF=AA=B8=F6=CD=F8=C9=CF=C9=CC=B5=EA=D7=AC=C7=AE=C2=F0=A3=BF?=
Message-ID: <GIGANTICEEs5VFFy8PJ0000017c@levee.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2174 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021118/37b920ba/attachment.txt>

From stllnhub01/svrs/sial at sial.com  Mon Nov 18 18:24:22 2002
From: stllnhub01/svrs/sial at sial.com (stllnhub01/svrs/sial)
Date: Mon, 18 Nov 2002 20:24:22 -0600
Subject: Report to Recipient(s)
Message-ID: <OF31511609.C4F28315-ON86256C76.000D379A@sial.com>


Incident Information:-

Originator: owner-cypherpunks at minder.net
Recipients: cypherpunks at minder.net
Subject:    Undelivered Mail Returned to Sender -123

WARNING:  The file mime001.txt you received was infected
with the Exploit-MIME.gen.exe virus.  The file attachment
was not successfully cleaned.





From Promotions at usairways.com  Mon Nov 18 20:00:00 2002
From: Promotions at usairways.com (Promotions at usairways.com)
Date: Mon, 18 Nov 2002 22:00:00 -0600
Subject: US Airways Caribbean Sale -- 5 New Destinations
Message-ID: <200211190410.gAJ4AUHT019698@ak47.algebra.com>


US Airways is celebrating 5 great new vacation destinations with unbeatable sale fares to the Caribbean! But hurry, these great fares are only available until November 20, 2002.

Exotic new destinations on sale now include Belize, Grenada, Punta Cana, St. Kitts, and Providenciales in the Turks & Caicos islands. Each offers spectacular and uncrowded fine white sandy beaches, abundant marine life perfect for snorkeling and diving, exotic landscapes and delicious native dining.  Book online at 
http://www.usairways.com/promotions/specials/carib_all.htm 
by Wednesday, November 20, 2002. Travel must be completed by March 23, 2003.

This is just a sample of the sale fares offered. For reservations and fares from your city go to
http://www.usairways.com/promotions/specials/carib_all.htm


Sample Markets*                   Roundtrip Fares
===============                   ===============
Boston - Grenada                       $374
Detroit - Punta Cana                   $367
Chicago - Providenciales               $387                      
New York/LaGuardia - Belize            $370
Philadelphia - St. Kitts               $465
Hartford/Springfield - Grenada         $374
Washington, DC - Providenciales        $310

*  Belize service valid Tues/Thur/Sat/Sun
   Grenada service valid Sat only beginning 12/21/02
   Providenciales service valid Mon/Wed/Fri/Sat
   Punta Cana service valid Mon/Wed/Fri/Sat beginning 12/14/02; service subject to government approval
   St. Kitts service valid Sat only beginning 12/7/02

Fares are for roundtrip coach travel on US Airways, US Airways Shuttle, and/or US Airways Express. Depending on your travel needs, alternative routings may be available at the same fares, with part of the service on regional aircraft operated by US Airways Express carriers Allegheny, Air Midwest, CCAIR, Chautauqua, Colgan, Mesa, Piedmont, PSA, Shuttle America or Trans States.

************************************************************
ELITE ISLAND RESORT DEALS
************************************************************

ST. KITTS

Allegro St. Kitts	- All Inclusive			$69* per person per night
Save up to 35% off as a US Airways customer at this all-inclusive resort. Situated on a narrow strip of land between the sparkling waters of the Atlantic and the turquoise Caribbean Sea only 3.5 miles from the airport and bordered by the challenging championship Royal St. Kitts Golf Course. Allegro St. Kitts is a popular resort catering to couples, singles and families. The resort's 270 rooms are situated by a peaceful lake with the Atlantic just 250 yards from the resort. For more information, visit www.eliteislandresorts.com.

RESERVATIONS:
Phone: 1-800-345-0356
Email: res at eliteislandresorts.com

* Hotel rates shown are per person per night all-inclusive based on double occupancy for travel 12/13/02 through 4/15/03 when booked by 12/2/02. Hotel space is limited and may not be available on all days. Additional travel dates and rates are available. Prices are subject to change with or without notice. Rate does not include room taxes and does not include miscellaneous hotel charges typically paid by the customer directly to the hotel. When booking hotel accommodations, refer to the "US Airways Caribbean E-Mail." Other conditions may apply. Airfare not included.    


TURKS AND CAICOS 

Allegro Turks and Caicos - All Inclusive		$199** per person per night
Located on Providenciales, the largest of the Turks and Caicos Islands, this resort is on a spectacular white-sand beach overlooking the sparkling waters of Grace Bay. Built around a beautiful tropical atrium and surrounded by palm trees, the resort offers relaxation and excitement to all its guests.  From open-air dining to cocktails by the pool, a casino, watersports, a PADI five-star dive facility on site, day and night tennis and a nearby 18-hole championship golf course, Allegro truly has it all.  For more information, visit www.allegroturksandcaicos.com.

RESERVATIONS: 
Phone:  1-800-451-9376

** Hotel rates shown are per person per night all-inclusive based on double occupancy in superior class accommodations for travel 12/13/02 through 4/15/03 when booked by 12/20/02. Upgrades available upon request.  Hotel space is limited and may not be available on all days. Additional travel dates and rates are available. Blackout dates of December 21-31, 2002 apply.  Prices are subject to change with or without notice. Rate includes all room taxes service fees but does not include miscellaneous hotel charges typically paid by the customer directly to the hotel. When booking hotel accommodations, refer to the "US Airways Caribbean E-Mail." Other conditions may apply. Airfare not included.

************************************************************
DOUBLE YOUR MILES TO NEW CARIBBEAN DESTINATIONS
************************************************************

You can earn double Dividend Miles to US Airways newest tropical destinations:   Grenada, Punta Cana, St. Kitts, Belize and Providenciales. Offer travel dates vary by destination. All Dividend Miles terms and conditions apply. Register for any double miles offers one-time before your first flight at http://www.usairways.com/dm/offers.htm

************************************************************
SALE FARE REQUIREMENTS
************************************************************

Fares are based on required roundtrip Coach travel. Tickets must be purchased 3 days in advance, within 24 hours of making reservation and no later than 11/20/02.  All travel must be completed by 3/23/03. Tickets become nonrefundable 24 hours after making initial reservation, and under certain conditions may be changed prior to midnight of the departure date of each flight segment for a minimum $100 fee. If changes are not made prior to the departure date of each flight, the entire remaining ticket will have no further value. Minimum 3-night or Saturday night stay is required, whichever comes first. Maximum 30 day stay allowed.
Fares valid Mondays-Thursdays to the Caribbean, Tuesdays-Fridays from the Caribbean; other days are higher. Fares to Belize valid for travel Tues/Thurs beginning 11/9/02. Fares/service to Grenada and St. Kitts valid Saturdays only; service to Grenada begins 12/21/02, service to St. Kitts begins 12/7/02. Fares to Providenciales valid Mon/Wed. Fares to Punta Cana valid Mon/Wed beginning 12/14/02; service is subject to foreign government approval.  Travel not permitted to the Caribbean on 11/23-11/24/02; travel not permitted from the Caribbean 11/30-12/2/02.  Blackout dates do not apply for travel to/from Belize or Providenciales.
Fares do not include the September 11th Security Fee of up to $10 per itinerary. Fares do not include up to $18 in airport passenger facility charges where applicable. Fares do not include government imposed taxes/fees/surcharges of up to $89. Seats are limited or may be sold out during very busy travel times. Lower fares may be available in these markets. Fares may not be available in all markets. Other conditions may apply.

************************************************************
SUBSCRIPTION INFORMATION
************************************************************

This is a post-only mailing sent to CYPHERPUNKS at ALGEBRA.COM. If you would like to change your e-mail address, you will need to unsubscribe and resubscribe at the E-Savers Enrollment page:
http://www.usairways.com/promotions/esavers/enroll/index.htm

To unsubscribe from this list, please click here:
http://www.usairways.com/cgi-bin/delete.cgi?email=CYPHERPUNKS at ALGEBRA.COM

To change your departure city preferences, please visit:
http://www.usairways.com/promotions/esavers/enroll/index.htm

Please do not respond to this message. 


Copyright US Airways 1996-2002.  All rights reserved.







From kenhirsch at myself.com  Tue Nov 19 03:44:04 2002
From: kenhirsch at myself.com (Ken Hirsch)
Date: Tue, 19 Nov 2002 06:44:04 -0500
Subject: Secret Court Says U.S. Has Broad Wiretap Powers
References: <Pine.BSO.4.21.0211181836340.886-100000@anon7.arachelian.com
  >
Message-ID: <00d201c28fc1$021d2600$943efea9@DXHIRX1>


> But you forget - the BATF agents were all beeped and informed to not
> bother to come in to work that day, and instead met up elsewhere, suited
> up so they could arrive just in time (a few minutes after the boom) to be
> heroic.
> 
> That indicates something, what exactly it indicates is left as an
> excercise to the reader.

Mainly it indicates how gullible you are when it comes to conspiracy theories.

http://www.courttv.com/casefiles/oklahoma/nichtranscripts/1126pm.html
http://www.courttv.com/casefiles/oklahoma/documents/grandjury_123098.html
http://www.okcitytrial.com/content/dailytx/050697a/LukeFraneyDirectExaminatio.html
http://63.147.65.175/bomb/bomb0109.htm




From hornygirlz at xxxteenzoo.com  Tue Nov 19 01:30:36 2002
From: hornygirlz at xxxteenzoo.com (VeryHornyGirlz)
Date: Tue, 19 Nov 2002 09:30:36 -0000
Subject: Girls With Animals?! Incredible!
Message-ID: <1oaf2n$4ih7qd@ex13.essoc.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1482 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021119/c3fc1329/attachment.txt>

From camera_lumina at hotmail.com  Tue Nov 19 06:43:29 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Tue, 19 Nov 2002 09:43:29 -0500
Subject: Secret Court Says U.S. Has Broad Wiretap Powers
Message-ID: <F3cMFlF8HGmCvoXM7e000000330@hotmail.com>


>So there's plenty of meat for conspiracy theory for a long time to come

Dave Emory has documented possible links between McVeigh and neo-fascist 
groups. Search through http://www.spitfirelist.com/.

He also extensively documents connections between the Bush family and the 
bin Ladens http://www.wfmu.org/playlists/DX...try "Los Amigos de Bush" and 
other programs in the months after 9/11 for a start (ironically, he had 
begun extensively tracing these connections shortly prior to 9/11).

In either case, one may end up dismissing all of the connections as 
circumstantial, but the process of getting there will not be a comfortable 
one, particularly in the case of 9/11.

As for me, I regard  both events as key towards turning the US into the nice 
little Polic State we always wanted. So I get a little pissy when the 
"breaking of the eggs" argument is used in either context.

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail




From levitte at openssl.org  Tue Nov 19 02:12:32 2002
From: levitte at openssl.org (Richard Levitte - VMS Whacker)
Date: Tue, 19 Nov 2002 11:12:32 +0100 (CET)
Subject: [ANNOUNCE] OpenSSL 0.9.7 beta 4 released
Message-ID: <20021119.111232.75426420.levitte@openssl.org>

  The fourth beta release of OpenSSL 0.9.7 is now available from the
  OpenSSL FTP site <URL: ftp://ftp.openssl.org/source/>.  This beta
  contains numerous fixes (among others, security-related ones) since
  beta 3, which explains the long time that has passed between the
  two.

  This is NOT a final beta.  Beta 5, which is planned to be the final
  one, will be released in two weeks if everything works well.  The
  final release of OpenSSL 0.9.7 is scheduled for Tuesday 2002-12-10.
  To make sure that it will work correctly, please test beta 4
  thoroughly, for example with your favorite piece of software, and
  please report back to us!  Also, please test on as many platforms as
  you have available and you have time for, especially on less common
  platforms.

  If you're interested in helping further, please join the
  openssl-dev at openssl.org list, where test requests on specific
  development snapshots will be announced.

  Changes between 0.9.7 beta 3 and 0.9.7 beta 4 include:

      o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit
      o Extended support for some platforms: VxWorks
      o Enhanced support for shared libraries.
      o Support for pkg-config.
      o Lots of new manuals.
      o A few new engines added in the demos area.

  The full set of changes between 0.9.6{x} and 0.9.7 beta 4 include:

      o New library section OCSP.
      o Complete rewrite of ASN1 code.
      o CRL checking in verify code and openssl utility.
      o Extension copying in 'ca' utility.
      o Flexible display options in 'ca' utility.
      o Provisional support for international characters with UTF8.
      o Support for external crypto devices ('engine') is no longer
        a separate distribution.
      o New elliptic curve library section.
      o New AES (Rijndael) library section.
      o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit
      o Extended support for some platforms: VxWorks
      o Enhanced support for shared libraries.
      o Support for pkg-config.
      o Lots of new manuals.
      o Change DES API to clean up the namespace (some applications link also
        against libdes providing similar functions having the same name).
        Provide macros for backward compatibility (will be removed in the
        future).
      o Unify handling of cryptographic algorithms (software and engine)
        to be available via EVP routines for asymmetric and symmetric ciphers.
      o NCONF: new configuration handling routines.
      o Change API to use more 'const' modifiers to improve error checking
        and help optimizers.
      o Finally remove references to RSAref.
      o Reworked parts of the BIGNUM code.
      o Support for new engines: Broadcom ubsec, Accelerated Encryption
        Processing, IBM 4758.
      o A few new engines added in the demos area.
      o Extended and corrected OID (object identifier) table.
      o PRNG: query at more locations for a random device, automatic query for
        EGD style random sources at several locations.
      o SSL/TLS: allow optional cipher choice according to server's preference.
      o SSL/TLS: allow server to explicitly set new session ids.
      o SSL/TLS: support Kerberos cipher suites (RFC2712).
      o SSL/TLS: allow more precise control of renegotiations and sessions.
      o SSL/TLS: add callback to retrieve SSL/TLS messages.
      o SSL/TLS: support AES cipher suites (RFC3268).

  The distribution file name is:

      o openssl-0.9.7-beta4.tar.gz
        MD5 checksum: 43cf89b428fbdd7873b5aae2680cd324

  The checksum was calculated using the following commands:

    openssl md5 < openssl-0.9.7-beta4.tar.gz

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From camera_lumina at hotmail.com  Tue Nov 19 09:41:22 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Tue, 19 Nov 2002 12:41:22 -0500
Subject: Now Security features in the Cisco product line.
Message-ID: <F148rhYQYx3G5aYY61L00000049@hotmail.com>


Seems a major rollout.

http://www.lightreading.com/document.asp?site=lightreading&doc_id=24599

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail




From mdiehl at dominion.dyndns.org  Tue Nov 19 12:14:17 2002
From: mdiehl at dominion.dyndns.org (Mike Diehl)
Date: Tue, 19 Nov 2002 13:14:17 -0700
Subject: OPPOSE THE WAR! We are going to ruin Iraq to get the oil.  
   Who's ne
In-Reply-To: <p05200f00ba004574b07b@[12.246.127.139]>
References: <F63h1vdkmyCF1Hkikie0000027a@hotmail.com>
  <20021119154736.406928214@dominion.dyndns.org>
  <p05200f00ba004574b07b@[12.246.127.139]>
Message-ID: <20021119182429.A29EA8214@dominion.dyndns.org>


On Tuesday 19 November 2002 01:02 pm, Kevin Elliott wrote:
     > Correction in the interest of historical accuracy.  The idea that we
     > succeeded in the revolutionary war by "inventing a new form of
     > warfare".  The reality is that the british were marching in formation
     > for very, very good reasons.  Their tactics were an early form of
     > Napoleanic tactics (the techniques perfected by Bonaparte and used to
     > SMASH most of the rest of Europe).  They evolved from several factors
     > notably:

That is very interesting and smells true.  But I have read an historical 
account of how we slaughtered the "Reds" from the hills as they marched.  
Seems to be a contradiction here that I can't resolve.

-- 
Mike Diehl
PGP Encrypted E-mail preferred.
Public Key via: http://dominion.dyndns.org/~mdiehl/mdiehl.asc




From tcmay at got.net  Tue Nov 19 14:06:35 2002
From: tcmay at got.net (Tim May)
Date: Tue, 19 Nov 2002 14:06:35 -0800
Subject: 17 Cypherpunks subscribers on watch list, Project Lookout
Message-ID: <2B5E62AA-FC0B-11D6-9027-0050E439C473@got.net>


A company I am involved with has been on the distribution list for the 
FBI's Project Lookout watch list, the list being shared with banks, 
electronics companies, consulting firms, transportation companies, and 
1100 other firms.

Cross-indexing with the CP subscriber list, I find 17 names on both 
lists.

We must be vigilant! Civil rights are only for innocents, not guilty 
persons.

--Tim May
-- 
Timothy C. May         tcmay at got.net        Corralitos, California
Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon
Technical: physics/soft errors/Smalltalk/Squeak/ML/agents/games/Go
Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns
Recent interests: category theory, toposes, algebraic topology




From tcmay at got.net  Tue Nov 19 15:59:42 2002
From: tcmay at got.net (Tim May)
Date: Tue, 19 Nov 2002 15:59:42 -0800
Subject: 17 Cypherpunks subscribers on watch list, Project Lookout
In-Reply-To: <2B5E62AA-FC0B-11D6-9027-0050E439C473@got.net>
Message-ID: <F86085A7-FC1A-11D6-9027-0050E439C473@got.net>


On Tuesday, November 19, 2002, at 02:06  PM, Tim May wrote:

> A company I am involved with has been on the distribution list for the 
> FBI's Project Lookout watch list, the list being shared with banks, 
> electronics companies, consulting firms, transportation companies, and 
> 1100 other firms.
>
> Cross-indexing with the CP subscriber list, I find 17 names on both 
> lists.
>
> We must be vigilant! Civil rights are only for innocents, not guilty 
> persons.
>
>

Wow, what a response, at least in private! Four of you have so far 
contacted me about the Watch List, asking "out of curiousity" if they 
are on the list or if the list is available online someplace. (One of 
the four got the message from a forwarding by a list member here. I 
really wish you, "E.L.," would not forward messages to unrelated lists.)

But I need a fifth name. HomeSec promised my own name would be removed 
if I provided the name of _five_ (5) other suspects.

And I need to get off that list by April 1st, which has been designated 
Roundup Day.



--Tim May
"To those who scare peace-loving people with phantoms of lost liberty, 
my message is this: Your tactics only aid terrorists."  --John 
Ashcroft, U.S. Attorney General




From slgmxrenh at web.de  Tue Nov 19 14:08:44 2002
From: slgmxrenh at web.de (Serkan Deniz)
Date: Tue, 19 Nov 2002 17:08:44 -0500
Subject: Yenilenen noseks edmys
Message-ID: <skpljlulnv@web.de>


FULL 2002 YAPIMI PORNO VIDEOLAR
Sitemize yeni filmler eklendi. Tam metraj, full kalite
Yenilenen Kategoriler:
AMATEUR
ANAL
ASIAN
LESBIAN


�yi e�lenceler,
http://www.noseks.com











id: cypherpunks - drkpwcghxifumfyqtblptxghitf-




From rah at shipwright.com  Tue Nov 19 14:40:17 2002
From: rah at shipwright.com (R. A. Hettinga)
Date: Tue, 19 Nov 2002 17:40:17 -0500
Subject: Why we spent a decade+ building strong crypto & security
Message-ID: <p05200fbbba006d9d0641@[66.149.49.6]>


--- begin forwarded text



From iaeloseweightnow at earthlink.com  Tue Nov 19 18:54:39 2002
From: iaeloseweightnow at earthlink.com (rhofImprove your Health Free)
Date: Tue, 19 Nov 2002 18:54:39 -0800
Subject: Share this Secret with all your Friends piuae
Message-ID: <200211200251.gAK2ovrg030820@ak47.algebra.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1790 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021119/55fe2495/attachment.txt>

From peterzulu at hotmail.com  Tue Nov 19 16:12:26 2002
From: peterzulu at hotmail.com (peter zulu)
Date: Tue, 19 Nov 2002 19:12:26 -0500
Subject: 17 Cypherpunks subscribers on watch list, Project Lookout
Message-ID: <F107Mt6s1acoKRWR1hd000183e0@hotmail.com>


here's the list as of 10-11-01:

http://www.vrwa.org/fbiwatchlist.htm

w.a.s.t.e ;)


>From: Tim May <tcmay at got.net>
>To: cypherpunks at lne.com
>Subject: 17 Cypherpunks subscribers on watch list, Project Lookout
>Date: Tue, 19 Nov 2002 14:06:35 -0800
>
>
>A company I am involved with has been on the distribution list for the 
>FBI's Project Lookout watch list, the list being shared with banks, 
>electronics companies, consulting firms, transportation companies, and 1100 
>other firms.
>
>Cross-indexing with the CP subscriber list, I find 17 names on both lists.
>
>We must be vigilant! Civil rights are only for innocents, not guilty 
>persons.
>
>--Tim May
>--
>Timothy C. May         tcmay at got.net        Corralitos, California
>Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon
>Technical: physics/soft errors/Smalltalk/Squeak/ML/agents/games/Go
>Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns
>Recent interests: category theory, toposes, algebraic topology


_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail




From remailer at aarg.net  Tue Nov 19 20:36:20 2002
From: remailer at aarg.net (AARG! Anonymous)
Date: Tue, 19 Nov 2002 20:36:20 -0800
Subject: the wrong poem
Message-ID: <eee6c3725c22aee634aa24b4d0acacc2@aarg.net>


The saddest thing here is that this gets reported without any comment. Snuffing journalists seems far more cost effective than offing pigs.


http://www.startribune.com/stories/1576/3443476.html

..
Baker discounted claims by federal authorities that Maali
had financially supported terrorist groups when he made
donations to Palestinian charities, and that an essay and
poems he had written showed sympathy for suicide bombers
in Israel.
..




From emc at artifact.psychedelic.net  Tue Nov 19 21:22:58 2002
From: emc at artifact.psychedelic.net (Eric Cordian)
Date: Tue, 19 Nov 2002 21:22:58 -0800 (PST)
Subject: 17 Cypherpunks subscribers on watch list, Project Lookout
In-Reply-To: <2B5E62AA-FC0B-11D6-9027-0050E439C473@got.net> from "Tim
  May" at Nov 19, 2002 02:06:35 PM
Message-ID: <200211200522.gAK5Mwt24385@artifact.psychedelic.net>


Tim Spoofs:

> A company I am involved with has been on the distribution list for the 
> FBI's Project Lookout watch list, the list being shared with banks, 
> electronics companies, consulting firms, transportation companies, and 
> 1100 other firms.

> Cross-indexing with the CP subscriber list, I find 17 names on both 
> lists.

> We must be vigilant! Civil rights are only for innocents, not guilty 
> persons.

This of course is not a true tale, but an incredible simulation to make a
point.

The real danger, however, lies not in a "watch list," but in the
government's desire for a massive computer system which will link every
single bit of computer accessible information on every individual for
instant access, from credit files, to tax records, to web pages and Usenet
posts, to insults hurled at you by various vigilante groups.

The earth currently has a population of just slightly over six billion
people.  This means that a 200 gigabyte drive can store 256 bits of
information on every single person on the planet, and you can hold it in
the palm of your hand, and use it for any devious purpose you can
conceive.

Supercomputers are just about to reach, and then surpass, human brain
equivalent capacity in both OPS and memory.  A few more years, and these
supercomputers will be desktops.

OPS and bits have simply become so cheap, that everyone on the planet can
potentially have instant access to everything everyone else on the planet
has ever publicly said or done, grepped and condensed anyway they like,
before dealing with anyone.

Libertopians are hardly likely to want any legal restrictions on freedom
of choice in business or personal dealings, or in the free market trade in
publicly accessible information about citizens, so few limits are likely
to be placed on the inevitable march of this technology.

There are companies that now hire only non-smokers.  In the future, this
could just as easy become never-smoked, never used drugs, had a perfect
attendance record in the Gubmint School, and never criticized the
President. 

Try to board a plane, and get told, "I'm sorry, but Homeland Airlines
doesn't carry people who wrote an essay like the one you turned into your
10th grade teacher on such and such 15 years ago."

Brinworld on steroids.

-- 
Eric Michael Cordian 0+
O:.T:.O:. Mathematical Munitions Division
"Do What Thou Wilt Shall Be The Whole Of The Law"




From tcmay at got.net  Tue Nov 19 23:36:03 2002
From: tcmay at got.net (Tim May)
Date: Tue, 19 Nov 2002 23:36:03 -0800
Subject: Vengeance Hacking the Watch List-- Monkeywrenching the
  Police State
In-Reply-To: <7D2DB2F1-FC58-11D6-9027-0050E439C473@got.net>
Message-ID: <B929A20F-FC5A-11D6-9027-0050E439C473@got.net>


On Tuesday, November 19, 2002, at 11:20  PM, Tim May wrote:
>
> * Add additional names...perhaps some in-laws, relatives, college 
> friends, or colleagues of those who are responsible for this Witch 
> Hunt. It may be unfortunate to implicate some "innocents," but broken 
> eggs are inevitable. Ideally, guilty parties, but the names can't be 
> too well-known, as this undercuts the plausibility of the document.

And I should have added the obvious: add some Arabic names that are 
relatives of actual Arabs complicit in Washington's police state 
activities....perhaps the name of a college student son or daughter of 
an Ragheadistani assistant embassy official, that sort of thing. These 
names will blend in with the other Arabic-appearing names.

Add your ideas!


--Tim May
""Guard with jealous attention the public liberty. Suspect everyone who 
approaches that jewel. Unfortunately, nothing will preserve it but 
downright force. Whenever you give up that force, you are ruined." 
--Patrick Henry 




From declan at well.com  Tue Nov 19 21:40:26 2002
From: declan at well.com (Declan McCullagh)
Date: Wed, 20 Nov 2002 00:40:26 -0500
Subject: News: House votes life sentences for hackers (fwd)
In-Reply-To: <20021116034837.GB1508@pig.die.com>; from die@die.com on
  Fri, Nov 15, 2002 at 10:48:37PM -0500
References: <F100hUCP0bztb0i3eLs0000efef@hotmail.com>
  <20021115121135.A17061@cluebot.com>
  <20021116034837.GB1508@pig.die.com>
Message-ID: <20021120004026.A28294@cluebot.com>


On Fri, Nov 15, 2002 at 10:48:37PM -0500, Dave Emery wrote:
> 	I might hasten to add that as I am sure Declan knows, this
> addition to the Homeland Defense Act also includes the CSEA provisions
> that turn hobby listening to certain easy to receive but off limit
> radio signals from an offense with a maximum penalty of a $500 fine
> to a federal felony with 5 years in prison as penalty.

Dave,
Thanks for the details about the hobby listening. I looked through
the bill quickly again, and couldn't find the prohibitions you describe.

The bill as passed by the House is here, with the Senate version near-
identical:
http://www.house.gov/rules/homeland.pdf

Got a page number?

-Declan




From nobody at dizum.com  Tue Nov 19 16:10:29 2002
From: nobody at dizum.com (Nomen Nescio)
Date: Wed, 20 Nov 2002 01:10:29 +0100 (CET)
Subject: Microsoft on Darknet
Message-ID: <4b2b2f0383410fad2db287ecd81e33c2@dizum.com>


Microsoft faces up to (and renames) BlackNet:

http://crypto.stanford.edu/DRM2002/darknet5.doc

The Darknet and the Future of Content Distribution


        Peter Biddle, Paul England, Marcus Peinado, and Bryan Willman


                          Microsoft Corporation[1]


                                  Abstract


           We investigate the darknet - a collection of networks and
           technologies used to share digital content.  The darknet is not
           a separate physical network but an application and protocol
           layer riding on existing networks.  Examples of darknets are
           peer-to-peer file sharing, CD and DVD copying, and key or
           password sharing on email and newsgroups.  The last few years
           have seen vast increases in the darknet's aggregate bandwidth,
           reliability, usability, size of shared library, and availability
           of search engines.  In this paper we categorize and analyze
           existing and future darknets, from both the technical and legal
           perspectives.  We speculate that there will be short-term
           impediments to the effectiveness of the darknet as a
           distribution mechanism, but ultimately the darknet-genie will
           not be put back into the bottle.  In view of this hypothesis, we
           examine the relevance of content protection and content
           distribution architectures.




From die at die.com  Tue Nov 19 23:13:59 2002
From: die at die.com (Dave Emery)
Date: Wed, 20 Nov 2002 02:13:59 -0500
Subject: News: House votes life sentences for hackers (fwd)
In-Reply-To: <20021120004026.A28294@cluebot.com>
References: <F100hUCP0bztb0i3eLs0000efef@hotmail.com>
  <20021115121135.A17061@cluebot.com>
  <20021116034837.GB1508@pig.die.com>
  <20021120004026.A28294@cluebot.com>
Message-ID: <20021120071359.GD31979@pig.die.com>


On Wed, Nov 20, 2002 at 12:40:26AM -0500, Declan McCullagh wrote:
> On Fri, Nov 15, 2002 at 10:48:37PM -0500, Dave Emery wrote:
> > 	I might hasten to add that as I am sure Declan knows, this
> > addition to the Homeland Defense Act also includes the CSEA provisions
> > that turn hobby listening to certain easy to receive but off limit
> > radio signals from an offense with a maximum penalty of a $500 fine
> > to a federal felony with 5 years in prison as penalty.
> 
> Dave,
> Thanks for the details about the hobby listening. I looked through
> the bill quickly again, and couldn't find the prohibitions you describe.
> 
> The bill as passed by the House is here, with the Senate version near-
> identical:
> http://www.house.gov/rules/homeland.pdf
> 
> Got a page number?


	Section 225 (j) (1)  bottom of page 57 and top of page 58 in the
version that the above link points to.

	One certainly would miss it if one wasn't looking for it
very carefully.

	And it makes no sense without refering to the original text
of section 2511 (4).


> 
> -Declan

-- 
	Dave Emery N1PRE,  die at die.com  DIE Consulting, Weston, Mass. 
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2  5D 27 BD B0 24 88 C3 18




From hello1878b32 at aol.com  Tue Nov 19 20:33:47 2002
From: hello1878b32 at aol.com (Hello)
Date: Wed, 20 Nov 2002 06:33:47 +0200
Subject: Grab your Free ID!                                         
Message-ID: <004c56d41b5a$4636d7b0$7ab78cd5@fimkyq>


Hello,

This is Bonnie Connelly with exciting news from Arkansas, USA.

If you are a person interested in more information about the opportunity 
of making money from home, and you are serious read on... 
  
Last month I introduced new people, just like you, and they�ve
already made money in their first month! 
  
The beauty of that income is that it�s residual income so it comes
back every month just like a royalty... 
  
And the best part is! "YOU" can achieve that as well, regardless
of your background or education. 
  
Why am I so sure?.. 
  
Because I've got a Formula that works. So simple that even my 12 
year old niece could do it but the fact ofthe matter is she's not 
at legal age. 
  
Imagine yourself making residual income from home, from behind
your computer...  Did you know that the average successful home 
business generates over $50.000 in annual income? 
  
That means no boss anymore, no Monday morning blues, extra
vacations, extra money instead of lack of money, not having to
say "I can't afford it" to your kids, free time, and more 
importantly,
the FREEDOM of being your own boss without the stress most
corporate dude's have... 
  
If you can see yourself in that position, if you are still 
serious, and
you haven't given up on your self, then send me an Email and I'll
share this simple secret "How You Too Can Capitalize On The
Home Based Business Trend." 

Go to the following URL and enter your name and email address.
 
http://boncon.50megs.com

You will receive an Email with more information immediately. 
  
DO NOT reply to this e-mail! (Please only sign-in if you're 
serious) 
  
Sincerely, 
 
Bonnie Connelly 
  
P.S.
If you act fast I'll let you test drive my formula 100%FREE.
That's how confident I am that you'll succeed. There's nothing to 
lose and a lot to gain.  It's a lot of fun too!

If you do not wish to communicate like this again, 
Send a blank email to:
 boncon38 at excite.com
 

6293EGdg5-750bXFt1111rzDn9-517vzao7500aAzt2-610l44




From emc at artifact.psychedelic.net  Wed Nov 20 09:01:14 2002
From: emc at artifact.psychedelic.net (Eric Cordian)
Date: Wed, 20 Nov 2002 09:01:14 -0800 (PST)
Subject: Onion Self-Censorship
Message-ID: <200211201701.gAKH1Ec25312@artifact.psychedelic.net>


Cable News is reporting that the Onion, America's Finest News Source, has
pulled from its Web site an article on the recent siege at the Moscow
theatre by Chechen rebels.

Does anyone have a copy of the article they could post?  I'd like to see
what sorts of comments about "terrorism" are unacceptable to publish, even
as parody.

-- 
Eric Michael Cordian 0+
O:.T:.O:. Mathematical Munitions Division
"Do What Thou Wilt Shall Be The Whole Of The Law"




From camera_lumina at hotmail.com  Wed Nov 20 06:26:58 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Wed, 20 Nov 2002 09:26:58 -0500
Subject: OPPOSE THE WAR! We are going to ruin Iraq to get the oil.
  Who 's ne
Message-ID: <F1304nzwjyXSz9qGFTS00001a56@hotmail.com>


"In school yard politics this edge is normally a weapon
of some sort that can equalize the playing field (guns usually in the US, 
try going to an inner city public school for 2 years).  Saddam sees this and 
that is what let him to develop those WMD, to equalize against a superior 
foe / bully"

A good point from Mr Trei. I'd follow this up by saying that most kids, when 
getting that weapon, do not plan on using it, but hope that it's presence 
alone will act as a deterrent..."You c-c-can't push me around anymore 'cause 
I got THIS..."

At the very least, it changes the nature of the discussion at the bargaining 
table (this is precisely what Mao meant by "Diplomacy comes out of the 
barrel of a gun".

The problem with Saddam, however, is that he does have a track record of 
actually using such weapons, most notably with the Kurds (where he gassed a 
few 10s of thousands).

Not a great scenario, no matter how you look at it.








_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail




From camera_lumina at hotmail.com  Wed Nov 20 06:36:24 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Wed, 20 Nov 2002 09:36:24 -0500
Subject: OPPOSE THE WAR! We are going to ruin Iraq to get the oil.
  Who's ne
Message-ID: <F100L8U8pHCrv3ePag80000490c@hotmail.com>


"As to dangerous, I find that most of the people using violence in this
country are anti-drug, not pro."

Can't exactly agree with ya' here. Just watch COPS...most of those actually 
committing stupid crimes are apparently pro-Alchohol.

Pot? We can't have THAT be legalized now, or the CIA will lose a valuable 
source of covert action funding.






>From: Jim Choate <ravage at einstein.ssz.com>
>To: <cypherpunks at einstein.ssz.com>
>CC: Alif The Terrible <measl at mfn.org>
>Subject: Re: OPPOSE THE WAR! We are going to ruin Iraq to get the oil.     
>Who's ne
>Date: Wed, 20 Nov 2002 00:50:09 -0600 (CST)
>
>On Mon, 18 Nov 2002, Mike Diehl wrote:
>
> > As to drugs and employment.  I'm glad to see that you recognized that a
> > programer, like myself, has far fewer responsibilities than a (mere?)
> > babysitter.  But, I still don't want to go to work with someone who is 
>high
> > on something.  When people are high, they are unpredictable, and 
>potentially
> > dangerous.  Drugs are a form of escapism.
>
>That is complete and total bullshit. The fact -some- drugs have problems
>doesn't equate to -all- drugs.
>
>Further, people are unpredictable in and of themselves. Drugs or no drugs.
>As to dangerous, I find that most of the people using violence in this
>country are anti-drug, not pro.
>
>When was the last time a group of pot heads kicked anyones door down?
>
>
>  --
>     ____________________________________________________________________
>
>     We don't see things as they are,                      ravage at ssz.com
>     we see them as we are.                                   www.ssz.com
>                                                   jchoate at open-forge.org
>     Anais Nin                                         www.open-forge.org
>
>     --------------------------------------------------------------------


_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




From Vincent.Penquerch at artworks.co.uk  Wed Nov 20 02:43:34 2002
From: Vincent.Penquerch at artworks.co.uk (Vincent Penquerc'h)
Date: Wed, 20 Nov 2002 10:43:34 -0000
Subject: OPPOSE THE WAR! We are going to ruin Iraq to get the oil.
  Who 's ne
Message-ID: <B14C9D7F1977D111AD740060970ACBDAFACB1D@warhol>


> Israeli tanks aren't the ONLY things that kill someone's 
> kids.  The whole 
> region has been at war for 100's of years.  If Israel backed 

You do realize that the whole world has been at war for hundreds
of years, do you ? Israel is now the bully in the region, and is
conforted in keeping this role by the US support.
This does not mean at all that this was always the case. Of course
there were other bullies in the past, and possibly now too. This
should not mean that this should excuse this particular bully.

It is my opinion that, after the fall of the USSR, which I saw
as a good thing, the US are now becoming much too dangerous and
need to fall, too. Having two nuke crazed countries in the world
was dangerous, but at least they were keeping tabs on each other.
I am frankly scared of what the US are becoming today. Of their
government's covert/overt manipulations, dishonesty, and violence.

Of course, I do realize that they are not alone in this game, and
that all others are doing the same kind of things. However, the
US are now in a position to do this more easily, with more power,
and still get away with it, which makes them so much more dangerous. They
don't need actual weapons to maim any more.

I just hope that Americans see this, and see that what they're
going to get from this behavior isn't world domination, but either
a genocide of half the planet, or a life in a bared wire world,
with no freedom left, in a vain attempt to protect themselves
against the rage they've patiently cultivated.

-- 
Vincent Penquerc'h 




From declan at well.com  Wed Nov 20 10:40:30 2002
From: declan at well.com (Declan McCullagh)
Date: Wed, 20 Nov 2002 13:40:30 -0500
Subject: How IRS/TIGTA shares information with FBI
Message-ID: <5.1.1.6.0.20021120133943.01e25ec8@mail.well.com>


released today...

http://www.gao.gov/cgi-bin/getrpt?GAO-03-50R




From abuse at bizmailsrvcs.net  Wed Nov 20 12:39:51 2002
From: abuse at bizmailsrvcs.net (abuse at bizmailsrvcs.net)
Date: Wed, 20 Nov 2002 14:39:51 -0600
Subject: Virus Alert
Message-ID: <200211202039.OAA28712@oe-iscan1pub.managedmail.com>


We have detected a virus (WORM_KLEZ.H) in your mail traffic sent from arh at entertainmenteventsinc.com in the file valign.pif on 11/20/2002 14:39:51. We took the action delete. If you have questions regarding files or updating/installing Anti-virus protection on your PC, please contact your e-mail administrator or help desk.




From camera_lumina at hotmail.com  Wed Nov 20 13:12:26 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Wed, 20 Nov 2002 16:12:26 -0500
Subject: Psuedo-Private Key (eJazeera)
Message-ID: <F172Lgsz5VVVkWZx5MK00005db2@hotmail.com>


Well, the basic idea is to co-encrypt some "fake" data that looks like the 
real data, so that when they find it (using the key to the fake data of 
course) they'll figure you gave them the real key, because they won't know 
that there ever was a fake key leading to fake data. (And I suppose there's 
no reason not to allow for mutliple batches of fake data that get encrypted 
along with the real data.)

And depending on the situation, the key-holder will decide whether to give 
them a key that destroys the real data, or that doesn't (and hides it).

In some situations, the fake data could be something completely innocuous 
and unrelated to what "they" were looking for, or in other cases it could 
look like what they were looking for albeit with doctored information.








>From: dmolnar <dmolnar at hcs.harvard.edu>
>To: Tyler Durden <camera_lumina at hotmail.com>
>CC: keith at nullify.org, <cypherpunks at lne.com>
>Subject: Re: Psuedo-Private Key (eJazeera)
>Date: Wed, 20 Nov 2002 15:49:55 -0500 (EST)
>
>
>
>On Wed, 20 Nov 2002, Tyler Durden wrote:
>
> > to have a big jpg of a hand with middle finger extended...) More than 
>this,
> > they will have unknowingly destroyed the real data. (Perhaps a 3rd key 
>is
> > needed that DOESN'T destroy the original data, just 'hides' it a la
> > Rubberhose.)
>
>The question I've seen asked about this is then -- how do you get them to
>stop beating you? If they know you might have some number of duress keys,
>one of which might undetectably hide the data, what stops them from
>beating you until
>
>	1) you give them a key that shows them what they want to see
>	2) you die
>
>Maybe this isn't that different from the ordinary unencrypted case, where
>if they don't find it on your HD they can accuse you of burying disks in
>the backyard or something. Or is the goal protecting the data and not
>protecting your life?
>
>-David


_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail




From shamrock at cypherpunks.to  Wed Nov 20 18:34:41 2002
From: shamrock at cypherpunks.to (Lucky Green)
Date: Wed, 20 Nov 2002 18:34:41 -0800
Subject: Torture done correctly is a terminal process
In-Reply-To: <20021121014745.GA1430@lightship.internal.homeport.org>
Message-ID: <003e01c29106$8d4006d0$6501a8c0@VAIO650>


Adam wrote:
> The Russians, Americans and I believe others have moved from 
> physical to psychological methods which have proven to work 
> better than actual physical pain.  I recall reading a story 
> on Abdul Murad, the Al Qaeda member arrested in 1995 in the 
> Philipines, where the way they finally got him to talk ws 
> threatening him with being turned over to the Israelis.

I recently obtained an illuminating recording of a speech by a judge
sitting on the 9th Circuit Court of Appeals which was given before the
San Francisco Commonwealth Club. In said recording, the honorable judge
proposes the issuance of formal federal torture warrants. The reader may
or may not take comfort in the fact that the honorable judge firmly
insists that the needles he proposes to be inserted under the
fingernails of suspects should be sterile.

Clearly, at least hygiene has progressed in the last 300 years.

--Lucky Green




From eresrch at eskimo.com  Wed Nov 20 19:50:31 2002
From: eresrch at eskimo.com (Mike Rosing)
Date: Wed, 20 Nov 2002 19:50:31 -0800 (PST)
Subject: DMCA Feedback
Message-ID: <Pine.GSU.4.44.0211201947100.19953-100000@eskimo.com>


There's a few opinionated people on this list, I think :-)

Patience, persistence, truth,
Dr. mike

---------- Forwarded message ----------

>From MX%"giffin at cs.wisc.edu""Jonathon Giffin"  Fri Jul  6 02:39:13 2018
From:	MX%"giffin at cs.wisc.edu"  "Jonathon Giffin" 20-NOV-2002 18:19:49.35
To:	MX%"secrsch at cs.wisc.edu"
CC:
Subj:	[PKILAB] [SECRSCH] DMCA Feedback


For anyone who is interested in voicing their opinion, the US Copyright
Office is accepting feedback on the effects of the DMCA (Digital Millenium
Copyright Act).  Feedback will not change the law but may affect
enforcement.

http://www.copyright.gov/1201/comment_forms/

Jon




From steve at tightrope.demon.co.uk  Wed Nov 20 12:08:34 2002
From: steve at tightrope.demon.co.uk (Steve Mynott)
Date: Wed, 20 Nov 2002 20:08:34 +0000
Subject: RMS on "Treacherous Computing"
Message-ID: <D8F03D08-FCC3-11D6-B92C-0003938CDA08@tightrope.demon.co.uk>


"Who should your computer take its orders from? Most people think their 
computers should obey them, not obey someone else. With a plan they 
call "trusted computing", large media corporations (including the movie 
companies and record companies), together with computer companies such 
as Microsoft and Intel, are planning to make your computer obey them 
instead of you. Proprietary programs have included malicious features 
before, but this plan would make it universal."

<http://www.gnu.org/philosophy/can-you-trust.html>

--
Steve Mynott <steve at tightrope.demon.co.uk>




From info at beatnik.com  Wed Nov 20 20:21:14 2002
From: info at beatnik.com (info)
Date: Wed, 20 Nov 2002 22:21:14 -0600
Subject: Files are FAILED to be aligned
Message-ID: <20021121042110.NDFY17814.oe-ismta1.bizmailsrvcs.net@Bxdu>

------------------  Virus Warning Message (on oe-iscan1pub)

Found virus WORM_KLEZ.H in file FAILED.exe
The uncleanable file is deleted.

---------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 111 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021120/2b7f076a/attachment.txt>
-------------- next part --------------

------------------  Virus Warning Message (on oe-iscan1pub)

FAILED.exe is removed from here because it contains a virus.

---------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: WinAlign Report.txt
Type: application/octet-stream
Size: 3670 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021120/2b7f076a/attachment.obj>

From abuse at bizmailsrvcs.net  Wed Nov 20 20:21:27 2002
From: abuse at bizmailsrvcs.net (abuse at bizmailsrvcs.net)
Date: Wed, 20 Nov 2002 22:21:27 -0600
Subject: Virus Alert
Message-ID: <200211210421.WAA13747@oe-iscan1pub.managedmail.com>


We have detected a virus (WORM_KLEZ.H) in your mail traffic sent from info at entertainmenteventsinc.com in the file FAILED.exe on 11/20/2002 22:21:24. We took the action delete. If you have questions regarding files or updating/installing Anti-virus protection on your PC, please contact your e-mail administrator or help desk.




From zenadsl6186 at zen.co.uk  Wed Nov 20 15:22:30 2002
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Wed, 20 Nov 2002 23:22:30 +0000
Subject: OPPOSE THE WAR! We are going to ruin Iraq to get the oil.  
  Who's ne
In-Reply-To: <p05200f00ba004574b07b@[12.246.127.139]>
Message-ID: <BA01B6E7.2659A%zenadsl6186@zen.co.uk>


Kevin Elliott wrote:

> 2) rifled muskets were not effective because of the ponderous reload
> time (I don't have precise figures, but the number 1/6th-1/10th the
> rate of fire of a smoothbore musket comes to mind)

There isn't that much difference in reload times - say 30 seconds for a
Kentucky rifle, as opposed to 20 seconds for a Brown Bess musket, for
well-trained troops. However, if you are in a volley line and waiting for
the last man to reload before firing a volley, that's a lifetime. Remember,
you are standing up to reload! Putting a few men armed with rifles in a line
of musketmen, they would seem useless, or worse, a liability.

Before I get flamed about those figures, may I point out that modern black
powder flintlock rifle shooters can and do shoot about one round a minute,
without trying to fire fast - a hotspot on the barrel can cause the powder
to cookoff unexpectedly, so they service the bore and touch hole between
shots, which slows them; but this isn't so important on the battlefield when
risks can be taken. It is said that Simon Kenton could reload his Kentucky
rifle in 12 seconds. The world record Springfield reload is about 6.5
seconds, a Brown Bess will take a bit longer than a Springfield.


At first glance the rifle was a better infantry weapon, but pitched battles
at 300 yards just didn't happen - and smoke obscuring the battlefield made
aimed shots difficult after a few volleys. Muskets weren't usually aimed,
just pointed in the right direction - musketmen were sometimes told to close
their eyes when firing to prevent injury from pan flash.

In volley fire it isn't really possible to aim - for aimed fire you need to
fire when the rifleman is ready, not on command. The superior accuracy of a
rifle is no use if you can't or don't aim it. The time taken to aim also
slows the rate of fire over an unaimed weapon.

Another problem was that early rifles weren't optimised for battle or use in
an army. It was often difficult starting the ball down the barrel, which can
slow reload time - there's a tool to do it, and you then use the ramrod, but
if the rifle/ball/patch combination is right you can start the ball by
hitting it with the ball of your hand, and the ramming can be quite quick.

Rifles were seldom fitted with bayonets, important to the tactics used at
the time - fire a volley or two, then a bayonet charge while your opponents
are reloading. They were also too fragile to use as a close quarter club.

Rifles weren't standardised either, so ammunition and parts couldn't be
shared and the riflemen had to cast/roll their own balls. Rifle balls need
to be more accurate than musket balls. Rifles take more training to use as
well.

But I think the main reason that rifles didn't play a bigger part, apart
from the usual military inertia (google Ferguson rifle for a British example
of this), was the simple lack of rifles, and their cost. Many men fighting
in the Revolutionary War didn't have any firearms at all.


-- 
Peter Fairbrother




From zenadsl6186 at zen.co.uk  Wed Nov 20 15:22:30 2002
From: zenadsl6186 at zen.co.uk (Peter Fairbrother)
Date: Wed, 20 Nov 2002 23:22:30 +0000
Subject: Psuedo-Private Key (eJazeera)
In-Reply-To: <F22wi23mZaendQxwZc100003c7e@hotmail.com>
Message-ID: <BA01C9B5.2659D%zenadsl6186@zen.co.uk>


Tyler Durden wrote:
[...]
> Let's say I've been coerced into revealing the private key to a certain
> encrypted message. And now, of course, the authorities use that key and open
> the message, and see the contents (let's assume they are picture of a
> demonstration or whatever).
> 
> WOULDN'T IT BE NICE...If the original encrypted message actually had TWO
> messages inside it, both very similar. In this example, one of the messages
> is the "incriminating" pictures of the demonstration, the other is pictures
> of Pam Anderson or whatever.
> 
> AND, this double message has two private keys associated with it: one
> corresponds to the Pam Anderson photos, the other corresponds to the
> Demonstration photos. When coerced, I give up the key that opens the Pam
> Anderson photos (while hopefully annhilating the Incriminating photos).
> 
> Of course, there's no way the authorities know that there was another
> message (not if done very cleverly...Pam Anderson photos might be a little
> obvious) that they destroyed when they used the fake Private Key.
> 
> Does this exist? Would it be difficult?

Yes it exists. It's called deniable encryption. Two-level deniable
encryption is not hard, but it usually involves increases in data size.
There is some stuff about this in Crypto and Eurocrypt reports.

Steganography and steganogaphic filing systems can do something similar, but
the increase in message size tends to be larger.


I am developing a form of deniable encryption (as part of m-o-o-t) that
works slightly differently and does not involve message-size increases - in
fact it it decreases message size.

It's grammer-based and works a bit like this: A sentence is parsed, and eg
a noun is encoded as a number relating to one of a publicly shared
dictionary of nouns. This number is then encrypted. Decrypting with a random
key will give a noun in that position in the sentence in all possible
decryptions, and a good proportion of all randomly keyed decryptions will
apparently make sense.

There is a lot more involved, so eg both parties can give out the same false
key, and so eg the same nouns used more than once in a message will decrypt
to identical nouns in decryptions, as well as notions of closeness in the
words used in a typical message, but I have done both the theoretical
unicity calculations and some practical tests, and it works for email-length
messages. 

The main implementation problems I have are coding time and that the only
parser that works well enough is proprietary. If anyone else is working on
something similar I would like to know. I'm probably not a cypherpunk, more
a privacy avocate, but I do write code.

:)

-- 
Peter Fairbrother




From wholesale at kc.com  Thu Nov 21 02:42:23 2002
From: wholesale at kc.com (WholeSale Cigarettes)
Date: Thu, 21 Nov 2002 02:42:23
Subject: Name Brand Cigarettes Under $16 per carton Guaranteed!
Message-ID: <GIGANTICxc1o8yfogkJ00000006@levee.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 14902 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021121/d5f6bda0/attachment.txt>

From jtrjtrjtr2001 at yahoo.com  Thu Nov 21 06:20:40 2002
From: jtrjtrjtr2001 at yahoo.com (Sarad AV)
Date: Thu, 21 Nov 2002 06:20:40 -0800 (PST)
Subject: Psuedo-Private Key (eJazeera)
In-Reply-To: <1037810983.3ddbbd2756a76@mail.nullify.org>
Message-ID: <20021121142040.65410.qmail@web21202.mail.yahoo.com>


hi,

I had suggested the same for an encryption product
called digisecret,this is what they had to say.

>Here is an example where hiding cipher text in cipher
text is ideal..

DigiSecret currently does not use assymmetric
algorithms. Besides this 
the introduction of this technique will mean that the
secret police 
will also know about this fact, so the person's
harrowing experience with the 
secret police will just be doubled: first they will
obtain the fake 
password and then the real one. Also it would not be
hard to track it on 
the algorithm diciphering level and to understand that
the message is not 
real.

Regards Data.

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus � Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




From DaveHowe at gmx.co.uk  Thu Nov 21 01:21:19 2002
From: DaveHowe at gmx.co.uk (David Howe)
Date: Thu, 21 Nov 2002 09:21:19 -0000
Subject: Psuedo-Private Key (eJazeera)
References: <F96rjCrU1YImWd1Go7t00003ca3@hotmail.com>
Message-ID: <003901c2913f$72ae7c00$c71121c2@sharpuk.co.uk>


at Wednesday, November 20, 2002 7:19 PM, Tyler Durden
<camera_lumina at hotmail.com> was seen to say:
> More than this, they will have
> unknowingly destroyed the real data.
Not possible in the real world - you will only be reading from the
message to create the "decoded" image, not overwriting it (under any
circumstances)
if the system required a overwritable message, then it both wouldn't
work with most email software, and would be presented with a *copy* of
the email by any attacker anyhow. Replaying and/or re-downloading email
is trivial.
Systems such as Disappearing Inc are good examples of this sort of
snakeoil though - attempts to make email "expire" that can be broken by
replacing the official executable with one that caches the keys.




From gbroiles at parrhesia.com  Thu Nov 21 09:33:39 2002
From: gbroiles at parrhesia.com (Greg Broiles)
Date: Thu, 21 Nov 2002 09:33:39 -0800
Subject: Torture done correctly is a terminal process
In-Reply-To: <003e01c29106$8d4006d0$6501a8c0@VAIO650>
References: <20021121014745.GA1430@lightship.internal.homeport.org>
Message-ID: <5.1.0.14.2.20021121092550.03900470@bivens.parrhesia.com>


At 06:34 PM 11/20/2002 -0800, Lucky Green wrote:
>I recently obtained an illuminating recording of a speech by a judge
>sitting on the 9th Circuit Court of Appeals which was given before the
>San Francisco Commonwealth Club. In said recording, the honorable judge
>proposes the issuance of formal federal torture warrants. The reader may
>or may not take comfort in the fact that the honorable judge firmly
>insists that the needles he proposes to be inserted under the
>fingernails of suspects should be sterile.
>
>Clearly, at least hygiene has progressed in the last 300 years.

To flesh this out a little more - the judge was Stephen Trott, speaking on
September 18 2002 at the Commonwealth Club. Trott credits the torture
warrant idea to Alan Dershowitz, whom he describes as a good friend and a
"great civil libertarian".

Edited transcripts and a RealAudio recording of Trott's speech are
available at 
<http://www.commonwealthclub.org/archive/02/02-09trott-intro.html> -
Trott's discussion (and apparent endorsement) of torture begins at
about 16:28 into the audio, and again during the Q&A session.


--
Greg Broiles -- gbroiles at parrhesia.com -- PGP 0x26E4488c or 0x94245961




From Vincent.Penquerch at artworks.co.uk  Thu Nov 21 02:14:48 2002
From: Vincent.Penquerch at artworks.co.uk (Vincent Penquerc'h)
Date: Thu, 21 Nov 2002 10:14:48 -0000
Subject: Psuedo-Private Key (eJazeera)
Message-ID: <B14C9D7F1977D111AD740060970ACBDAFACB35@warhol>


> And depending on the situation, the key-holder will decide 
> whether to give 
> them a key that destroys the real data, or that doesn't (and 
> hides it).

Don't even bother trying to destroy the original. Chances are
they will make a backup of everything before attempting anything.
And destroying something is likely to be very obvious, and very
damning. Best bet is to hide a second thing, which is kind of
incriminating, but not much. And hide it less well that the real
thing. People who think they understood the trick won't look any
further, because they think they understood it.
So, be sure to wail and complain when they discover the fake data,
and not bear a knowing smile :)

-- 
Vincent Penquerc'h 




From mboyo1111 at post.com  Thu Nov 21 12:46:22 2002
From: mboyo1111 at post.com (Dr.Wilfred Mboyo)
Date: Thu, 21 Nov 2002 12:46:22
Subject: Urgent Letter from Zimbabwe
Message-ID: <200211211146.gALBkPGE003139@locust.minder.net>


Sir,

                                     URGENT BUSINESS RELATIONSHIP

Firstly, I have to introduce myself to you. My name is Dr Wilfred Mboyo from Zimbabwe. I 
was the chairman of contract review panel in my country before the problem of the land 
reform program.
Before the escalation of the situation in Zimbabwe I recovered $16.8Million US dollars from 
over inflated contracts by some government officials. But I was a member of the opposition 
party the MDC(Movement for Democratic Change), and the ruling Party, (ZANU PF) has 
been against us. So I had to flee the country for a neighbouring African Country which I am 
currently residing.

Before the escalation of the situation in Zimbabwe I had not reported The recovery of my 
findings to the panel. So this money was in my possession and I lodged it in a security 
company here in Africa and currently this money has been moved to their security branch in 
Europe. I have been trying to fly to Europe but it has been difficult  for me to get a visa from 
Africa. So I want you to help me make claims of this fund($16.8m) in Europe as my 
beneficiary and transfer the money to your account or any account of your choice before I 
can get a visa to fly down. So that we can share this money.

I have agreed to give you 10%,which would be ($1.6Million dollars) of this Money for your 
assistance, and 85% would be mine and the other 5% would be set aside for any expenses 
that we may incure during the course of this transaction. And my 85% would be invested in 
your country in any profitable business propossed by you. 

We have never met, but I want to trust you and please do not let me down when this fund 
finally gets into your account. Please if you are interested, get to me through the email 
address below to enable me feed you with more details and all necessary documentations. 

Please treat this as confidential.  (  mboyo2000 at post.com   or   mboyo2001 at email.com )

Regards,

Dr.Wilfred Mboyo

NOTE: In the event of your inability to handle this transaction please 
inform me so that i can look for another reliable person who can assist me.






From attila at stalphonsos.com  Thu Nov 21 11:24:50 2002
From: attila at stalphonsos.com (attila)
Date: Thu, 21 Nov 2002 14:24:50 EST
Subject: Grammar-based privacy/crypto
Message-ID: <200211211923.gALJNguK002961@slack.lne.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have not been much for posting on the list until now (nothing much
other than opinions to add, and there seem to be plenty of those to
go around already), but Mr. Fairbrother's post demanded a response.

Peter Fairbrother wrote:

> I am developing a form of deniable encryption (as part of m-o-o-t) that
> works slightly differently and does not involve message-size increases - in
> fact it it decreases message size.
> ...
> The main implementation problems I have are coding time and that the only
> parser that works well enough is proprietary. If anyone else is working on
> something similar I would like to know. I'm probably not a cypherpunk, more
> a privacy avocate, but I do write code.
> ...

I am working on what I intend to be an industrial-strength,
open-source grammar-based generation toolkit, which might fit the bill
for the kind of thing he posted about (using grammars for privacy
applications).  I'm only concerned with generation right now
and not parsing, but going in the other direction is on my list of
desired features.  Unfortunately, I have a real day job and am trying
to get *something* good enough done in time to submit to CodeCon
(which deadline is coming up soon, I think).  The goals of the toolkit
are to be highly reusable/usable in many contexts, high performance,
and extremely flexible.

I would be interested in knowing what kinds of features you envision
being useful from a toolkit such as this for your purposes.  The toolkit
I'm building is in the form of a plain old library written in ANSI C,
with as few environmental dependencies as possible.  There are two
main data structures: grammars (gram_t *), and grammar generators
(gram_gen_t *).  Grammars can be constructed by API calls or by handing
a file or string containing eBNF to a function that knows how to turn
eBNF into a gram_t.  Grammar generators are built from grammars, and
can have different generation strategies associated with them (random,
breadth first, depth first).  Generation itself happens by means of
callbacks associated with terminals in the underlying grammar, so
the grammar can really be about anything, not just text (e.g. you could
write callbacks to generate musical tones, raw network traffic, geometric
shapes ala shape grammars (http://www.shapegrammar.org/) etc.).

I'm much fuzzier on how I would like the eventual parsing side of
the house to work, but I'm experienced enough in this subject generally
to build what I need when I finally figure out how I want it to
work exactly.  In an ideal world, you hand a gram_t to a third API
that creates an acceptor for the grammar that is similarly insulated
from how the actual raw tokens are presented (same kind of callback-driven
fu I do for generators in the lexical analysis side of the house),
but I was also thinking it would be really cool to do some sort of
code generator instead (or use antlr or byacc or something).

One principle that I intend to follow is to make it easy to use
this toolkit to build up libraries of primitives that can be joined
together, so that common uses can be accomodated with as little
code on the part of the user as possible.  For instance, although
there is nothing specific in the core with regard to generating
text (like e-mail), this is an obvious common usage (if only for
debugging), so there will be primitives in the library that make
it easy to "wire up" your grammar and get it to spit out text (I
was thinking of some XML-based config language that you could use
to associate dynamically-loaded primitives from some .so or .dll
by name with terminals, etc.).

If any of this jibes with the kind of things you're thinking about,
I'd appreciate hearing from you; although I have a head full of ideas
on what I'd like to do with it, it's always helpful to hear from
people with other perspectives who are thinking about similar
things.  I find myself often working in a vacuum, late at night,
with nothing to go on but my own feeling of what is useful.  Perhaps
it's time to delurk.  In any event, if anyone besides Mr. Fairbrother
has any ideas, opinions or encouragement, it would be most welcome
(and yes, I am aware of Disappearing Cryptography - it was, along with
shape grammars, the source of much of my inspiration).

Pax,
						--A
- -- 
attila % member, st.Alphonsos collective % unix,tcp/ip,security,hard bits
attila at stalphonsos.com % gpg key http://stalphonsos.com/~attila/gpgkey.txt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE93TMCr88iLU/8u5wRArHRAJ9/thKhVhBUNdSRkopkDMYC0T3Z5gCgg2Dt
AzHMmk+zVzJeE72cGa1Eyl8=
=4TEf
-----END PGP SIGNATURE-----




From DaveHowe at gmx.co.uk  Thu Nov 21 06:34:47 2002
From: DaveHowe at gmx.co.uk (David Howe)
Date: Thu, 21 Nov 2002 14:34:47 -0000
Subject: New Wi-Fi Security Scheme Allows DoS (fwd)
References: <Pine.LNX.4.33.0211210752230.1740-100000@einstein.ssz.com>
Message-ID: <036401c2916b$59001120$c71121c2@sharpuk.co.uk>


at Thursday, November 21, 2002 1:52 PM, Jim Choate
<ravage at einstein.ssz.com> was seen to say: 
> http://www.extremetech.com/article2/0,3973,717170,00.asp
LOL!
which references - the archive of this list for bibliography :)




From jamesd at echeque.com  Thu Nov 21 16:59:43 2002
From: jamesd at echeque.com (James A. Donald)
Date: Thu, 21 Nov 2002 16:59:43 -0800
Subject: Microsoft on Darknet
In-Reply-To: <4b2b2f0383410fad2db287ecd81e33c2@dizum.com>
Message-ID: <3DDD10FF.13670.1E080E8@localhost>


    --
According to Microsoft,

http://crypto.stanford.edu/DRM2002/darknet5.doc

Darknet is being undermined by free riders.

: : 	Peer-to-peer file sharing assumes that a 
: : 	significant fraction of users adhere to the 
: : 	somewhat post-capitalist idea of sacrificing their 
: : 	own resources for the "common good" of the network. 
: : 	Most free-riders do not seem to adopt this idea. 
: : 	For example, with 56 kbps modems still being the 
: : 	network connection for most users, allowing uploads 
: : 	constitutes a tangible bandwidth sacrifice. One 
: : 	approach is to make collaboration mandatory. For 
: : 	example, Freenet [6] clients are required to 
: : 	contribute some disk space. However, enforcing such 
: : 	requirements without a central infrastructure is 
: : 	difficult.

 The obvious solution is to monetize the darknet services, with
very small payments, payments that would typically ad up to
five dollars a month for heavy users or heavy servers -- that
is to say, a half a gram of gold a month.

Mojo was intended to do this but it failed, I think it failed
because they failed to monetize mojo before it was introduced
as service management mechanism.

We should get an anonymous micropayment system working,
interconvertible to real money, or real e-gold, then apply it
to such applications as mixmasters and darknet.

Allegedly yodel is such a system, but yodel is connected to
e-rand, which is connected to some people who fail to inspire
me with confidence.

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     beO567eji82JoZMjbN1JCWL6vQBr301pkVztKIR+
     4HzLNwHtW3q5fJqUcxtmJZ0gjqfcEJvGFfMRkWY0c




From pgut001 at cs.auckland.ac.nz  Wed Nov 20 23:34:10 2002
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Thu, 21 Nov 2002 20:34:10 +1300 (NZDT)
Subject: Digital signature legislation tutorial posted
Message-ID: <200211210734.UAA214733@ruru.cs.auckland.ac.nz>

I've recently revamped part 2 of my Godzilla security tutorial, splitting off
the coverage of digital signature legislation and related issues into its own
section.  Part2a, consisting of a total of 79 slides, covers the question of
why we need digital signature legislation, what is a signature, paper
vs.electronic signatures, non-repudiation, trust, and liability, existing
approaches, examples of existing legislation of various types including
advantages and drawbacks, and the Digital Signature Law litmus test (and it
also explains why having a techie comment on legal issues isn't as silly as it
sounds :-).  It's available as part 2a of the Godzilla tutorial at
http://www.cs.auckland.ac.nz/~pgut001/tutorial/index.html.  Comments welcome

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From lgcon at sina.com  Thu Nov 21 04:36:56 2002
From: lgcon at sina.com (cypherpunks)
Date: Thu, 21 Nov 2002 20:36:56 +0800
Subject: =?GB2312?B?xPq9/MC0v8m6wyE=?=
Message-ID: <200211211237.gALCbOQ28062@waste.minder.net>


尊敬的cypherpunks:您好：

以下信息可能对您有用,所以未经您的同意发信给您,请您原谅.
若不想收到此信,请发信至hongda3721 at sina.com,注明主题<remove>.
请勿直接回复此信

杰讯精品软件珍藏版<1CD>
总售价仅50元人民币
另：
2002年12月1日前购买者可获赠1000万个中国大陆邮件地址
(新收集,并验证.)
----------------------
部分软件名如下：
1.登录奇兵4.3正式版
2.环球商务信息发布软件	
3.会声会影	
4.单SMTP群发软件	
5.多SMTP群发软件
6.免SMTP群发软件
7.群发相关辅助软件	
8.搜索群发一体软件	
9.信息发布软件
10.邮件地址搜索软件	
11.邮件地址整理	
12.企业财务软件	
13.不得不背单词
14.争分夺秒背单词
15.英语八哥
16.彩圣 v3.10 正式特别版
17.彩神足彩投注助手
18.亿唯e书 v0.9 简体中文版
19.换算专家 v2.0 简体正式版
20.指法练习经典软件	
21.五笔安装	
22.五笔直通车	
23.天音怒放	
24.鼠标自动操作	
25.屏保专家
26.Windows优化大师
27.WinRAR v3.00 简体中文
28.超星图书浏览器
29.东方影都全能王零售版
30.图像处理	
31.网际快车
32.网络收藏家	
33.音乐贺卡制作	
34.友情强档	
35.字符画大师	
36.文件小管家	
37.PHOTOSHOP7.0简体中文版
38.卸载精灵
39.Windows变脸王 v4.0 特别版	
40.Macromedia Dreamweaver
==============================
欲了解软件的详细功能，欢迎您来信索取.
hongda3721 at sina.com
祝商祺！


　　　　　　　　致
礼!
　　　　　　　　　　　　 
2002-11-21
------------
要精品软件,找杰讯,准没错！




From declan at well.com  Thu Nov 21 19:27:47 2002
From: declan at well.com (Declan McCullagh)
Date: Thu, 21 Nov 2002 22:27:47 -0500
Subject: Onion Self-Censorship
In-Reply-To: <53273934-FD25-11D6-9027-0050E439C473@got.net>; from
  tcmay@got.net on Wed, Nov 20, 2002 at 11:46:20PM -0800
References: <p05111a03ba022bfa9695@[192.168.1.25]>
  <53273934-FD25-11D6-9027-0050E439C473@got.net>
Message-ID: <20021121222747.B30485@cluebot.com>


On Wed, Nov 20, 2002 at 11:46:20PM -0800, Tim May wrote:
> Web crawlers ("observers," in quantum mechanics lingo) saw the article  
> and indexed it is enough for me to beleve it was there, at least  
> temporarily.

It was, and as of an hour or two ago it was still on the Onion's
mobile.theonion.com wireless site. 

Details:
http://www.politechbot.com/p-04180.html

-Declan




From die at die.com  Thu Nov 21 21:46:53 2002
From: die at die.com (Dave Emery)
Date: Fri, 22 Nov 2002 00:46:53 -0500
Subject: Worm Klez.E immunity
In-Reply-To: <3DD572BB000AF2F4@occmta10a.terra.com.mx>
References: <3DD572BB000AF2F4@occmta10a.terra.com.mx>
Message-ID: <20021122054653.GB32194@pig.die.com>


On Thu, Nov 21, 2002 at 02:47:24PM -0600, tcmay wrote:
> Content-Type: application/octet-stream;
> 	name=RPOUDOMI.TXT
> Content-Transfer-Encoding: base64
> Content-ID: <Y14n4PtOj>
> 

	Who are all these people with Hispanic names anyway ?

	Doesn't look like a list of arab terrorists to me....


-- 
	Dave Emery N1PRE,  die at die.com  DIE Consulting, Weston, Mass. 
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2  5D 27 BD B0 24 88 C3 18




From kerutdop at ut.com  Thu Nov 21 18:53:39 2002
From: kerutdop at ut.com (Isidro Saenz)
Date: Fri, 22 Nov 2002 01:53:39 -0100
Subject: Don't get left behind
Message-ID: <707912933.41896869504306@thhebat.net>


Finally the original thing � with no ripoffs! 
P.E.P. are piping hot at this time! Well this is the real stuff not a fictitious one! 

One of the very prominents, absolutely unrivalled stuff is accessible here and there!
 Take a look at just what people tell about this product:

"I was impressed how quick P.E.P. worked on my boyfriend, he can not stop babbling about how excited he is having his new calibre, extent, and libido!"

Victoria K., Bellevue WA

"At first I thought the free specimen  I received was a mean trick, until I tried to use the P.E.P. No words can depict how greatly pleased I am with the effect from using this remedy after 6 brief weeks. I will be ordering on a constant basis!" 
Mike Brown, New York

Read more testimonials on this astonishing product here!
http://www.periast.net/?qyjrhfkjha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1217 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021122/c4b18247/attachment.txt>

From eugen at leitl.org  Thu Nov 21 23:01:49 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 22 Nov 2002 08:01:49 +0100 (CET)
Subject: Microsoft on Darknet
In-Reply-To: <3DDD10FF.13670.1E080E8@localhost>
Message-ID: <Pine.LNX.4.33.0211220758510.23467-100000@hydrogen.leitl.org>


On Thu, 21 Nov 2002, James A. Donald wrote:

> Mojo was intended to do this but it failed, I think it failed
> because they failed to monetize mojo before it was introduced
> as service management mechanism.

Mojo ultimatively failed because MojoNation failed. MNet is very alive,
though, and it will get a new mint eventually.

What I didn't like about Mojo is that the developers didn't treat
it like a currency which it was. If your client doesn't care about
Mojo, why should you? If you treat currency like toilet paper, it's
not worth very much.




From tcmay at got.net  Fri Nov 22 08:13:09 2002
From: tcmay at got.net (Tim May)
Date: Fri, 22 Nov 2002 08:13:09 -0800
Subject: Worm Klez.E immunity
In-Reply-To: <20021122054653.GB32194@pig.die.com>
Message-ID: <4AB7760E-FE35-11D6-9027-0050E439C473@got.net>


On Thursday, November 21, 2002, at 09:46  PM, Dave Emery wrote:

> On Thu, Nov 21, 2002 at 02:47:24PM -0600, tcmay wrote:
>> Content-Type: application/octet-stream;
>> 	name=RPOUDOMI.TXT
>> Content-Transfer-Encoding: base64
>> Content-ID: <Y14n4PtOj>
>>
>
> 	Who are all these people with Hispanic names anyway ?
>
> 	Doesn't look like a list of arab terrorists to me....
>

Why are you copying me on this message? I had nothing to do with 
sending it.

Get a clue.


--Tim May




From mallam.adamu.ciroma at caramail.com  Fri Nov 22 09:31:43 2002
From: mallam.adamu.ciroma at caramail.com (mallam.adamu.ciroma)
Date: Fri, 22 Nov 02 09:31:43 Pacific Standard Time
Subject: INVESTMENT PROPOSAL
Message-ID: <200211221510.gAMFAOGE064812@locust.minder.net>

FROM THE DESK OF MALLAM ADAMU CIROMA
HONOURABLE MINISTER OF FINANCE
FEDERAL REPUBLIC OF NIGERIA.

DEAR SIR,

I AM MALLAM ADAMU CIROMA, THE HONOURABLE MINISTER OF FINANCE OF FEDERAL REPUBLIC OF NIGERIA.

I AM SENDING THIS LETTER TO YOU TO SOLICIT FOR A BUSINESS/INVESTMENT PARTNERSHIP THAT INVOLVES MILLIONS OF DOLLARS.

THIS MONEY CAME AS A RESULT OF OVER-INFLUENCED BUDGET BETWEEN ME AND THE BUDGET PLANNING COMMITTEEE CHAIRMAIN. THE COMMITTEE CHAIRMAN HAS COLLECTED HIS OWN SHARE REMAINING MY OWN SHARE WHICH IS NOW LYING UNDER THE CUSTODY OF A SECURITY COMPANY IN ABROAD.

THIS IS A LUCRATIVE BUSINESS WHICH I WANT YOU TO HANDLE WITH SERIOUSNESS AND CONFIDENTIALITYH UNTIL THE MONEY GETS INTO YOUR HAND FOR INVESTMENT PURPOSES.

AS A MATTER OF URGENCY, I WANT YOU TO CALL ME ON MY DIRECT PHONE NUMBER 234-80-33055024 FOR MORE CLARIFICATION OR THROUGH MY EMAIL ADDRESS.

THANKS. I AWAIT YOUR URGENT RESPONSE.

YOURS FAITHFULLY,

MALLAM ADAMU CIROMA (MON)    

From camera_lumina at hotmail.com  Fri Nov 22 06:41:03 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Fri, 22 Nov 2002 09:41:03 -0500
Subject: All you need to know about Stavridou
Message-ID: <F109wGmAf0MjkatwD4300000385@hotmail.com>


"identifying network miscreants and revoking their network privileges"

If one has any doubt, this sentence says it all. In fact,

"revoking their network privileges"

does it. No, wait,

"network privileges" is enough.






>From: Eugen Leitl <eugen at leitl.org>
>To: <transhumantech at yahoogroups.com>
>CC: <cpunx-news at leitl.org>, <cypherpunks at lne.com>
>Date: Fri, 22 Nov 2002 10:30:32 +0100 (CET)
>
>Fucking nuts.
>
>http://www.nytimes.com/2002/11/22/politics/22TRAC.html?pagewanted=print&position=bottom
>
>Agency Weighed, but Discarded, Plan Reconfiguring the Internet
>By JOHN MARKOFF
>
>The Pentagon research agency that is exploring how to create a vast
>database of electronic transactions and analyze them for potential
>terrorist activity considered but rejected another surveillance idea:
>tagging Internet data with unique personal markers to make anonymous use
>of some parts of the Internet impossible.
>
>The idea, which was explored at a two-day workshop in California in
>August, touched off an angry private dispute among computer scientists and
>policy experts who had been brought together to assess the implications of
>the technology.
>
>The plan, known as eDNA, called for developing a new version of the
>Internet that would include enclaves where it would be impossible to be
>anonymous while using the network. The technology would have divided the
>Internet into secure "public network highways," where a computer user
>would have needed to be identified, and "private network alleyways," which
>would not have required identification.
>
>Several people familiar with the eDNA discussions said such secure areas
>might have first involved government employees or law enforcement
>agencies, then been extended to security-conscious organizations like
>financial institutions, and after that been broadened even further.
>
>A description of the eDNA proposal that was sent to the 18 workshop
>participants read in part: "We envisage that all network and client
>resources will maintain traces of user eDNA so that the user can be
>uniquely identified as having visited a Web site, having started a process
>or having sent a packet. This way, the resources and those who use them
>form a virtual `crime scene' that contains evidence about the identity of
>the users, much the same way as a real crime scene contains DNA traces of
>people."
>
>The proposal would have been one of a series of technology initiatives
>that have been pursued by the Bush administration for what it describes as
>part of the effort to counter the potential for further terrorist attacks
>in the Unites States. Those initiatives include a variety of plans to
>trace and monitor the electronic activities of United States citizens.
>
>In recent weeks another undertaking of the the Defense Advanced Research
>Projects Agency, or Darpa, the Pentagon research organization, has drawn
>sharp criticism for its potential to undermine civil liberties. That
>project is being headed by John M. Poindexter, the retired vice admiral
>who served as national security adviser to President Ronald Reagan.
>
>Dr. Poindexter returned to the Pentagon in January to direct the research
>agency's Information Awareness Office, created in the wake of the Sept. 11
>attacks. That office has been pursuing a surveillance system called Total
>Information Awareness that would permit intelligence analysts and law
>enforcement officials to mount a vast dragnet through electronic
>transaction data ranging from credit card information to veterinary
>records, in the United States and internationally, to hunt for terrorists.
>
>In contrast, with eDNA the user would have needed to enter a digital
>version of unique personal identifiers, like a fingerprint or voice, in
>order to use the secure enclaves of the network. That would have been
>turned into an electronic signature that could have been appended to every
>Internet message or activity and thus tracked back to its source.
>
>The eDNA idea was originally envisioned in a private brainstorming session
>that included the director of Darpa, Dr. Tony Tether, and a number of
>computer researchers, according to a person with intimate knowledge of the
>proposal. At the meeting, this person said, Dr. Tether asked why Internet
>attacks could not be traced back to their point of origin, and was told
>that given the current structure of the Internet, doing so was frequently
>not possible.
>
>The review of the proposal was financed by a second Darpa unit, the
>Information Processing Technology Office. This week a Darpa spokeswoman,
>Jan Walker, said the agency planned no further financing for the idea. In
>explaining the reason for the decision to finance the review in the first
>place, Ms. Walker said the agency had been "intrigued by the difficult
>computing science research involved in creating network capabilities that
>would provide the same levels of responsibility and accountability in
>cyberspace as now exist in the physical world."
>
>Darpa awarded a $60,000 contract to SRI International, a research concern
>based in Menlo Park, Calif., to investigate the concept. SRI then convened
>the workshop in August to evaluate its feasibility.
>
>The workshop brought together a group of respected computer security
>researchers, including Whitfield Diffie of Sun Microsystems and Matt Blaze
>of AT&T Labs; well-known computer scientists like Roger Needham of
>Microsoft Research in Cambridge, England; Michael Vatis, who headed the
>National Infrastructure Protection Center during the Clinton
>administration; and Marc Rotenberg, a privacy expert from the Electronic
>Privacy Information Center.
>
>The workshop was led by Mr. Blaze and Dr. Victoria Stavridou, an SRI
>computer scientist, one of those who had originally discussed the eDNA
>concept with Darpa officials.
>
>At the workshop, the idea was criticized by almost all the participants, a
>number of them said, on both technical and privacy grounds. Several
>computer experts said they believed that it would not solve the problems
>it would be addressing.
>
>"Before people demand more surveillance information, they should be able
>to process the information they already have," Mark Seiden, an independent
>computer security expert who attended the workshop, said in an interview.
>"Almost all of our failures to date have come from our inability to use
>existing intelligence information."
>
>Several of the researchers told of a heated e-mail exchange in September
>over how to represent the consensus of the workshop in a report that was
>to be submitted to Darpa. At one point, Mr. Blaze reported to the group
>that he had been "fired" by Dr. Stavridou, of SRI, from his appointed role
>of writing the report presenting that consensus.
>
>In e-mail messages, several participants said they believed that Dr.
>Stavridou was hijacking the report and that the group's consensus would
>not be reported to Darpa.
>
>"I've never seen such personal attacks," one participant said in a
>subsequent telephone interview.
>
>In defending herself by e-mail, Dr. Stavridou told the other panelists,
>"Darpa asked SRI to organize the meeting because they have a deep interest
>in technology for identifying network miscreants and revoking their
>network privileges."
>
>In October, Dr. Stavridou traveled to Darpa headquarters in Virginia and .
>after a teleconference from there that was to have included Mr. Blaze, Mr.
>Rotenberg and Mr. Vatis was canceled . later told the panelists by e-mail
>that she had briefed several Darpa officials on her own about the group's
>discussions.
>
>In that e-mail message, sent to the group on Oct. 15, she reported that
>the Darpa officials had been impressed with the panel's work and had told
>her that three Darpa offices, including the Information Awareness Office,
>were interested in pursuing the technology.
>
>This week, however, in response to a reporter's question, Darpa said it
>had no plans to pursue the technology. And an SRI spokeswoman, Alice
>Resnick, said yesterday, "SRI informed Darpa that the costs and risks
>would outweigh any benefit."
>
>Dr. Stavridou did not return phone calls asking for comment.
>
>-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
>______________________________________________________________
>ICBMTO: N48 04'14.8'' E11 36'41.2'' http://eugen.leitl.org
>83E5CA02: EDE4 7193 0833 A96B 07A7  1A88 AA58 0E89 83E5 CA02


_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail




From eugen at leitl.org  Fri Nov 22 01:30:32 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 22 Nov 2002 10:30:32 +0100 (CET)
Subject: No subject
Message-ID: <Pine.LNX.4.33.0211221029090.14165-100000@hydrogen.leitl.org>


Fucking nuts.

http://www.nytimes.com/2002/11/22/politics/22TRAC.html?pagewanted=print&position=bottom

Agency Weighed, but Discarded, Plan Reconfiguring the Internet
By JOHN MARKOFF

The Pentagon research agency that is exploring how to create a vast 
database of electronic transactions and analyze them for potential 
terrorist activity considered but rejected another surveillance idea: 
tagging Internet data with unique personal markers to make anonymous use 
of some parts of the Internet impossible.

The idea, which was explored at a two-day workshop in California in 
August, touched off an angry private dispute among computer scientists and 
policy experts who had been brought together to assess the implications of 
the technology.

The plan, known as eDNA, called for developing a new version of the 
Internet that would include enclaves where it would be impossible to be 
anonymous while using the network. The technology would have divided the 
Internet into secure "public network highways," where a computer user 
would have needed to be identified, and "private network alleyways," which 
would not have required identification.

Several people familiar with the eDNA discussions said such secure areas 
might have first involved government employees or law enforcement 
agencies, then been extended to security-conscious organizations like 
financial institutions, and after that been broadened even further.

A description of the eDNA proposal that was sent to the 18 workshop 
participants read in part: "We envisage that all network and client 
resources will maintain traces of user eDNA so that the user can be 
uniquely identified as having visited a Web site, having started a process 
or having sent a packet. This way, the resources and those who use them 
form a virtual `crime scene' that contains evidence about the identity of 
the users, much the same way as a real crime scene contains DNA traces of 
people."

The proposal would have been one of a series of technology initiatives 
that have been pursued by the Bush administration for what it describes as 
part of the effort to counter the potential for further terrorist attacks 
in the Unites States. Those initiatives include a variety of plans to 
trace and monitor the electronic activities of United States citizens.

In recent weeks another undertaking of the the Defense Advanced Research 
Projects Agency, or Darpa, the Pentagon research organization, has drawn 
sharp criticism for its potential to undermine civil liberties. That 
project is being headed by John M. Poindexter, the retired vice admiral 
who served as national security adviser to President Ronald Reagan.

Dr. Poindexter returned to the Pentagon in January to direct the research 
agency's Information Awareness Office, created in the wake of the Sept. 11 
attacks. That office has been pursuing a surveillance system called Total 
Information Awareness that would permit intelligence analysts and law 
enforcement officials to mount a vast dragnet through electronic 
transaction data ranging from credit card information to veterinary 
records, in the United States and internationally, to hunt for terrorists.

In contrast, with eDNA the user would have needed to enter a digital 
version of unique personal identifiers, like a fingerprint or voice, in 
order to use the secure enclaves of the network. That would have been 
turned into an electronic signature that could have been appended to every 
Internet message or activity and thus tracked back to its source.

The eDNA idea was originally envisioned in a private brainstorming session 
that included the director of Darpa, Dr. Tony Tether, and a number of 
computer researchers, according to a person with intimate knowledge of the 
proposal. At the meeting, this person said, Dr. Tether asked why Internet 
attacks could not be traced back to their point of origin, and was told 
that given the current structure of the Internet, doing so was frequently 
not possible.

The review of the proposal was financed by a second Darpa unit, the 
Information Processing Technology Office. This week a Darpa spokeswoman, 
Jan Walker, said the agency planned no further financing for the idea. In 
explaining the reason for the decision to finance the review in the first 
place, Ms. Walker said the agency had been "intrigued by the difficult 
computing science research involved in creating network capabilities that 
would provide the same levels of responsibility and accountability in 
cyberspace as now exist in the physical world."

Darpa awarded a $60,000 contract to SRI International, a research concern 
based in Menlo Park, Calif., to investigate the concept. SRI then convened 
the workshop in August to evaluate its feasibility.

The workshop brought together a group of respected computer security 
researchers, including Whitfield Diffie of Sun Microsystems and Matt Blaze 
of AT&T Labs; well-known computer scientists like Roger Needham of 
Microsoft Research in Cambridge, England; Michael Vatis, who headed the 
National Infrastructure Protection Center during the Clinton 
administration; and Marc Rotenberg, a privacy expert from the Electronic 
Privacy Information Center.

The workshop was led by Mr. Blaze and Dr. Victoria Stavridou, an SRI 
computer scientist, one of those who had originally discussed the eDNA 
concept with Darpa officials.

At the workshop, the idea was criticized by almost all the participants, a 
number of them said, on both technical and privacy grounds. Several 
computer experts said they believed that it would not solve the problems 
it would be addressing.

"Before people demand more surveillance information, they should be able 
to process the information they already have," Mark Seiden, an independent 
computer security expert who attended the workshop, said in an interview. 
"Almost all of our failures to date have come from our inability to use 
existing intelligence information."

Several of the researchers told of a heated e-mail exchange in September 
over how to represent the consensus of the workshop in a report that was 
to be submitted to Darpa. At one point, Mr. Blaze reported to the group 
that he had been "fired" by Dr. Stavridou, of SRI, from his appointed role 
of writing the report presenting that consensus.

In e-mail messages, several participants said they believed that Dr. 
Stavridou was hijacking the report and that the group's consensus would 
not be reported to Darpa.

"I've never seen such personal attacks," one participant said in a 
subsequent telephone interview.

In defending herself by e-mail, Dr. Stavridou told the other panelists, 
"Darpa asked SRI to organize the meeting because they have a deep interest 
in technology for identifying network miscreants and revoking their 
network privileges."

In October, Dr. Stavridou traveled to Darpa headquarters in Virginia and . 
after a teleconference from there that was to have included Mr. Blaze, Mr. 
Rotenberg and Mr. Vatis was canceled . later told the panelists by e-mail 
that she had briefed several Darpa officials on her own about the group's 
discussions.

In that e-mail message, sent to the group on Oct. 15, she reported that 
the Darpa officials had been impressed with the panel's work and had told 
her that three Darpa offices, including the Information Awareness Office, 
were interested in pursuing the technology.

This week, however, in response to a reporter's question, Darpa said it 
had no plans to pursue the technology. And an SRI spokeswoman, Alice 
Resnick, said yesterday, "SRI informed Darpa that the costs and risks 
would outweigh any benefit."

Dr. Stavridou did not return phone calls asking for comment.

-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://eugen.leitl.org
83E5CA02: EDE4 7193 0833 A96B 07A7  1A88 AA58 0E89 83E5 CA02




From mv at cdc.gov  Fri Nov 22 11:10:00 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 22 Nov 2002 11:10:00 -0800
Subject: Microsoft on Darknet
Message-ID: <3DDE8108.EF9B949B@cdc.gov>


At 04:59 PM 11/21/02 -0800, James A. Donald wrote:
>    --
>According to Microsoft,
>
>http://crypto.stanford.edu/DRM2002/darknet5.doc
>
>Darknet is being undermined by free riders.

They attribute this to 2 things: most are on 56Kbps, and legal
harassment of
large sharers is possible.

I suspect it is mostly that broadband isn't too common yet.




From mv at cdc.gov  Fri Nov 22 13:13:57 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 22 Nov 2002 13:13:57 -0800
Subject: [Burbclaves + Brinworld] Geek 'Vigilantes' Monitor Border 
Message-ID: <3DDE9E14.B558FACF@cdc.gov>


Geek 'Vigilantes' Monitor Border

By Michelle Delio  |   Also by this reporter  Page 1 of 1


02:00 AM Nov. 22, 2002 PT

A group of tech-savvy ranchers in Arizona is using military technology
to monitor and apprehend illegal immigrants crossing the border from
Mexico
into the United States.

Members of the group have spiked their land with thousands of motion
sensors. They also use infrared tracking devices, global positioning
systems,
night vision goggles, radar and other gear to survey movement near the
border.

http://wired.com/news/politics/0,1283,56523,00.html




From mv at cdc.gov  Fri Nov 22 15:24:02 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 22 Nov 2002 15:24:02 -0800
Subject: How to eliminate someone, using bits + witchhunt
Message-ID: <3DDEBC92.5A8956B1@cdc.gov>


Insert a picture of a nude boy into their Powerpoint...



http://www.chron.com/cs/CDA/story.hts/metropolitan/1672981

Nov. 22, 2002, 8:47AM

                           Porn shows up in businessman's slide show

                           Associated Press

                           FORT WORTH -- A North Texas businessman has
been
                           jailed after co-workers reported an image of
child
                           pornography showed up on a screen as he gave
a computer
                           slide presentation recently.

                           James Andrew Smith of Denton was in the
Mansfield Jail under $300,000 bond after
                           he was charged with two counts of possessing
child pornography and one charge of
                           promoting child pornography.

                           Exel Inc. co-workers told police Smith had
just completed a PowerPoint presentation
                           on Sept. 4 when he tried to open another
document on his laptop computer. The
                           co-workers said a photograph of a nude young
boy appeared on the screen.

                           Exel Inc. is a logistics company in Fort
Worth.

                           According to the police report, Smith told
Exel officials that a computer virus had
                           caused the image to appear. Nevertheless,
police said Excel officials fired Smith and
                           contacted police the following week after a
search of his laptop found pornographic
                           photos of children that appeared to have been
e-mailed to others.

                           Police seized the computer, as well as disks
containing child pornography and a folder
                           with 65 pages of printed pictures of child
pornography that Exel officials had found in
                           Smith's desk, the report stated.

                           Smith is also pastor of Landmark Baptist
Church in Sanger. His wife, Julie Smith, said
                           they have been married for 13 years and have
two children.

                           "He's never hurt our children. As far as I
know he's never hurt anyone's children," she
                           said. "He has always taken very good care of
me and our children. Anything we
                           needed or wanted, he worked and I got it."

                           She said the congregation at the Sanger
church was told Wednesday night that her
                           husband was resigning immediately, but was
not told why. He had been pastor of the
                           church for 3 1/2 years.

--------
Morals:
Don't use your work laptop for personal stuff
Encrypt your naughty bits
Don't use email clients that display pictures automatically
A virus that quietly downloads alt.bin.taboo will be very funny.




From rabbi at abditum.com  Fri Nov 22 15:28:02 2002
From: rabbi at abditum.com (Len Sassaman)
Date: Fri, 22 Nov 2002 15:28:02 -0800 (PST)
Subject: CodeCon 2003 Call for Papers
Message-ID: <Pine.LNX.4.30.QNWS.0211221519520.27576-100000@thetis.deor.org>

CodeCon 2.0
February 22-24, 2003

Club NV
San Francisco CA, USA
www.codecon.info


Call For Papers

CodeCon is the premier showcase of active hacker projects. It is an
excellent opportunity for developers to demonstrate their work, and for
coding hackers to find out about what's going on in their community.

All presentations must be accompanied by functional applications,
ideally open source. Presenters must be one of the active developers of
the code in question. We emphasize that demonstrations be of *working*
code, and reproducible by other people. Throughout the event, we will have
several kiosks and local servers available for demonstration purposes.

CodeCon strongly encourages presenters from non-commercial and academic
backgrounds to attend for the purposes of collaboration and the sharing of
knowledge by providing free registration to workshop presenters and
discounted registration to full-time students.


We hereby solicit papers and demonstrations.

   * Papers and proposals due: December 15, 2002
   * Authors notified: January 1, 2003
   * Demonstration materials due: January 15, 2003


The focus of CodeCon is on working applications which:

   * enhance individual power and liberty
   * can be discussed freely, either by virtue of being open source or
     having a published protocol, and preferably free of intellectual
     property restrictions
   * are generally useful, either directly to a large number of users, or
     as an example of technology applicable to a larger audience
   * demonstrate novelty in technical approaches, security assumptions, and
     end-user functionality


Possible topics include, but are by no means restricted to:

   * development tools - languages, debuggers, version control
   * file sharing systems - swarming distribution, distributed search
   * community-based web sites - forums, weblogs, personals
   * security products - mail encryption, intrusion detection, firewalls


Presentations will be a 45 minutes long, with 15 minutes allocated for
Q&A. Overruns will be truncated.

Submission details:

Submissions are being accepted immediately. Acceptance dates are
September 1, November 1, and December 15. On each acceptance date,
submissions will be either accepted, rejected, or deferred to the
next acceptance date.

The conference language is English.

All submissions should be accompanied by source code or an application.
When possible, we would prefer that the application be available for
interactive use during the workshop, either on a presenter-provided
demonstration machine or one of the conference kiosks.

Ideally, demonstrations should be usable by attendees with 802.11b
connected devices either via a web interface, or locally on Windows,
UNIX-like, or MacOS platforms. Cross-platform applications are most
desirable.

Please not that our venue is 21+.

To submit, send mail to submissions at codecon.info including the following
information:

   * Project name
   * url of project home page
   * tagline - one sentence or less summing up what the project does
   * names of presenter(s) and urls of their home pages, if they have any
   * one-paragraph bios of presenters (optional)
   * project history, no more than a few sentences
   * what will be done in the project demo
   * major achievement(s) so far
   * claim(s) to fame, if any
   * future plans


Conference Producers and co-chairs: Bram Cohen, Len Sassaman

Program Committee:

   * Tina Bird, Counterpane
   * Bram Cohen, BitTorrent
   * Roger Dingledine, The Free Haven Project
   * Jered Floyd, Permabit
   * Paul Holman, The Shmoo Group
   * Ben Laurie, The Apache Foundation
   * Don Marti, Linux Journal
   * Jordan Ritter, Cloudmark
   * Len Sassaman, Nomen Abditum Services
   * Rodney Thayer, The Tillerman Group
   * Jamie Zawinski, DNA Lounge


Sponsorship:

If your organization is interested in sponsoring CodeCon, we would love to
hear from you. In particular, we are looking for sponsors for social meals
and parties on any of the three days of the conference, as well as
sponsors of the conference as a whole, prizes or awards for quality
presentations, scholarships for qualified applicants, and assistance with
transportation or accommodation for presenters with limited resources. If
you might be interested in sponsoring any of these aspects, please contact
the conference organizers at codecon-admin at codecon.info.

Press policy:

CodeCon strives to be a conference for developers, with strong audience
participation. As such, we need to limit the number of complimentary
passes for non-developer attendees. Press passes are limited to one pass
per publication, and must be approved prior to the registration deadline
(to be announced later). If you are a member of the press, and interested
in covering CodeCon, please contact us early by sending email to
press at codecon.info. Members of the press who do not receive press-passes
are welcome to participate as regular conference attendees.

Questions:

If you have questions about CodeCon, or would like to contact the
organizers, please mail codecon-admin at codecon.info. Please note this
address is only for questions and administrative requests, and not for
workshop presentation submissions.




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From frantz at pwpconsult.com  Fri Nov 22 16:21:10 2002
From: frantz at pwpconsult.com (Bill Frantz)
Date: Fri, 22 Nov 2002 16:21:10 -0800
Subject: How to eliminate someone, using bits + witchhunt
In-Reply-To: <3DDEBC92.5A8956B1@cdc.gov>
Message-ID: <v0311070dba0479fdf120@[192.168.1.5]>


At 3:24 PM -0800 11/22/02, Major Variola (ret) quoted:
>... a search of his laptop found pornographic photos of children
>that appeared to have been e-mailed to others.

I can see the latest variant on Klez already...

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz           | The principal effect of| Periwinkle -- Consulting
(408)356-8506         | DMCA/SDMI is to prevent| 16345 Englewood Ave.
frantz at pwpconsult.com | fair use.              | Los Gatos, CA 95032, USA




From ray at unipay.nl  Fri Nov 22 16:36:09 2002
From: ray at unipay.nl (R. Hirschfeld)
Date: Sat, 23 Nov 2002 01:36:09 +0100
Subject: Fwd: [fc] list of papers accepted to FC'03
In-Reply-To: <3DD518F1.B6694BAC@systemics.com> (message from IanG on Fri, 15
	Nov 2002 10:55:29 -0500)
References: <p05200fc6b9f9e295b2ac@[192.9.200.157]> <3DD518F1.B6694BAC@systemics.com>
Message-ID: <200211230036.BAA05404@home.unipay.nl>

> Date: Fri, 15 Nov 2002 10:55:29 -0500
> From: IanG <iang at systemics.com>

> > List of papers accepted to FC'03
> > --------------------------------
> 
> I see pretty much a standard list of crypto papers
> here, albeit crypto with a waving of finance salt.
> 
> What ever happened to Financial Cryptography?  The
> organisers did say they were going to look at wider
> accessibility for the coming year, ...

That's the goal, but limitations are of course imposed by the
submissions received.  The Program Chairs intend to balance the
program through their selection of invited speakers and panel
discussions.

Ray

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From adam at info.lifename.com  Sat Nov 23 03:45:18 2002
From: adam at info.lifename.com (Adam@LifeName)
Date: Sat, 23 Nov 2002 06:45:18 -0500
Subject: The same email address for life.
Message-ID: <200211231145.gANBjI526736@info.lifename.com>


You are receiving this email either because, you have sent me an email in the past, or you have requested new product information from one of our marketing partners. If this is not the case, PLEASE accept my sincerest apologies.  If you do not request further information below, I will permanently remove your email from my list.

Wherever you live, wherever you work, however you do your computing, and however any of those things might change through the course of your life, LifeName gives you the convenience and security of having one single email address throughout your entire life. 

To find out more about LifeName you may go to www.lifename.com.  To request additional information and offers from LifeName please email mailto:info at lifename.com





From nobody at remailer.privacy.at  Fri Nov 22 23:43:09 2002
From: nobody at remailer.privacy.at (Anonymous)
Date: Sat, 23 Nov 2002 08:43:09 +0100 (CET)
Subject: Microsoft on Darknet
Message-ID: <9f87c05830b205461b07bc777595f92e@remailer.privacy.at>


On  Thu, 21 Nov 2002 16:59:43 -0800, "James A. Donald" <jamesd at echeque.com>
wrote:

<snip>

>
>We should get an anonymous micropayment system working,
>interconvertible to real money, or real e-gold, then apply it
>to such applications as mixmasters and darknet.
>
>Allegedly yodel is such a system, but yodel is connected to
>e-rand, which is connected to some people who fail to inspire
>me with confidence.

Can you fill in some details or supply a reference as to why
those behind the e-rand fail to inspire confidence?

R. J.




From jya at pipeline.com  Sat Nov 23 09:47:00 2002
From: jya at pipeline.com (jya at pipeline.com)
Date: Sat, 23 Nov 2002 12:47:00 -0500
Subject: TIA presentation
Message-ID: <Springmail.0994.1038073620.0.83765000@webmail.atl.earthlink.net>


These remarks in the House on November 22, 2002:

  Mr. INSLEE. Mr. Speaker, today the United States
Congress will send to the desk of the President of 
the United States for his signature, the Homeland
Security bill. This bill will create the Department of Homeland Security, an
agency charged 
with safeguarding Americans and the American way 
of life.
  When enacting this bill, we must be careful not 
stray into invading American's privacy when using 
the regulatory tools provided for in this bill. I 
refer specifically to the vague authorizations in 
this bill that would give this new Federal agency 
broad authority to push the privacy envelope.
  Section 201, paragraph 14, charges the Under 
Secretary for Information Analysis and
Infrastructure with the responsibility of 
establishing a secure communications and 
information technology infrastructure that 
specifically authorizes the use of `Data-mining.'' 
Since ``Data-mining'' has no statutory definition, 
I am concerned that we have not adequately 
established that the Department of Homeland 
Security does not have the green light to adopt an 
all encompassing program that invades the privacy 
of every American without their permission or 
knowledge. We were recently notified that former 
Rear Admiral John Poindexter is developing a Total 
Information Awareness program to monitor the 
everyday transactions of Americans. We cannot 
allow this to happen.
  I do not believe that this statutory language is 
meant to allow the Federal Government to obtain 
whatever list, public, private, or commercial, to 
profile Americans. It is clear that the American 
public does reject this approach, as they soundly 
voiced their outrage for other privacy-eroding 
proposals such as the FBI's ``Carnivore'' system, 
and the Department of Justice ``TIPS'' program. It 
is vital that this body adopt standards to define 
such terms as ``data-mining,'' and to do 
so early in the 108th Congress. I thank the 
Speaker.

  Mr. ARMEY. Mr. Speaker, I am proud that the 
House is today sending H.R. 5005, the Homeland 
Security Act of 2002 to the President. It is an 
important step forward in the defense of the nation.
  I would like to take this opportunity to discuss 
a few items of interest in the bill as amended by 
the Senate.
  First, Mr. Speaker, I would like to address the 
privacy concerns that have been raised recently 
about provisions in the Homeland Security bill.
  Le me be clear. This bill does not in any way 
authorize the Department of Defense program knows 
as ``Total Information Awareness.'' It does not 
authorize, fund or move into the Department anything like it. In fact, this
bill provides 
unique statutory protections that will ensure the 
Department of Homeland Security could never undertake such a program.
  Section 892 of our bill prohibits the sharing of 
any information that would undermine the statutory 
and constitutional protections of citizens. We 
also create a privacy officer, the first ever 
established by statute, whose sole mission will be 
to ensure that programs like TIA never get off the 
ground in this Department.
  Our bill contains provisions that discontinue 
two programs that raise the very concerns that TIA 
has raised. We stop Operation TIPS, and ensure 
that nobody will use this bill as an excuse to 
implement a National ID card.
  So the legislative intent of this bill is unmistakable. This department must
protect the 
civil liberties that we all cherish.
  I would like to further make it clear that 
references in the bill to data-mining are intended 
solely to authorize the use of advanced techniques 
to sift through existing intelligence data, not to 
open a new method of intruding lawful, everyday 
transactions of American citizens.

-----

House debate and version of the bill on November 
22, 2002:

  http://cryptome.org/hr5005.txt

Nothing in the debate precludes another bill
authorizing what the HSA allegedly doesn't,
either openly or secretly. See in particular the
House report on 2003 funding authorization for 
intelligence:

  http://cryptome.org/hr107-789.txt




From adam at homeport.org  Sat Nov 23 12:22:41 2002
From: adam at homeport.org (Adam Shostack)
Date: Sat, 23 Nov 2002 15:22:41 -0500
Subject: Short story?
Message-ID: <20021123202240.GA44610@lightship.internal.homeport.org>


I'm trying to remember details (author, title) of a short story that I
read once.  Its main feature, or the one that's standing out in my
mind, is the obsessive hacker who studies a target to figure out his
password, at which he only has one guess.  The zinger is that the very
security concious target has selected that password as a booby trap,
and there's a second password which our hacker doesn't have.

Does this ring a bell for anyone?

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From geetha at cs.cmu.edu  Sat Nov 23 15:29:06 2002
From: geetha at cs.cmu.edu (geetha)
Date: Sat, 23 Nov 2002 17:29:06 -0600
Subject: W32.Elkern  removal tools
Message-ID: <20021123232902.XYLI29895.oe-ismta2.bizmailsrvcs.net@Yyilrvwmf>

------------------  Virus Warning Message (on oe-iscan2pub)

Found virus WORM_KLEZ.H in file setup.exe
The uncleanable file is deleted.

---------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 246 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021123/7134b4e4/attachment.txt>
-------------- next part --------------

------------------  Virus Warning Message (on oe-iscan2pub)

setup.exe is removed from here because it contains a virus.

---------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gwr.txt
Type: application/octet-stream
Size: 40 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021123/7134b4e4/attachment.obj>

From abuse at bizmailsrvcs.net  Sat Nov 23 15:29:19 2002
From: abuse at bizmailsrvcs.net (abuse at bizmailsrvcs.net)
Date: Sat, 23 Nov 2002 17:29:19 -0600
Subject: Virus Alert
Message-ID: <200211232329.RAA05400@oe-iscan2pub.managedmail.com>


We have detected a virus (WORM_KLEZ.H) in your mail traffic sent from info at entertainmenteventsinc.com in the file setup.exe on 11/23/2002 17:29:16. We took the action delete. If you have questions regarding files or updating/installing Anti-virus protection on your PC, please contact your e-mail administrator or help desk.




From eresrch at eskimo.com  Sat Nov 23 20:44:31 2002
From: eresrch at eskimo.com (Mike Rosing)
Date: Sat, 23 Nov 2002 20:44:31 -0800 (PST)
Subject: TIA presentation
In-Reply-To: <093B3C71-FF06-11D6-A8EF-0050E439C473@got.net>
Message-ID: <Pine.GSU.4.44.0211232035330.4297-100000@eskimo.com>


On Sat, 23 Nov 2002, Tim May wrote:

> Interesting logo/symbol the Information Awareness Office has: the
> Illuminati-inspired eye in the pyramid looking down on the entire world.

And check out the comment at the bottom:

A lot of initiatives have been started since 911, but DARPA is in a
position to take high
  risks and think boldly about what can be done to solve this national
problem.  We can not
  tolerate more 911?a.  The solution is truly ?DARPA hard.?

Talk about "new speak".  Or are all Masons this nuts?

> Poindexter is no dummy. And criticism of TIA based on his past felony
> trial, the basis of William Safire's main attack, is on the wrong
> track. Would TIA be more acceptable if it were being pushed by a true
> Boy Scout? Of course not.

Congress actually noticed, that was nice.

> Granted, many of us hope for the promised tactical nuke which destroys
> much of Big Brother's infrastructure in Washington (plus removes a
> million or so inner city welfare mutants). This would set back BB and
> accelerate trends in our direction.
>
> But, alas, I doubt thermonuclear pest removal is in the cards. So it
> will take longer.

nuclear powered weapons don't need to expend all their energy in 10
nanoseconds.  10 guys with plasma swords could be pretty effective at
pest removal.  Besides, you got a lot more offices to clean out than just
one city.

But voting is easier.

Patience, persistence, truth,
Dr. mike




From camera_lumina at hotmail.com  Sat Nov 23 20:20:10 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Sat, 23 Nov 2002 23:20:10 -0500
Subject: Short story?
Message-ID: <F53ziJypQP6pkmNsNeJ00004146@hotmail.com>


No, I haven't read that story, but I was wondering if, in the dual-message 
cryptogram we've been discussing (under "eJazeera") if, instead of two 
messages, there are two executable files.The "true" one will spit out the 
desired message (which may in inself be an executable, of course), and the 
fake one belches up a trojan, or whatever (or a virus plus a viable fake 
message).

I assume this kind of thing has been discussed previously?






>From: Adam Shostack <adam at homeport.org>
>To: cypherpunks at lne.com
>Subject: Short story?
>Date: Sat, 23 Nov 2002 15:22:41 -0500
>
>I'm trying to remember details (author, title) of a short story that I
>read once.  Its main feature, or the one that's standing out in my
>mind, is the obsessive hacker who studies a target to figure out his
>password, at which he only has one guess.  The zinger is that the very
>security concious target has selected that password as a booby trap,
>and there's a second password which our hacker doesn't have.
>
>Does this ring a bell for anyone?
>
>Adam
>
>--
>"It is seldom that liberty of any kind is lost all at once."
>					               -Hume


_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* 
http://join.msn.com/?page=features/junkmail




From blancw at cnw.com  Sun Nov 24 04:18:02 2002
From: blancw at cnw.com (Blanc)
Date: Sun, 24 Nov 2002 04:18:02 -0800
Subject: TIA presentation
In-Reply-To: <00ba01c292f7$5126f440$943efea9@DXHIRX1>
Message-ID: <FLEJLELCPOOCNFGDGKKGIEMGCPAA.blancw@cnw.com>


How sort of amusing it is to read this, from the site:  "It is not
sufficient that we put the pieces together after the fact, it is essential
that we understand terrorist plans ahead of time so that we may prevent or
preempt."

Yet how many times have I heard & read in the news, sometime after an
earth-shaking criminal event, of the warnings received, alarm notices given,
or notice taken of strangely suspicious activities which preceded and
foretold of the upcoming event. It often seems that advance notice has been
practically dropped in the lap of those who were in position to deal with
it.  Yet the ones receiving these info bits were not able to process the
data so as to realize there was something heinous and destructive in the
works. Or if they were able to grok these data bits, they could not get
others in the defense business to make the connection, to take the items
seriously enough to follow up on them, or to be able to select, out of the
mountains of data they already receive, the ones of impending significance.

"DARPA is in a position to take high risks and think boldly about what can
be done to solve this national problem."

To expect that crime will be prevented or preempted ahead of time by people
who are not able to grok the meaning of what they get?  It cannot be the
computer base, which needs a monumental overhaul of its "cognitive
amplification functions".  It seems that some problems are too easy when it
only requires simple real-time connectivity, and too easy to miss - but if
they are made to appear harder, requiring "boldness" (courage) and "high
risk" (responsibility), then certain official organizations can be made to
appear to be attending to, now, what they did not/could not, before.  And
still they continue to place exceeding dependence upon the machine.

It also does seem that someone is creating the opportunity for a
"monumental" position for themselves, laying the ground work for a hierarchy
of personal control and self-aggrandizing importance.

  ..
Blanc




From njohnsn at IowaTelecom.net  Sun Nov 24 08:23:31 2002
From: njohnsn at IowaTelecom.net (Neil Johnson)
Date: Sun, 24 Nov 2002 10:23:31 -0600
Subject: Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) )
In-Reply-To: <F110P8yJrNKBqujsclW00004549@hotmail.com>
References: <F110P8yJrNKBqujsclW00004549@hotmail.com>
Message-ID: <200211241023.31276.njohnsn@iowatelecom.net>


(Referring to previous thread about capturing video.)

As I sit here looking at a 64 MB SD Card that I just picked up for $28 at my 
local Wally World, I was wondering why it (or it is larger capacity brethren) 
couldn't be used to record video  and then (after appropriate protection) 
swallowed.

Probably a lot safer than what most "mules" swallow (I see a Compact Flash 
card begin a little hard on the digestive track, but a SD or MMC card 
shouldn't been such a big deal).

I can see it now , "The new prison diet for recently arrested demonstrators: 
ex-lax and bran muffins!"

-Neil




From morlockelloi at yahoo.com  Sun Nov 24 12:03:39 2002
From: morlockelloi at yahoo.com (Morlock Elloi)
Date: Sun, 24 Nov 2002 12:03:39 -0800 (PST)
Subject: Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) )
In-Reply-To: <200211241023.31276.njohnsn@iowatelecom.net>
Message-ID: <20021124200339.11542.qmail@web40612.mail.yahoo.com>


> couldn't be used to record video  and then (after appropriate protection) 
> swallowed.

Eventually this will happen. Maybe a video recorded into a DNA of a bacteria
synthesized in a portable device ("diamond age", anyone ?)

Ne protocols will be required ("if I infect this east coast girl, how long it
will take for the message to get to south africa ?")

Which will have interesting consequences. For the time being the state is
comfortable sifting through wired internet (after winning the crypto war) and
listening to airwaves. Maybe body-size state-inspected condoms will be required
at all public places.



=====
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Yahoo! Mail Plus  Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




From camera_lumina at hotmail.com  Sun Nov 24 09:44:10 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Sun, 24 Nov 2002 12:44:10 -0500
Subject: TIA presentation
Message-ID: <F36UohIi6YEFmsQSktL00008d18@hotmail.com>


>Poindexter is no dummy. And criticism of TIA based on his past felony  
>trial, the basis of William Safire's main attack, is on the wrong  track. 
>Would TIA be more acceptable if it were being pushed by a true  Boy Scout? 
>Of course not.

Yeah, I was wondering when someone was going to comment on this. Methinks 
the whole Pointdexter bit, particularly in this context, a little fishy...a 
trial balloon perhaps? "How much are you little frightened people willing to 
give up in order to let us strong/smart leaders protect you?"



>Much of the TIA plan has resonances with long-discussed Cypherpunk  issues: 
>local trust formation, various types of interaction, belief  networks. The 
>difference is that TIA wants Men with Guns (TM) to  control the formation 
>and distribution of these belief networks,  whereas Cypherpunks understand 
>that the formation will be largely  anarchic and will ultimately undermine 
>central authority in the usual  ways.

A lot could be said here, and has been I'm sure. As I continue to do my 
"homework", its becomming increasingly clear to me that things like public 
key were only a mattter of time, both from the ease-of-implementation 
standpoint, as well as the sheer historical/economic/technological 
"obviousness" and necessity of it. In this sense, NSA appears like many big 
organizations I've worked for: out of touch with many emerging aspects of 
reality due to an internal culture that quickly recognizes those who aren't 
going to tow the line. The only thing they can do is slow things down. 
Crypto-based virtual structures will inevitably arise if for no other reason 
than there's going to be a lot of $$$ in it (kinda ironic, I think...).


HOWEVER, the conspiracy theorist in me still wonders if all of "this" was 
not precisely because it was recognized that we are rapidly passing through 
the point of no return. This "Illuminati"  may have decided drastic measures 
were needed "in order to save all that we hold dear"(which in their case 
means control of the unempowered and unwashed masses by the powerful). No, I 
don't think I believe this, but the circumstantial evidence is compelling 
enough so as to demand careful evaluation.




>Granted, many of us hope for the promised tactical nuke which destroys  
>much of Big Brother's infrastructure in Washington (plus removes a  million 
>or so inner city welfare mutants). This would set back BB and  accelerate 
>trends in our direction.


Uh..."hope for"? Surely if things ever come to where somthing as terrible as 
this could reasonably be hoped for, it is only after all possible 
alternatives have been pursued. And as far as I'm concerned, if a computer I 
can purchase from Circuit City is now powerful enough for the (completely 
decentralized!) peer-to-peer sharing of massive files and heavy crypto, then 
it looks to me like it's just a matter of time until many of the 
objectionable activities become not only obviously pointless, but 
suprisingly out-of-funds.


_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail




From brendacolins at yahoo.com  Sun Nov 24 11:10:04 2002
From: brendacolins at yahoo.com (brendacolins at yahoo.com)
Date: Sun, 24 Nov 2002 14:10:04 -0500 (EST)
Subject: Dating and fetish ne
Message-ID: <200211241910.gAOJA2GF087530@locust.minder.net>


 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII";

 charset="US-ASCII";
	charset="US-ASCII";
	charset="US-ASCII"
Reply-To: brendacolins at yahoo.com
Date: Sun, 24 Nov 2002 14:10:00 -0500
X-Priority: 3
X-Library: Indy 9.00.10
X-Mailer: Foxmail

Hello ! My name is Brenda! Please don't consider this a Spam . This is a one time only mailing to introduce my self and my new news group!

I'm veryexited about  my new dealings on web! Me and my Girlfriends from school here in BU. I just oppend ip a news group forem so we can talk and post messages about the problems we all have dating and finding right mate for what ever life-stile we are looking for.  So we created http://groups.msn.com/DatingSolution  it is our little corner on the Web were we can talk to people, get to know them and posibly even meet in real time! Please just take a min to look. http://groups.msn.com/DatingSolution . It is a free  public news group with never any cost to you or me!!!!!!!!! Please come and join Us!!!!!!!!!!!!http://groups.msn.com/DatingSolution Thank you.




From zhuweifeng at vip.sina.com  Sat Nov 23 22:22:28 2002
From: zhuweifeng at vip.sina.com (zhuweifeng)
Date: Sun, 24 Nov 2002 14:22:28 +0800
Subject: =?gb2312?q?=C4=FA=BA=C3?=
Message-ID: <GIGANTICqbC8wSA1Xvp00000046@levee.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1371 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021124/fec54742/attachment.txt>

From bill.stewart at pobox.com  Sun Nov 24 15:54:13 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Sun, 24 Nov 2002 15:54:13 -0800
Subject: stego building
In-Reply-To: <200211241737.24867.njohnsn@iowatelecom.net>
References: <070f0049fa29879835f0f39aa21e3430@firenze.linux.it>
  <070f0049fa29879835f0f39aa21e3430@firenze.linux.it>
Message-ID: <5.1.1.6.2.20021124155302.02b824d8@idiom.com>


That, or it's a dot-com that didn't make it,
or an office-space construction that someone hoped to sell to a dot-com
but missed the boom.  There's huge amounts of that in SF.

At 05:37 PM 11/24/2002 -0600, Neil Johnson wrote:
>On Sunday 24 November 2002 04:49 pm, Tarapia Tapioco wrote:
> > There is a huge concrete building, hardly any windows, occupying the whole
> > block-width between Market and Mission streets in san francisco, one side
> > being 11th street. Funny thing is that it has no markings at all. The main
> > entrance seems to be at 14xx Market, with visible security.
> >
> > Any clues appreciated.
>
>It's probably just a co-location center for web servers. I vaguely 
>remember an
>dot-com boom article about some sort "secure" datacenter for web server
>bussiness being built in that area.
>
>Not quite as secure as the "The Bunker" though.
>
>
>-Neil




From njohnsn at IowaTelecom.net  Sun Nov 24 15:37:24 2002
From: njohnsn at IowaTelecom.net (Neil Johnson)
Date: Sun, 24 Nov 2002 17:37:24 -0600
Subject: stego building
In-Reply-To: <070f0049fa29879835f0f39aa21e3430@firenze.linux.it>
References: <070f0049fa29879835f0f39aa21e3430@firenze.linux.it>
Message-ID: <200211241737.24867.njohnsn@iowatelecom.net>


On Sunday 24 November 2002 04:49 pm, Tarapia Tapioco wrote:
> There is a huge concrete building, hardly any windows, occupying the whole
> block-width between Market and Mission streets in san francisco, one side
> being 11th street. Funny thing is that it has no markings at all. The main
> entrance seems to be at 14xx Market, with visible security.
>
> Any clues appreciated.

It's probably just a co-location center for web servers. I vaguely remember an 
dot-com boom article about some sort "secure" datacenter for web server 
bussiness being built in that area. 

Not quite as secure as the "The Bunker" though.


-Neil




From camera_lumina at hotmail.com  Sun Nov 24 18:44:40 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Sun, 24 Nov 2002 21:44:40 -0500
Subject: Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) )
Message-ID: <F132QnNE6f17ro43pwu0000fcfa@hotmail.com>


>This assumes the insert doesn't result in negative fitness (could very
>well be, if the insert kills a gene).

If the information is the history of human civilization, that may very well 
end up being information of great "negative fitness"! (We shall see...)

Actually, from what I understand, there are huge swathes of every creature's 
genetic code made up of "useless" information. Some of these areas are 
apparently extremely old and do not change very often...as I remember Hillis 
(the guy who started "Thinking Machines" and is currently working on the 
Decamillineal clock) identified such an area in the cockroaches DNA and had 
the info inserted there. (Our own DNA has apparently a lot of junk also, as 
well as fragments of various encounters we've had over the aeons...there are 
apparently significant chunks of various viruses' DNA in there and other 
stuff...)


>
>Also, a fitness-neutral insert is likely to be lost, or severely garbled.
>I hope very much he used a really good redundant encoding.

Although some things in a cockroach change pretty often (here in New York we 
are breeding a variety of extremely manueverable cockroaches....), the DNA 
of the cockroach I think is extremely stable overall (aren't they like 100s 
of millions of years old?)


_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* 
http://join.msn.com/?page=features/junkmail




From eugen at leitl.org  Sun Nov 24 13:10:45 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 24 Nov 2002 22:10:45 +0100 (CET)
Subject: Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) )
In-Reply-To: <20021124200339.11542.qmail@web40612.mail.yahoo.com>
Message-ID: <Pine.LNX.4.33.0211242209190.11414-100000@hydrogen.leitl.org>


On Sun, 24 Nov 2002, Morlock Elloi wrote:

> Ne protocols will be required ("if I infect this east coast girl, how long it
> will take for the message to get to south africa ?")

Lousy latency. Just put your DNA-encoded message in a microdot on your
dead tree letter, and PCR/sequence on arrival.
 
> Which will have interesting consequences. For the time being the state is
> comfortable sifting through wired internet (after winning the crypto war) and
> listening to airwaves. Maybe body-size state-inspected condoms will be required
> at all public places.

Steganography looks way easier, though.




From eugen at leitl.org  Sun Nov 24 13:39:56 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 24 Nov 2002 22:39:56 +0100 (CET)
Subject: Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) )
In-Reply-To: <20021124212043.1525.qmail@web40601.mail.yahoo.com>
Message-ID: <Pine.LNX.4.33.0211242237440.11414-100000@hydrogen.leitl.org>


On Sun, 24 Nov 2002, Morlock Elloi wrote:

> Isn't all snail mail already irradiated ? Then soon.

It's not, because electron accelerators are a) expensive b) tend to damage 
mail.

Besides, the few ug or ng dry DNA in the microdot is not a living being.  
It can remain readable at ridiculously high dosages.




From comesefosse at ntani.firenze.linux.it  Sun Nov 24 14:49:29 2002
From: comesefosse at ntani.firenze.linux.it (Tarapia Tapioco)
Date: Sun, 24 Nov 2002 23:49:29 +0100 (CET)
Subject: stego building
Message-ID: <070f0049fa29879835f0f39aa21e3430@firenze.linux.it>


There is a huge concrete building, hardly any windows, occupying the whole block-width between Market and Mission streets in san francisco, one side being 11th street. Funny thing is that it has no markings at all. The main entrance seems to be at 14xx Market, with visible security.

Any clues appreciated.




From 10dollars at hotpop.com  Sun Nov 24 17:10:06 2002
From: 10dollars at hotpop.com (Angel)
Date: Mon, 25 Nov 2002 01:10:06 GMT
Subject: GREAT NEWS!  An Automated $10 Business!  INSTANT PAY!
Message-ID: <E18G7mG-00039B-00@lutetium>


Hello. 



GREAT NEWS! Here is a fabulous, 
well paying method of taking control of your
Internet Career. INSTANT SETUP!
... AND .. INSTANT PAY!!

Reliable step by step advertising instructions

on Training Page. Incredibly Simple!

Your cost is ONLY $10! .. ONE TIME PAYMENT! 
" My first 4 days, posting to several Safelists, and
sending some emails .. I averaged over $50 per Day.
This is incredibly Simple! Heck, .. even $50 a Day
adds up to $1500 per month, and I know I can do 
a LOT MORE than that!"

Don't take my word for it, .. check for yourself!
_____________________________________

$300-$400 A Day GUARANTEED!!!!
--------------------------------------------------------------------------
I can guarantee that you will earn $300-400 a day in
this very duplicable system that has been set up for
you. 

Please visit my website at:

http://2easy4u.com/TenDollars

I will show you how to stuff your paypal account full
of $10 bills through some very effective advertising.
My system is the most duplicable system around and
has been proven to work many times over. Thus I can
guarantee that you will earn $300-400 a day. This is
all done without spam and is all done with legitimate
advertising.

I guarantee that you will earn $300-400 a day and some
days far above that. For more information please go to
my website:

http://2easy4u.com/TenDollars





From schear at attbi.com  Mon Nov 25 12:51:31 2002
From: schear at attbi.com (Steve Schear)
Date: Mon, 25 Nov 2002 12:51:31 -0800
Subject: Microsoft on Darknet
In-Reply-To: <3DE25CBB.4C2A52F1@cdc.gov>
Message-ID: <5.1.0.14.2.20021125123509.04411348@mail.attbi.com>


At 09:24 AM 11/25/2002 -0800, Major Variola (ret) wrote:
>Steve's excellent analysis of how the Network Effect worked against
>Mojo indicates a social-fix for Mojo++, ie: make it easy to get on
>and get content.  Ie, get them hooked.  They'll at least be autosharing
>stuff they've
>downloaded.

Not really .  Mojo is not a file sharing system, its a publication based 
distributed file system.  Each client mirrors but a small part of the 
10**192 chucks of file space. Whether a client downloads content or not is 
only indirectly related to the chucks stored on their HD by their 
client/broker SW.

>After they're hooked, folks may feel like contributing
>their time/attention to injecting new material, and to get "unlimited"
>access folks will have to contribute.  But you have to get them hooked
>first.

And there in lie the problem.  Without significantly reducing a user's 
effort to publish and/or providing some sort of encouragement to tweak the 
content meta-data (Kaaza has recently done that to help address leeching 
and hacker attempts to reduce content quality through spoofing and other 
tricks).

steve




From steve at tightrope.demon.co.uk  Mon Nov 25 14:00:59 2002
From: steve at tightrope.demon.co.uk (Steve Mynott)
Date: Mon, 25 Nov 2002 22:00:59 +0000
Subject: sleep deprivation was Re: Torture done correctly is a
  terminal process
In-Reply-To: <20021125211449.GA6035@cybershamanix.com>
Message-ID: <61C9921E-00C1-11D7-80BF-0003938CDA08@tightrope.demon.co.uk>


On Monday, Nov 25, 2002, at 21:14 Europe/London, Harmon Seaver wrote:

> On Mon, Nov 25, 2002 at 12:58:55PM -0800, Steve Schear wrote:

>> I should think that a bit of practical training in self hypnosis could
>> thwart sensory deprivation.  I read some books in my youth on SH and 
>> found
>> I could put myself in a self-induced altered reality state from which 
>> I
>> could not be easily awakened.  I imagine you could make yourself lean 
>> up
>> against a wall until your muscles failed without much of a problem.  
>> I've
>> heard surgery without anesthetic is possible, so physical abuse might 
>> be
>> thwarted as well for the well conditioned.
>
>    Practioners of yoga should have a ball. Just another yogic 
> meditation
> exercize.

Neither of you appear to understand what psychological torture is.

Read some of the reports on the web about what happens.

These techniques are employed by governments the world over to break 
fanatical and trained terrorists.

It's not some New Age weekend camp when you imprisoned and beaten by 
your captors.

--
Steve Mynott <steve at tightrope.demon.co.uk>




From abuse at bizmailsrvcs.net  Mon Nov 25 20:14:43 2002
From: abuse at bizmailsrvcs.net (abuse at bizmailsrvcs.net)
Date: Mon, 25 Nov 2002 22:14:43 -0600
Subject: Virus Alert
Message-ID: <200211260414.WAA23406@oe-iscan1pub.managedmail.com>


We have detected a virus (WORM_KLEZ.H) in your mail traffic sent from arh at entertainmenteventsinc.com in the file benefit.scr on 11/25/2002 22:14:36. We took the action delete. If you have questions regarding files or updating/installing Anti-virus protection on your PC, please contact your e-mail administrator or help desk.




From bill.stewart at pobox.com  Tue Nov 26 00:24:34 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Tue, 26 Nov 2002 00:24:34 -0800
Subject: Video Mules: (Was: Re: Psuedo-Private Key (eJazeera) )
In-Reply-To: <200211241023.31276.njohnsn@iowatelecom.net>
References: <F110P8yJrNKBqujsclW00004549@hotmail.com>
  <F110P8yJrNKBqujsclW00004549@hotmail.com>
Message-ID: <5.1.1.6.2.20021126001335.04cd5520@idiom.com>


At 10:23 AM 11/24/2002 -0600, Neil Johnson wrote:
>(Referring to previous thread about capturing video.)
>
>As I sit here looking at a 64 MB SD Card that I just picked up for $28 at my
>local Wally World, I was wondering why it (or it is larger capacity brethren)
>couldn't be used to record video  and then (after appropriate protection)
>swallowed.

Because there's no particularly good reason?  :-)
Because you can hide it well enough on your person,
either hidden or else in plain sight disguised as a coat button
or a fake police badge or a <Peace Sign> or "Off the Pigs" button?
Because if you're in a situation where there's a real threat of this,
you're probably much better off doing some kind of radio relay
so that the surviving members of your cadre can upload the data,
either plaintext, encrypted, or stegoed?
Mules are trying to transmit atoms, not bits, and if you're
trying to transmit bits, there are lots of ways to transmit bits.

Some of the memory flake formats are really pretty thin and hidable,
though the rotating disk versions aren't as easily concealed.
But if you can do the mechanicals do make memory safely and
recoverably swallowed, you can probably do the mechanicals to
fit a backup storage system in your belt buckle or shoe-phone.




From camera_lumina at hotmail.com  Tue Nov 26 06:35:17 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Tue, 26 Nov 2002 09:35:17 -0500
Subject: The Register - Anti-pirates hit Danish P2P users with huge
  bills (fwd)
Message-ID: <F64DR9RYKAvkriW8IFv0000d145@hotmail.com>


Gee...one would think there'd be a nice software-based tool so that this 
kind of digital pogrom would never even be possible, particularly seeing how 
Kazaa, Gnutella and so forth are all based on a file sharing model that has 
no centralized server a la Napster. And of course, most users would never 
bother using encryption techniques in this context, but "power users" 
certainly might!






>From: Jim Choate <ravage at einstein.ssz.com>
>To: <cypherpunks at einstein.ssz.com>
>Subject: The Register - Anti-pirates hit Danish P2P users with huge  bills 
>(fwd)
>Date: Tue, 26 Nov 2002 07:43:54 -0600 (CST)
>
>http://www.theregister.co.uk/content/6/28286.html
>
>
>  --
>     ____________________________________________________________________
>
>     We don't see things as they are,                      ravage at ssz.com
>     we see them as we are.                                   www.ssz.com
>                                                   jchoate at open-forge.org
>     Anais Nin                                         www.open-forge.org
>
>     --------------------------------------------------------------------


_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail




From bill.stewart at pobox.com  Tue Nov 26 12:08:13 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Tue, 26 Nov 2002 12:08:13 -0800
Subject: stego building
In-Reply-To: <3DE25F60.58D8A3D8@cdc.gov>
Message-ID: <5.1.1.6.2.20021126120641.02b89370@idiom.com>


>Telco central office.  Lots of copper loop I/O, and a big switch.
>Used to be mechanical crossbars.  Probably a diesel
>generator somewhere.

That would normally be my guess too, but it's on one of the ones
AT&T shares with Pac Bell - there's 611 Folsom and another on
Post or thereabouts.   But it could be a local-only Pac Bell POP.




From ppq at juno.com  Tue Nov 26 12:30:54 2002
From: ppq at juno.com (ppkyaw)
Date: Tue, 26 Nov 2002 20:30:54 +0000
Subject: Cigarettes online at the lowest possible prices ONLY FOR cypherpunks@minder.net
Message-ID: <003d01c28be6$1c758d00$04000064@hein>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 521 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021126/028520fb/attachment.txt>

From shamrock at cypherpunks.to  Tue Nov 26 20:33:16 2002
From: shamrock at cypherpunks.to (Lucky Green)
Date: Tue, 26 Nov 2002 20:33:16 -0800
Subject: stego building
In-Reply-To: <3DE25F60.58D8A3D8@cdc.gov>
Message-ID: <003e01c295ce$1c4ff940$6401a8c0@VAIO650>


Major wrote:
> At 11:49 PM 11/24/02 +0100, Tarapia Tapioco wrote:
> >There is a huge concrete building, hardly any windows, occupying the
> whole block-width between Market and Mission streets in san 
> francisco, one side being 11th street. Funny thing is that it 
> has no markings at all. The main entrance seems to be at 14xx 
> Market, with visible security.
> >
> >Any clues appreciated.
> 
> Telco central office.  Lots of copper loop I/O, and a big 
> switch.  Used to be mechanical crossbars.  Probably a diesel 
> generator somewhere.

A reasonable guess, but wrong. The building is a computing and
processing center for Bank of America. That's where your checks go after
you deposit them at the bank.

The CO for this area is a few blocks away on Mc Coppin. The brick
building with the Pac Bell logo on it. You can see the frame through the
windows. Yes, this CO has been around for long enough to have windows.

--Lucky Green




From nobody at cypherpunks.to  Tue Nov 26 13:11:20 2002
From: nobody at cypherpunks.to (Anonymous via the Cypherpunks Tonga Remailer)
Date: Tue, 26 Nov 2002 22:11:20 +0100 (CET)
Subject: polygraphs, threats, lies from the Feds
Message-ID: <efe88cdb2592b839829fd5c221a2f576@cypherpunks.to>


mv at cdc.gov (Major Variola ret) writes:

> http://channels.netscape.com/ns/news/story.jsp?floc=FF-APO-1110&idq=/ff/story/0001%2F20021125%2F144140134.htm&sc=1110
> 
> Agents Cleared in 9/11 Hotel Probe
> By DEVLIN BARRETT
>
> NEW YORK (AP) - An internal probe has cleared the FBI agents who
> obtained a false confession from a one-time suspect in the Sept. 11
> attacks. But the findings raise new questions about the reliability of
> lie-detector tests.
>
> The twin reports released Monday led U.S. District Judge Jed Rakoff to
> drop his own investigation into the case of Abdallah Higazy.
>
> The Egyptian student was detained after investigators were told an
> aviation radio capable of communicating with commercial pilots was
> found in his New York hotel room overlooking the World Trade Center
> soon after Sept. 11.
>
> He was charged with lying to FBI agents during a polygraph examination
> in which he supposedly denied
>
> owning the radio and then later admitted it was his. But further
> investigation proved the radio actually belonged to a pilot, and the
> charges against Higazy were dropped.
>
> Higazy, 31, claimed he confessed only because the polygrapher
> threatened his relatives in Egypt.
>
> The review by the Justice Department's inspector general found no
> evidence to substantiate the claim and found ``no further action with
> respect to this matter is warranted.''
>
> But the review never explicitly explains why his test results would
> have indicated knowledge of the attacks, when authorities now say he
> was not involved.
>
> The reports say Higazy indicated deception when he answered no to
> the following questions: ``Did you take part in those attacks?'' and
> ``Were you involved in those attacks?''
>
> The inspector general's reports conclude that ``the polygraph was
> administered appropriately and that the results were properly read to
> indicate that Higazy was deceptive'' in questions about Sept. 11.
>
> The findings imply that Higazy may have confessed to owning the radio
> under the mistaken impression the admission would get him released
> from custody.
>
> U.S. Attorney James Comey said Monday he was ``very proud of the way
> our office and the FBI conducted itself in the Higazy case.''
>
> In releasing the reports, Rakoff questioned ``whether the government's
> continued reliance on such a doubtful investigatory tool as polygraph
> testing increases the possibility of false confessions.''




From ptrei at rsasecurity.com  Wed Nov 27 06:47:20 2002
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Wed, 27 Nov 2002 09:47:20 -0500
Subject: Is the minder CDR down?
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A041BBA54@exna07.securitydynamics.com>


I'm subscribed thru minder, and have had no
cypherpunks mail for nearly 24 hours. I can
see that there is more recent traffic on the
web archive.

Peter Trei




From ichudov at Algebra.COM  Wed Nov 27 11:11:24 2002
From: ichudov at Algebra.COM (Igor Chudov)
Date: Wed, 27 Nov 2002 13:11:24 -0600
Subject: Is the minder CDR down?
In-Reply-To: <20021127103243.A17896@slack.lne.com>
References: <F504A8CEE925D411AF4A00508B8BE90A041BBA54@exna07.securitydyn
  amics.com> <20021127103243.A17896@slack.lne.com>
Message-ID: <20021127191124.GA28550@manifold.algebra.com>


my cdr node algebra.com is up. It is perhaps the most aggressive node as
far as antispam measures go. It uses a lot of filters, some homemade,
some based on SpamAssassin (as of several days ago). It also refuses
all mail from China, Korea and a couple of other spam friendly countries.

It also does not carry any traffic that originates from ssz.com.

I used to be a lot more tolerant of spam before, but not any more.

igor

On Wed, Nov 27, 2002 at 10:32:43AM -0800, Eric Murray wrote:
> 
> On Wed, Nov 27, 2002 at 09:47:20AM -0500, Trei, Peter wrote:
> > I'm subscribed thru minder, and have had no
> > cypherpunks mail for nearly 24 hours. I can
> > see that there is more recent traffic on the
> > web archive.
> 
> The last mail I got from them here was yesterday morning.  But their
> majordomo did answer a ping this morning, so their server was up and
> sending and receiving at least some mail them.
> 
> 
> Eric




From ptrei at rsasecurity.com  Wed Nov 27 11:25:30 2002
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Wed, 27 Nov 2002 14:25:30 -0500
Subject: Is the minder CDR down?
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A041BBA5F@exna07.securitydynamics.com>


> Igor Chudov[SMTP:ichudov at Algebra.Com] wrote:
> 
> 
> my cdr node algebra.com is up. It is perhaps the most aggressive node as
> far as antispam measures go. It uses a lot of filters, some homemade,
> some based on SpamAssassin (as of several days ago). It also refuses
> all mail from China, Korea and a couple of other spam friendly countries.
> 
> It also does not carry any traffic that originates from ssz.com.
> 
> I used to be a lot more tolerant of spam before, but not any more.
> 
> igor
> 
Thanks, but no thanks. I picked minder because it
does not filter. 

minder seems to be back up now.

Peter

> On Wed, Nov 27, 2002 at 10:32:43AM -0800, Eric Murray wrote:
> > 
> > On Wed, Nov 27, 2002 at 09:47:20AM -0500, Trei, Peter wrote:
> > > I'm subscribed thru minder, and have had no
> > > cypherpunks mail for nearly 24 hours. I can
> > > see that there is more recent traffic on the
> > > web archive.
> > 
> > The last mail I got from them here was yesterday morning.  But their
> > majordomo did answer a ping this morning, so their server was up and
> > sending and receiving at least some mail them.
> > 
> > 
> > Eric




From kenhirsch at myself.com  Wed Nov 27 11:44:24 2002
From: kenhirsch at myself.com (Ken Hirsch)
Date: Wed, 27 Nov 2002 14:44:24 -0500
Subject: The End of the Golden Age of Crypto
References: <Pine.LNX.4.33.0211270709380.1101-100000@einstein.ssz.com>
Message-ID: <OE28NSOp05eUH6te4D30000072c@hotmail.com>


Jim Choate writes:
>
> It's not I who is doing the misreading. I sent this along because I don't
> know -your- level, which considering your understanding of
> 'completeness'...

Peter Fairbrother has said nothing inaccurate about completeness, whereas
your statements about completeness having to do with the ability to write
statements is nonsense.




From schear at attbi.com  Wed Nov 27 19:40:43 2002
From: schear at attbi.com (Steve Schear)
Date: Wed, 27 Nov 2002 19:40:43 -0800
Subject: What Will AOL And MSN Tell Uncle Sam?
Message-ID: <5.1.0.14.2.20021127193811.042dcc38@mail.attbi.com>


Business In The Beltway
What Will AOL And MSN Tell Uncle Sam?
Matthew Swibel, 11.27.02, 9:05 AM ET

WASHINGTON - When he signed the Homeland Security bill on Monday, President 
George W. Bush effectively drafted corporate America to serve in the war 
against terrorism--with Internet service providers among those on the front 
line.

The new law makes it easier for AOL Time Warner, Comcast, Microsoft's MSN 
unit, United Online and the rest of the nation's 3,000 Internet service 
providers to volunteer subscriber information to government officials 
without worrying about customer lawsuits. Under the new law, they can 
release the contents of customers' communications to law enforcement 
without a court order and without fear of a suit if they have a 
"good-faith" belief that an emergency warrants it. Before, they had to have 
a "reasonable" belief--a higher legal standard--that release was warranted.

http://www.forbes.com/2002/11/27/cz_ms_1127beltway.html

"When the people fear their government, there is tyranny;
when the government fears the people, there is liberty "
--- Thomas Jefferson




From eugen at leitl.org  Thu Nov 28 13:32:45 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 28 Nov 2002 22:32:45 +0100 (CET)
Subject: FBI 'Nets' Cop-Killer Suspect 
Message-ID: <Pine.LNX.4.33.0211282230530.24171-100000@hydrogen.leitl.org>


http://www.wired.com/news/culture/0,1284,56616,00.html?tw=wn_ascii

FBI 'Nets' Cop-Killer Suspect 

By Associated Press Page 1 of 1

08:15 AM Nov. 27, 2002 PT

CONCORD, New Hampshire -- A fugitive suspected of killing a California 
police officer in a crusade against police brutality has been captured 
after confessing to the murder in postings to an alternative news media 
website.

Andrew McCrae, 23, walked out of a hotel room Tuesday after several hours 
of negotiations. He is charged with killing officer David Mobilio in Red 
Bluff, California, on Nov. 19.

Shortly before he gave up, authorities granted McCrae's request to talk to 
a Concord Monitor reporter who was in the lobby. Reporter Sarah Vos said 
the first thing McCrae told her in a phone conversation was, "I killed a 
police officer in Red Bluff, California, in an effort to draw attention to 
police brutality."

Police believe it was McCrae who confessed to the murder on a San 
Francisco website.

In one of two letters posted on the site Monday by a man identifying 
himself as McCrae, the writer claims he shot and killed the officer to 
protest "police-state tactics" and corporate irresponsibility.

The writer claimed he is immune from prosecution because he incorporated 
himself as a protest against corporations who "murder thousands of people 
each year."

Mobilio, 31, was shot once in the head as he refueled his cruiser. He was 
the first officer ever killed in the line of duty in Red Bluff, a city of 
13,500 near Sacramento. Some 2,500 people, including Gov. Gray Davis, 
attended a memorial Tuesday afternoon.

Prosecutor Scott Murray called it "an ambush, an execution of a police 
officer ... to effectuate (McCrae's) political agenda."

Vos, who covers crime for the newspaper, said McCrae wanted her to read a 
copy of a "Declaration of Renewed Independence" he said he had written.

"I tell him I want to read it. He asks, 'How do I give it to you?' I say, 
'You have to come out' and basically the conversation ends there."

Authorities had told her they didn't want her to get McCrae excited 
because they feared he was suicidal. They also told her not to ask 
questions and try to lure him out.

"Someone else was listening in and someone else was passing me notes," she 
said.

Agents and police officers told Vos she had done a good job.

"It feels weird, to be honest," she said. "That's not my job. My job is to 
report the news."

McCrae was ordered held without bail after saying nothing during his 
arraignment by video hookup from the Merrimack County Jail. He had a 
bandage on his head and a blanket draped over his bare shoulders during 
the hearing.

Police said there had been a dispute over jail clothing, but did not 
explain the bandage. Defense attorney Mark Sisti said McCrae had been 
injured, but gave no details. 




From camera_lumina at hotmail.com  Fri Nov 29 09:06:09 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Fri, 29 Nov 2002 12:06:09 -0500
Subject: Anyone heard about the Berkeley college student?
Message-ID: <F500xBSxaFYGXkLUVjW00019aa0@hotmail.com>


In the Chinese papers over the last few days they've been reporting an 
incident that happened to a Chinese UC Berkeley college student, who was 
using her cell phone to discuss playing some sort of videogame. The 
videogame involves placing "explosives" in various places in the game.

Apparently, whithin minutes after completing the call, police (or other) 
officers showed up at her room and brought her in for questioning. She 
apparently brought the officers over to the friend's house to show them the 
videogame, "proving" that she was indeed talking about a videogame.

Has anyone heard of this in the "regular" (ie, non-Chinese) press? The 
Chinese folks are of course up in arms about the apparent "profiling" this 
would imply, apparently ignoring the deeper implications. (For instance, did 
they actually get a wire tap for this monitoring? If so, why? If not, 
well...)




_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail




From shamrock at cypherpunks.to  Fri Nov 29 13:00:41 2002
From: shamrock at cypherpunks.to (Lucky Green)
Date: Fri, 29 Nov 2002 13:00:41 -0800
Subject: stego building
In-Reply-To: <FVR7LGW737588.0094791667@anonymous.poster>
Message-ID: <011801c297ea$6233d260$6401a8c0@VAIO650>


Anonymous wrote quoting Lucky:
> >A reasonable guess, but wrong. The building is a computing and
> 
> >processing center for Bank of America. That's where your checks go 
> >after
> 
> >you deposit them at the bank.
> 
> >
> 
> >The CO for this area is a few blocks away on Mc Coppin. The brick
> 
> >building with the Pac Bell logo on it. You can see the frame through 
> >the
> 
> >windows. Yes, this CO has been around for long enough to 
> have windows.
> 

> Both wrong. BA building is accross the mentioned one (accross 
> 11th) and clearly marked.

There are two BofA buildings on either side of 11th Street. One is
housing a BofA branch with numerous ATMs outside. That building is
indeed clearly marked as a BofA building. But that's not the building in
question.

The building in question is the one across 11th, which has its building
entrance on Market next to a ground-level convenience store. While the
ground level of that building houses stores, the remainder of the
building is occupied by BofA's processing center.

> The CO is metal-plated pacbel building on Folsom and 2nd.

Well, of course there is more than one CO in San Francisco. The CO
closed to the "mystery" building is the CO on Mc Coppin. As I pointed
out in my original email, you can see the frame through the windows.
FYI, Mc Coppin is *a lot* closer to 11th & Market than is 2nd and
Folsom.

--Lucky




From camera_lumina at hotmail.com  Fri Nov 29 14:34:41 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Fri, 29 Nov 2002 17:34:41 -0500
Subject: Anyone heard about the Berkeley college student?
Message-ID: <F39rWjAKYVpMmOlbcrY0001c3d6@hotmail.com>


Yeah, the paper originates from NYC, called Shi Chie Re Bau (in Pin Yin, I 
believe). This translates (roughly) "World Journal". The article got thrown 
out, otherwise I'd attempt a translation.






>From: Jim Choate <ravage at einstein.ssz.com>
>To: <cypherpunks at einstein.ssz.com>
>Subject: Anyone heard about the Berkeley college student?
>Date: Fri, 29 Nov 2002 15:39:17 -0600 (CST)
>
>On Fri, 29 Nov 2002, Tyler Durden wrote:
>
> > In the Chinese papers over the last few days they've been reporting an
> > incident that happened to a Chinese UC Berkeley college student, who was
> > using her cell phone to discuss playing some sort of videogame. The
> > videogame involves placing "explosives" in various places in the game.
> >
> > Apparently, whithin minutes after completing the call, police (or other)
> > officers showed up at her room and brought her in for questioning. She
> > apparently brought the officers over to the friend's house to show them 
>the
> > videogame, "proving" that she was indeed talking about a videogame.
> >
> > Has anyone heard of this in the "regular" (ie, non-Chinese) press? The
> > Chinese folks are of course up in arms about the apparent "profiling" 
>this
> > would imply, apparently ignoring the deeper implications. (For instance, 
>did
> > they actually get a wire tap for this monitoring? If so, why? If not,
> > well...)
>
>Almost as interesting as the two people they've apparently executed for
>posting web pages.
>
>Do you know which Chinese papers or even which city? Doesn't seem like
>something they'd put in the internal press at all.
>
>I'll see what I can find out...
>
>
>  --
>     ____________________________________________________________________
>
>     We don't see things as they are,                      ravage at ssz.com
>     we see them as we are.                                   www.ssz.com
>                                                   jchoate at open-forge.org
>     Anais Nin                                         www.open-forge.org
>
>     --------------------------------------------------------------------


_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail




From aife at netvisao.pt  Fri Nov 29 18:21:44 2002
From: aife at netvisao.pt (=?iso-8859-1?q?Andr=E9=20Esteves?=)
Date: Sat, 30 Nov 2002 02:21:44 +0000
Subject: Anyone heard about the Berkeley college student?
In-Reply-To: <F500xBSxaFYGXkLUVjW00019aa0@hotmail.com>
References: <F500xBSxaFYGXkLUVjW00019aa0@hotmail.com>
Message-ID: <E18HyP8-0000Yt-00@ion>


On Friday 29 November 2002 17:06, you wrote:
> In the Chinese papers over the last few days they've been reporting an
> incident that happened to a Chinese UC Berkeley college student, who was
> using her cell phone to discuss playing some sort of videogame. The
> videogame involves placing "explosives" in various places in the game.
>
> Apparently, whithin minutes after completing the call, police (or other)
> officers showed up at her room and brought her in for questioning. She
> apparently brought the officers over to the friend's house to show them the
> videogame, "proving" that she was indeed talking about a videogame.
>
> Has anyone heard of this in the "regular" (ie, non-Chinese) press? The
> Chinese folks are of course up in arms about the apparent "profiling" this
> would imply, apparently ignoring the deeper implications. (For instance,
> did they actually get a wire tap for this monitoring? If so, why? If not,
> well...)

News in a country where newspapers full of the following headlines are 
published are not to be taken by face value:

- The eiffel tower was buit by a chinese
- Edison stole the electric light from a chinese
blah, blah, blah...

A friend of mine (who is married to a singapurean and speaks fluent mandarin 
and cantonese) when in her first trip to china, found these newspapers with 
this prepostorous claims. She bought several of them to shown to her 
husband...

In the chinese customs she had them confiscated...

Cultural propaganda against western values and achievements.

Andri Esteves




From maurizioburgassi at virgilio.it  Fri Nov 29 18:04:07 2002
From: maurizioburgassi at virgilio.it (Maurizio Borgassi)
Date: Sat, 30 Nov 2002 03:04:07 +0100
Subject: Perfumes and flavours from Italy
Message-ID: <200211300204.gAU247m10119@intranet.ru>

A non-text attachment was scrubbed...
Name: not available
Type: multipart/alternative
Size: 1 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021130/2b26fe14/attachment.bin>

From tcmay at got.net  Sat Nov 30 17:42:39 2002
From: tcmay at got.net (Tim May)
Date: Sat, 30 Nov 2002 17:42:39 -0800
Subject: The CDR as a Cliological experiment
In-Reply-To: <F7QxK8a79dQTSxGja6000020c50@hotmail.com>
Message-ID: <2D408B00-04CE-11D7-8A9F-0050E439C473@got.net>


On Saturday, November 30, 2002, at 05:23  PM, Tyler Durden wrote:
> As far as I'm concerned, most strife boils down to the perceived 
> economic interests of the concerned parties, and apparently 
> ehtnic/religious/whatever differences are just a mask for these 
> simpler problems. As a big for instance, racism during the slavery 
> days was really a way to allow for economic explouitation of "human 
> resources"...slavetraders of course searched for Biblical and 
> Darwinian justification of their actions, and codified them into their 
> "religion".

The slave trade was centered around some negroes capturing and selling 
some other negroes. The Moslems who ferried the captured negroes along 
the coast were just middlemen, as were the Dutch and English who 
carried the negro cargo to the final customers.

Ironically, the negro in America, especially the negro Muslim, blames 
the Jew for what other negroes and other Muslims did to some of his 
ancestors.

And now the negro in America wants the "honkey" to give him reparations.

(Tyler Durden, _please_ learn to trim your replies. Your "quote the 
entire thing" top posting is getting tiresome. I hear there are night 
school classes which teach Outlook Express or whichever braindead 
mailer you are using.)


--Tim May




From DaveHowe at gmx.co.uk  Sat Nov 30 11:28:03 2002
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Sat, 30 Nov 2002 19:28:03 -0000
Subject: CNN.com - WiFi activists on free Web crusade - Nov. 29,
  2002  (fwd)
References: <Pine.LNX.4.33.0211301117040.1787-100000@einstein.ssz.com>
Message-ID: <00d401c298a6$a122ca00$01c8a8c0@davehowe>


> http://www.cnn.com/2002/TECH/11/21/yourtech.wifis/index.html
Its a nice idea, but unfortunately gets easily bitten by the usual
networking bugbears
1. large wifi networks start to hit scaling problems - they start to need
routers and name services that are relatively expensive, and ip address
ranges start to become a scarce resource.
2. no matter how large the new network becomes, it still needs a link to the
"old" network; almost all ISPs frown on use of home connections for sharing
more than just the owner's machines, and many consider using even unmetered
in a manner they didn't provision for (ie, using unmetered more than 100
hours a month at the full bandwidth limit) as "abuse" and end the contracts
of those who do so. what you would need would be an ISP (or large
commercial) style contract with a guaranteeed bandwidth and dedicated ip
addresses - which do not come cheap enough to be worth giving away.
3. unmetered is only just becoming common in england, and is still mostly on
56K modem. broadband is often *massively* underprovisioned, and quite often
all the connections in an area feed to a single fixed-bandwidth multiplexor
at the telecomms office, so adding additional connections doesn't actually
add any bandwidth at all. the *only* end user deal is 500kb down, 250kb up
shared amongst *50* people in your area (the uk has a telecomms monopoly
from a recently privatised company that has already forced two would-be
competitors out of the market). Even now (given expected usage patterns) the
mere existance of a microsoft OS service pack more than 30mb in size is
enough to throw available bandwidth per-user below modem levels....




From tcmay at got.net  Sat Nov 30 20:40:19 2002
From: tcmay at got.net (Tim May)
Date: Sat, 30 Nov 2002 20:40:19 -0800
Subject: The CDR as a Cliological experiment
In-Reply-To: <F191DB0mfxUsGUinKSA000200d6@hotmail.com>
Message-ID: <FEC4E058-04E6-11D7-8A9F-0050E439C473@got.net>

<<< No Message Collected >>>




From DaveHowe at gmx.co.uk  Sat Nov 30 12:57:13 2002
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Sat, 30 Nov 2002 20:57:13 -0000
Subject: CNN.com - WiFi activists on free Web crusade - Nov. 29,  
  2002  (fwd)
References: <Pine.LNX.4.33.0211301346280.2679-100000@einstein.ssz.com>
Message-ID: <01dc01c298b3$15e6a440$01c8a8c0@davehowe>


Jim Choate wrote:
> On Sat, 30 Nov 2002, Dave Howe wrote:
> The scaling problem is a valid one up to a point. The others are not.
> The biggest problem is people trying to do distributed computing using
> non-distributed os'es (eg *nix clones and Microsloth).
not as such, no. the vast majority of "free internet cloud" users couldn't
care less about computer resources and/or distributed computing - they want
to access websites, ftp servers and read/send their email. with a large(ish)
number of otherwise standalone nodes, you need to worry about addressing
space, routing and (to conserve what little bandwidth you have to the
classic internet) caching. ad-hoc routing also doesn't scale well - so you
get into issues of cells mapping to address ranges and dynamic allocation to
mobile nodes as they move from cell to cell (there are probably better ways
to do that than cells and static ranges, but self-networking swarms blow out
their bandwidth purely negotiating routing long before the amount of traffic
those nodes needs becomes an issue)
its possible I am wrong and there is a wonderful distributed-computing
method to solve these purely network routing problems, but it is news to me.

>> 2. no matter how large the new network becomes, it still needs a
>> link to the "old" network;
> Granted, up to a point. That point is when this network has more
> resources than the 'old' networks. At some point the old networks
> move over and start running from the new one.
that would require that the new network be not only larger (and more cost
effective) but joined up enough (and routing-efficient enough) to see it
become the primary backbone. I am willing to imagine a world where "classic"
isps have a peering arrangement with such cloud networks (giving free access
to their own sites in return for free access to Cloud sites by their
customers) but there is always the prisoner's dilemma (which has been
attempted by so many ISPs lately) of refusing to peer with anyone they think
they can sell transit to instead.

>> almost all ISPs frown on use of home connections for sharing
>> more than just the owner's machines, and many consider using even
>> unmetered in a manner they didn't provision for (ie, using unmetered
>> more than 100 hours a month at the full bandwidth limit) as "abuse"
>> and end the contracts of those who do so. what you would need would
>> be an ISP (or large commercial) style contract with a guaranteeed
>> bandwidth and dedicated ip addresses - which do not come cheap
>> enough to be worth giving away.
> Bullshit on the too expensive to give away.
A typical commercial setup (2mb bandwidth, no ratio, no contention (sharing)
over a dedicated line) is about 700ukp/month. (say about a thousand
dollars). ok, to a large commercial operation that is about the cost of one
employee - probably even less. assuming that it came out of a pr budget
though, that is one less staff member and/or one less campaign a year, for
the (dubious) benefit of whatever pr you could get by donating it. I didn't
say it was too expensive to give way, I said it was too expensive to be
*worth* giving away compared to cheaper pr stunts that don't have to paid
for every year as an ongoing cost (with all the pr loss of having to shut it
down if it becomes too much of a drain)
and that is a *recent* cost - as little as two years ago you could pay that
for a 512K link.

> Irrelevant since there are plenty of commercial feeds out there that
> are not ISP's.
yes, of course there are - but they aren't cheap. the US has a history of
cheap connectivity and free local calls - the uk (along with most of the
rest of the world) doesn't.

> I keep seeing thes ney saying views yet the guerrilla networks just
> keep getting bigger...
There is a ratio thing - anyone with a home broadband connection (which is a
lot more common in london, where most of the free MAN schemes seem to be
concentrated) can afford to carry a few freeloaders on an ad-hoc basis, and
it isn't currently in the interests of the telco monopoly to crack down on
it - it doesn't cut into their core business (selling phone lines and leased
lines) and the traffic blips can be absorbed by the ISP who has statistical
models of how much they can underprovision their total sold broadband and/or
dialup pool bandwidth by without complaints (the monopoly, who is also an
ISP got its sums wrong a couple of years back when it first went unmetered
and the *average* bandwidth allocation during busy times was less than
2Kbits - and that was dialup pool only)
If the number of freeloaders became significant, and more importantly,
became predominantly home users (who want continuous high bandwidth) rather
than passing "war driving" people grabbing a few ks of download for email or
a quick website surf purely because it is cool) then it would both cut into
the bandwidth available to the person paying for it, and the higher average
load curve would alert both the isp and the telco to take a closer look at
why that user is using so much bandwidth.  This is in a world where you are
committing breach of contract to the monopoly telco's isp if you use the
unmetered home service and attempt to use a vpn connection to your
employer's network (which is "business use" and therefore needs a business
dialup account at eight times the cost) and where the unmetered service
drops the connection every two hours to prevent you running servers and
discourage large downloads....
Yes, I would like to see more MAN "guerrilla" networks to compete with the
monopoly telco - both for local links (and a surprising amount of local
traffic could happily stay local - particularly most of the high-bandwidth
games servers) and voice-over-IP. however, that isn't the same as free
internet service, as ultimately someone has to pay for the bandwidth that
leaves the local MAN cloud and travels elsewhere - and given the local
monopoly telco and the big-name so called "tier one" isps would all want
their cut, I can't see free internet ever happening in the UK - however, I
*can* see a high-bandwidth, uk only cloud that the majority of the uk users
connect to, with mail servers and webservers, supplimented by a dialup isp
account for access to the internet as a whole; could that gradually expand
until almost everything you need is reachable via "the cloud"? yes,
possibly, if you are interested only in stuff on your own continent. but I
don't expect to live long enough to see the current hierachical and
big-money dominated internet replaced by an anarchistic global cloud - not
just because of scaling and routing issues, but because the land surface
(and distribution of population centres) is just not continuous enough to
support even a continental cloud in my lifetime using current wifi
technology - and there is little enough incentive for those with a vested
interest in the system remaining as it is now to improve technology until
that *is* possible.




From camera_lumina at hotmail.com  Sat Nov 30 19:05:19 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Sat, 30 Nov 2002 22:05:19 -0500
Subject: The CDR as a Cliological experiment
Message-ID: <F191DB0mfxUsGUinKSA000200d6@hotmail.com>


"(Tyler Durden, _please_ learn to trim your replies. Your "quote the entire 
thing" top posting is getting tiresome. I hear there are night school 
classes which teach Outlook Express or whichever braindead mailer you are 
using.)"

Damn are you grumpy Tim May. Whaddya usin', carrier pigeon to download 
messages? (Or does some form of carpal tunnel make it excruciatingly painful 
to scroll down?)

As for the historical references to the slave trade, I am finding that black 
folks are almost equally in the dark about history as whites in this 
country.

And as my father has said...

"The only thing stupider than a stupid black guy is a stupid white guy."

And...

"Wherever two or more Americans are gathered have ye a lynch mob."











_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail




From DaveHowe at gmx.co.uk  Sat Nov 30 15:13:48 2002
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Sat, 30 Nov 2002 23:13:48 -0000
Subject: CNN.com - WiFi activists on free Web crusade - Nov. 29,  
  2002  (fwd)
References: <20021130204858.29607.qmail@web40613.mail.yahoo.com>
Message-ID: <021e01c298c6$27a58260$01c8a8c0@davehowe>


Morlock Elloi wrote:
> Not so. Self-organasing mesh networks appear to have some interesting
> properties. There is a number of open solutions and at least one
> startup I know about based on this.
<snip links>
fascinating - I obviously have a lot of reading to do - thankyou :)