From Kevin.Wall at qwest.com  Tue Oct  1 06:01:17 2002
From: Kevin.Wall at qwest.com (Wall, Kevin)
Date: Tue, 1 Oct 2002 09:01:17 -0400 
Subject: What email encryption is actually in use?
Message-ID: <9956F8424795D411B03B0008C786E60D09EA4457@dubntex005.qwest.net>


Morlock Elloi wrote...

<<<deleted>>>
> In other words, those that need crypto are taken care of, and 
> in order to gain resources to make sheeple use crypto you
> have to become Them, in which case you don't really want
> sheeple to use crypto in the first place.

Please do not use the derogatory term 'sheeple'... you're going
to give sheep a bad name.
---
Kevin W. Wall		Qwest Information Technology, Inc.
Kevin.Wall at qwest.com	Phone: 614.932.5542
"I can hardly wait until we get quantum computers.
Then we really *will* have to worry about Heisenbugs." 




From mv at cdc.gov  Tue Oct  1 09:05:04 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Tue, 01 Oct 2002 09:05:04 -0700
Subject: What email encryption is actually in use?
Message-ID: <3D99C7B0.ADD8FAC2@cdc.gov>


The problem Mr. Howe describes is fundamental, folks:
encryption should be end-to-end even when the endpoints
are functionaries in a company.  Because not all employees
are equal.

So yes Alice at ABC.COM sends mail to Bob at XYZ.COM and
the SMTP link is encrypted, so the bored upstream-ISP netops can't learn
anything
besides traffic analysis.  But once inside XYZ.COM, many
unauthorized folks could intercept Bob's email.  Access Control is
sorely lacking folks.

Link encryption is a good idea, but rarely sufficient.


At 01:20 PM 10/1/02 +0100, David Howe wrote:
>at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann
><pgut001 at cs.auckland.ac.nz> was seen to say:
>> For encryption, STARTTLS, which protects more mail than all other
>> email encryption technology combined.  See
>

>I would dispute that - not that it isn't used and useful, but unless
you
>are handing off directly to the "home" machine of the end user (or his
>direct spool) odds are good that the packet will be sent unencrypted
>somewhere along its journey. with TLS you are basically protecting a
>single link of a transmission chain, with no control over the rest of
>the chain.




From mv at cdc.gov  Tue Oct  1 09:11:47 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Tue, 01 Oct 2002 09:11:47 -0700
Subject: fun w/ the SS & chalk
Message-ID: <3D99C943.6589F517@cdc.gov>





From mv at cdc.gov  Tue Oct  1 09:15:18 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Tue, 01 Oct 2002 09:15:18 -0700
Subject: journalists as spies
Message-ID: <3D99CA15.E74EC14E@cdc.gov>


http://www.washtimes.com/upi-breaking/20020930-052952-9407r.htm

   "I was working with Pearl," said Baer, who has written a
book about his time as a CIA official and has acted as a
consultant and source for numerous media outlets. "We had a
joint project. Mohammed was the story he was working on,
not Richard Reid."




From steve at tightrope.demon.co.uk  Tue Oct  1 01:18:38 2002
From: steve at tightrope.demon.co.uk (steve at tightrope.demon.co.uk)
Date: 01 Oct 2002 09:18:38 +0100
Subject: smartcards
In-Reply-To: <b6313dbb3f7202c9161968a83e171f37@localhost>
References: <fm1fpus829u7uuqt6qpd0uplf24oms9poj@4ax.com>
  <b6313dbb3f7202c9161968a83e171f37@localhost>
Message-ID: <x7d6quy3kx.fsf@dev0.INTEROUTE.NET>


Steve Thompson <stevet010 at yahoo.com> writes:

 
>   o Most of them have an IR port and many contain enough storage and
>     horsepower to keep and play small MP3 collections.  Chaumian digital cash
>     code should fit easily.  Hell, some companies are already making noises
>     about full-motion video.  How long before the damn things have a digital
>     camera built in?

They already do (at least in Europe)

<http://www.nokia.com/phones/7650/>

and many are programmable in Java

-- 
Steve Mynott <steve at tightrope.demon.co.uk>




From DaveHowe at gmx.co.uk  Tue Oct  1 01:57:54 2002
From: DaveHowe at gmx.co.uk (David Howe)
Date: Tue, 1 Oct 2002 09:57:54 +0100
Subject: What email encryption is actually in use?
References: <h75hpus0qnbq0u871flqmemmmobpetopa0@4ax.com>
Message-ID: <00c701c26928$b8b0d480$c71121c2@sharpuk.co.uk>


at Monday, September 30, 2002 7:52 PM, James A. Donald
<jamesd at echeque.com> was seen to say:
> Is it practical for a particular group, for
> example a corporation or a conspiracy, to whip up its own
> damned root certificate, without buggering around with
> verisign?   (Of course fixing Microsoft's design errors is
> never useful, since they will rebreak their products in new
> ways that are more ingenious and harder to fix.)
Yup. In fact, some IPSec firewalls rely on the corporate having a local
CA root to issue keys for VPN access. from there it is only a small step
to using the same (or parallel issued) keys for email security.
The problem there really is that the keys will be flagged as faulty by
anyone outside the group (and therefore without the root key already
imported), and that will usually only work in a semi-rigid hierachical
structure. There *is* an attempt to set up something resembling a Web of
trust using x509 certificiates, currently in the early stages at
nntp://news.securecomp.org/WebOfTrust

> I intended to sign this using Network Associates command line
> pgp, only to discover that pgp -sa file produced unintellible
> gibberish, that could only be made sense of by pgp, so that no
> one would be able to read it without first checking my
> signature.
you made a minor config error - you need to make sure clearsign is
enabled.

> I suggest that network associates should have hired me as UI
> design manager, or failing, that, hired the dog from down the
> street as UI design manager.
It's command line. Most cyphergeeks like command line tools powerful and
cryptic :)




From ben at algroup.co.uk  Tue Oct  1 03:59:36 2002
From: ben at algroup.co.uk (Ben Laurie)
Date: Tue, 01 Oct 2002 11:59:36 +0100
Subject: Real-world steganography
References: <200210010154.NAA93137@ruru.cs.auckland.ac.nz>
Message-ID: <3D998018.2020600@algroup.co.uk>


Peter Gutmann wrote:
> I recently came across a real-world use of steganography which hides extra
> data in the LSB of CD audio tracks to allow (according to the vendor) the
> equivalent of 20-bit samples instead of 16-bit and assorted other features.
> According to the vendors, "HDCD has been used in the recording of more than
> 5,000 CD titles, which include more than 250 Billboard Top 200 recordings and
> more than 175 GRAMMY nominations", so it's already fairly widely deployed.

Yeah, right - and green felt-tip around the edges of your CD improves 
the sound, too.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff




From URMarketing at mybluelight.com  Tue Oct  1 09:22:29 2002
From: URMarketing at mybluelight.com (Bill Smith)
Date: Tue, 1, Oct 2002 12:22:29 -0400
Subject: No subject
Message-ID: <200210061707.g96H7goc022842@ak47.algebra.com>

The WORLDS First Debit VISA card that helps you
ELIMINATE DEBT! Bank Owned and Opperated Progarm
No Checking Account Needed Bad Credit or Good Credit
everyone receives this International Visa Card. You
can earn up to $100k or more a year being an Agent.
This is a World Wide Opportunity!
�
We supply you with a FREE Web Site to promote our
Visa Card That Pays. Each time someone signs up on
your Free Web Site you will receive an e-mail notifying
you of this.
�
All that participate are paid in U.S. Dollars, this is an
International VISA Card Get started now for FREE.
�
We have Marketing Office locations in the USA and around
the World, in the U.S., we are in Colorado, South Carolina
and Georga. The pay is good for just having people visit
your Free Web Site where every one can sign up for FREE.
�
�
�
Please visit,
http://www.cashmanmall.com See Link Book Mark - The Card That Pays
�
�
I DO NOT WANT TO WASTE YOUR TIME,
if you are not interested please send us an email to remove your name from our list.
�
mailto: URMarketing2 at Netscape.net?subject=PleaseRemoveMe
�
�



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1688 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021001/7d6b0c7d/attachment.txt>

From DaveHowe at gmx.co.uk  Tue Oct  1 05:20:28 2002
From: DaveHowe at gmx.co.uk (David Howe)
Date: Tue, 1 Oct 2002 13:20:28 +0100
Subject: What email encryption is actually in use?
References: <200210010208.OAA93253@ruru.cs.auckland.ac.nz>
Message-ID: <016601c26944$f3cbaf60$c71121c2@sharpuk.co.uk>


at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> was seen to say:
> For encryption, STARTTLS, which protects more mail than all other
> email encryption technology combined.  See
> http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf
> (towards the back).
I would dispute that - not that it isn't used and useful, but unless you
are handing off directly to the "home" machine of the end user (or his
direct spool) odds are good that the packet will be sent unencrypted
somewhere along its journey. with TLS you are basically protecting a
single link of a transmission chain, with no control over the rest of
the chain.

> For signing, nothing.  The S/MIME list debated having posts to the
> list signed, and decided against it: If I know you, I can recognise a
> message from you whether it's signed or not.
Signing has a limited application - I wouldn't use it routinely other
than to establish an association (key-->poster) early in a conversation,
and then omit it except for things whose source *I* would want verified
if I was receiving it.
It is unusual for me to use a sig outside of encrypt+sign.

> If I don't know you,
> whether it's signed or not is irrelevant.
Depends on the definition of "know". If a poster had a regular habit of
posting at least one signed message every week, and had never protested
that the sigs were faked, then you could assume that the poster whose
sig just cleared is the same as the poster who has been posting for that
time period - mapping that to any real-world individual is more
problematic, but mostly you don't need to. There are plenty of people I
only know online from email exchanges, and in some cases am not even
sure what sex they are :)




From schear at lvcm.com  Tue Oct  1 14:37:58 2002
From: schear at lvcm.com (Steve Schear)
Date: Tue, 01 Oct 2002 14:37:58 -0700
Subject: Court rules up-skirt peep cams legal
Message-ID: <5.1.0.14.2.20021001143406.0422ca18@pop3.lvcm.com>


Court rules up-skirt peep cams legal

In a ruling that could change fashions in Washington state, the supreme 
court there has ruled that "up-skirt cams" do not violate voyeurism laws. 
The Washington Supreme Court judges said that two men who took 
surreptitious photos and video of women and girls using tiny cameras 
"engaged in disgusting and reprehensible behavior." However, the judges 
said they did not infringe on any reasonable expectations of privacy 
because the images were captured in public places.

http://news.com.com/2100-1023-960151.html

[Using almost identical logic cities around the country have passed 
ordinances prohibiting the wearing of masks.  So, by extension, might a 
city pass an ordinance that prohibits a woman from wearing underwear with a 
skirt?  Enquiring legal minds want to know ;-)  steve]




From ianrking at yahoo.co.uk  Tue Oct  1 15:21:37 2002
From: ianrking at yahoo.co.uk (ianrking at yahoo.co.uk)
Date: Tue, 1 Oct 2002 15:21:37
Subject: FREE UK SEX SITE
Message-ID: <E17wNtW-0004fq-00.2002-10-01-15-21-02@tmailb1.svr.pol.co.uk>


check this out, the best UK FREE sex site, outdoor sex, public sex, beautiful girls, go to 
http://www.tamara.co.uk




From bill.stewart at pobox.com  Tue Oct  1 16:36:51 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Tue, 01 Oct 2002 16:36:51 -0700
Subject: Real-world steganography
In-Reply-To: <Pine.LNX.4.21.0209302136560.7997-100000@ultra.gawth.com>
References: <200210010154.NAA93137@ruru.cs.auckland.ac.nz>
Message-ID: <5.1.1.6.2.20021001153827.04b06eb0@idiom.com>

At 09:38 PM 09/30/2002 -0700, Bram Cohen wrote:
>Peter Gutmann wrote:
> > I recently came across a real-world use of steganography which hides extra
> > data in the LSB of CD audio tracks to allow (according to the vendor) the
> > equivalent of 20-bit samples instead of 16-bit and assorted other features.
>
>I don't think that's really 'steganography' per se, since no attempt is
>made to hide the fact that the information is in there. The quasi-stego
>used is just to prevent bad audio artifacts from happening.

Traditional digital telephone signalling uses a "robbed-bit" method that
steals the low-order bit from every sixth voice sample to carry information
like whether the line is busy or idle or wants to set up a connection.
(That's why you only get 56kbps and not 64kbps in some US formats,
since it doesn't want to keep track of which low bits got robbed.)

In a sense both of these are steganography, because they're trying to
hide the data channel from the audio listener by being low level noise
in ways that equipment that isn't looking for it won't notice.

That's not really much different from encoding Secret Data in the LSB
of uncompressed graphics or audio - it's about the second-crudest
form of the stuff, and if you think there are Attackers trying to
decide if you're using stego, you need more sophisticated stego -
at minimum, encoding the stegotext so it looks like random noise,
or encoding the stegotext with statistics resembling the
real noise patterns, or whatever.  The definition of "hidden writing"
doesn't specify how hard you tried to hide it or how hard the
Attacker is looking - you need to Bring Your Own Threat Model.


Since I don't speak Audiophile Engineering / Human perceptual modelspeak,
which the paper was written in, I wasn't able to figure out where the
HDCD stuff hides the extra bits.  Are they really there (in the CDROM's
error-correction bits or something)?  It sounded like they were either
saying that they make part-time use of the one LSB bit to somehow encode
the LSB and 4 more bits, which sounded really unlikely given that there
weren't any equations there about the compression models, or else that they
had some perceptual model and were using that to make a better choice of LSB
than a simple 50% cut-off of the A-to-D converter (more absolute distortion,
but better-sounding distortion.)  Or did I miss the implications of the
reference to oversampling and the real difference is that HDCD disks
really have more pixels on the disk with only the LSB different,
so a conventional reader reads it fine but needs the ECC to get the LSB?

A separate question is - "so is there some internet-accessible list of
disks using HDCD, or do I just have to look at the labels for a logo?"


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From bill.stewart at pobox.com  Tue Oct  1 20:41:21 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Tue, 01 Oct 2002 20:41:21 -0700
Subject: fun w/ the SS & chalk
In-Reply-To: <3D99C943.6589F517@cdc.gov>
Message-ID: <5.1.1.6.2.20021001203644.02af48e8@idiom.com>


At 09:11 AM 10/01/2002 -0700, Major Variola (ret) wrote:
>After reading the last paragraph in the excerpt below,
>it occurs to me how much fun could be had in DC with some chalk,
>even without an 802.11blah receiver :-)

Depending on how well-read the security folks are about warchalking,
you can also have fun creating variations on the markings,
adding notes in Cyrillic alphabets, etc.

The Pentagon subway station would be a good spot,
though it's of course likely to be thoroughly over-cameraful.




From shamrock at cypherpunks.to  Tue Oct  1 21:09:29 2002
From: shamrock at cypherpunks.to (Lucky Green)
Date: Tue, 1 Oct 2002 21:09:29 -0700
Subject: What email encryption is actually in use?
In-Reply-To: <200210020213.OAA153286@ruru.cs.auckland.ac.nz>
Message-ID: <002e01c269c9$82765010$6501a8c0@VAIO650>


Peter wrote [about the benefits of STARTTLS]:
> As opposed to more conventional encryption, where you're 
> protecting nothing at any point along the chain, because 
> 99.99% of the user base can't/won't use it. In any case most 
> email is point-to-point, which means you are protecting the 
> entire chain (that is, if I send you mail it may go through a 
> few internal machines here or there, but once it hits the WAN 
> it's straight from my gateway to yours).

I must concur with Peter. The overwhelming majority of email recipients
with whom I routinely exchange PGP encrypted email operates their own
MTAs, located within their trust boundaries. Which should come as no
surprise, since those with whom I discuss topics requiring secure
communications tend to be conscious of security and thus like to be able
to control the properties of their MTA and other network services.

I also agree that current MTAs' implementations of STARTTLS are only a
first step. At least in postfix, the only MTA with which I am
sufficiently familiar to form an opinion, it appears impossible to
require that certs presented by trusted parties match a particular hash
while certs presented by untrusted MTAs can present any certificate they
desire to achieve EDH-level security.

I am aware that the certs presented by trusted parties could of course
all be signed by the same CA, but this is an unworkable model in
personal communications. What is required in practice is a list of
trusted MTAs with corresponding hashes implemented at the MTA level.

--Lucky Green




From decoy at iki.fi  Tue Oct  1 11:24:08 2002
From: decoy at iki.fi (Sampo Syreeni)
Date: Tue, 1 Oct 2002 21:24:08 +0300 (EEST)
Subject: Real-world steganography
In-Reply-To: <3D998018.2020600@algroup.co.uk>
Message-ID: <Pine.SOL.4.30.0210012012040.366-100000@kruuna.Helsinki.FI>

On 2002-10-01, Ben Laurie uttered to Peter Gutmann:

>Yeah, right - and green felt-tip around the edges of your CD improves
>the sound, too.

I'm not sure about HDCD as a technology, but the principle is sound. If we
can compress sound transparently, we can also transparently embed quite a
lot of data into the part which is perceptually irrelevant. We might also
depart with perceptual equivalence and go with perceptual similarity
instead -- e.g. multiband compress the audio, and embed data which allows
us to expand to a higher perceptual resolution. Whatever the
implementation, putting data in the gap between statistical (i.e.
computed against a Markov model) and perceptual (against a perceptual
similarity model) entropy which compensates for some of the perceptual
shortcomings (like total dynamic range) of a particular recording
technology seems like an excellent idea.

However, applications like these have very little to do with steganography
proper. In this case, we can (and want) to fill up the entire gap between
statistical and perceptual entropy estimates with useful data, leaving us
with signals which have statistical entropies consistently higher than
we'd expect of a typical recording with similar perceptual
characteristics. That is, the encoded signal will appear manifestly random
compared to typical unencoded material from a similar source, and we can
easily see there is hidden communication going on. Such encodings will be
of little value in the context of industrial strength steganography used
for hidden communication.

Steganography used in the latter sense will also have to be imperceptible,
true, but but here the entropic gap we're filling is the one between the
entropy estimates of our best model of the source material vs. that of the
adversary's. Be the models Markov ones, perceptual, something else, or
composites of the above. Consequently the margin is much thinner
(bandwidths are probably at least a decade or two lower), and the aims
remain completely separate.

Consequently, I don't believe encodings developed for the first purpose
could ever be the best ones for the latter, or that HDCD-like endeavors
really have that much to do with the subject matter of this list.
-- 
Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111
student/math+cs/helsinki university, http://www.iki.fi/~decoy/front
openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From bill.stewart at pobox.com  Wed Oct  2 00:22:07 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Wed, 02 Oct 2002 00:22:07 -0700
Subject: What email encryption is actually in use?
In-Reply-To: <3D99C7B0.ADD8FAC2@cdc.gov>
Message-ID: <5.1.1.6.2.20021001213515.04aef888@idiom.com>


At 09:05 AM 10/01/2002 -0700, Major Variola (ret) wrote:
>So yes Alice at ABC.COM sends mail to Bob at XYZ.COM and
>the SMTP link is encrypted, so the bored upstream-ISP netops
>can't learn anything besides traffic analysis.
>But once inside XYZ.COM, many unauthorized folks could
>intercept Bob's email.  Access Control is sorely lacking folks.

I'm running Win2000 in "You're Not The Administrator" mode.
Since somebody else is root and I'm not, the fact that
my network admins could eavesdrop on my link traffic
isn't a big deal, especially when they set up my PC's software.
And if I do pretend to trust my machine against some insiders,
I can use SSH, SSL, and PGP to reduce risks from others...
Also, STARTTLS can reduce eavesdropping at Alice's ABC.COM.

If your organization is an ISP, the risks are letting them
handle your email at all (especially with currently proposed
mandatory eavesdropping laws), and STARTTLS provides a
mechanism for direct delivery that isn't as likely to be blocked
by anti-spamming restrictions on port 25.
Now to get some email *clients* using it.

On the other hand, if your recipient is at a big corporation,
they're highly likely to be using a big shared MS Exchange server,
or some standards-based equivalent, so the game's over on that end
before you even start.  Take the STARTTLS and run with it...

>Link encryption is a good idea, but rarely sufficient.

Defense in depth is important for real security.
STARTTLS can be a link-encryption solution,
but it can also be part of a layered solution,
and if you don't bother with end-to-end,
it's a really good start, and isolates your risks.
It also offers you some possibility of doing certificate management
to reduce the risk of man-in-the-middle attacks from
outside your organization, and does reduce some traffic analysis.

> >at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann
> ><pgut001 at cs.auckland.ac.nz> was seen to say:
> >> For encryption, STARTTLS, which protects more mail than all other
> >> email encryption technology combined.

If your goal is to encrypt 20% of the net by Christmas,
STARTTLS will get a lot closer to that than a perfect system.
Similarly, IPSEC using the shared key "open secret"
would have been a much-faster-deployed form of opportunistic
encryption than the FreeSWAN project's more complex form
that wants some control over DNS that most users don't have.

In the absence of a real Public Key Infrastructure,
neither is totally man-in-the-middle-proof,
so if the Feds are targeting *you* it's clearly not enough,
but reducing mass-quantity fishing expeditions increases
our security and reduces the Echelon potential -
especially if 90% of the encrypted material is
routine corporate email, mailing lists, Usenet drivel, etc.

At 01:20 PM 10/1/02 +0100, David Howe wrote:
> >I would dispute that - not that it isn't used and useful, but unless you
> >are handing off directly to the "home" machine of the end user (or his
> >direct spool) odds are good that the packet will be sent unencrypted
> >somewhere along its journey. with TLS you are basically protecting a
> >single link of a transmission chain, with no control over the rest of
> >the chain.

You can protect most of the path if your firewalls don't interfere,
and more if your recipients' don't.




From michelle7007149 at yahoo.com  Wed Oct  2 02:37:07 2002
From: michelle7007149 at yahoo.com (michelle7007149 at yahoo.com)
Date: Wed, 2 Oct 2002 05:37:07 -0400
Subject: Sunshine and Mickey!
Message-ID: <200210021340.g92DeZ703539@mail.enxuta.com.br>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3219 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021002/53890258/attachment.txt>

From quickclick12 at quickclickbingo.email-publisher.com  Wed Oct  2 09:00:00 2002
From: quickclick12 at quickclickbingo.email-publisher.com (quickclickbingo)
Date: Wed, 02 Oct 2002 09:00:00 -0700
Subject: Lose up to 10 pounds FREE with TrimLife!
Message-ID: <94261.900044387.939712321-1463792126-1033574744@topica.com>


Dear ,

Trimlife is so sure that you can lose 5-10 pounds in 7 to 10 days we want to 

send you a 7-day supply of our amazing Herbal Weight-loss tablet FREE. 

Click Here to Get Started!
http://www.quickclickbingo.com/maaayGvaaTMQLbaSzWRb/

<a href="http://www.quickclickbingo.com/maaayGvaaTMQLbaSzWRb/"> AOL Users Click 

Here</a>

That's right, you read correctly, we want to send you a FULL 7- DAY SUPPLY 

FREE! 

We�ll also give you your own Personal Weight-loss Counselor to provide you 

with lots of Health and Weight-loss tips and secrets daily! And, We�ll even 

send you the link to our fabulous new TrimLife E-Book 101 Top Secret Fat 

Burning Recipes Tips, Tricks, and Much More! - The book is a $39.95 value, 

It�s yours FREE.

All you pay is the mailing cost of One Dollar. Don't let Just $1.00 stand 

between you and melting off 5-10 pounds in 7 days. How do you get this FREE 

SAMPLE? It's easy! Just click here.

Thanks! 

Click Here to Get Started!
http://www.quickclickbingo.com/maaayGvaaTMQLbaSzWRb/

<a href="http://www.quickclickbingo.com/maaayGvaaTMQLbaSzWRb/"> AOL Users Click 

Here</a>

====================================================================
Update your profile or unsubscribe here: 
http://topica.email-publisher.com/survey/?a84EO7.baSzWR

Delivered by Topica Email Publisher, http://topica.email-publisher.com/




From DaveHowe at gmx.co.uk  Wed Oct  2 01:35:54 2002
From: DaveHowe at gmx.co.uk (David Howe)
Date: Wed, 2 Oct 2002 09:35:54 +0100
Subject: What email encryption is actually in use?
References: <qhljpu8355ea77u785bvhakihmq9idaro8@4ax.com>
Message-ID: <001e01c269ee$c0117e20$c71121c2@sharpuk.co.uk>


at Tuesday, October 01, 2002 6:10 PM, James A. Donald
<jamesd at echeque.com> was seen to say:
> Not so.  It turns out the command line is now different in PGP
> 6.5.8.  It is now pgp -sta to clearsign, instead of pgp -sa.
> (Needless to say the t option does not appear in pgp -h
*nods*
its in the 6.5 Command Line Guide, but as "identifies the input file as
a text file"
The CLG is the best reference for this though - as it explictly lists
sta as the correct option in section
Ch2>Common PGP Functions>Signing Messages>Sign a plaintext ASCII file.
I could email you a copy of the PDF of that (its about 500K) if you
wish.

> The clearsigning now seems to work a lot better than I recall
> the clearsigning working in pgp 2.6.2.  They now do some
> canonicalization, or perhaps they guess lots of variants until
> one checks out.
its canonicalization - again according to the CLG (CH3>Sending ASCII
text files to different machine environments)

> Perhaps they hid the clear signing because it used not to work,
> but having fixed it they failed to unhide it?
its just an evolution. IIRC the command line tool was based at least
partially on the unix version of pgp, which always had different command
line switches. It would be nice if behaviour was more backwards
compatable, but they *did* document it in the official M that you should
RTF :)




From vin at shore.net  Wed Oct  2 06:40:55 2002
From: vin at shore.net (Vin McLellan)
Date: Wed, 02 Oct 2002 09:40:55 -0400
Subject: What email encryption is actually in use?
In-Reply-To: <002e01c269c9$82765010$6501a8c0@VAIO650>
References: <200210020213.OAA153286@ruru.cs.auckland.ac.nz>
Message-ID: <5.1.0.14.2.20021002093438.04177d30@shell.shore.net>


I've always been intrigued by the volume of reports which indicate that 
when hackers or other outlaws raid a corporate site, the first thing they 
do is scan the stored email files of company executives.

Funny, with all the attention focused pushing the user to encrypt email for 
transmission, no one ever suggests that Admins should/could store all email 
on the local mail server in an encrypted format.

Am I wrong, does some mail server do this?  If not, anyone got any 
suggestions for an efficient design?

Surete,
         _Vin



At 10/2/02, Lucky Green wrote:
>Peter wrote [about the benefits of STARTTLS]:
> > As opposed to more conventional encryption, where you're
> > protecting nothing at any point along the chain, because
> > 99.99% of the user base can't/won't use it. In any case most
> > email is point-to-point, which means you are protecting the
> > entire chain (that is, if I send you mail it may go through a
> > few internal machines here or there, but once it hits the WAN
> > it's straight from my gateway to yours).
>
>I must concur with Peter. The overwhelming majority of email recipients
>with whom I routinely exchange PGP encrypted email operates their own
>MTAs, located within their trust boundaries. Which should come as no
>surprise, since those with whom I discuss topics requiring secure
>communications tend to be conscious of security and thus like to be able
>to control the properties of their MTA and other network services.
>
>I also agree that current MTAs' implementations of STARTTLS are only a
>first step. At least in postfix, the only MTA with which I am
>sufficiently familiar to form an opinion, it appears impossible to
>require that certs presented by trusted parties match a particular hash
>while certs presented by untrusted MTAs can present any certificate they
>desire to achieve EDH-level security.
>
>I am aware that the certs presented by trusted parties could of course
>all be signed by the same CA, but this is an unworkable model in
>personal communications. What is required in practice is a list of
>trusted MTAs with corresponding hashes implemented at the MTA level.
>
>--Lucky Green




From DaveHowe at gmx.co.uk  Wed Oct  2 01:52:09 2002
From: DaveHowe at gmx.co.uk (David Howe)
Date: Wed, 2 Oct 2002 09:52:09 +0100
Subject: What email encryption is actually in use?
References: <200210010208.OAA93253@ruru.cs.auckland.ac.nz> 
  <016601c26944$f3cbaf60$c71121c2@sharpuk.co.uk>
  <20021001200414.GB6505@bounty.org>
Message-ID: <003201c269f1$07a84be0$c71121c2@sharpuk.co.uk>


-----BEGIN PGP SIGNED MESSAGE-----

at Tuesday, October 01, 2002 9:04 PM, Petro <petro at bounty.org> was seen
to say:
>     Well, it's a start. Every mail server (except mx1 and
>     mx2.prserv.net) should use TLS.
Its nice in theory, but in practice look how long it takes the bulk of
the
internet to install urgent patches - how long is it going to take to get
people to install an upgrade to privacy that actually causes more
problems
for them?
Besides the core here is that
1) everyone with a server enroute can read the mail
2) you are relying on every other link in the chain to protect your
privacy

clientside crypto fixes both these problems, reduces the total crypto
load
on the chain (encryption/decryption is only ever done once) and allows
use
of digital signatures.

>     Once you start using it, it becomes part of hte pattern by wich
>     other people identify you.
Exactly the intention, yes :)
Just for the sake of it (anyone who cares will have seen my signature
enough times by now) I will sign this one :)

-----BEGIN PGP SIGNATURE-----
Version: PGP - Cyber-Knights Templar

iQIVAwUBPZqzpWDKt9Hjj5SVAQFlwA//cQYGFRb3sJEM695lWJ+rUhymcS5lTSEV
vG3eRUvxpbhLcAS+QsdMXX3pDlu60UzOhxubpQch9E59yE/+uaeU+5AzkfDQjc2q
jQ8SppCqf56+uevoZlH1RiKkBT6Hx7ctPimEIlq3FXWsaqA3ocPVghZwFhMaxA1G
twCtBxR7Q3y6VePzCzeealx7TDgcoS7hoBKNTsueAIWd/9xB9JYjFvS8OecOMdZG
B+yvSLHZn1YJG62JfZ8EWXr1xKh5BZxdRVxLVzhaumtyAFr2hCDQffDiz5UtyGSa
JdMoJAzmZZZ5EvcHc0rMDVs5BiDr5/EaSU+xecPz/YxY4BWxGFprqsRi7IapTkb1
26zgJQ4miGylFlmZM30cxKYudi5PdSJ4VUWpuoHRg9clZlH9KzC7f0suYAnACDXC
bzr5Fgp3+bvRnziMD65NT4G1hxA5pYPl+4IudVSKcaMsHLWSTE8Lnf0US283MdeR
VXKbINvyEr0p0zrl7lVmHZbmuLjdUHrgAoyQEKcaMelE+Q8suXynDYtSV7LCfdAE
CjKBz2RxAiNhi1vAq6NuFOMx+R9c23Sxg2uUUbpYeRbl5fPbjamDzIhK2ccNNmpU
euuWj3O9e6YMtW0KPezYbJ/9fMMkOAv3KnfdeAgcjSnipMqVvqgJ4sWil3gfUADY
X0TKznTghWs=
=3uOF
-----END PGP SIGNATURE-----




From jeremey at rot26.com  Wed Oct  2 08:04:03 2002
From: jeremey at rot26.com (Jeremey Barrett)
Date: Wed, 02 Oct 2002 10:04:03 -0500
Subject: What email encryption is actually in use?
References: <5.1.1.6.2.20021001213515.04aef888@idiom.com>
Message-ID: <3D9B0AE3.6060506@rot26.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bill Stewart wrote:
|
| If your organization is an ISP, the risks are letting them
| handle your email at all (especially with currently proposed
| mandatory eavesdropping laws), and STARTTLS provides a
| mechanism for direct delivery that isn't as likely to be blocked
| by anti-spamming restrictions on port 25.
| Now to get some email *clients* using it.
|

BTW, most and probably all of the major mail clients out there will do
STARTTLS *for SMTP*. It's a matter of servers offering it and clients
being configured to actually use it. It'd be nice if they always used it
if it's available, but right now I think they all require being told to.

Specifically, Mozilla, Outlook, Outlook Express, Netscape (all the way
back to 4.7x at least), Evolution, and Eudora all support STARTTLS
(again, for SMTP). I imagine there are others that do as well.

Amusingly, virtually none of them support STARTLS on any other protocol.
:) IMAP and POP are almost all supported only on dedicated SSL ports
(IMAPS, POP3S). Argh.

Regards,
Jeremey.
- --
Jeremey Barrett [jeremey at rot26.com]    Key: http://rot26.com/gpg.asc
GnuPG fingerprint: 716E C811 C6D9 2B31 685D 008F F715 EB88 52F6 3860
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE9mwrg9xXriFL2OGARAo/oAJ0QnWSlj22d3jvdyw8wtfVXIGkjFACeOuXr
fZjD8Wo2H/AWkM1saPxNNOY=
=g5QQ
-----END PGP SIGNATURE-----




From Adalvo at sverige.nu  Wed Oct  2 07:54:40 2002
From: Adalvo at sverige.nu (Claud Choi)
Date: Wed, 02 Oct 2002 10:54:40 -0400
Subject: Information for cypherpunks@minder.net
Message-ID: <gikblof@sverige.nu>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2042 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021002/88abe98e/attachment.txt>

From jeremey at rot26.com  Wed Oct  2 08:54:53 2002
From: jeremey at rot26.com (Jeremey Barrett)
Date: Wed, 02 Oct 2002 10:54:53 -0500
Subject: What email encryption is actually in use?
References: <5.1.1.6.2.20021001213515.04aef888@idiom.com> <5.1.0.14.2.20021002205831.02dd5930@frodo.hserus.net>
Message-ID: <3D9B16CD.5080003@rot26.com>

Udhay Shankar N wrote:
| At 10:04 AM 10/2/02 -0500, Jeremey Barrett wrote:
|
|> Amusingly, virtually none of them support STARTLS on any other protocol.
|> :) IMAP and POP are almost all supported only on dedicated SSL ports
|> (IMAPS, POP3S). Argh.
|
| I use Eudora, as I'm very comfortable with it (so comfortable, in fact,
| that it's my primary reason for booting Windows at all.)
|
| The version I use, 5.1, *does* support STARTTLS for POP over both the
| regular port 110 as well as alternate ports, as well as user-defined
| ports. It needs some tweaking, but the capability exists.
|
| I don't know about IMAP, as I don't use IMAP to get my mail.
|

Yes, Eudora is the exception. It supports both STARTTLS and dedicated
SSL ports for all mail protocols (it even does SMTPS I think).

Jeremey.
--
Jeremey Barrett [jeremey at rot26.com]    Key: http://rot26.com/gpg.asc
GnuPG fingerprint: 716E C811 C6D9 2B31 685D 008F F715 EB88 52F6 3860


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From pwk at acm.org  Wed Oct  2 10:55:50 2002
From: pwk at acm.org (Paul Krumviede)
Date: Wed, 02 Oct 2002 10:55:50 -0700
Subject: What email encryption is actually in use?
In-Reply-To: <3D9B16CD.5080003@rot26.com>
References: <3D9B16CD.5080003@rot26.com>
Message-ID: <52500712.1033556150@localhost>

--On Wednesday, 02 October, 2002 10:54 -0500 Jeremey Barrett 
<jeremey at rot26.com> wrote:

> Udhay Shankar N wrote:
>| At 10:04 AM 10/2/02 -0500, Jeremey Barrett wrote:
>|
>|> Amusingly, virtually none of them support STARTLS on any other protocol.
>|> :) IMAP and POP are almost all supported only on dedicated SSL ports
>|> (IMAPS, POP3S). Argh.
>|
>| I use Eudora, as I'm very comfortable with it (so comfortable, in fact,
>| that it's my primary reason for booting Windows at all.)
>|
>| The version I use, 5.1, *does* support STARTTLS for POP over both the
>| regular port 110 as well as alternate ports, as well as user-defined
>| ports. It needs some tweaking, but the capability exists.
>|
>| I don't know about IMAP, as I don't use IMAP to get my mail.
>|
>
> Yes, Eudora is the exception. It supports both STARTTLS and dedicated
> SSL ports for all mail protocols (it even does SMTPS I think).

it isn't the only exception: i use mulberry with IMAP, and it supports
STARTTLS for both IMAP and SMTP over the normal ports; haven't
tried POP3, although it looks like it should work. and this seems to
work for mulberry on linux, macs and windows.

-paul


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From pgut001 at cs.auckland.ac.nz  Tue Oct  1 19:13:39 2002
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Wed, 2 Oct 2002 14:13:39 +1200 (NZST)
Subject: What email encryption is actually in use?
Message-ID: <200210020213.OAA153286@ruru.cs.auckland.ac.nz>


"David Howe" <DaveHowe at gmx.co.uk> writes:

>at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann
><pgut001 at cs.auckland.ac.nz> was seen to say:
>>For encryption, STARTTLS, which protects more mail than all other
>>email encryption technology combined.  See
>>http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf
>>(towards the back).
>I would dispute that - not that it isn't used and useful, but unless you are
>handing off directly to the "home" machine of the end user (or his direct
>spool) odds are good that the packet will be sent unencrypted somewhere along
>its journey. with TLS you are basically protecting a single link of a
>transmission chain, with no control over the rest of the chain.

As opposed to more conventional encryption, where you're protecting nothing at
any point along the chain, because 99.99% of the user base can't/won't use it.
In any case most email is point-to-point, which means you are protecting the
entire chain (that is, if I send you mail it may go through a few internal
machines here or there, but once it hits the WAN it's straight from my gateway
to yours).

Peter.




From adam at homeport.org  Wed Oct  2 12:14:21 2002
From: adam at homeport.org (Adam Shostack)
Date: Wed, 2 Oct 2002 15:14:21 -0400
Subject: What email encryption is actually in use?
In-Reply-To: <3D9B16CE.6060004@algroup.co.uk>
References: <002e01c269c9$82765010$6501a8c0@VAIO650>
  <3D9B16CE.6060004@algroup.co.uk>
Message-ID: <20021002191420.GA26039@lightship.internal.homeport.org>


On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote:
| Lucky Green wrote:
| >I also agree that current MTAs' implementations of STARTTLS are only a
| >first step. At least in postfix, the only MTA with which I am
| >sufficiently familiar to form an opinion, it appears impossible to
| >require that certs presented by trusted parties match a particular hash
| >while certs presented by untrusted MTAs can present any certificate they
| >desire to achieve EDH-level security.
| 
| This is probably a stupid question, but... why would you want to do this?

So that your regular correspondants are authenticated, while anyone
else is opportunisticly encrypted.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From shamrock at cypherpunks.to  Wed Oct  2 15:39:32 2002
From: shamrock at cypherpunks.to (Lucky Green)
Date: Wed, 2 Oct 2002 15:39:32 -0700
Subject: What email encryption is actually in use?
In-Reply-To: <3D9B16CE.6060004@algroup.co.uk>
Message-ID: <000201c26a64$952b4530$6501a8c0@VAIO650>


Ben wrote:
> Lucky Green wrote:
> > I also agree that current MTAs' implementations of STARTTLS 
> are only a 
> > first step. At least in postfix, the only MTA with which I am 
> > sufficiently familiar to form an opinion, it appears impossible to 
> > require that certs presented by trusted parties match a particular 
> > hash while certs presented by untrusted MTAs can present any 
> > certificate they desire to achieve EDH-level security.
> 
> This is probably a stupid question, but... why would you want 
> to do this?

To protect against MIM attacks on the encrypted tunnel between the trust
domains represented by my friend's MTA and my MTA.

--Lucky Green




From adam at homeport.org  Wed Oct  2 13:19:02 2002
From: adam at homeport.org (Adam Shostack)
Date: Wed, 2 Oct 2002 16:19:02 -0400
Subject: What email encryption is actually in use?
In-Reply-To: <3D9B533F.9020904@algroup.co.uk>
References: <002e01c269c9$82765010$6501a8c0@VAIO650>
  <3D9B16CE.6060004@algroup.co.uk>
  <20021002191420.GA26039@lightship.internal.homeport.org>
  <3D9B533F.9020904@algroup.co.uk>
Message-ID: <20021002201902.GA27204@lightship.internal.homeport.org>


On Wed, Oct 02, 2002 at 09:12:47PM +0100, Ben Laurie wrote:
| Adam Shostack wrote:
| >On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote:
| >| Lucky Green wrote:
| >| >I also agree that current MTAs' implementations of STARTTLS are only a
| >| >first step. At least in postfix, the only MTA with which I am
| >| >sufficiently familiar to form an opinion, it appears impossible to
| >| >require that certs presented by trusted parties match a particular hash
| >| >while certs presented by untrusted MTAs can present any certificate they
| >| >desire to achieve EDH-level security.
| >| 
| >| This is probably a stupid question, but... why would you want to do this?
| >
| >So that your regular correspondants are authenticated, while anyone
| >else is opportunisticly encrypted.
| 
| ??? How does checking their MTA's cert authenticate them? What's wrong 
| with PGP sigs?

Consistency with last time.

Whats wrong with PGP sigs is that going on 9 full years after I
generated my first pgp key, my mom still can't use the stuff.

Sure, you and I can use PGP, but by and large, people don't bother.
So lets look at a technology that's getting accepted, and improve it
slowly.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From jamesd at echeque.com  Wed Oct  2 19:26:32 2002
From: jamesd at echeque.com (James A. Donald)
Date: Wed, 02 Oct 2002 19:26:32 -0700
Subject: What email encryption is actually in use?
In-Reply-To: <00b501c26a4b$b00e16c0$01c8a8c0@davehowe>
Message-ID: <3D9B4868.23091.2A00B98@localhost>


    --
James A. Donald wrote:
> > And PGP tells me "signature not checked, key does not meet 
> > validity threshold"

On 2 Oct 2002 at 20:40, Dave Howe wrote:
> what version are you on?

pgp 6.5.8 command line version.

The actual problem was that there was no such key in my key 
ring, but error messages gave me no hint of that.

So having determined the problem, I dutifully went to the key
server, and encountered yet another stream of problems related
to the keyserver and windows, that made it impossible to
download the key, but that is another story. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     C+pOgajD+X0+ZJN6MxG/jTvWMW4WWcSPAO/u5ONp
     41dEFaucvzVF+ulAPaijTMkhlW/C+virFHh06hHrM




From jamesd at echeque.com  Wed Oct  2 19:45:47 2002
From: jamesd at echeque.com (James A. Donald)
Date: Wed, 02 Oct 2002 19:45:47 -0700
Subject: What email encryption is actually in use?
In-Reply-To: <20021002201902.GA27204@lightship.internal.homeport.org>
References: <3D9B533F.9020904@algroup.co.uk>
Message-ID: <3D9B4CEB.6703.2B1ABC9@localhost>


    --
On 2 Oct 2002 at 16:19, Adam Shostack wrote:
> Whats wrong with PGP sigs is that going on 9 full years after 
> I generated my first pgp key, my mom still can't use the 
> stuff.

The fact that your mum cannot use the stuff is only half the 
problem.  I am a computer expert, a key administrator, someone 
who has been paid to write cryptographic code, and half the 
time I cannot use pgp.

Of course, I have had real occasion to use this stuff so rarely 
that I suspect your mother would never use it no matter how 
user friendly.

The lack of demand may have something to do with Hettinga's 
rant, that all cryptography is financial cryptography.  As I am 
fond of pointing out, envelopes were first invented to contain 
records of goods and payments.  People use encryption when
money is at stake.  If people start routinely making binding
deals on the internet, they will soon routinely use encryption. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     Yek7NX953gkX+mwOcaRKW13pMWVzckXtQLHH7Oqt
     45E6Pq+EKfccaEUOQLWtfPKtgE9yfk5u/o8MMv4HG




From DaveHowe at gmx.co.uk  Wed Oct  2 12:40:52 2002
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Wed, 2 Oct 2002 20:40:52 +0100
Subject: What email encryption is actually in use?
References: <gr5mpuc2cl7p1bcnq6h47tolts9vvath0n@4ax.com>
Message-ID: <00b501c26a4b$b00e16c0$01c8a8c0@davehowe>


James A. Donald wrote:
>> And PGP tells me "signature not checked, key does not meet
> validity threshold"
what version are you on? ckt never does that - it checks it, and marks the
sig status as good or bad - but obviously marks the key status as invalid
(due to lack of signing) on anyone I don't trust enough to sign :)
oh - and some versions of pgp have trouble with that particular key - its a
4K RSA that V5.x would accept, but V6.x wouldn't
Try 6.5.8 CKT instead :)




From udhay at pobox.com  Wed Oct  2 08:31:34 2002
From: udhay at pobox.com (Udhay Shankar N)
Date: Wed, 02 Oct 2002 21:01:34 +0530
Subject: What email encryption is actually in use?
In-Reply-To: <3D9B0AE3.6060506@rot26.com>
References: <5.1.1.6.2.20021001213515.04aef888@idiom.com>
Message-ID: <5.1.0.14.2.20021002205831.02dd5930@frodo.hserus.net>

At 10:04 AM 10/2/02 -0500, Jeremey Barrett wrote:

>Specifically, Mozilla, Outlook, Outlook Express, Netscape (all the way
>back to 4.7x at least), Evolution, and Eudora all support STARTTLS
>(again, for SMTP). I imagine there are others that do as well.
>
>Amusingly, virtually none of them support STARTLS on any other protocol.
>:) IMAP and POP are almost all supported only on dedicated SSL ports
>(IMAPS, POP3S). Argh.

I use Eudora, as I'm very comfortable with it (so comfortable, in fact, 
that it's my primary reason for booting Windows at all.)

The version I use, 5.1, *does* support STARTTLS for POP over both the 
regular port 110 as well as alternate ports, as well as user-defined ports. 
It needs some tweaking, but the capability exists.

I don't know about IMAP, as I don't use IMAP to get my mail.

Udhay

-- 
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From eugen at leitl.org  Wed Oct  2 13:47:18 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 2 Oct 2002 22:47:18 +0200 (CEST)
Subject: JYA ping
In-Reply-To: <7a0abd63f818aeb0fa1a4e952c44aa25@ecn.org>
Message-ID: <Pine.LNX.4.33.0210022245450.29450-100000@hydrogen.leitl.org>


On Wed, 2 Oct 2002, Anonymous wrote:

> Cryptome has nor been updated since 9/23 ... any clues, anyone ?

No. Anyone knows whether John Young is okay?




From igywpxg at ibm.com  Wed Oct  2 20:32:41 2002
From: igywpxg at ibm.com (Cilya Barr)
Date: Wed, 02 Oct 2002 23:32:41 -0400
Subject: cypherpunks, Over 40? This is a MUST..
Message-ID: <srkoqevn@ibm.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 6844 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021002/cb6c06f4/attachment.txt>

From alfie at leaflock.homeip.net  Wed Oct  2 20:36:59 2002
From: alfie at leaflock.homeip.net (Alfie)
Date: Wed, 2 Oct 2002 23:36:59 -0400
Subject: What email encryption is actually in use?
In-Reply-To: <3D9B4CEB.6703.2B1ABC9@localhost>
References: <3D9B533F.9020904@algroup.co.uk>
  <3D9B4CEB.6703.2B1ABC9@localhost>
Message-ID: <20021003033659.GA8652@cvg-65-29-193-61.cinci.rr.com>


On Wed, Oct 02, 2002 at 07:45:47PM -0700, James A. Donald wrote:
>     --
> On 2 Oct 2002 at 16:19, Adam Shostack wrote:
> > Whats wrong with PGP sigs is that going on 9 full years after
> > I generated my first pgp key, my mom still can't use the
> > stuff.
>
> The fact that your mum cannot use the stuff is only half the
> problem.  I am a computer expert, a key administrator, someone
> who has been paid to write cryptographic code, and half the
> time I cannot use pgp.

Have you looked at GnuPG?   http://www.gnupg.org/

There are some graphical front-ends which I have not tried, but
the console version seems straightforward to me.


Blessed be,
Alfie
--
guru, n:  A computer owner who can read the manual.

[demime 0.97c removed an attachment of type application/pgp-signature]




From scribe at exmosis.net  Thu Oct  3 04:05:27 2002
From: scribe at exmosis.net (Graham Lally)
Date: Thu, 03 Oct 2002 12:05:27 +0100
Subject: JYA ping
References: <Pine.LNX.4.33.0210022245450.29450-100000@hydrogen.leitl.org
  >
Message-ID: <3D9C2477.3020707@exmosis.net>


Eugen Leitl wrote:
> On Wed, 2 Oct 2002, Anonymous wrote:
> 
>>Cryptome has nor been updated since 9/23 ... any clues, anyone ?
> 
> No. Anyone knows whether John Young is okay?

Can't get through to http://www.jya.com/ either (plus Google hasn't cached 
it, for some reason...?) - can't resolve it at all.




From alfie at leaflock.homeip.net  Thu Oct  3 11:34:32 2002
From: alfie at leaflock.homeip.net (Alfie)
Date: Thu, 3 Oct 2002 14:34:32 -0400
Subject: What email encryption is actually in use?
In-Reply-To: <3D9C26B6.11948.E3FB56@localhost>
References: <3D9C715B.5020109@algroup.co.uk>
  <3D9C26B6.11948.E3FB56@localhost>
Message-ID: <20021003183432.GA15915@cvg-65-29-193-61.cinci.rr.com>


On Thu, Oct 03, 2002 at 11:15:02AM -0700, James A. Donald wrote:
>
> On 3 Oct 2002 at 17:33, Ben Laurie wrote:
> > Mozilla+enigmail+gpg. It just works.
>
> If we had client side encryption that "just works" we would be
> seeing a few more signed messages on this list, and those that
> appear, would actually be checked.  Send an unnecessarily
> encrypted message to Tim and he wil probably threaten to shoot
> you.

I always sign my messages, but the listserv software deletes
the attached signature. Go figure. :)

--
guru, n:  A computer owner who can read the manual.

[demime 0.97c removed an attachment of type application/pgp-signature]




From kksolohxt at aol.com  Thu Oct  3 15:29:06 2002
From: kksolohxt at aol.com (Lena David)
Date: Thu, 03 Oct 2002 18:29:06 -0400
Subject: Hello cypherpunks, Free Money Secrets Revealed!
Message-ID: <ogwccecatbkv@aol.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 6950 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021003/3185c90b/attachment.txt>

From agdodson at msn.com  Thu Oct  3 21:07:32 2002
From: agdodson at msn.com (Adrienne Dodson)
Date: Thu, 3 Oct 2002 21:07:32 -0700
Subject: need to know how to make c4
Message-ID: <DAV19RFB5vnOd9PdKZ60001cfbb@hotmail.com>

Get more from the Web.  FREE MSN Explorer download : http://explorer.msn.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 226 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021003/841bebf5/attachment.txt>

From udhay at pobox.com  Thu Oct  3 09:32:10 2002
From: udhay at pobox.com (Udhay Shankar N)
Date: Thu, 03 Oct 2002 22:02:10 +0530
Subject: What email encryption is actually in use? 
In-Reply-To: <000f01c26a7f$3e076ca0$6501a8c0@VAIO650>
References: <20021002185639.DEA2F7B68@berkshire.research.att.com>
Message-ID: <5.1.0.14.2.20021003220054.02bbfa70@frodo.hserus.net>

At 06:50 PM 10/2/02 -0700, Lucky Green wrote:

>Steven raises an interesting point. Having looked at various STARTTLS
>implementations it appears to me that if not the designers of STARTTLS
>then at least the authors of STARTTLS-enabled MTAs appeared to have
>envisioned the use of STARTTLS primarily to secure and authenticate
>email submission, not MTA-to-MTA SMTP transfer.

I agree. In fact, the primary reason I use (and recommend) STARTTLS is to 
defeat logging by snoopy employers and/or clients.

Udhay

-- 
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From eqoupdates at Pitching.com  Thu Oct  3 22:12:15 2002
From: eqoupdates at Pitching.com (ciuJacob)
Date: Thu, 3 Oct 2002 22:12:15 -0700
Subject: enh
Message-ID: <200210040511.g945BcQ03301@waste.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3553 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021003/4045d449/attachment.txt>

From Promotions at usairways.com  Thu Oct  3 23:00:00 2002
From: Promotions at usairways.com (Promotions at usairways.com)
Date: Fri, 4 Oct 2002 01:00:00 -0500
Subject: US Airways Winter Sale to Europe
Message-ID: <200210040609.g9469Imn000331@ak47.algebra.com>


US Airways introduces New Winter travel sales to Europe. Purchase tickets by October 9, 2002. Lowest fares to Europe are available for travel beginning November 1, 2002, and all travel must be completed by March 14, 2003. Sale fares for travel from the U.S. to Amsterdam, Frankfurt, Munich, Madrid, Manchester, Paris and Rome, and from select cities in the U.S. to London.

European Sale Details:
----------------------------------------------------------------
- Tickets must be purchased at least 7 days in advance of travel
  and no later than October 9, 2002
- Travel valid beginning November 1, 2002
- All travel must be completed by March 14, 2003
- See Sale Fare Requirements below for complete details

This is just a sample of the discounted fares. For reservations and fares from your city go to:
http://www.usairways.com/promotions/specials/winter_eur_sale.htm

                                   Roundtrip
Sample Markets                       Fares
--------------                       -----
Baltimore - Manchester, UK           $383
Boston - Rome                        $310
Charlotte - London                   $340
Denver - Munich                      $435
Indianapolis - Frankfurt             $417
Los Angeles - Madrid                 $520
Miami - Rome                         $370
New Orleans - Paris                  $418
Norfolk - Frankfurt                  $401
Orlando - Manchester, UK             $421
Philadelphia - London                $295
Pittsburgh - London                  $314
Raleigh/Durham - Amsterdam           $384
San Diego - Rome                     $502
San Francisco - Amsterdam            $447
Seattle - Frankfurt                  $422
Tampa - Munich                       $401
Washington, DC - Madrid              $357

Fares are for roundtrip coach travel on US Airways, US Airways Shuttle, and/or US Airways Express. Depending on your travel needs, alternative routings may be available at the same fares, with part of the service on regional aircraft operated by US Airways Express carriers Allegheny, Air Midwest, CCAIR, Chautauqua, Colgan, Mesa, Piedmont, PSA, Shuttle America or Trans States.


************************************************************
DIVIDEND MILES BONUS OFFER
************************************************************

Earn up to 30,000 Bonus Miles to/from Europe This Fall. Fly US Airways to Amsterdam, Frankfurt, London, Madrid, Manchester, Munich, Paris or Rome now through December 31, 2002 and earn up to 30,000 bonus miles. Register today at:
http://www.usairways.com/dividendmiles/6935.htm

************************************************************
SALE FARE REQUIREMENTS
************************************************************

Fares are based on required roundtrip Coach travel. Tickets must be purchased at least 7 days in advance of travel, within 24 hours of making reservation and no later than 10/9/02. Travel valid 11/1/02 - 3/14/03; all travel must be completed by 3/14/02. Tickets become nonrefundable 24 hours after making initial reservation, and under certain conditions may be changed prior to the departure date of each flight segment for a minimum $200 fee. If changes are not made prior to the departure date of each flight, the entire remaining ticket will have no further value. Minimum Saturday night stay is required. Maximum 30 day stay allowed. Travel to Europe not permitted 11/16-11/18/02, 12/21-12/23/02, 12/28-12/29/02; travel from Europe not permitted 11/25-11/27/02, 1/2-1/7/03. Travel valid Mondays-Thursdays; other days may be higher. 
Fares do not include the September 11th Security Fee of up to $10 per itinerary. Fares do not include up to $18 in airport passenger facility charges where applicable. Fares do not include government imposed taxes/fees/surcharges of up to $85. Seats from Miami and Orlando are extremely limited in December. Seats are limited or may be sold out during very busy travel times. Lower fares may be available in these markets. Fares may not be available in all markets. Other conditions may apply.

************************************************************
SUBSCRIPTION INFORMATION
************************************************************

This is a post-only mailing sent to CYPHERPUNKS at ALGEBRA.COM. If you would like to change your e-mail address, you will need to unsubscribe and resubscribe at the E-Savers Enrollment page:
http://www.usairways.com/promotions/esavers/enroll/index.htm

To unsubscribe from this list, please click here:
http://www.usairways.com/cgi-bin/delete.cgi?email=CYPHERPUNKS at ALGEBRA.COM

To change your departure city preferences, please visit:
http://www.usairways.com/promotions/esavers/enroll/index.htm

Please do not respond to this message. 


Copyright US Airways 1996-2002.  All rights reserved.







From jya at pipeline.com  Fri Oct  4 04:54:21 2002
From: jya at pipeline.com (jya at pipeline.com)
Date: Fri, 04 Oct 2002 07:54:21 -0400
Subject: JYA ping
Message-ID: <Springmail.0994.1033732461.0.66536800@webmail.atl.earthlink.net>


JYA is temporarily dead online due to work load in the DC area, near the
armageddon push button, which is located, in case you give a, out on Route 7
disguised as FAA Leesburg.

We paid a surprise Sunday morning visit to the CIA back entrance, got
surrounded by HMMVs and spiffy guards with hands on guns, interrogated by a
swell looking Ms. Security who ran our Duncan Frissell ID card through the
master file, idled for 1/2 hour observing gaps in the maginot line, and then
received a heartfelt thanks for cooperating, Duncan, wink.

Mrs. Frissell hissed bitch as we serpentined the Jersey barriers back out the
way in.




From Subscriber_Services78041 at execpc.com  Fri Oct  4 07:09:22 2002
From: Subscriber_Services78041 at execpc.com (WALL STREET BULLETIN..46699)
Date: Fri, 4 Oct 2002 09:09:22 -0500
Subject: STOCK ALERT: TBIN - Last Pick UP 102%.............................................. wdtr
Message-ID: <200210041407.g94E7Mgf000669@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 623 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021004/fd139e51/attachment.txt>

From postmail2020 at truthmail.com  Fri Oct  4 12:09:49 2002
From: postmail2020 at truthmail.com (PODGallery)
Date: Fri, 4 Oct 2002 12:09:49
Subject: FREE Pinups, Pulp & Comix Site: PODGallery.com
Message-ID: <200210041609.g94G9HDV011232@ak47.algebra.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 7168 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021004/2d07f266/attachment.txt>

From mv at cdc.gov  Fri Oct  4 13:07:50 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 04 Oct 2002 13:07:50 -0700
Subject: why bother signing? (was Re: What email encryption is actually
  in use?)
Message-ID: <3D9DF516.ED30A66A@cdc.gov>


At 04:45 PM 10/3/02 -0700, James A. Donald wrote:
>    --
>James A. Donald wrote:
>> > If we had client side encryption that "just works" we would
>> > be seeing a few more signed messages on this list,

>Ben Laurie wrote:
>> Why would I want to sign a message to this list?
>
>Then all the people who read this list, were they to receive a
>communication from you, they would know it was the same Ben
>Laurie who posts to this list.

But Ben is not spoofed here!  So there is little motivation.

In an environment where spoofing was common, folks would
sign (which is not incompatible with retaining anonymity, of course).

You could also sign anonymous statements here which you might
decide to bind to one of your identities later.

In the absence of any need, its not rational to bother.




From ndvocypherpunks at Algebra.COM  Fri Oct  4 10:18:28 2002
From: ndvocypherpunks at Algebra.COM (sracypherpunks@algebra.com)
Date: Fri, 4 Oct 2002 13:18:28 -0400
Subject: cypherpunks@algebra.com msbi
Message-ID: <200210041718.g94HIENP019668@ak47.algebra.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4117 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021004/ced38255/attachment.txt>

From jamesd at echeque.com  Fri Oct  4 16:13:07 2002
From: jamesd at echeque.com (James A. Donald)
Date: Fri, 04 Oct 2002 16:13:07 -0700
Subject: why bother signing? (was Re: What email encryption is
  actually in use?)
In-Reply-To: <20021004134621.A7820@slack.lne.com>
References: <"from mv"@cdc.gov>
Message-ID: <3D9DBE13.1809.1F2D168@localhost>


James A. Donald:
> >> > If we had client side encryption that "just works" we
> >> > would be seeing a few more signed messages on this list,

Major Variola (ret):
> But Ben is not spoofed here!  So there is little motivation.
>
> [...]
>
> In the absence of any need, its not rational to bother.

There have been episodes of spoofing on this list.  If client
side encryption "just worked", and if what is considerably more
difficult, checking the signatures "just worked", there would
be no bother, hence it would be rational to sign

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     j35pZ93cRp46pIhaD4AQ0X3neQjPEV2l9JrKJ2L2
     4Eto77muLU+n+EF8nNrcbcSAMw1Vtdttyl1600R9x




From wb657xcefg_545654ty868jj at runbox.com  Fri Oct  4 14:44:45 2002
From: wb657xcefg_545654ty868jj at runbox.com (Alice)
Date: Fri, 4 Oct 2002 17:44:45 -0400
Subject: SHUV IT UP MY TWAT mvje
Message-ID: <200210050040.g950e0gf021976@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1912 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021004/5f24dd06/attachment.txt>

From postbox1 at tesmailers.com  Fri Oct  4 15:20:08 2002
From: postbox1 at tesmailers.com (MILF ALERT)
Date: 4 Oct 2002 18:20:08 -0400
Subject: Moms I Want To Fu-k
Message-ID: <200210041818.g94IIegf009378@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2161 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021004/e550d2e6/attachment.txt>

From generalpull at msn.com  Fri Oct  4 19:49:33 2002
From: generalpull at msn.com (generalpull at msn.com)
Date: Fri, 4 Oct 2002 22:49:33 -0400
Subject: GUARANTEED!!!! Money
Message-ID: <200210050249.g952nWQ22278@waste.minder.net>

<html xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=windows-1251">
<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 9">
<meta name=Originator content="Microsoft Word 9">
<link rel=File-List
href="./Opt-in%20letter%20for%20group%20sign-ups!!!!!_files/filelist.xml">
<title>You are receiving this e-mail because you have opted-in to one of our
affiliate programs</title>
<!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Author>SS</o:Author>
  <o:LastAuthor>SS</o:LastAuthor>
  <o:Revision>2</o:Revision>
  <o:TotalTime>76</o:TotalTime>
  <o:Created>2002-10-04T23:25:00Z</o:Created>
  <o:LastSaved>2002-10-04T23:25:00Z</o:LastSaved>
  <o:Pages>1</o:Pages>
  <o:Words>377</o:Words>
  <o:Characters>2152</o:Characters>
  <o:Lines>17</o:Lines>
  <o:Paragraphs>4</o:Paragraphs>
  <o:CharactersWithSpaces>2642</o:CharactersWithSpaces>
  <o:Version>9.2720</o:Version>
 </o:DocumentProperties>
</xml><![endif]-->
<style>
<!--
 /* Font Definitions */
@font-face
	{font-family:"Lucida Sans Unicode";
	panose-1:2 11 6 2 3 5 4 2 2 4;
	mso-font-charset:0;
	mso-generic-font-family:swiss;
	mso-font-pitch:variable;
	mso-font-signature:6791 0 0 0 63 0;}
 /* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-parent:"";
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:12.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;
	text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;
	text-underline:single;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;
	mso-header-margin:.5in;
	mso-footer-margin:.5in;
	mso-paper-source:0;}
div.Section1
	{page:Section1;}
-->
</style>
</head>

<body lang=EN-US link=blue vlink=purple style='tab-interval:.5in'>

<div class=Section1>

<p class=MsoNormal>You are receiving this e-mail because you have opted-in to
one of our affiliate programs. If you wish to opt-out or you are receiving this
message by mistake please follow removal instructions bellow.</p>

<p class=MsoNormal>Please do not respond to this email directly. Instead follow
the links bellow! </p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal><span style='font-size:14.0pt;mso-bidi-font-size:12.0pt;
font-family:"Lucida Sans Unicode";color:blue'>Yes you read it correctly </span><span
style='font-size:14.0pt;mso-bidi-font-size:12.0pt;font-family:"Lucida Sans Unicode";
color:red'>GUARANTY!!!!!!!! </span><span style='font-size:14.0pt;mso-bidi-font-size:
12.0pt;font-family:"Lucida Sans Unicode";color:blue'><span style="mso-spacerun:
yes">��</span>The Internet is full of false promises.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:14.0pt;mso-bidi-font-size:12.0pt;
font-family:"Lucida Sans Unicode";color:blue'>We search far and wide to test all
the programs there are out here and find that allot of them fall short of so
called </span><span style='font-size:14.0pt;mso-bidi-font-size:12.0pt;
font-family:"Lucida Sans Unicode";color:red'>GUARANTY! </span><span
style='font-size:14.0pt;mso-bidi-font-size:12.0pt;font-family:"Lucida Sans Unicode";
color:blue'>So we weed out all the inaccurate promises and leave the few
programs that actually make you money!!! We are gathering a limited group of
people that are willing to step in to the few PROOVEN Programs that will
virtually </span><span style='font-size:14.0pt;mso-bidi-font-size:12.0pt;
font-family:"Lucida Sans Unicode";color:red'>GUARANTY </span><span
style='font-size:14.0pt;mso-bidi-font-size:12.0pt;font-family:"Lucida Sans Unicode";
color:blue'>you make </span><span style='font-size:14.0pt;mso-bidi-font-size:
12.0pt;font-family:"Lucida Sans Unicode";color:red'>MONEY!!!!!!!! <o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:14.0pt;mso-bidi-font-size:12.0pt;
font-family:"Lucida Sans Unicode";color:blue'>So with out further delay hurry
up and sign up! Just e-mail to <a href="mailto:mikecuzak at hotmail.com">mikecuzak at hotmail.com</a>
<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:14.0pt;mso-bidi-font-size:12.0pt;
font-family:"Lucida Sans Unicode";color:blue'>Write, �</span><span
style='font-size:14.0pt;mso-bidi-font-size:12.0pt;font-family:"Lucida Sans Unicode";
color:purple'>Let me in</span><span style='font-size:14.0pt;mso-bidi-font-size:
12.0pt;font-family:"Lucida Sans Unicode";color:blue'>� in the subject line. And
will include your e-mail in our list! You will receive notices from us when and
where to sign-up� Remember that we will be recruiting a lot of people so your
success is </span><span style='font-size:14.0pt;mso-bidi-font-size:12.0pt;
font-family:"Lucida Sans Unicode";color:red'>GUARANTEED!!!!!!! </span><span
style='font-size:14.0pt;mso-bidi-font-size:12.0pt;font-family:"Lucida Sans Unicode";
color:blue'>Even if you sit back and do nothing after you sign-up the virtual
spillover in the programs will be HUGE!!!!<span style="mso-spacerun: yes">�
</span>There will always be 1000�s of people joining under you. No mater how
far up or down the line you are. We suggest you act fast!!!!! Most of the
programs will be joining have Forced Matrix pay outs so the spillover will be
HUGE!!! You have to know that we are </span><span style='font-size:14.0pt;
mso-bidi-font-size:12.0pt;font-family:"Lucida Sans Unicode";color:#FF9900'>cheap!!</span><span
style='font-size:14.0pt;mso-bidi-font-size:12.0pt;font-family:"Lucida Sans Unicode";
color:blue'> So most of the programs you�ll be prompted to join are FREE or
CHEAP!!!!!!<span style="mso-spacerun: yes">� </span>But don�t let that full
you.. The pay-out is Designed to be HUGE!!!!!!!! So sign-up <a
href="mailto:mikecuzak at hotmail.com">mikecuzak at hotmail.com</a> and write �</span><span
style='font-size:14.0pt;mso-bidi-font-size:12.0pt;font-family:"Lucida Sans Unicode";
color:purple'>let me in</span><span style='font-size:14.0pt;mso-bidi-font-size:
12.0pt;font-family:"Lucida Sans Unicode";color:blue'>� in the subject line. And
you�ll receive the first carefully picked program immediately! All we ask is
that you go and carefully examine it by your self, and then join if you think
it suites you! When you sign-up you�ll be joined by 1000�s of people above and
below you. In most cases creating an Instant Down-line!!! So you�re bound to
stat making money Immediately!!!! So don�t delay sign-up to the most powerful
group ever!!!! Our goal is to be HUGE!!!!!<span style="mso-spacerun: yes">�
</span>Click on this email link <a href="mailto:mikecuzak at hotmail.com">mikecuzak at hotmail.com</a>
and write, � </span><span style='font-size:14.0pt;mso-bidi-font-size:12.0pt;
font-family:"Lucida Sans Unicode";color:purple'>Let me in</span><span
style='font-size:14.0pt;mso-bidi-font-size:12.0pt;font-family:"Lucida Sans Unicode";
color:blue'>� in the subject line and will include you in our list!!!!! <a
href="mailto:mikecuzak at hotmail.com">mikecuzak at hotmail.com</a><o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:14.0pt;mso-bidi-font-size:12.0pt;
font-family:"Lucida Sans Unicode";color:blue'><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:14.0pt;mso-bidi-font-size:12.0pt;
font-family:"Lucida Sans Unicode";color:black'>If you wish to opt-out of this
mailing simple delete it or email to<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:14.0pt;mso-bidi-font-size:12.0pt;
font-family:"Lucida Sans Unicode";color:black'><span style="mso-spacerun:
yes">�</span><a href="mailto:optoutlist at attbi.com">optoutlist at attbi.com</a> put
<span style='mso-tab-count:1'>������ </span>REMOVE in the subject line</span><span
style='font-size:14.0pt;mso-bidi-font-size:12.0pt;font-family:"Lucida Sans Unicode";
color:blue'><o:p></o:p></span></p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

</div>

</body>

</html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 8256 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021004/4760d43d/attachment.txt>

From newsletter at bigmagclub.com  Fri Oct  4 21:06:07 2002
From: newsletter at bigmagclub.com (BigMagClub)
Date: Sat, 5 Oct 2002 00:06:07 -0400
Subject: Fwd:Your gardening shears gift. Forward.
Message-ID: <200210050406.g9544dMq007857@aa129.groupink.com>


> Forward Message:
> ---------------------------------------------------------------------
> BigMagClub Trial Magazine Offer
> ---------------------------------------------------------------------
> 
> You may check out the latest trial magazine offered.
> Sub-scribe and receive your gift. Good luck!
> 
> 
> 
> > ------------------------------------------------------------
> Gardening shears gift. No credit_card!
> ------------------------------------------------------------
> 
> F-R-E-E gardening shears. Join BigMagClub and
> signup trial offer of the week at no cost. 
> Limited gift, grab yours while still available. 
> http://www.bigmagclub.com/cgi-bin/offer.cgi?affid=30913
> 
> 
> 
> 
> > ------------------------------------------------------------
> BigMagClub Members Offer
> ------------------------------------------------------------
> 
> Join BigMagClub, sub-scribe trial magazine and 
> get your F.R.E.E gift. No shipping, no credit_card!
> http://www.bigmagclub.com/cgi-bin/offer.cgi?affid=30913
> (Note: Due to heavy demand, limit 1 sub-scription 
> per household)
> 
> 
> 
> 
> > ------------------------------------------------------------
> Trial magazine and gift.
> ------------------------------------------------------------
> 
> Limited gift item. Join BigMagClub and
> grab your trial magazine. No shipping, no credit_card!
> http://www.bigmagclub.com/cgi-bin/offer.cgi?affid=30913
> 
> 
> 
> 
> 
> Matt Johnson
> chief Editor 
> BigMagClub - Read all you can!
> 
> -----------------------------------------------------
> Tell-a-Friend User Information
> -----------------------------------------------------
> This tell-a-friend service is provided by
> BigMagCLub. If you wish to sub-scribe, please
> visit: http://www.bigmagclub.com. 
> If you previously opted in and wish to 
> un-sub-scribe from receiving future
> news-letter, please send a blank email to: 
> unsub-scribe at bigmagclub.com
> Remember to include exactly your email to 
> prevent future news-letter.
> To contact the editor, email:
> optin-support at bigmagclub.com
> -----------------------------------------------------
> BigMagClub Publishing Corp 2000-2002
> 




From relist at moversusa.com  Sat Oct  5 03:53:51 2002
From: relist at moversusa.com (relist at moversusa.com)
Date: Sat, 5 Oct 2002 06:53:51 -0400
Subject: Moving Company Lead's
Message-ID: <200210051053.g95Arpgf045096@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 12511 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021005/4ca5a24a/attachment.txt>

From rah at shipwright.com  Sat Oct  5 06:42:21 2002
From: rah at shipwright.com (R. A. Hettinga)
Date: Sat, 5 Oct 2002 09:42:21 -0400
Subject: Net Security Interview with Jon Callas
Message-ID: <p05111a57b9c49ad69892@[66.149.49.6]>

Net Security

http://www.net-security.org/article.php?id=195


Interview with Jon Callas
by Berislav Kucan

Jon Callas is an innovator and an acknowledged expert in all major aspects
of contemporary business security, including cryptography, operating system
security, public key infrastructure, and intellectual property rights.

For how long have you been involved in the development of PGP?

I joined PGP, Inc. in January 1997. I was Chief Scientist there. When NAI
bought PGP in December 1997, I became CTO at NAI, and stayed there until
April 1999. I am one of the co-founders of the new PGP Corporation.

I am the principal author of The IETF OpenPGP standard, which is presently
RFC2440, and have been doing that since mid '97.

What were your thoughts after Network Associates stopped selling PGP
products this March?

Oh, I was incredulous! I'm a Mac OS X user and had been on the beta list
for it in October. I kept waiting for them to find someone for it, myself.

When and with what plans was PGP Corporation started?

Phil Dunkelberger and I ran into each other at last year's RSA conference,
and started talking about a new security startup. We came up with some
ideas on how to make message security much simpler to use. We then started
working with Will Price, who had then recently left Network Associates
after the PGP cancellation. He had his own ideas that meshed in with our
ideas, and that led to us deciding that PGP would fit in well with our
combined plans.

What products were bought from Network Associates?

We bought all products from Network Associates, including ones that are in
progress except for the Windows VPN and firewall, and the command line
versions. Network Associates still sells the command line PGP under the
name McAfee eBusiness Server. We are under an eighteen-month non-compete
for the command line PGP, so it is theirs for that time.

Our products include the traditional PGP for Windows and Macintosh, the
Palm and WinCE products, the PGP key server, and so on.

What's your opinion on open source?

I think if you buy a software product, especially one that is a
security-related product, you should be able to know how it works. You
should be able to see that it doesn't have horrid flaws in it, by accident
or design.

We haven't quite worked out the details of PGP's open source license, but
here are the goals I have, pending language:

If you have a legally obtained copy of PGP, then you read, compile, modify,
hack, etc. the source for that type of PGP you have, for your own purposes
and not for redistribution. What I mean by this is that if you have PGP
freeware (which you are using for non-commercial use), then you may do all
those things with PGP freeware. If you bought a copy of the retail product,
then you may do those things with the retail product or the freeware
product.

This isn't quite the same as what some other open source people believe
constitutes "open source," but our philosophy on source is completely in
line with the principles that the FSF and LPF were founded to defend -- the
right to look under the hood.

Part of the reasons we're of this mind is that as makers of a security
system, there are safety and reliability issues that we have to deal with.
We have a responsibility to combat the appearance of PGP clones that are of
lower security. Worse, what constitutes "lower security" is something about
which gentlepersons can disagree. I know some people with extreme opinions
about all sorts of security issues (including us). I, personally, as the
OpenPGP author try to be moderate. There are things allowed in the standard
that personally I disagree with. We solve that by saying that in our
implementation of the standard, we're not going to do those things. You can
think this as being the software equivalent of having an editorial voice.
I'll defend your right to use feature X, but it isn't going in my product.
But I digress.

I support your right to look at my software. I think it's fine if you
modify it for your own use. If you quietly give it to your friends, I'm not
going to complain -- provided they're using freeware features or paid for
it.

We provide reseller agreements and we license our toolkit, the PGPsdk --
quite liberally, I might add. If you want to do resell or make a product
based on our source code, we can work something out. You just need to talk
to us first.

After stopping the PGP product line, Network Associates spokeswoman
Jennifer Keavney said: "The reality is it didn't become a large enterprise
sell, and it maintained its perception as a freeware product. People around
the world are still using it for free". Won't PGP Corporation have the same
problem?

We believe we can be successful. Our funders, who include Venrock, the
venture arm of the Rockefeller family, believe we can be successful.

Will your company stop offering PGP source code in the future?

No. Source code is vital. We believe in it. Our funders believe in it.

Will PGP Corporation produce Linux versions of PGP products?

We are considering it. We can produce a GUI version of PGP similar to the
ones we do for Mac OSX and Windows. The biggest question for us is whether
or not Linux people would find such a thing valuable enough to want to buy.
There are a number of freeware systems available now -- should we bother
making something we charge for, or should we just interoperate with what's
out there?

Are there plans for the development of new products in the PGP line in the
near future?

Oh, yes. We weren't funded just to pick up the PGP business. We were funded
for our new product plans. Without giving it away, our aim is to make
products that are extremely easy to use. Think of it as PGP for people
whose VCRs flash 12:00.

Is there a possibility for you to discontinue any of the PGP products?

I can't think of one.

What do you think about the whole segment of handheld computers security?
Where does PGP Corporation stands at this topic?

We already have versions of PGP for Palm OS and WinCE. We have Symbian's
OS. We believe this is a huge opportunity for us.

What is your perspective on full disclosure of vulnerabilities?

I am a proponent of full openness. I'm a proponent of published source
code, so by necessity vulnerabilities will be disclosed -- just look at the
differences in the source.
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From sfurlong at acmenet.net  Sat Oct  5 06:46:31 2002
From: sfurlong at acmenet.net (Steve Furlong)
Date: Sat, 5 Oct 2002 09:46:31 -0400
Subject: why bother signing?
In-Reply-To: <3D9ECE29.20209@algroup.co.uk>
References: <3D9DF516.ED30A66A@cdc.gov>
  <20021004134621.A7820@slack.lne.com> <3D9ECE29.20209@algroup.co.uk>
Message-ID: <200210050946.31981.sfurlong@acmenet.net>


On Saturday 05 October 2002 07:34, Ben Laurie wrote:
> Ben Laurie wrote:
> > On Fri, Oct 04, 2002 at 01:07:50PM -0700, Major Variola (ret) wrote:
> >>But Ben is not spoofed here!
> >
> > He is now.
> >
> >
> > Cheers,
> >
> > Ben.
>
> I will confirm this as a (detectable) spoof :-)
>
> Cheers,
>
> Ben.

Ah, but how do we know that that wasn't the spoofer "confirming" his own 
spoof?

(That's not an entirely joking question. Not enough headers make it 
through the mailing list and my ISP for me to tell the difference b
between the two "Ben Laurie" messages cited above.)

-- 
Steve Furlong    Computer Condottiere   Have GNU, Will Travel

Vote Idiotarian --- it's easier than thinking




From svwd5685678mn6 at webcity.ca  Sat Oct  5 11:52:46 2002
From: svwd5685678mn6 at webcity.ca (;oP Lil' Licker)
Date: Sat, 5 Oct 2002 11:52:46 -0700
Subject: Fresh Pink Juice xbxe
Message-ID: <200210051601.g95G1Vgf054501@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1954 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021005/7b026f80/attachment.txt>

From ben at algroup.co.uk  Sat Oct  5 04:34:01 2002
From: ben at algroup.co.uk (Ben Laurie)
Date: Sat, 05 Oct 2002 12:34:01 +0100
Subject: why bother signing? (was Re: What email encryption is 
  actually in use?)
References: <3D9DF516.ED30A66A@cdc.gov>
  <20021004134621.A7820@slack.lne.com>
Message-ID: <3D9ECE29.20209@algroup.co.uk>


Ben Laurie wrote:
> On Fri, Oct 04, 2002 at 01:07:50PM -0700, Major Variola (ret) wrote:
> 
>>At 04:45 PM 10/3/02 -0700, James A. Donald wrote:
>>
>>>   --
>>>James A. Donald wrote:
>>>
>>>>>If we had client side encryption that "just works" we would
>>>>>be seeing a few more signed messages on this list,
>>>>
>>>Ben Laurie wrote:
>>>
>>>>Why would I want to sign a message to this list?
>>>
>>>Then all the people who read this list, were they to receive a
>>>communication from you, they would know it was the same Ben
>>>Laurie who posts to this list.
>>
>>But Ben is not spoofed here!  
> 
> 
> 
> He is now.
> 
> 
> Cheers,
> 
> Ben.

I will confirm this as a (detectable) spoof :-)

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff




From bill.stewart at pobox.com  Sat Oct  5 14:09:04 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Sat, 05 Oct 2002 14:09:04 -0700
Subject: Interesting Hawala Article
Message-ID: <5.1.1.6.2.20021005140027.04b0f338@idiom.com>


http://www.interpol.int/Public/FinancialCrime/MoneyLaundering/hawala/default.asp
Interpol has an interesting article on Hawala.

It's written from a US-centric perspective,
which unfortunately includes asymmetry in the transactions,
so they miss out on the importance of net settlement
in making correspondent banking systems work,
and it does look at hawala as somewhat of a quaint leftover
from before modern banking systems, rather than understanding
that the roots of European banking systems were the same thing.
And of course, since it's written by Interpol as opposed
to a newspaper or a college economics professor,
its real interest is use in criminal transactions.

But it does give a good picture of part of the hawala system,
some cultural flavor, and some reasons that hawala is popular -
flexibility, speed, lower costs than official banks,
arbitrage around official exchange rates,
and avoidance of regulations that inhibit transactions.
It's a worthwhile read.




From postbox1 at tesmailers.com  Sat Oct  5 13:38:55 2002
From: postbox1 at tesmailers.com (Sally James)
Date: 5 Oct 2002 16:38:55 -0400
Subject: My Neighbors Mom In The Raw
Message-ID: <200210051638.g95Gcwgf055592@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 32 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021005/d1921b22/attachment.txt>

From kbbsexxymarketing1313 at hotmail.com  Sat Oct  5 21:42:17 2002
From: kbbsexxymarketing1313 at hotmail.com (Anita)
Date: Sun, 6 Oct 2002 00:42:17 -0400
Subject: dripping twat jqibr
Message-ID: <200210060445.g964juQ07710@waste.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1922 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021006/8ca943f0/attachment.txt>

From sevice at wlsm.com  Sat Oct  5 14:40:56 2002
From: sevice at wlsm.com (sevice at wlsm.com)
Date: Sun, 6 Oct 2002 05:40:56 +0800
Subject: =?GB2312?B?xvPStcfA16LN+MLnyrXD+w==?=
Message-ID: <200210052228.g95MSnQ09686@waste.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 20793 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021006/8678d184/attachment.txt>

From bill.stewart at POBOX.COM  Sun Oct  6 08:42:53 2002
From: bill.stewart at POBOX.COM (Bill Stewart)
Date: Sun, 06 Oct 2002 08:42:53 -0700
Subject: JYA ping
In-Reply-To: <3DA012AA.F885F1C@t-online.de>
References: <p05111aafb9c3853787e0@[66.149.49.6]>
  <001f01c26bd6$ad399280$16a8a8c0@Terry>
Message-ID: <5.1.1.6.2.20021006083938.04b276b0@idiom.com>


At 12:38 PM 10/06/2002 +0200, Mok-Kong Shen wrote:
>It seems to be strange that he wrote at <jya at pipeline.com>,
>an address which is also given on his web page, but
>ping pipeline.com doesn't work.

Lots of machines don't accept pings anymore,
either for security reasons or whatever.
That's independent of whether those names accept email,
or whether you can find MX records for them.
In particular, most big ISPs have multiple machines
accepting mail; if you wanted to ping, you'd have to try
box1.bigisp.com, box2.bigisp.com, box3.bigisp.com, ...

Pipeline was in the big-ISP business, and I suspect
they've been eaten enough times that pipeline is just
an alias on a big email server farm.




From mailservis at ttnet.net.tr  Sat Oct  5 23:15:55 2002
From: mailservis at ttnet.net.tr (3 kasým seçimine tarafsýz kalmayýn)
Date: Sun, 6 Oct 2002 09:15:55 +0300
Subject: 3 kasim seçimine tarafsýz kalmayýn
Message-ID: <GIGANTICHM3SOlbpH7100000010@levee.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 253 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021006/f6840bfe/attachment.txt>

From mok-kong.shen at t-online.de  Sun Oct  6 03:38:34 2002
From: mok-kong.shen at t-online.de (Mok-Kong Shen)
Date: Sun, 06 Oct 2002 12:38:34 +0200
Subject: JYA ping
References: <p05111aafb9c3853787e0@[66.149.49.6]>
  <001f01c26bd6$ad399280$16a8a8c0@Terry>
Message-ID: <3DA012AA.F885F1C@t-online.de>


"Daniel J. Boone" wrote:
> 
> > JYA is temporarily dead online due to work load in the DC area, near the
> > armageddon push button, which is located, in case you give a, out on Route
> 7
> > disguised as FAA Leesburg.
> >
> > We paid a surprise Sunday morning visit to the CIA back entrance, got
> > surrounded by HMMVs and spiffy guards with hands on guns, interrogated by
> a
> > swell looking Ms. Security who ran our Duncan Frissell ID card through the
> > master file, idled for 1/2 hour observing gaps in the maginot line, and
> then
> > received a heartfelt thanks for cooperating, Duncan, wink.
> >
> > Mrs. Frissell hissed bitch as we serpentined the Jersey barriers back out
> the
> > way in.
> 
> It's worth observing that this prose style is literally inimitable.  I'd say
> its authentication value (in terms of persuasively suggesting that the
> entity long known as JYA authored this also) is at least as strong as a
> long-used PGP signature would be.
> 
> Others, having more faith in the abilities of federally-employed creative
> writers, might I suppose reasonably differ.

It seems to be strange that he wrote at <jya at pipeline.com>,
an address which is also given on his web page, but 
ping pipeline.com doesn't work.

M. K. Shen




From yourturn2win at freegasdaily.com  Sun Oct  6 14:00:11 2002
From: yourturn2win at freegasdaily.com (Your Turn To Win)
Date: Sun,  6 Oct 14:00:11 2002 -0700
Subject: Enter Thousands of Sweeps with 1 click!
Message-ID: <14526036.0863226@mailhost>




--Get automatically entered in THOUSANDS of sweepstakes every day!


--Fill out ONE form ONE time, get entrered EVERY DAY....FOR LIFE!

We make it so easy to win, it's almost not fair!


http://www.PrizeEntry.com/affiliate.php?=1487


<a href="http://www.PrizeEntry.com/affiliate.php?=1487">AOL Users Click Here</a>





=================================












This is brought to you by FreeGasDaily. You are receiving this because 
of your participation in the FREE GAS FOR LIFE sweepstakes. If you feel 
this has reached you in error or if you would no longer like to be eligible 
and would like to stop receiving offers from us, please visit 
http://www.freegasdaily.com and click on unsubscribe. Thank you. 




From pgut001 at cs.auckland.ac.nz  Sat Oct  5 21:33:39 2002
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Sun, 6 Oct 2002 17:33:39 +1300 (NZDT)
Subject: Interesting KPMG report on DRM
Message-ID: <200210060433.RAA22729@ruru.cs.auckland.ac.nz>

KPMG have a report "The Digital Challenge: Are You Prepared?" available at
http://www.kpmg.com/news/index.asp?cid=660 in which they surveyed execs at
media companies and conclude that they're focusing too much on (trying to)
lock up content using encryption rather than how to do something useful with
it:

  Digital content is getting a lot of attention - but not at the board level,
  where it is urgently needed. As a recent KPMG survey of top executives
  shows, media companies are focusing too much on encryption and other
  defensive technologies while failing to develop proactive strategies that
  recognize and leverage their online intellectual property assets.

[...]

  But the industry.s efforts to grapple with losses on this scale by locking
  away content behind multiple layers of protection - whether encryption,
  copyright protection, or authentication - have tended to detract from the
  user experience while failing to deliver the hoped-for revenue streams.

  Indeed, for all the publicity, expert attention, and corporate ingenuity
  devoted to digital piracy, it is striking that global content companies have
  not yet been able to find a working solution.

  This white paper, organized around a survey conducted for KPMG by The
  Economist Intelligence Unit, takes the industry.s pulse on The bottom line
  is that media companies need to shift their focus from a circle-the-wagons
  defense of digital intellectual property to innovative strategies for
  managing online content as a core revenue source. To achieve this shift,
  digital intellectual property needs to be valued properly, just like other
  assets on the balance sheet. Also, its protection needs to be treated as a
  key issue of corporate governance and given sustained and dedicated board-
  level attention.

  It is clear from the survey that media executives are trying to remain
  optimistic about the potential of digital content - but securing
  intellectual property rights is an uphill battle. In the quest for the right
  mix of measures to fight piracy, executives are relying heavily on
  encryption as well as reactive steps to police and punish violators. At the
  same time, however, many companies fail to conduct systematic accounting for
  their digital assets, or to pursue more proactive strategies to build new
  revenue streams from their online content.

[...]

  Media companies have so far failed to pioneer new business models that would
  rob piracy of its appeal. Preoccupied with defending the barricades against
  pirates, the industry has shown a deficit of creativity and innovation in
  rolling out products and services that can compete with the pirates. This
  was clear in KPMG.s survey, where only a handful of respondents saw offering
  potential abusers the chance to distribute content legally as a way of
  protecting digital intellectual property.

  In addition, the content industry remains hostage to its own strict
  interpretations of copyright laws and definitions of intellectual property.
  Most leading media organizations have their roots in traditional media
  formats - they still consider every bit of content they produce to be
  subject to copyright and they defend it - tooth and nail. However, today.s
  Internet world conflicts with this business model, as consumers expect more
  fluid boundaries and demand a free flow of information.

Good stuff, read the whole thing at http://www.kpmg.com/news/index.asp?cid=660.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From morlockelloi at yahoo.com  Sun Oct  6 19:18:39 2002
From: morlockelloi at yahoo.com (Morlock Elloi)
Date: Sun, 6 Oct 2002 19:18:39 -0700 (PDT)
Subject: JYA ping
In-Reply-To: <3DA012AA.F885F1C@t-online.de>
Message-ID: <20021007021839.76643.qmail@web40605.mail.yahoo.com>


> It seems to be strange that he wrote at <jya at pipeline.com>,
> an address which is also given on his web page, but 
> ping pipeline.com doesn't work.

Sorry to resort to ad hominem, but you're a technological imbecile.

There is this magic thing in DNS called "MX record". Read about it.



=====
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com




From adam at homeport.org  Sun Oct  6 17:27:58 2002
From: adam at homeport.org (Adam Shostack)
Date: Sun, 6 Oct 2002 20:27:58 -0400
Subject: Proofs of security
Message-ID: <20021007002758.GA5241@lightship.internal.homeport.org>


Has anyone done any research into how much better new cryptosystems
with proofs of security do, as opposed to their unproven cousins?  It
seems that having a proof of security doesn't actually improve the
odds that a system will survive attacks.  But thats my intuition, not
a proven fact. ;)

Has anyone read a stack of papers and done some statistics?



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From wolf at priori.net  Sun Oct  6 20:56:34 2002
From: wolf at priori.net (Meyer Wolfsheim)
Date: Sun, 6 Oct 2002 20:56:34 -0700 (PDT)
Subject: JYA ping
In-Reply-To: <20021007021839.76643.qmail@web40605.mail.yahoo.com>
Message-ID: <Pine.LNX.4.30.QNWS.0210062055480.29449-100000@thetis.deor.org>


On Sun, 6 Oct 2002, Morlock Elloi wrote:

> > It seems to be strange that he wrote at <jya at pipeline.com>,
> > an address which is also given on his web page, but
> > ping pipeline.com doesn't work.
>
> Sorry to resort to ad hominem, but you're a technological imbecile.
>
> There is this magic thing in DNS called "MX record". Read about it.

Not to mention the practice of blocking ICMP at the firewall, which would
result in pings not working.

-MW-




From attila at stalphonsos.com  Sun Oct  6 18:49:13 2002
From: attila at stalphonsos.com (attila)
Date: Sun, 06 Oct 2002 21:49:13 -0400
Subject: JYA ping
References: <p05111aafb9c3853787e0@[66.149.49.6]> 
  <001f01c26bd6$ad399280$16a8a8c0@Terry> <3DA012AA.F885F1C@t-online.de>
Message-ID: <3DA0E819.9040700@stalphonsos.com>

<<< No Message Collected >>>




From Hisham755674 at bigfoot.com  Sun Oct  6 12:16:03 2002
From: Hisham755674 at bigfoot.com (Hisham755674 at bigfoot.com)
Date: Sun, 6 Oct 2002 22:16:03 +0300
Subject: No subject
Message-ID: <200210061909.g96J9qDQ002377@ak47.algebra.com>


Hello,

Have Your Down line Built BEFORE
you Spend Any Money!
This program even offers you
a Monthly Guaranteed Minimum
Income!
GUARANTEED DOWN LINE, GUARANTEED INCOME!
Don't miss out on this Great Opportunity
to secure yourself a
Guaranteed Monthly Minimum Income!
It's FREE to join our Post Launch Program!
Your FREE membership # will also be entered
into a lucky draw to WIN $100 to shop online!
ALL new members who join after
you will be placed in ONE Straight Line
down UNDER you.
YOU can easily get 2,000 members
under YOU in a month!
There is absolutely NO RISK to get
involved and NO COST
to join our Post Launch Program.
To grab a FREE ID#, simply reply to
<mailto:hash913 at hotmail.com?subject=Grab-me-a-free-
mambership!> and in the 
body of the email, write this phrase: "Grab me a free 
membership!" Be sure to include 
your: 

1. First name 
2. Last name
3. Email address (if different from above) 

We will confirm your position and send you a special 
report as soon as possible,
and also Your free Member Number.
That's all there's to it. We'll then send you info, 
and you can make up your own
mind. Looking forward to hearing from you! 


Sincerely,
Hisham Albuflaseh
hash913 at hotmail.com 

HERE P.S. After having several negative experiences 
with network marketing 
companies I had pretty much given up on them. This is 
different - there is value,
integrity, and a REAL opportunity to have your own 
home-based business... and
finally make real money on the internet. Don't pass 
this up..you can sign up and test-
drive the program for FREE. All you need to do is get 
your free membership.













Unsubscribing: Send a blank 
<mailto:hash913 at hotmail.com?subject=REMOVE> "Remove" 
in 
the subject line. By submitting a request for a FREE 
DHS Club
Membership, I agree to accept email from the DHS Club 
for both their consumer
and business opportunities.




From bill.stewart at pobox.com  Mon Oct  7 00:04:35 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Mon, 07 Oct 2002 00:04:35 -0700
Subject: Why is a Georgia Tech machine the nameserver for
  pipeline.com?
In-Reply-To: <20021007021839.76643.qmail@web40605.mail.yahoo.com>
References: <3DA012AA.F885F1C@t-online.de>
Message-ID: <5.1.1.6.2.20021006235425.04b28ea0@idiom.com>


Somebody wrote to the cypherpunks list:
> > It seems to be strange that he wrote at <jya at pipeline.com>,
> > an address which is also given on his web page, but
> > ping pipeline.com doesn't work.

Very strange.
Pipeline has a bunch of MX records, mx01.pipeline.com etc., which we expected.
Pinging mx12.pipeline.com works fine.
www.pipeline.com is www.mindspring.net, which is no surprise.

What's strange is that there are three nameservers for pipeline.com,
at least according to the nslookup that I did.
Two of them are itchy and scratchy.mindspring.net, which sound reasonable,
but the first one is burdell.cc.gatech.edu.
Burdell accepts pings, smtp, and DNS queries, but not telnet or http.
postmaster at burdell does expand, and is running procmail....




From DaveHowe at gmx.co.uk  Mon Oct  7 01:33:49 2002
From: DaveHowe at gmx.co.uk (David Howe)
Date: Mon, 7 Oct 2002 09:33:49 +0100
Subject: why bother signing? (was Re: What email encryption is
  actually  in use?)
References: <3D9DF516.ED30A66A@cdc.gov>
Message-ID: <004f01c26ded$65a0a9e0$c71121c2@sharpuk.co.uk>


at Friday, October 04, 2002 9:07 PM, Major Variola (ret) <mv at cdc.gov>
was seen to say:
> In an environment where spoofing was common, folks would
> sign (which is not incompatible with retaining anonymity, of course).
It *is* possible to sign in the name of a nym; there is no reason why a
nym can't build an independent reputation without having a known
"handler"




From fatima112356 at bigfoot.com  Mon Oct  7 00:08:07 2002
From: fatima112356 at bigfoot.com (fatima112356 at bigfoot.com)
Date: Mon, 7 Oct 2002 10:08:07 +0300
Subject: No subject
Message-ID: <200210070701.g9771u57015939@ak47.algebra.com>


Hi,


Get this great opportunity to study computer and earn while you are studying, 
YES what you read is true for more details. visit us at: http://www.fofo69.biznas.com

What can you get from this system?

Web Pack that includes the following great products:

-A fun way of learning, with your own personal tutor,
in the convenience and comfort from any computer with
an internet connection or you can even download these tutorials.

Available in English, Arabic, Urdu and Turkish languages.

a. Fundamentals of Computers
b. Windows XP 
c. Front Page 2002 
d. Word 2002
e. Internet Explorer 6
f. MS Excel 2002
g. MS Outlook

Kids Section:- New gift for your Kids. Computer Courses, Ryms, Games
and Lot More!!! 

-Self Assessment Tests
-Get your free 50MB (10MB X 5) web space for Personal and Business use. 
-Classical Web-Builder
-File Manager-E-Commerce Web-Builder-You can create your personal email 
address through Nas WebMail.
Nas WebMail is accessible from any Internet connection, unbeatable 25 MB 
of email box.
-Loyalty Card
-Replicated Referral Web Site
-Two Powerful Sales Commission Plans


Sincerely,
Fatima Alansari
falansari at alfanooce.8k.com


Don't pass this up..you can just benefit nothing to loses!











If you receive this email in error or you want to unsubscribing: Send a blank 
<mailto:falansari at alfanooce.8k.com?subject=REMOVE> "Remove" in 
the subject line.




From ptrei at rsasecurity.com  Mon Oct  7 07:26:49 2002
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Mon, 7 Oct 2002 10:26:49 -0400 
Subject: [OT Canute] Re: [LINK] [Fwd: Interesting KPMG report on DRM]
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A041BAE6E@exna07.securitydynamics.com>

> Robin Whittle[SMTP:rw at firstpr.com.au] wrote:
> . 
[lots of good stuff about the music business clipped]

> I think this is an accurate analysis of a really sad situation.  Like
> King Canute, the record companies are devoting most of their thinking
> and resources to holding back the tide.
> 
[even more good stuff clipped]

In the interests of pedantry and accuracy, may I point out that Canute
did not actually expect to hold back the tide. Canute was an an early 
Danish king of northern England, living ~995-1035. Like most modern
leaders, he was surrounded by yes-men. Unlike them, he did something
about it:

---------------------
[From http://viking.no/e/people/e-knud.htm]

"Let all men know how empty and worthless is the power of kings. 
For there is none worthy of the name but God, whom heaven, earth 
and sea obey".

So spoke King Canute the Great, the legend says, seated on his throne 
on the seashore, waves lapping round his feet. Canute had learned that 
his flattering courtiers claimed he was "So great, he could command the 
tides of the sea to go back". Now Canute was not only a religious man, 
but also a clever politician. He knew his limitations - even if his
courtiers 
did not - so he had his throne carried to the seashore and sat on it as the 
tide came in, commanding the waves to advance no further. When they 
didn't, he had made his point that, though the deeds of kings might appear 
'great' in the minds of men, they were as nothing in the face of God's
power.

------------------------





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From rw at firstpr.com.au  Sun Oct  6 19:34:35 2002
From: rw at firstpr.com.au (Robin Whittle)
Date: Mon, 07 Oct 2002 12:34:35 +1000
Subject: [LINK] [Fwd: Interesting KPMG report on DRM]
References: <1033951492.1200.7.camel@xenon>
Message-ID: <3DA0F2BB.3B81D4E8@firstpr.com.au>

Damien Miller forwarded Peter Gutman's cryptography at wasabisystems.com
and cypherpunks at lne.com quote of a KPMG report "The Digital Challenge: 
Are You Prepared?" http://www.kpmg.com/news/index.asp?cid=660 .

   Responses indicate that the media industry has yet to find its 
   footing in the digital age. Rather than embracing the Internet as 
   an inexpensive means of delivering top-quality creative content to 
   the consumer in a highly customized format, industry executives 
   remain mesmerized by the destructive potential of online piracy. 
   Rather than go on the offensive, the industry has hunkered down 
   in a defensive stance. 

   . . .  the industry has shown a deficit of creativity and 
   innovation in rolling out products and services that can compete
   with the pirates. 


I think this is an accurate analysis of a really sad situation.  Like
King Canute, the record companies are devoting most of their thinking
and resources to holding back the tide.

The industry needs to conduct itself so that people *feel like* paying
to purchase recordings rather than muck around find non-licenced
copies.  So the legitimate music needs to be very easy and rewarding to
find and pay for, very easy to download, and unencumbered by encryption,
watermarks etc.
    

7 years ago I wrote that record companies had to make distinctions
between various kinds of copying, because some is very positive for the
companies and the artists.  Some copying is the best form of marketing
they could hope for, and other copying is simply the purchaser deriving
full value from their purchase.   I wrote that that artists and record
companies needed to make material available on the Net and make full use
of the many new possibilities for discovery, different forms of
"packaging" (why have an "album" when musicians may be producing music
continually, and while some fans will buy a dozen different versions of
the one song?), and far-reaching ability for listeners to interact with
the artists and each other.

  http://www.firstpr.com.au/musicmar/

One use of the artist's web site is for listeners to subscribe on a
monthly and annual basis to all the artist's output.  This has no
parallel in the physical pre-recorded disc model.  Also, listeners who
pay for the artist's music can be visible on the web site, by their real
name or nom-de-Net - so enabling the possibility of peer pressure to
encourage people to pay for the music they are keen about.  

Net-based discovery and delivery eliminates time-delays, capital
expenses and most of the risk in the old system.  It also makes
advertising less vital, since it would be possible for news of good
music from an new artist to spread rapidly and globally, by
"word-of-mouth" on discussion forums, without cost to the artist or
record company.

The most prominent aspects of the record industry are addicted to
big-selling, mass-market, releases - that is the only way they know how
to make money.  But the Net means that money can be made from the start,
on a modest scale, if the artist's costs in producing the music are
relatively low.

While radio is surely going to remain an important discovery method, the
Net has vast potential for discovery of the music, related material and
for purchasing music 24 hours a day from the comfort of home, without
the intrusive, noisy, distraction of a record store which is almost
certainly playing Muddy Waters on the speakers when you are in the mood
to purchase Steve Reich and vice-versa.

The mainstream, big-company, recorded music industry is clearly
unwilling to face reality, and prefers to paint illusory pictures in
their collective mind, and to try to convince others that these
illusions are real.  The industry - as distinct from the artists - is
made up of a few ex-musicians and lots of percent-men, who muscle into a
niche between a small set of creative people and a larger number of
people who want, or can be induced, into purchasing the artist's
creative output.

In the prior era of almost entirely radio-based discovery (how often do
you hear something you liked and bought in a record shop?) and music
delivery entirely on pre-pressed plastic discs, there are huge barriers
to be surmounted between creating music and selling it to the
potentially millions of people who want to hear it.  My page has
diagrams which depict these bridges for discovery, distribution and
sale.  

The record industry, with its only half-willing accomplice, commercial
radio, has grown strong by bridging this gap.   But like fashion
clothing, it has found that the only way to make substantial profit is
to have big-selling hits, which are intensively promoted and sold for a
few months before the next hit is wheeled into the spotlight.   This
creates an enormous barrier to the widespread discovery and development
of new music, because the record companies won't press it or push it on
radio unless they think they can sell large quantities, and radio won't
play it if it is too riotous, too minimal, too instrumental or too long
to support advertising.  Consequently the whole history of popular music
has been continually skewed to music which sounds like, or is at least
compatible, with increasingly crass commercial radio advertising.

The musicians hate the record companies, but need them - at least to
ship large volumes of music on pre-pressed disks.   The managers have an
uneasy relationship with the artists and the record companies.   Record
companies and artists are almost utterly dependent on radio as the
initial form of discovery, so they want radio to play whatever new CD
they have just released this month.   But radio sees the music industry
as an almost free source of stuff to entice listeners with - and only a
subset of listeners who are valuable from an advertising perspective are
interested in listening to whatever the record industry is pushing this
month.

So, since about the 1930s, a complex, risk- and capital-intensive set of
bridges has been built by the record industry between artists and
listeners - with radio a crucial and only marginally willing
participant.

Now the Net, in principle (if it wasn't for speed and cost restrictions,
and the fact that it is usually not as easy to access in mobile
situations such as when AM/FM radio is perfectly convenient), enables a
*direct* discovery, feedback and purchasing link to be made between
artists and listeners.   Even if the artists don't run their own web
site, whoever runs their sites for them faces minimal costs and risks
compared to the old system.   This is 24 hours a day, irrespective of
radio propagation limitations, two-way, enabled for commerce and
browsing.  It completely bypasses everything the record company has
built.   However, I still think that if someone is going to sell a
million copies of their music, then pre-pressed discs will be a
significant part of that, and only record companies know how to do this
on such large scales.

The new system does not rely on commercial-radio compatibility, or even
the listener having the same language as the artist.  There are no
stylistic biases as bedevil the current situation with older record
company and radio people trying to anticipate the next trend in young
people's music fashion.   The new system has nothing to do with fashion
or gatekeepers at all.

If the record companies were smart, they would dive into this - after
recognising their old game is made partially or largely irrelevant.   If
they were smart, they would aggressively pursue Net-based discovery and
sale of all their artist's music, recognising that this is a low-cost
way (compared to pre-pressing and distributing disks, advertising and
payola) to develop and modestly profit from the zillions of artists who
are developing their music and who are outside the spotlight of whatever
is currently "fashionable".   To some extent, with a few freebie MP3s, I
guess the record companies have done this.

But the record companies first have to get over their immense fear of
people copying music.   Its going to happen, and the best way to reduce
the damaging copying is to build trust and respect with potential
purchasers to minimise copying which is bad for the artist and maximise
that which is good.   

Unfortunately, since all these issues became apparent around 7 years ago
(although I did not anticipate MP3 compression ratios - that was about 5
years ago) the mainstream record industry has obstinately clung to the
notion that it must make digital music impossible or impractical to
copy.  But it is easily shown that this is impossible:   If the music is
to be delivered, in full fidelity, to the consumer - the consumer can
copy it.  All attempts at encryption, weirdo file formats etc. are
useless to stop this - because the output of the system can be
recorded.   The other approach is "digital fingerprinting /
watermarking".  There's a lot of crap written about this by various
proponents.   If you can hear the watermark, people won't buy the
music.  If you can't hear the watermark, then perceptual compression
systems such as MP3 will strip it out or weaken it without affecting the
music.   What use is the watermark anyway?  Are record companies really
going to prosecute purchasers?   That would be madness, the best way of
destroying trust and the desire to purchase - but it could happen.  I
wrote about the folly of watermarks in 1997:

  http://www.cni.org/Hforums/cni-copyright/1997-02/1005.html


 - Robin


    http://www.firstpr.com.au     http://fondlyandfirmly.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From bill.stewart at pobox.com  Mon Oct  7 13:43:26 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Mon, 07 Oct 2002 13:43:26 -0700
Subject: [OT Canute] Re: [LINK] [Fwd: Interesting KPMG report on
  DRM]
In-Reply-To: <F504A8CEE925D411AF4A00508B8BE90A041BAE6E@exna07.securitydy
  namics.com>
Message-ID: <5.1.1.6.2.20021007133538.02aeadb0@idiom.com>


> > Robin Whittle[SMTP:rw at firstpr.com.au] wrote:
> > .
>[lots of good stuff about the music business clipped]
>
> > I think this is an accurate analysis of a really sad situation.  Like
> > King Canute, the record companies are devoting most of their thinking
> > and resources to holding back the tide.

As Peter points out, Canute actually did have the clue that the
record companies don't.

One place I lived in New Jersey was in Sea Bright, which is a
sand bar just south of Sandy Hook beach.  Two hundred years ago,
it was an island, and it's trying to become an island again.
The Army Core of Engineers, however, keeps trying to tell the
tides to stop, primarily by pouring a few million dollars worth of cement
into the sea wall and road foundations every decade or so.
In some sense, it may be worthwhile, since the value of the houses
that they're protecting is higher than that, but while I knew I was renting
the house I was living in, some of my neighbors their thought they owned
something other than a bit of drifting sand.

Perhaps the record companies need to see what equivalents of
pilings or surfboards they can find for their business models.




From wk at gnupg.org  Mon Oct  7 05:27:52 2002
From: wk at gnupg.org (Werner Koch)
Date: Mon, 07 Oct 2002 14:27:52 +0200
Subject: JYA ping
In-Reply-To: <3DA012AA.F885F1C@t-online.de> (mok-kong.shen@t-online.de's
  message of "Sun, 06 Oct 2002 12:38:34 +0200")
References: <p05111aafb9c3853787e0@[66.149.49.6]>
  <001f01c26bd6$ad399280$16a8a8c0@Terry> <3DA012AA.F885F1C@t-online.de>
Message-ID: <87wuoutovr.fsf@alberti.g10code.de>


On Sun, 06 Oct 2002 12:38:34 +0200, Mok-Kong Shen said:

> It seems to be strange that he wrote at <jya at pipeline.com>,
> an address which is also given on his web page, but 
> ping pipeline.com doesn't work.

If you mean ping (1) you should read some Internet basics first.

$ host -t mx pipeline.com
pipeline.com        	MX	5 mx05.pipeline.com
pipeline.com        	MX	5 mx06.pipeline.com
pipeline.com        	MX	5 mx07.pipeline.com
pipeline.com        	MX	5 mx08.pipeline.com
pipeline.com        	MX	5 mx09.pipeline.com
pipeline.com        	MX	5 mx10.pipeline.com
pipeline.com        	MX	5 mx11.pipeline.com
pipeline.com        	MX	5 mx12.pipeline.com
pipeline.com        	MX	5 mx00.pipeline.com
pipeline.com        	MX	5 mx01.pipeline.com
pipeline.com        	MX	5 mx02.pipeline.com
pipeline.com        	MX	5 mx03.pipeline.com
pipeline.com        	MX	5 mx04.pipeline.com


Salam-Shalom,

   Werner




From ianrking at yahoo.co.uk  Mon Oct  7 19:34:02 2002
From: ianrking at yahoo.co.uk (ianrking at yahoo.co.uk)
Date: Mon, 7 Oct 2002 19:34:02
Subject: FREE UK SEX SITE
Message-ID: <E17ych9-0004yV-00.2002-10-07-19-33-32@tmailb1.svr.pol.co.uk>


check this out, the best UK FREE sex site, outdoor sex, public sex, beautiful girls, go to 
http://www.tamara.co.uk




From relief at freegasdaily.com  Mon Oct  7 23:32:50 2002
From: relief at freegasdaily.com (Relief)
Date: Mon,  7 Oct 23:32:50 2002 -0700
Subject: Slash your monthly Debt Payments !
Message-ID: <35021311.6738736@mailhost>




Reduce your DEBT TODAY!

Decrease your monthly payments up to 50%, 
Consolidate numerous bills into one easy payment, 
FREE services are available to you. . . 24 hours a day, 
7 days a week click here to apply online: http://psstt.com/1/c/94990/45000/211808/211808

<a href="http://psstt.com/1/c/94990/45000/211808/211808"> AOL users click here </a>



================================================================================================














This is brought to you by FreeGasDaily. You are receiving this because of your participation in the FREE GAS FOR LIFE sweepstakes.
If you feel this has reached you in error or if you would no longer like to be eligible and would like to stop receiving offers from us,
please visit http://www.freegasdaily.com and click on unsubscribe. Thank you.
















c&y&p&h&e&r&p&u&n&k&s&%m&i&n&d&e&r&~n&e&t&




From jtrjtrjtr2001 at yahoo.com  Tue Oct  8 04:55:52 2002
From: jtrjtrjtr2001 at yahoo.com (gfgs pedo)
Date: Tue, 8 Oct 2002 04:55:52 -0700 (PDT)
Subject: Optimal solution
In-Reply-To: <5.1.1.6.2.20021007134823.045c7000@idiom.com>
Message-ID: <20021008115552.27434.qmail@web21203.mail.yahoo.com>




> 
> "Best" means "best for some specific objective".
> "Optimal" means the same thing as "best".
> Depends on what you want to do.
> 
> There are countless examples of problems for which
> different algorithms scale differently by problem
> size,
> e.g. for N=10, Algorithm A is the fastest solution,
> but for N=1000, Algorithm B is much faster.


I guess you mean like seives like NFS and QS.

> There are also lots of examples of problems for
> which
> one algorithm has an asymptotic lower bound that's
> the lowest known (or some other type of "best"),


Is n't it the big Oh-upper bound that determines if it
is best-since we always consider the worst case
scenario.

yes,i remember that algorithm of primality in P.

thank you for answering.

Regards Data.


__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com




From wesderby at ppp-246-171.25-151.libero.it  Tue Oct  8 04:28:43 2002
From: wesderby at ppp-246-171.25-151.libero.it (Refinance NOW)
Date: Tue, 8 Oct 2002 07:28:43 -0400
Subject: Refinance your Mortgage - LOWEST RATES!
Message-ID: <200210081121.g98BL60p028432@ak47.algebra.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1651 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021008/4a87c0df/attachment.txt>

From painrelief at pickyourflick.com  Tue Oct  8 12:49:15 2002
From: painrelief at pickyourflick.com (Naturally Painless)
Date: Tue,  8 Oct 12:49:15 2002 -0700
Subject: Natural pain relief for backaches & headaches
Message-ID: <27374547.4906427@mailhost>


Aches & Pains don't discriminate, so if you are someone you 
know needs help, seek Naturally Painless.

Before Pain Strikes Again, get your bottle of Naturally Painless and:

* Soothe Unbearable Backaches
* Zap Away Headaches
* Relieve Arthritis & Joint Soreness
* Eliminate Knee Suffering
* Demolish Muscle Soreness
* Ease Neck & Shoulder Stiffness
* Alleviate Toothaches
* Rescue Sprained Ankles

Pain relief shouldn't be a financial pain-in-the-neck, so we 
lowered our prices. Save 46% now and order Naturally Painless 
for only $14.99 by following this link:
http://store.yahoo.com/cgi-bin/clink?vitaminboost+TyLZqZ+m331.html

Naturally Painless contains Aloe Vera, sage Oil, Menthol, 
Eucalyptus Oil, and other safe, organic ingredients for natural, 
cooling pain relief.

Check out this Physician's Testimonial:

"My patients receive tremendous and virtually immediate relief from 
just spraying Naturally Painless on their bodies. Backaches, knees, 
shoulders, necks, arms, you name it
 Where there was pain, there is 
now relief. I have never before seen anything this effective in a 
natural remedy, and with out side effects." - Dr. J. Jutkowitz, D.C.

Order now and Save 46% on Naturally Painless by following this link:
http://store.yahoo.com/cgi-bin/clink?vitaminboost+TyLZqZ+m331.html

Don't take pills to ease the pain, just spray it away with 
Naturally Painless.


====================================================================
















Now Showing: PickYourFlick!  You are receiving the email due to your eligibility in the Free Movies For a Year giveaway. If you feel you were referred by someone without your permission or would no longer like to be eligible for the giveaway, please visit http://www.PickYourFlick.com to remove yourself from the giveaway and these mailings.

















c&y&p&h&e&r&p&u&n&k&s&%m&i&n&d&e&r&~n&e&t&

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4247 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021008/447b8dfc/attachment.txt>

From k.brown at ccs.bbk.ac.uk  Tue Oct  8 09:54:06 2002
From: k.brown at ccs.bbk.ac.uk (Ken Brown)
Date: Tue, 08 Oct 2002 17:54:06 +0100
Subject: [OT Canute] Re: [LINK] [Fwd: Interesting KPMG report on
  DRM]
References: <F504A8CEE925D411AF4A00508B8BE90A041BAE6E@exna07.securitydyn
  amics.com>
Message-ID: <3DA30DAE.8A2C833@ccs.bbk.ac.uk>


In the interests of even more pedantry and accuracy can I point out that
Canute (usually spelled "Knut" these days in solidarity with our Dansk
brethren :-)  was mostly a king in *Southern* England, living at Bosham
near Chichester? Though at one point he ruled over all England, Denmark,
and some of the bits in between as well.

"Trei, Peter" wrote:
> 
> > Robin Whittle[SMTP:rw at firstpr.com.au] wrote:
> > .
> [lots of good stuff about the music business clipped]
> 
> > I think this is an accurate analysis of a really sad situation.  Like
> > King Canute, the record companies are devoting most of their thinking
> > and resources to holding back the tide.
> >
> [even more good stuff clipped]
> 
> In the interests of pedantry and accuracy, may I point out that Canute
> did not actually expect to hold back the tide. Canute was an an early
> Danish king of northern England, living ~995-1035. Like most modern
> leaders, he was surrounded by yes-men. Unlike them, he did something
> about it:




From bill.stewart at pobox.com  Tue Oct  8 18:09:49 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Tue, 08 Oct 2002 18:09:49 -0700
Subject: AF developing DEA Wiretap Echelon-like Development Projects
Message-ID: <5.1.1.6.2.20021008180110.02aeb5b0@idiom.com>


The following web page is about recent projects at the
Air Force Research Laboratory.  Item 8 is about new wiretap technology,
designed to monitor large numbers of conversations for drug activity.
The accompanying artwork has a large and small version of a
wiretapper logo, which should be possible to abuse for something :-)


http://www.afrl.af.mil/accomprpt/may02/accompmay02.htm
Google cache: 
http://216.239.53.100/search?q=cache:wHZ4vsieDNkC:www.afrl.af.mil/accomprpt/may02/accompmay02.htm+nanosat+2002&hl=en&lr=lang_da|lang_nl|lang_en|lang_fr|lang_de|lang_is|lang_es&ie=UTF-8
Wiretapper Logo: http://www.afrl.af.mil/accomprpt/may02/images/may_8.gif

The Information Directorate's Multisensor Exploitation Branch and Research 
Associates for Defense Conversion (RADC) jointly developed, tested, and 
demonstrated an experimental model capability that automatically extracts 
information from telephone background sounds and conversational speech to 
identify drug networks and the participants. The work, sponsored by the 
Drug Enforcement Agency (DEA), addresses the problem of monitoring large 
numbers of telephone conversations for drug activity, while protecting the 
privacy of citizens in accordance with wiretap laws.

The capability called Automated Title Three Audio Correlation (ATTAC) makes 
it possible to automatically segment and flag drug- related activity and 
identify its participants without understanding the message content of the 
conversation. A background sound recognizer technology identifies sounds, 
such as dial tone, number dialed, ringing, and other sounds, while a Vector 
Quantization speaker-recognition technology identifies the persons involved 
in the conversations.

The DEA and RADC collected a database of conversations through 74 
individuals who made over 1300 calls from cellular phones, and office 
phones, and who used message machines. The results in identifying the 
participants in conversational speech varied widely. DEA and RADC 
technicians obtained good results (90%) when individuals used the same 
phones; however, when the same individuals used different phones, the 
performance could drop to as low as 55%.

The directorate is conducting research work to improve recognition across 
multiple phone types. Although the directorate developed ATTAC for DEA use, 
the technology developed advances the state-of-the-art in speaker 
segmentation and in information extraction for the Air Force intelligence, 
surveillance, and reconnaissance mission. (Mr. S. E. Smith, AFRL/IFEC, 
(315) 330-7894)




From bill.stewart at pobox.com  Tue Oct  8 18:45:13 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Tue, 08 Oct 2002 18:45:13 -0700
Subject: Trojan-modified Sendmail floating around - 8.12.6 - Since Sept.
  28th or earlier.
Message-ID: <5.1.1.6.2.20021008183138.02aed228@idiom.com>


Somebody backdoored the source code for Sendmail on the official server.
So if you recompile from scratch, your sendmail is 0wned.
Another reason not to run mail systems as root....

http://rss.com.com/2100-1001-961311.html?type=pt&part=rss&tag=feed&subj=news

By  Robert Lemos
Staff Writer, CNET News.com
October 8, 2002, 5:57 PM PT

Some copies of a popular mail-server program are implanted with a back door 
that could allow access to Internet attackers, security experts warned Tuesday.

A Computer Emergency Response Team (CERT) Coordination Center advisory said 
that illicit code added to the Sendmail package creates a back door when 
the program is compiled from its source code. Such a compromised 
program--called a Trojan horse by security experts--can leave networks 
exposed to attack and administrators unaware of the vulnerabilities.

The source code files of Sendmail 8.12.6 were apparently modified as far 
back as Sept. 28, according to the advisory. The Sendmail Consortium 
http://www.sendmail.org  removed file transfer protocol (FTP) access to the 
server on Sunday. A safe version of the file can still be downloaded via 
the Web.

"If you download the Sendmail distribution you MUST verify the PGP 
signature," stated the consortium on its site. "Do NOT use Sendmail without 
verifying the integrity of the source code."

The added code links to a specific server on the Internet, said CERT in its 
advisory. The security group also recommends that anyone who downloads 
Sendmail verify the file's integrity.

Because only the act of compiling the file activates the hostile program 
code, restarting the Sendmail server seems to deactivate the backdoor




From ESavers at usairways.com  Tue Oct  8 20:00:00 2002
From: ESavers at usairways.com (ESavers at usairways.com)
Date: Tue, 8 Oct 2002 22:00:00 -0500
Subject: US Airways' Domestic E-Savers
Message-ID: <200210090308.g9938YOZ023603@ak47.algebra.com>


Dear E-Savers Subscriber,

US Airways is pleased to present this weekend's Domestic E-Savers offers:

************************************************************
1. This Weekend's Domestic E-Savers
2. Fall For San Francisco With Sale Fares Starting at $178 Roundtrip!
3. Last-Minute Hotel Deals
4. Dividend Miles Offers
5. E-Savers Fare Requirements
6. Subscription Information

************************************************************
1. THIS WEEKEND'S DOMESTIC E-SAVERS
************************************************************

Here are this week's E-Savers for travel departing Saturday, October 12 and returning Sunday, October 13; Monday, October 14; or Tuesday, October 15.

For travel this weekend, make your reservations online at 
http://www.usairways.com/promotions/esavers/offer_oct12.htm 
These special fares can also be purchased for an additional $20 per ticket at 1-888-359-3728. Tickets must be purchased at the time of reservation.

                                                    ROUNDTRIP
FROM:                     TO:                       ONLINE FARE:
----------------------------------------------------------------
Albany, NY                Pittsburgh, PA            $118 

Atlanta, GA               Norfolk, VA               $118 (C)

Birmingham, AL            Philadelphia, PA          $118 (#5)

Boston, MA                Pittsburgh, PA            $138 
Boston, MA                Richmond, VA              $118 (#2)

Charleston, SC            Cleveland, OH             $128 (C)

Charlotte, NC             Hartford, CT              $138 
Charlotte, NC             Kansas City, MO           $138 
Charlotte, NC             Memphis, TN               $128 
Charlotte, NC             Milwaukee, WI             $138 
Charlotte, NC             Montgomery, AL            $108 (#6)
Charlotte, NC             Newark, NJ                $158 
Charlotte, NC             Washington Dulles, DC     $138 

Chicago O'Hare, IL        Raleigh/Durham, NC        $128 (C)

Columbia, SC              Philadelphia, PA          $138 (#4)

Columbus, OH              Washington National, DC   $128 (*)(#6)

Dallas/Ft. Worth, TX      Rochester, NY             $158 (C)

Detroit, MI               Charlotte, NC             $148 

Grand Rapids, MI          Washington National, DC   $138 (C)

Greenville/Spart., SC     Washington National, DC   $118 (#8)

Harrisburg, PA            Milwaukee, WI             $138 (C)

Hartford, CT              Philadelphia, PA          $98 

Houston, TX               Philadelphia, PA          $158 

Indianapolis, IN          Philadelphia, PA          $128 
Indianapolis, IN          Providence, RI            $138 (C)

Jacksonville, FL          Charlotte, NC             $138 
Jacksonville, FL          Norfolk, VA               $138 (C)

Manchester, NH            Dallas/Ft. Worth, TX      $158 (C)
Manchester, NH            Philadelphia, PA          $118 (*)

Miami, FL                 Pittsburgh, PA            $148 

Milwaukee, WI             New York LaGuardia, NY    $138 (C)
Milwaukee, WI             Pittsburgh, PA            $118 (*)

Minneapolis/St. Paul, MN  Pittsburgh, PA            $148 
Minneapolis/St. Paul, MN  Washington National, DC   $158 (C)

Nashville, TN             Pittsburgh, PA            $118 

New Orleans, LA           Pittsburgh, PA            $138 

New York LaGuardia, NY    Ithaca, NY                $108 (#1)
New York LaGuardia, NY    Raleigh/Durham, NC        $128 (#2)

Newark, NJ                Pittsburgh, PA            $138 

Norfolk, VA               Milwaukee, WI             $128 (C)
Norfolk, VA               Pittsburgh, PA            $118 

Philadelphia, PA          Burlington, VT            $108 
Philadelphia, PA          Dallas/Ft. Worth, TX      $148 
Philadelphia, PA          Greensboro, NC            $138 
Philadelphia, PA          Greenville/Spart., SC     $138 (#3)
Philadelphia, PA          Louisville, KY            $118 (#7)
Philadelphia, PA          Manchester, NH            $118 (*)

Pittsburgh, PA            Atlanta, GA               $128 
Pittsburgh, PA            Baltimore, MD             $118 
Pittsburgh, PA            Greensboro, NC            $128 
Pittsburgh, PA            Louisville, KY            $108 (#7)
Pittsburgh, PA            Milwaukee, WI             $118 (*)

Portland, ME              Pittsburgh, PA            $128 

Raleigh/Durham, NC        Indianapolis, IN          $128 (C)

Richmond, VA              Philadelphia, PA          $118 

Syracuse, NY              Philadelphia, PA          $118 

Washington National, DC   Atlanta, GA               $118 (C)
Washington National, DC   Boston, MA                $138 
Washington National, DC   Columbus, OH              $128 (*)(#6)

Wilmington, NC            Cleveland, OH             $138 (C)


Roundtrip purchase required.

(*) Indicates available for travel originating in either city
(C) Indicates travel requires a connecting flight
(#) Indicates travel is wholly on US Airways Express, served by the following carriers:
    1. Allegheny
    2. Chautauqua
    3. Chautauqua/Mesa/PSA
    4. Chautauqua/PSA
    5. Mesa
    6. Mesa/Piedmont
    7. Mesa/PSA
    8. Piedmont
   
Fares shown are based on roundtrip Coach travel on US Airways/US Airways Express, during the period specified above. Depending upon your travel needs, alternative routings may be available at the same fares, with part of the service on regional aircraft operated by US Airways Express carriers Allegheny, Air Midwest, CCAIR, Chautauqua, Colgan, Mesa, Piedmont, PSA, Shuttle America or Trans States.

************************************************************
2. FALL FOR SAN FRANCISCO WITH SALE FARES STARTING AT $178 ROUNDTRIP!
************************************************************

Did you know that autumn is a great time to visit San Francisco? Summer may be gone but the warm weather isn't -- summer-like temperatures continue right into the fall with an average of 70 degrees and little rainfall. Best of all, US Airways can take you there with 10 daily nonstop flights to San Francisco from our Charlotte, Philadelphia and Pittsburgh hubs, offering convenient connections from cities throughout the east coast and sale fares starting as low as $178 roundtrip from select cities. Visit usairways.com to book your San Francisco vacation today!

************************************************************
3. LAST-MINUTE HOTEL DEALS
************************************************************

US Airways has teamed up with hoteldiscounts.com to offer E-Savers subscribers great discounts at hotels in this weekend's E-Savers destinations. Simply visit 
http://www.hoteldiscounts.com/usairways/index.html 
and click on the E-Savers destination you're planning to visit. hoteldiscounts.com will list a variety of hotels offering a wide range of rates for you to choose from. Book your room online or call hoteldiscounts.com directly at 1-800-645-6144. 

Here's a sample of this week's special rates from hoteldiscounts.com:

Boston from       $79
Columbus from     $69
Hartford from     $65
Pittsburgh from   $55
Richmond from     $49

************************************************************
4. DIVIDEND MILES OFFERS
************************************************************

Reminder: Make sure your Dividend Miles account number is in your E-Savers reservation, so you can earn miles for worldwide award travel on US Airways and our partners. To enroll in Dividend Miles, go to 
http://www.usairways.com/dividendmiles/index.htm
To earn even more miles, book E-Savers using your US Airways Dividend Miles Visa card. To apply for the Dividend Miles Visa card issued by Bank of America, please visit us at 
http://www.usairways.com/dmcreditcards

Please note:  Mileage bonus for booking online does not apply to E-Savers.  

Did you know you could earn thousands of Dividend Miles when you buy, sell, and/or finance your home or obtain an auto loan through LendingTree? It's one of the most generous mileage offers around. Visit http://www.lendingtree.com/usairways/default.asp?source=esavers 
for complete details.

Earn 2,500 bonus miles by enrolling in Dividend Miles and flying US Airways Shuttle through October 31, 2002.  US Airways Shuttle is the only hourly shuttle flying between Boston, New York and Washington DC. Join Dividend Miles today at 
http://www.usairways.com/dividendmiles/index.htm
Already a Dividend Miles member? You can earn triple miles on every US Airways Shuttle flight you fly through December 31, 2002. Plus, your bonus miles will count towards earning Preferred status. Register before you take your next US Airways Shuttle flight at 
http://www.usairways.com/dividendmiles/5236.htm

************************************************************
5. E-SAVERS FARE REQUIREMENTS
************************************************************

- Restrictions: Seats are limited and are not available on all flights/days. Fares cannot be combined with other fares, discounts, promotions or coupons. Travel must begin and end in the same city. One-way travel, stopovers, waitlisting and standbys are not permitted. Tickets must be purchased at the time of reservation. Fares will not be honored retroactively or in conjunction with the exchange of any partially used ticket.

- Travel: Depart Saturday, 10/12/02, and return Sunday, Monday or Tuesday, 10/13-10/15/02.

- Taxes/Fees: Fares do not include a $3 federal excise tax which will be imposed on each flight segment of your itinerary. A flight segment is defined as a takeoff and a landing. Fares for Canada do not include total government-imposed taxes and fees of up to $65. Depending on the itinerary, passenger facility charges of up to $18 and the September 11th Security Fee of up to $10 may apply in addition to the fare. 

- Changes: Tickets become non-refundable 24 hours after making initial reservation, and may be changed prior to the departure of each flight segment for a minimum $100 fee. If changes are not made prior to the departure date/time of each flight, the entire remaining ticket will have no further value.

- Miscellaneous: Lower fares may be available in these markets. Other conditions apply.

************************************************************
6. SUBSCRIPTION INFORMATION
************************************************************

This is a post-only mailing sent to CYPHERPUNKS at ALGEBRA.COM. If you would like to change your e-mail address, you will need to unsubscribe and resubscribe at the E-Savers Enrollment page:
http://www.usairways.com/promotions/esavers/enroll/index.htm

To unsubscribe from this list, please click here:
http://www.usairways.com/cgi-bin/delete.cgi?email=CYPHERPUNKS at ALGEBRA.COM

To change your departure city preferences, please visit:
http://www.usairways.com/promotions/esavers/enroll/index.htm

Please do not respond to this message.


Copyright US Airways 1996-2002.  All rights reserved.







From mase_101 at rediffmail.com  Tue Oct  8 14:02:57 2002
From: mase_101 at rediffmail.com (MRS MARIAM SESE-SEKO)
Date: Tue, 8 Oct 2002 22:02:57 +0100
Subject: PREPOSITION
Message-ID: <200210082158.g98LvvvX016364@ak47.algebra.com>


Dear friend,

I am Mrs. Sese-seko widow of late President Mobutu
Sese-seko of Zaire, now known as Democratic Republic
of Congo (DRC). I am moved to write you this
letter. This was in confidence considering my present
circumstance and situation. I escaped along with my
husband and two of our sons Emmanuel and Basher out of
Democratic Republic of Congo (DRC) to Abidjan, Cote
d'ivoire where my family and I settled, while we later
moved to settled in Morroco where my husband later
died of cancer disease.

However, due to this situation we decided to change
most of my husband's billions of dollars deposited in
Swiss bank and other countries into other forms of
money coded for safe purpose because the new head of
state of (Dr) Mr Laurent Kabila has made arrangement
with the Swiss government and other European countries
to freeze all my late husband's treasures deposited in
some european countries. Hence, my children and I
decided laying low in Africa to study the situation
till when things gets better. Like now that
president Kabila is dead and the son taking over
(Joseph Kabila). One of my late husband's chateaux in
Southern France was confiscated by the french
government, and as such I had to change my identity so
that my investment will not be traced and confiscated.

I have deposited the sum Eighteen Million United State
Dollars (US$18,000,000,00.) With a security company
for safe keeping. What I want you to do is to indicate
your interest that you can assist us in receiving the
money on our behalf, so that I can introduce you to my
son (Emmanuel) who has the out modalities for the claim
of the said funds. I want you to assist in investing
this money, but I will not want my identity revealed.
I will also want to acquire real landed properties and
stock in multi-national companies and to engage in
other safe and non-speculative investments as advise
by your good self.

May I at this point emphasize the high level of
confidentiality, which this upcoming project demands,
and hope you will not betray the trust and
confidence, which I repose in you.In conclusion, if
you want to assist us, my son (Emmanuel) shall divulge
to you all briefs regarding this project, tell you where
the funds are currently being maintained and also
discuss remuneration for your services.For this reason
kindly furnish us your contact information,that is
your personal telephone and fax number for validation
purpose and acknowledge receipt of this mail using my 
confidential email address (doe_100 at hotvoice.com).


Yours sincerely,

Mrs. Mariam M. Seseseko.









From qmgcypherpunks at minder.net  Tue Oct  8 20:09:50 2002
From: qmgcypherpunks at minder.net (xswVirtual Safe Deposit_for_cypherpunks@minder.net)
Date: Tue, 8 Oct 2002 23:09:50 -0400
Subject: Virtual Safe Deposit Box -90 Day Trial- Protect Your Documents Fr om Any Disaster sscmq
Message-ID: <200210090310.g993AGQ26759@waste.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3869 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021008/54d5f314/attachment.txt>

From cmprn144138 at gm20.com  Wed Oct  9 07:11:15 2002
From: cmprn144138 at gm20.com (ByGeorge A new store!)
Date: Wed, 9 Oct 2002 10:11:15 -0400 (EDT)
Subject: Grand Opening-unique cards and gifts
Message-ID: <2925521.1034172675934.Kada.Kada1-72@email2.gm20.com>

Announcing our Grand Opening!


Click here to subscribe : http://gm12.com/r.html?c=144418&r=144138&t=63530639&l=7&g=0&f=36067988
		
Our Hippo is smiling!! Because of: FREE shipping until 11/01/ 2002

We hope you will find our unique Watercolor prints, Whole Heart photo cards, Birdhouses and our other special items interesting.

All the pictures are links to our site, please click on them.

				
Watercolor Prints
This vibrant Moss Rose watercolor print is just one of many that you may choose for your home. These prints are a limited edition, only 50 of each are available.
		
Grand Opening Special on Unique Birdhouses
Sue A Baillargeon Designs � have designed and signed these unique birdhouses to look like old-tyme barns. Wonderful outdoors or in your home.
		
Photo Greeting Cards
Beautiful greeting cards made with original photographs.
		
Watercolors a-poppin
"Limited edition" Watercolor prints with very bright colors! This is just one of several you may choose from.
						
Hi... We're Don & Nanette and Notbygeorge is our store.
We created it as an outlet for our own artistic talents and  
we plan to bring you interesting items we find at local and international markets.  We love the search!

We hope you enjoy our products as much as we enjoy offering them to you.

Notbygeorge offers unique artistic items. If you aren't satisfied with your order, simply return it for a complete refund.

The name and logo are trademarks� of Notbygeorge 2002

http://gm12.com/r.html?c=144418&r=144138&t=63530639&l=1&d=36067981&u=http://www.notbygeorge.com&g=0&f=36067988

Under Bill s. 1618 TITLE III, passed by the 105th Congress, this mailing cannot be considered SPAM as long as contact information & a remove link are provided



Click here to send this to a friend : http://gm12.com/r.html?c=144418&r=144138&t=63530639&l=4&g=0&f=36067988

Click here: http://gm12.com/r.html?c=144418&r=144138&t=63530639&l=6&ea=cypherpunks at minder.net to unsubscribe from our mailing list.  Or reply to this message with the word unsubscribe in the subject line.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 8082 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021009/a58199f6/attachment.txt>

From pcdi at pickyourflick.com  Wed Oct  9 10:34:43 2002
From: pcdi at pickyourflick.com (PCDI)
Date: Wed,  9 Oct 10:34:43 2002 -0700
Subject: Special $200 Discount on Home Study Courses
Message-ID: <88476381.5860595@mailhost>

Learn a New Career, Earn Your Degree, or Finish High School at Home!

FREE Home Study Career Information Kit
If you'd like to train for a better career but don't think you have the time, think again. Now you can enjoy the convenience of self-paced home study, with nationally accredited Professional Career Development Institute.


PCDI home study career diploma courses

• Paralegal
• Medical Transcription
• Teacher Assisting
• Veterinary Assisting
• Pharmacy Technology
• Child Day Care
• Look at our list of more than 40 courses

At graduation, you'll receive your nationally accredited diploma. Click here for your FREE PCDI Career Information Kit.
http://www.pcdi-homestudy.com/courses/?code=E84


Distance learning Associate's Degree programs

• Accounting 
• Business Management 
• Criminal Justice 
• Paralegal Studies 
• Health Care Management 
• Computer Information Management 
• Early Childhood Education

At graduation, you'll get your nationally accredited diploma and your class ring! Click here to receive your FREE Ashworth College Catalog.
http://www.ashworthcollege.com/academic/?code=E84


Earn your high school diploma at home

• Start where you left off, in the 9th - 12th grades
• Your exams are open-book
• Choose from 60 courses
• Receive class ring at graduation

At graduation, you'll receive your nationally accredited diploma. Click here for your FREE James Madison High School Information Kit.
http://www.jmhs.com/courses/?code=E84


Professional Career Development Institute





========================================================================================

























Now Showing: PickYourFlick!  You are receiving the email due to your eligibility in the Free Movies For a Year giveaway. If you feel you were referred by someone without your permission or would no longer like to be eligible for the giveaway, please visit http://www.PickYourFlick.com to remove yourself from the giveaway and these mailings.








c&y&p&h&e&r&p&u&n&k&s&%m&i&n&d&e&r&~n&e&t&

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 10191 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021009/3a2fe6b0/attachment.txt>

From AltareverberateMcdonough at nymag.com  Tue Oct  8 23:00:42 2002
From: AltareverberateMcdonough at nymag.com (Susanne Eubanks)
Date: Wed, 9 Oct 2002 11:00:42 +0500
Subject: Success is what your wear
Message-ID: e42e01c26fad$2db5a6e0$6401a8c0@edwin

Look rich and successful without having to spend thousands. Nothing impresses business colleagues and friends more than a diamond studded watch, or a classic Patek Philippe strapped around your wrist.

http://dictgate.com/




From schear at lvcm.com  Wed Oct  9 13:23:36 2002
From: schear at lvcm.com (Steve Schear)
Date: Wed, 09 Oct 2002 13:23:36 -0700
Subject: Microsoft nixes TV copy protection
Message-ID: <5.1.0.14.2.20021009132223.03ee4980@pop3.lvcm.com>


Microsoft nixes TV copy protection
By Joe Wilcox
Staff Writer, CNET News.com
October 9, 2002, 9:19 AM PT

Microsoft has bowed to consumer pressure and pulled back from a 
controversial plan that would have encrypted TV shows recorded on 
forthcoming digital media PCs.

http://news.com.com/2100-1040-961376.html?tag=lh

"War is just a racket ... something that is not what it seems to the 
majority of people. Only a small group knows what its about. It is 
conducted for the benefit of the very few at the expense of the 
masses."  --- Major General Smedley Butler, 1933




From ericm at lne.com  Wed Oct  9 15:15:29 2002
From: ericm at lne.com (Eric Murray)
Date: Wed, 9 Oct 2002 15:15:29 -0700
Subject: Trojan-modified Sendmail floating around - 8.12.6 - Since
  Sept. 28th or earlier.
In-Reply-To: <3DA4A731.1010201@algroup.co.uk>; from ben@algroup.co.uk on
  Wed, Oct 09, 2002 at 11:01:21PM +0100
References: <5.1.1.6.2.20021008183138.02aed228@idiom.com>
  <3DA4A731.1010201@algroup.co.uk>
Message-ID: <20021009151528.A10206@slack.lne.com>

<<< No Message Collected >>>




From domypodf at myrealbox.com  Wed Oct  9 14:35:47 2002
From: domypodf at myrealbox.com (Anita)
Date: Wed, 9 Oct 2002 17:35:47 -0400
Subject: xpics vvrng
Message-ID: <200210100031.g9A0Uxgf072227@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1931 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021009/b7d36018/attachment.txt>

From ben at algroup.co.uk  Wed Oct  9 15:01:21 2002
From: ben at algroup.co.uk (Ben Laurie)
Date: Wed, 09 Oct 2002 23:01:21 +0100
Subject: Trojan-modified Sendmail floating around - 8.12.6 - Since
  Sept. 28th or earlier.
References: <5.1.1.6.2.20021008183138.02aed228@idiom.com>
Message-ID: <3DA4A731.1010201@algroup.co.uk>


Bill Stewart wrote:
> Somebody backdoored the source code for Sendmail on the official server.
> So if you recompile from scratch, your sendmail is 0wned.
> Another reason not to run mail systems as root....

In this case, as I understand it, it bites when you compile. So, its 
another reason not to build them as root.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff




From hisable at wongfaye.com  Wed Oct  9 15:52:57 2002
From: hisable at wongfaye.com (Dr. Bill Akulunon)
Date: Thu, 10 Oct 2002 00:52:57 +0200
Subject: 8Th All Afrcan Game
Message-ID: <200210072350.g97NopQ12853@waste.minder.net>


Dr. Bill Akulunon
Reply to: fmysc01 at ecplaza.net

                             THE 8TH ALL AFRICAN GAMES. 

I am Dr. Bill Akulunon, the Chief Accountant of the Federal Ministry of
Youth,Sport,and culture Parent body of the  Local 
Organizing Committee of the 8th all African game tagged[COJA] 2003 taking
place in my country in  2003,  . In the course 
of our preparation to host the 8th all African games  , Huge sum of money
running into millions of United States Dollars was 
budgeted by the present civilian administration of our president Chief
Olusegun Obasanjo for the successful organization of 
this competition. In the same vein, the supreme council for sport in
Africa made millions of dollars available for the same 
competition. 

However, in my capacity as the Chief Accountant, to both local organizing
committee (LOC), and the Federal Ministry of 
Youth,Sports and culture , I and some of my colleagues in sensitive
positions were able to influence the award of a 
contract for the supply and installation  of some of the facilities that
will be  used for the competition. 

The contractor who handled these projects agreed to give my colleagues and
I 10% of the total contract sum, if we were 
able to influence the award of the contract to their favour. So many
foreign firms bided for this same contract, but because 
we knew whom we wanted the contract to be awarded to, we made sure that
the contractor we had this understanding 
with won the contract. They have been paid 90% of their total contract sum
remaining the balance of 10% which we never 
wanted them to collect on our behalf because of the fear that they might
not give us the balance of 10%. It is pertinent to 
note that, the remaining balance of a total sum of seven Million united
states (US$7,000,000.00) is lying in the suspense 
account at First Chartered Bank Lagos, ready for transfer into any good
bank  account of your choice. 

I have been unanimously mandated to seek for an honest and trustworthy
foreign partner who will assist in ensuring the 
successful transfer of the above sum of money into his Personal/Company
account since the Nigerian Code of Conduct 
Bureau does not permit us to operate a foreign account as public servants.
On the successful remittance of the fund (US 
$7,000,000.00) into your nominated account, for your kind assistance you
will be adequately compensated. 

Be rest assured that, the modalities and logistics towards the successful
transfer of this fund has been worked out. All we 
require from you is your cooperation. This transaction is 100% risk free.
We Kindly request that you accord to it the highest 
level of secrecy it deserves. 

Your swift response will be highly appreciated and kindly provide your
phone and fax number for more informative 
discussions. Upon your acknowledgement of this proposal, I will forward to
you the detailed procedure for this transaction. 

Note that, this transaction is legal and free from all sorts of risk and
trouble. It does not contravene the laws of my country 
nor any International laws; hence the whole approval for the transfer will
be official and legally processed. This transaction 
will be concluded within five (5) working days if we follow it up and give
the serious attention it deserves. 
Awaiting your prompt response. 

Best Regards, 
Dr. Bill Akulunon. 

N.B: Please confirm if you received this message via my confidential email
address fmysc01 at ecplaza.net

*********************************************************** 
This is an Opti-Target network mailing.  You were subscribed to this free
service through one of our partner sites.  If you 
believe this email has reached you in error or if you no longer wish to
receive these updates, please, **DO NOT** reply to 
this e-mail. 




From baih2002 at 163.com  Wed Oct  9 10:23:08 2002
From: baih2002 at 163.com (zsyz)
Date: Thu, 10 Oct 2002 01:23:08 +0800
Subject: ÕÐÉÌ֪ͨ£¡
Message-ID: <GIGANTICd3OJXsNQptg00000038@levee.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5423 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021010/1b0c5c4f/attachment.txt>

From nobody at arancio.net  Wed Oct  9 19:28:26 2002
From: nobody at arancio.net (anonimo arancio)
Date: 10 Oct 2002 02:28:26 -0000
Subject: Echelon-like...
Message-ID: <ff9c047c3f956f399aafb8b5ed3f66c0@arancio.net>


This relates to an issue I've wanted to discuss with "Cypherpunks" for several years.
Over the years, I've seen several commentators (including Timothy May) appear suprised when discussing the US's encryption export policies.
The basic argument is that, if good encryption is available overseas or easily downloadable, it doesn't make sense to make export of it illegal.

On the surface this would seem a sensible argument.
ANd, it would seem a purely beaureaucratic (I'm sure I spelled that wrong) error.
But I am wondering if Cypherpunks have mentioned the 'obvious'.

The government knows exactly what it's doing. It wants to discourage the use of encryption by any means necessary, because of sheer numbers.
Basically, the more messages that are encypted, the more hardware (and therefore $$$) will be needed to decrypt them.
Therefore, the only way they can stay ahead of the game is to keep the numbers as low as possible, so they can continue to "outspend" the problem.
This is, from their perspective, a perfectly reasonable approach to decrypting large numbers of messages, a small fraction of which may contain "interesting" information.

Is the above statement a) wrong, b) obvious c) mentioned previously on the cypherpunks boards, or d)"hey! We never thought of that"




From ericm at lne.com  Thu Oct 10 08:09:55 2002
From: ericm at lne.com (Eric Murray)
Date: Thu, 10 Oct 2002 08:09:55 -0700
Subject: Echelon-like...
In-Reply-To: <ff9c047c3f956f399aafb8b5ed3f66c0@arancio.net>; from
  nobody@arancio.net on Thu, Oct 10, 2002 at 02:28:26AM -0000
References: <ff9c047c3f956f399aafb8b5ed3f66c0@arancio.net>
Message-ID: <20021010080955.A16236@slack.lne.com>


On Thu, Oct 10, 2002 at 02:28:26AM -0000, anonimo arancio wrote:
[..]

> But I am wondering if Cypherpunks have mentioned the 'obvious'.
> 
> The government knows exactly what it's doing. It wants to discourage the use of encryption by any means necessary, because of sheer numbers.
> Basically, the more messages that are encypted, the more hardware (and therefore $$$) will be needed to decrypt them.
> Therefore, the only way they can stay ahead of the game is to keep the numbers as low as possible, so they can continue to "outspend" the problem.
> This is, from their perspective, a perfectly reasonable approach to decrypting large numbers of messages, a small fraction of which may contain "interesting" information.
> 
> Is the above statement a) wrong, b) obvious c) mentioned previously on the cypherpunks boards, or d)"hey! We never thought of that"


B and C, extensively.

The US Government has pretty much given up on restricting crypto
exports.  There is just enough of a vestigial restriction there to
maintain the illusion that the government has a right to control crypto
exports.  If there was anything more, it would be challenged in court
and most likely get thrown out.  The government backed off on
previous challenges (Bernstein, Zimmerman) to avoid that.

Eric




From jtrjtrjtr2001 at yahoo.com  Thu Oct 10 08:58:48 2002
From: jtrjtrjtr2001 at yahoo.com (Sarad AV)
Date: Thu, 10 Oct 2002 08:58:48 -0700 (PDT)
Subject: Echelon-like...
In-Reply-To: <20021010080955.A16236@slack.lne.com>
Message-ID: <20021010155848.15816.qmail@web21210.mail.yahoo.com>


hi,

> > The government knows exactly what it's doing. It
> wants to discourage the use of encryption by any
> means necessary, because of sheer numbers.

Does n't govt intervension always increase the
numbers?

> > Basically, the more messages that are encypted,
> the more hardware (and therefore $$$) will be needed
> to decrypt them.
> > Therefore, the only way they can stay ahead of the
> game is to keep the numbers as low as possible, so
> they can continue to "outspend" the problem.

Why don't we have encrypted spams over the internet
rather than plain text spam ?Thats one way we can all
benefit frm spam.

 


> The US Government has pretty much given up on
> restricting crypto
> exports. 

Why did that happen?


Regards Sarath.

__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com




From mv at cdc.gov  Thu Oct 10 09:33:21 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Thu, 10 Oct 2002 09:33:21 -0700
Subject: Echelon-like...
Message-ID: <3DA5ABD0.37E5DA39@cdc.gov>


Not only is EM correct, but:
* many attacks are possible without worrying about keylength.  Got
Scarfo?
* NIST/NSA picked the lamest AES.  If I told you what "lame" meant, I'd
have to kill you.
* (Lack of) User motivation (related to man-machine issues) is still the
spooks' best friend.  As
well as legacy systems, and inadequately designed total systems.  Got
Redmond?

However, stego and decent opsec and cash and leo buffoonery still let
you coordinate the occasional urban skyline
reconstruction, poking holes in boats, etc.  Got Dead Drops?  Mr.
Hanssen?  Mr Ames?



At 08:09 AM 10/10/02 -0700, Eric Murray wrote:
>On Thu, Oct 10, 2002 at 02:28:26AM -0000, anonimo arancio wrote:
>> The government knows exactly what it's doing. It wants to discourage
the use of encryption by any means necessary, because of sheer numbers.
>> Basically, the more messages that are encypted, the more hardware
(and therefore $$$) will be needed to decrypt them.
>> Therefore, the only way they can stay ahead of the game is to keep
the numbers as low as possible, so they can continue to "outspend" the
problem.
>> This is, from their perspective, a perfectly reasonable approach to
decrypting large numbers of messages, a small fraction of which may
contain "interesting" information.
>>
>> Is the above statement a) wrong, b) obvious c) mentioned previously
on the cypherpunks boards, or d)"hey! We never thought of that"
>
>
>B and C, extensively.
>
>The US Government has pretty much given up on restricting crypto
>exports.  There is just enough of a vestigial restriction there to
>maintain the illusion that the government has a right to control crypto

>exports.  If there was anything more, it would be challenged in court
>and most likely get thrown out.  The government backed off on
>previous challenges (Bernstein, Zimmerman) to avoid that.
>
>Eric




From TRAININGTEM56 at terra.es  Thu Oct 10 05:23:09 2002
From: TRAININGTEM56 at terra.es (OFERTA INTERES)
Date: Thu, 10 Oct 2002 14:23:09 +0200
Subject: PUBLI ENVIO/De su interes
Message-ID: <GIGANTICVbNDN4CxpAO00000008@levee.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4242 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021010/839b89d9/attachment.txt>

From joejones3345 at sirenas.solmelia.cu  Thu Oct 10 14:53:43 2002
From: joejones3345 at sirenas.solmelia.cu (joejones3345 at sirenas.solmelia.cu)
Date: Thu, 10 Oct 2002 17:53:43 -0400
Subject: No subject
Message-ID: <200210102214.g9AMDsk11718@mail.proviasrural.gob.pe>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1012 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021010/29ef3105/attachment.txt>

From DaveHowe at gmx.co.uk  Thu Oct 10 12:01:12 2002
From: DaveHowe at gmx.co.uk (David Howe)
Date: Thu, 10 Oct 2002 20:01:12 +0100
Subject: Echelon-like...
References: <F96ANnFbqYZJ2siPUar00011f61@hotmail.com>
Message-ID: <067301c2708f$6d087420$c71121c2@sharpuk.co.uk>


>> "I assume everyone knows the little arrangement that lotus
>> reached with the NSA over its encrypted secure email?"
> I'm new here, so do tell if I am wrong. Are you referring to the two
levels
> of Encryption available in Bogus Notes?
More or less, yes. Lotus knew nobody would buy a 40 bit version of their
crypto, so there is a two-level encryption all right, but not along
those lines - in the export version, some of the session key is
encrypted using a PKI "work reduction factor" key in the message header;
this section of header is important, as lotus gateways won't accept
messages that have had it disturbed. by decoding this block, the NSA
have the actual keysize they need to block reduced to the legal export
level of 40 bits; one government found this out *after* rolling it out
to all their billing and contract negotiation departments... belgum or
sweden by memory . Lotus thought it would be ok if only the NSA (and
other US government orgs) could break the key, rather than letting
everyone have an equal chance (and indeed, letting their customers know
their crypto was still only 40 bit vs USA intel agencies)
Still, even the domestic version was only 64 bits, which is painfully
small even by the standards of the day. certainly, even "strong" lotus
could have been crackable by the NSA, who after all own their own fab
plant to make custom VLSI cracking chips.




From gregogy at nnpc.com  Thu Oct 10 12:11:24 2002
From: gregogy at nnpc.com (DR. GREG ODILI)
Date: Thu, 10 Oct 2002 21:11:24 +0200
Subject: No subject
Message-ID: <200210092012.g99KCT7f001716@ak47.algebra.com>


>From the desk of:
DR. GREG ODILI
Email: (gregody at rediffmail.com & gregody at maktoob.com)
Fax : 234-1-4401020
Lagos, Nigeria.



Kindest attention ,



            REQUEST FOR AN URGENT CONFIDENTIAL BUSINESS RELATIONSHIP 



After due deliberation with my colleagues, I have decided to forward
to you this business proposal. We want a reliable person who could
assist us to transfer the sum of Twenty Million Five Hundred Thousand
United States Dollars ($20,500,000) into his / her account. This fund
resulted from an over-invoiced bill from contracts awarded by us
under the budget allocation to my Ministry and this bill has been
approved for payment by the concerned authorities. The contract has
since been executed, commissioned and the contractor was paid the
actual cost of the contract. We are left with the balance US$20.5M as
part of the over-invoiced amount which we have deliberately over
estimated for our own use. But under our protocol division, civil
servants are forbidden to operate or own foreign accounts. This is
why I am contacting you to be our custodian for this fund. 



As you may want to know and to make you less curious, I got your
address from a site in the internet that portrayed you (your
establishment) in good light. I am the Chief Accountant/Internal
Auditor of the Contract Award Committee (C.A.C.) of the Nigerian
National Petroleum Corporation (NNPC). This transaction is very much
free from all sorts of RISKS and TROUBLE from my Government. We the
N.N.P.C. Officials involved in this deal have put in many years in
service to this Ministry. We have been exercising patience for this
opportunity for so long and to us, this is a life time opportunity we
cannot afford to miss. You need not to worry about the
responsibilities of transferring this fund into your account, because
all the administrative step needed for the transfer of this fund into
your designated bank account will be done by me. We have agreed to
COMPENSATE you duly if agreement is reached by both of us. 



My colleague and I will come to your country to arrange for our
share, upon the confirmation from you that the money has been
credited into your nominated bank account. Consequent upon your
acceptance of this proposal, kindly confirm your interest by sending
me a revert email at the email account below (gregody at rediffmail.com &
gregody at maktoob.com)
 Your indication by revert email to me of your sincere and serious
interest will enable me send you the PROCEDURE FOR OPERATION.



NOTE: In the event of your inability to handle this transaction
please inform us so that we can look for another reliable person who
can assist in this respect. 



It might surprise you why we choose you and trusted you for this
transaction. Yes, we believe that good friends can be discovered and
business like this can not be executed without trust. This is why we
have decided to trust you for this transaction. We are looking
forward to doing this transaction with you. Be further informed that
everybodyÂ’s interest and security had been considered before you were
contacted, so be rest assured and feel free to go into this
transaction with us. But let Honesty and Trust be our watchword
throughout this transaction and your prompt reply will be highly
appreciated. 



Thank you and God bless.



Best Regards,



DR. GREG  ODILI. 



NB: If you want to send me an e-mail massage, please use the above
listed e-mail address (gregody at rediffmail.com & gregody at maktoob.com)
 for confidential reasons.




From DaveHowe at gmx.co.uk  Thu Oct 10 13:13:59 2002
From: DaveHowe at gmx.co.uk (David Howe)
Date: Thu, 10 Oct 2002 21:13:59 +0100
Subject: Echelon-like...
References: <F504A8CEE925D411AF4A00508B8BE90A041BAE88@exna07.securitydyn
  amics.com>
Message-ID: <06ec01c27099$a27cf2c0$c71121c2@sharpuk.co.uk>


"Trei, Peter" <ptrei at rsasecurity.com> wrote:
> It was Sweden. They didn't really have an excuse - over a year
earlier,
> Lotus announced their "International" version with details of the
"Work
> Factor Reduction Field" at the RSA Conference. I immediately invented
> the term 'espionage enabled' to describe this feature, a term which
has
> entered the crypto lexicon.
Indeed so, yes - If my memory isn't failing me though, their "excuse"
was that the lotus salesdroid they had awarded the contract to hadn't
disclosed it to them in his bid and in fact, the original tender had
specified *secure* encryption, not *secure, except for the american spy
industry*. I don't know enough sweedish to even attempt a google on it
though :)




From ESavers at usairways.com  Thu Oct 10 20:00:00 2002
From: ESavers at usairways.com (ESavers at usairways.com)
Date: Thu, 10 Oct 2002 22:00:00 -0500
Subject: US Airways Antigua E-Savers and Resort For $14 A Day
Message-ID: <200210110305.g9B34wIB017064@ak47.algebra.com>


Dear E-Savers Subscriber,

US Airways is pleased to present this special International E-Savers offer:

************************************************************
1. This Week's International E-Savers
2. Antigua Resort As Low As $14 A Day
3. Dividend Miles Offers
4. E-Savers Fare Requirements
5. Subscription Information

************************************************************
1. THIS WEEK'S INTERNATIONAL E-SAVERS
************************************************************

You may depart on Saturdays, between October 12 and December 14, 2002. Return travel is Saturdays, between October 19 and December 21, 2002. Saturday night stay is required. Tickets must be purchased by October 15, 2002.

For travel, make your reservations online at 
http://www.usairways.com/promotions/esavers/offer_anu.htm 
These special fares can also be purchased for an additional $20 per ticket at 1-888-359-3728. Tickets must be purchased at the time of reservation. For more information on Antigua, please visit
http://www.usairways.com/travel/destinations/caribbean/anu.htm

                                                    ROUNDTRIP
FROM:                     TO:                       ONLINE FARE:
----------------------------------------------------------------
Albany, NY                Antigua                   $369 

Allentown, PA             Antigua                   $349 

Baltimore, MD             Antigua                   $349 

Boston, MA                Antigua                   $349 

Buffalo, NY               Antigua                   $369 

Burlington, VT            Antigua                   $369 

Hartford, CT              Antigua                   $349 

Manchester, NH            Antigua                   $369 

New York LaGuardia, NY    Antigua                   $349 

Philadelphia, PA          Antigua                   $329 

Providence, RI            Antigua                   $349 

Rochester, NY             Antigua                   $369 

Syracuse, NY              Antigua                   $369 

Washington National, DC   Antigua                   $349 


Fares shown are based on roundtrip Coach travel on US Airways/US Airways Express, during the period specified above. Depending upon your travel needs, alternative routings may be available at the same fares, with part of the service on regional aircraft operated by US Airways Express carriers Allegheny, Air Midwest, CCAIR, Chautauqua, Colgan, Mesa, Piedmont, PSA, Shuttle America or Trans States.

************************************************************
2. ANTIGUA RESORT AS LOW AS $14 A DAY
************************************************************

Combine great fares with a special low rate for US Airways customers at the following Elite Island Resorts in Antigua:

Royal Antiguan                                     1-800-345-0356
$99* per person per WEEK

The Royal Antiguan is located on a half-mile stretch of white-sand beach at Deep Bay on Antigua's western coast. Set on 150 lush, tropical acres, the Royal Antiguan combines a casual atmosphere with the adventure of an exciting Caribbean paradise. Resort amenities include three restaurants and four bars, tennis courts, water sports facility, natural walking trails, fitness center, freshwater swimming pool, casino, disco and shopping arcade. Book online at http://www.eliteislandresorts.com


St. James's Club - ALL INCLUSIVE                   1-800-345-0356
$129* per person per night

Ultra-posh Caribbean getaway on a private 100 acre peninsula overlooking two magnificent white sand beaches on Antigua's southeastern coast. A full-service marina and yacht club with spa, casino, tennis complex, and 250 rooms, suites and villas to choose from. Supervised children's activities program too. Dining, beverages, and resort activities, including watersports are included. Book online at http://www.eliteislandresorts.com


Occidental Grand Pineapple Beach - ALL INCLUSIVE   1-800-345-0356
$129* per person per night

Magnificent sunsets, balmy breezes, secluded 3/4-mile white-sand beach and exceptional service set the stage at Grand Pineapple Beach where romance is always in bloom. Walk hand-in-hand through 25 acres of lush gardens and experience secluded privacy for a memorable Caribbean island getaway that is totally all-inclusive; sumptuous cuisine, themed buffets, unlimited refreshments, entertainment, dancing and exciting activities for day and night pursuits. 

For more information on any of these properties, visit http://www.eliteislandresorts.com


* Hotel rates shown are per person per night based on double occupancy for travel through 12/21/02 when booked by 10/16/02 (Royal Antiguan rate shown is per person per week based on double occupancy). Hotel space is limited and may not be available on all days. Additional travel dates and rates are available. Prices are subject to change with or without notice. Rate does not include room taxes and does not include miscellaneous hotel charges typically paid by the customer directly to the hotel. When booking, refer to the "US Airways Antigua E-Saver." Other conditions may apply. Airfare not included.

************************************************************
3. DIVIDEND MILES OFFERS
************************************************************

Reminder: Make sure your Dividend Miles account number is in your E-Savers reservation, so you can earn miles for worldwide award travel on US Airways and our partners. To enroll in Dividend Miles, go to 
http://www.usairways.com/dividendmiles/index.htm
To earn even more miles, book E-Savers using your US Airways Dividend Miles Visa card. To apply for the Dividend Miles Visa card issued by Bank of America, please visit us at 
http://www.usairways.com/dmcreditcards

Please note:  Mileage bonus for booking online does not apply to E-Savers.

Earn up to 30,000 Bonus Miles to/from Europe This Fall. Fly US Airways roundtrip to or from Amsterdam, Frankfurt, London, Madrid, Manchester, Munich, Paris or Rome in First Class, Envoy Class or select Economy Class fares (F, J, C, Y, B or M fare classes) between September 15 and December 31, 2002 and earn up to 30,000 bonus miles. Register once before your next transatlantic flight at 
http://www.usairways.com/dividendmiles/6935.htm

************************************************************
4. E-SAVERS FARE REQUIREMENTS
************************************************************

- Restrictions: Roundtrip purchase required. Seats are limited and are not available on all flights/days. Fares cannot be combined with other fares, discounts, promotions or coupons. Travel must begin and end in the same city. One-way travel, stopovers, waitlisting and standbys are not permitted. Tickets must be purchased at the time of reservation. Fares will not be honored retroactively or in conjunction with the exchange of any partially used ticket. 

- Travel: Depart to Antigua 10/12-12/14/02, Saturdays, and return from Antigua 10/19-12/21/02, Saturdays. Saturday night stay required. All travel must be completed by 12/21/02.

- Ticketing: Tickets must be purchased by 10/15/02.

- Taxes/Fees: Depending on the itinerary, passenger facility charges of up to $18 and the September 11th Security Fee of up to $10 may apply in addition to the fare. Fares shown do not include total government-imposed taxes/fees/surcharges of up to $60.

- Changes: Tickets become non-refundable 24 hours after making initial reservation, and may be changed prior to the departure of each flight segment for a minimum $100 fee. If changes are not made prior to the departure date/time of each flight, the entire remaining ticket will have no further value.

- Miscellaneous: Lower fares may be available in these markets. Other conditions apply. 

************************************************************
5. SUBSCRIPTION INFORMATION
************************************************************

This is a post-only mailing sent to CYPHERPUNKS at ALGEBRA.COM. If you would like to change your e-mail address, you will need to unsubscribe and resubscribe at the E-Savers Enrollment page:
http://www.usairways.com/promotions/esavers/enroll/index.htm

To unsubscribe from this list, please click here:
http://www.usairways.com/cgi-bin/delete.cgi?email=CYPHERPUNKS at ALGEBRA.COM

To change your departure city preferences, please visit:
http://www.usairways.com/promotions/esavers/enroll/index.htm

Please do not respond to this message.


Copyright US Airways 1996-2002.  All rights reserved.







From sekomariam9 at eircom.net  Thu Oct 10 17:14:21 2002
From: sekomariam9 at eircom.net (MRS. M. SESE  SEKO)
Date: Fri, 11 Oct 2002 01:14:21 +0100
Subject: HUMANITARIAN
Message-ID: <200210110109.g9B19Cc3005977@ak47.algebra.com>


DEAR FRIEND,

 I AM MRS. SESE-SEKO WIDOW OF LATE PRESIDENT MOBUTU
 SESE-SEKO OF ZAIRE? NOW KNOWN AS DEMOCRATIC REPUBLIC
 OF CONGO (DRC). I AM MOVED TO WRITE YOU THIS
 LETTER,
 THIS WAS IN CONFIDENCE CONSIDERING MY PRESENT
 CIRCUMSTANCE AND SITUATION.

 I ESCAPED ALONG WITH MY HUSBAND AND TWO OF OUR SONS
 KENNETH AND BASHER OUT OF DEMOCRATIC REPUBLIC OF
 CONGO (DRC) TO ABIDJAN, COTE D'IVOIRE WHERE MY
 FAMILY
 AND I SETTLED, WHILE WE LATER MOVED TO SETTLED IN
 MORROCO WHERE MY HUSBAND LATER DIED OF CANCER
 DISEASE. HOWEVER DUE TO THIS SITUATION WE DECIDED TO
 CHANGED MOST OF MY HUSBAND'S BILLIONS OF DOLLARS
 DEPOSITED IN SWISS BANK AND OTHER COUNTRIES INTO
 OTHER

 FORMS OF MONEY CODED FOR SAFE PURPOSE BECAUSE THE
 NEW

 HEAD OF STATE OF (DR) MR LAURENT KABILA HAS MADE
 ARRANGEMENT WITH THE SWISS GOVERNMENT AND OTHER
 EUROPEAN COUNTRIES TO FREEZE ALL MY LATE HUSBAND'S
 TREASURES DEPOSITED IN SOME EUROPEAN COUNTRIES.
 HENCE

 MY CHILDREN AND I DECIDED LAYING LOW IN AFRICA TO
 STUDY THE SITUATION TILL WHEN THINGS GETS BETTER,
 LIKE NOW THAT PRESIDENT KABILA IS DEAD AND THE SON
 TAKING OVER (JOSEPH KABILA). ONE OF MY LATE
 HUSBAND'S
 CHATEAUX IN SOUTHERN FRANCE WAS CONFISCATED BY THE
 FRENCH GOVERNMENT, AND AS SUCH I HAD TO CHANGE MY
 IDENTITY SO THAT MY INVESTMENT WILL NOT BE TRACED
 AND

 CONFISCATED. I HAVE DEPOSITED THE SUM OF EIGHTEEN
 MLLION UNITED STATE DOLLARS(US$18000,000,00.) WITH
 A

 SECURITY COMPANY , FOR SAFEKEEPING. THE FUNDS ARE
 SECURITY CODED TO PREVENT THEM FROM KNOWING THE
 CONTENT. WHAT I WANT YOU TO DO IS TO INDICATE YOUR
 INTEREST THAT YOU WILL ASSIST US BY RECEIVING THE
 MONEY ON OUR BEHALF.ACKNOWLEDGE THIS MESSAGE, SO
 THAT
 I CAN INTRODUCE YOU TO MY SON(KENNEH) WHO HAS THE
 OUT MODALITIES FOR THE CLAIM OF THE SAID FUNDS. I
 WANT

 YOU TO ASSIST IN INVESTING THIS MONEY, BUT I WILL
 NOT
 WANT MY IDENTITY REVEALED. I WILL ALSO WANT TO BUY
 PROPERTIES AND STOCK IN MULTI-NATIONAL COMPANIES AND
 TO ENGAGE IN OTHER SAFE AND NON-SPECULATIVE
 INVESTMENTS. MAY I AT THIS POINT EMPHASISE THE HIGH
 LEVEL OF CONFIDENTIALITY, WHICH THIS BUSINESS
 DEMANDS, AND HOPE YOU WILL NOT BETRAY THE TRUST AND
 CONFIDENCE, WHICH I REPOSE IN YOU. IN CONCLUSION,
 IF
 YOU WANT TO ASSIST US , MY SON SHALL PUT YOU IN THE
 PICTURE OF THE BUSINESS, TELL YOU WHERE THE FUNDS
 ARE

 CURRENTLY BEING MAINTAINED AND ALSO DISCUSS OTHER
 MODALITIES INCLUDING REMUNERATION FOR YOUR SERVICES.

 FOR THIS REASON KINDLY FURNISH US YOUR CONTACT
 INFORMATION, THAT IS YOUR PERSONAL TELEPHONE AND FAX
 NUMBER FOR CONFIDENTIAL PURPOSE AND ACKNOWLEDGE
 RECEIPT OF THIS MAIL USING THE ABOVE EMAIL ADDRESS.

 BEST REGARDS,

 MRS M. SESE SEKO





From camera_lumina at hotmail.com  Fri Oct 11 06:37:52 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Fri, 11 Oct 2002 09:37:52 -0400
Subject: Echelon-like resources...
Message-ID: <F1793GykBbKP7Ie8tlM00011360@hotmail.com>


OK, let's assume for the same of argument that it takes about 1 minute for 
Echelon/NSA-like resources to break a weakly encypted lotus notes message. 
And then let's assume that there's a whole LOT of these machines sitting 
somewhere.

And as the grumpy Tim May has suggested, perhaps only a small fraction of 
encrypted messages are (or can be) sent for decryption.

Then the expenditure of such resources is going to be a big statistical 
optimization problem, akin to that faced in the credit card industry (eg, in 
approving or declining a POS transaction).

The gub'mint or whatever doing such monitoring will therefore probably look 
for certain signs that will kick off decryption. For instance, the sporadic 
use of cryptography in cetain demogrpahic areas might cause a % of those to 
be sent over for routine check, particularly if there is no encryption used 
by that populace, and then all of a sudden there are bursts.

Also, changing the strength of encryption might be a kickoff, but again I 
reveal I am a newbie with this question: Is it possible to determine (at 
least approximately) the strength of encryption of an intercepted message?

Then, if someone from, say, the b'Arbes neighborhood of Paris moves suddenly 
from weak to strong encryption in his messaging, that would kick off a flag 
somewhere sending that message for cracking.

So if a bin Laden were smart, he should routinely use encryption for all of 
his messages, even the most trivial, because the change in pattern would be 
a tipoff to send his encrypted messages for hacking.

And the there are probably less obvious, large-scale statistical patterns 
indicating something's up, and causing a % of such messages to be hacked and 
then sent for routine check for key words.





>From: Adam Back <adam at cypherspace.org>
>To: Tyler Durden <camera_lumina at hotmail.com>
>CC: DaveHowe at gmx.co.uk, cypherpunks at lne.com
>Subject: Re: Echelon-like...
>Date: Thu, 10 Oct 2002 20:41:21 +0100
>
>Sounds about right.  64 bit crypto in the "strong" version (which is
>not that strong -- the distributed.net challenge recently broke a 64
>bit key), and in the export version 24 of those 64 bits were encrypted
>with an NSA backdoor key, leaving only 40 bits of key space for the
>NSA to bruteforce to recover messages.
>
>The NSA's backdoor public key is at the URL below.
>
>	http://www.cypherspace.org/~adam/hacks/lotus-nsa-key.html
>
>(The public key had an Organization name of "MiniTruth", and a Common
>Name of "Big Brother" -- both Orwell "1984" references, presumably by
>a lotus programmer).
>
>Adam
>
>On Thu, Oct 10, 2002 at 02:34:38PM -0400, Tyler Durden wrote:
> > "I assume everyone knows the little arrangement that lotus
> > reached with the NSA over its encrypted secure email?"
> >
> > I'm new here, so do tell if I am wrong. Are you referring to the two 
>levels
> > of Encryption available in Bogus Notes? (ie, the North American and the
> > International, the International being "legal for export".)
> > At one of my previous employers, we were told the (apocryphal?) story of
> > some dude who got arrested on an airplane for having the more secure 
>version
> > of Notes on his laptop.
> >
> >
> >
> > >From: "David Howe" <DaveHowe at gmx.co.uk>
> > >To: "Email List: Cypherpunks" <cypherpunks at lne.com>
> > >Subject: Re: Echelon-like...
> > >Date: Thu, 10 Oct 2002 18:38:36 +0100
> > >
> > >On Wednesday, October 9, 2002, at 07:28  PM, anonimo arancio wrote:
> > > > The basic argument is that, if good encryption is available overseas
> > > > or easily downloadable, it doesn't make sense to make export of it
> > > > illegal.
> > >Nope. The biggest name in software right now is Microsoft, who wasn't
> > >willing to face down the government on this. no export version of a
> > >Microsoft product had decent crypto while the export regulations were 
>in
> > >force - and the situation is pretty poor even now. If microsoft were
> > >free to compete in this area (and lotus, of notes fame) then decent
> > >security *built into* the operating system, the desktop document suite
> > >or the email package - and life would get a lot, lot worse for the
> > >spooks.  I assume everyone knows the little arrangement that lotus
> > >reached with the NSA over its encrypted secure email?




_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




From camera_lumina at hotmail.com  Fri Oct 11 07:29:53 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Fri, 11 Oct 2002 10:29:53 -0400
Subject: Echelon-like resources...
Message-ID: <F14493p9EyX3xbz13yt00012f4a@hotmail.com>


Harmon Seaver wrote...

>    Why the hell would anyone use lotus notes encryption for anything 
>whatsoever?

Lotus Notes or whatever, of course. The point here is that larger 
organizations with decryption capabilities probably do not think on the 
message-by-message level very often, just like credit card companies and 
insurance agencies deal with their customers in statistical buckets.

It's also conceivable that a large variety of individuals, of varying levels 
of sophistication and education, catch wind of information the government 
may be interested in. Some of them may not feel or know that their message 
is of enough importance to go outside ofLotus Notes or whatever if they have 
it.




>
>
>On Fri, Oct 11, 2002 at 09:37:52AM -0400, Tyler Durden wrote:
> > OK, let's assume for the same of argument that it takes about 1 minute 
>for
> > Echelon/NSA-like resources to break a weakly encypted lotus notes 
>message.
> > And then let's assume that there's a whole LOT of these machines sitting
> > somewhere.
> >
> > And as the grumpy Tim May has suggested, perhaps only a small fraction 
>of
> > encrypted messages are (or can be) sent for decryption.
> >
> > Then the expenditure of such resources is going to be a big statistical
> > optimization problem, akin to that faced in the credit card industry 
>(eg,
> > in approving or declining a POS transaction).
> >
> > The gub'mint or whatever doing such monitoring will therefore probably 
>look
> > for certain signs that will kick off decryption. For instance, the 
>sporadic
> > use of cryptography in cetain demogrpahic areas might cause a % of those 
>to
> > be sent over for routine check, particularly if there is no encryption 
>used
> > by that populace, and then all of a sudden there are bursts.
> >
> > Also, changing the strength of encryption might be a kickoff, but again 
>I
> > reveal I am a newbie with this question: Is it possible to determine (at
> > least approximately) the strength of encryption of an intercepted 
>message?
> >
> > Then, if someone from, say, the b'Arbes neighborhood of Paris moves
> > suddenly from weak to strong encryption in his messaging, that would 
>kick
> > off a flag somewhere sending that message for cracking.
> >
> > So if a bin Laden were smart, he should routinely use encryption for all 
>of
> > his messages, even the most trivial, because the change in pattern would 
>be
> > a tipoff to send his encrypted messages for hacking.
> >
> > And the there are probably less obvious, large-scale statistical 
>patterns
> > indicating something's up, and causing a % of such messages to be hacked
> > and then sent for routine check for key words.
> >
> >
> >
> >
> >
> > >From: Adam Back <adam at cypherspace.org>
> > >To: Tyler Durden <camera_lumina at hotmail.com>
> > >CC: DaveHowe at gmx.co.uk, cypherpunks at lne.com
> > >Subject: Re: Echelon-like...
> > >Date: Thu, 10 Oct 2002 20:41:21 +0100
> > >
> > >Sounds about right.  64 bit crypto in the "strong" version (which is
> > >not that strong -- the distributed.net challenge recently broke a 64
> > >bit key), and in the export version 24 of those 64 bits were encrypted
> > >with an NSA backdoor key, leaving only 40 bits of key space for the
> > >NSA to bruteforce to recover messages.
> > >
> > >The NSA's backdoor public key is at the URL below.
> > >
> > >	http://www.cypherspace.org/~adam/hacks/lotus-nsa-key.html
> > >
> > >(The public key had an Organization name of "MiniTruth", and a Common
> > >Name of "Big Brother" -- both Orwell "1984" references, presumably by
> > >a lotus programmer).
> > >
> > >Adam
> > >
> > >On Thu, Oct 10, 2002 at 02:34:38PM -0400, Tyler Durden wrote:
> > >> "I assume everyone knows the little arrangement that lotus
> > >> reached with the NSA over its encrypted secure email?"
> > >>
> > >> I'm new here, so do tell if I am wrong. Are you referring to the two
> > >levels
> > >> of Encryption available in Bogus Notes? (ie, the North American and 
>the
> > >> International, the International being "legal for export".)
> > >> At one of my previous employers, we were told the (apocryphal?) story 
>of
> > >> some dude who got arrested on an airplane for having the more secure
> > >version
> > >> of Notes on his laptop.
> > >>
> > >>
> > >>
> > >> >From: "David Howe" <DaveHowe at gmx.co.uk>
> > >> >To: "Email List: Cypherpunks" <cypherpunks at lne.com>
> > >> >Subject: Re: Echelon-like...
> > >> >Date: Thu, 10 Oct 2002 18:38:36 +0100
> > >> >
> > >> >On Wednesday, October 9, 2002, at 07:28  PM, anonimo arancio wrote:
> > >> > > The basic argument is that, if good encryption is available 
>overseas
> > >> > > or easily downloadable, it doesn't make sense to make export of 
>it
> > >> > > illegal.
> > >> >Nope. The biggest name in software right now is Microsoft, who 
>wasn't
> > >> >willing to face down the government on this. no export version of a
> > >> >Microsoft product had decent crypto while the export regulations 
>were
> > >in
> > >> >force - and the situation is pretty poor even now. If microsoft were
> > >> >free to compete in this area (and lotus, of notes fame) then decent
> > >> >security *built into* the operating system, the desktop document 
>suite
> > >> >or the email package - and life would get a lot, lot worse for the
> > >> >spooks.  I assume everyone knows the little arrangement that lotus
> > >> >reached with the NSA over its encrypted secure email?
> >
> >
> >
> >
> > _________________________________________________________________
> > MSN Photos is the easiest way to share and print your photos:
> > http://photos.msn.com/support/worldwide.aspx
>
>--
>Harmon Seaver
>CyberShamanix
>http://www.cybershamanix.com
>
>"War is just a racket ... something that is not what it seems to the
>majority of people. Only a small group knows what its about. It is
>conducted for the benefit of the very few at the expense of the
>masses."  --- Major General Smedley Butler, 1933
>
>"Our overriding purpose, from the beginning through to the present
>day, has been world domination - that is, to build and maintain the
>capacity to coerce everybody else on the planet: nonviolently, if
>possible, and violently, if necessary. But the purpose of US foreign
>policy of domination is not just to make the rest of the world jump
>through hoops; the purpose is to faciliate our exploitation of
>resources."
>- Ramsey Clark, former US Attorney General




_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx




From mv at cdc.gov  Fri Oct 11 12:10:55 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 11 Oct 2002 12:10:55 -0700
Subject: US developing untraceable weapons
Message-ID: <3DA7223E.F38872EC@cdc.gov>


Theres no huge explosion associated with its employment, there are no
pieces and
parts left behind that someone can analyze to say, this came from the
United States, 
explains an unnamed Lockheed Martin official quoted in Aviation Week and
Space
Technology in July. The damage is localized, and it is hard to tell
where it came from
and when it happened. It is all pretty mysterious.

http://www.inthesetimes.com/issue/26/24/news1.shtml

Maybe we'll drop a Tarot card with Uncle Sam on it?


http://www.counterpunch.org/stanton1005.html:
Coincidental, no doubt, but one day after Bush spokesman Ari
Fleischer's comment on putting a bullet into the sovereign ruler of
Iraq's head, five US citizens in a suburb of Washington, DC, lost their
lives in just that manner




From hseaver at cybershamanix.com  Fri Oct 11 11:06:27 2002
From: hseaver at cybershamanix.com (Harmon Seaver)
Date: Fri, 11 Oct 2002 13:06:27 -0500
Subject: Durden lies, was: Echelon-like resources...
In-Reply-To: <f771fd5d5d09e765da6129a41c77a481@nox.lemuria.org>
References: <f771fd5d5d09e765da6129a41c77a481@nox.lemuria.org>
Message-ID: <20021011180627.GB18973@cybershamanix.com>


   Here's the cite for the Ramsey Clark quote.


On Fri, Oct 11, 2002 at 06:33:46PM +0200, Anonymous wrote:
> On Fri, 11 Oct 2002 10:29:53 -0400, you wrote:
> >
> > "War is just a racket ... something that is not what it seems to the
> > majority of people. Only a small group knows what its about. It is
> > conducted for the benefit of the very few at the expense of the
> > masses."  --- Major General Smedley Butler, 1933
> >
> > "Our overriding purpose, from the beginning through to the present
> > day, has been world domination - that is, to build and maintain the
> > capacity to coerce everybody else on the planet: nonviolently, if
> > possible, and violently, if necessary. But the purpose of US foreign
> > policy of domination is not just to make the rest of the world jump
> > through hoops; the purpose is to faciliate our exploitation of
> > resources."
> > - Ramsey Clark, former US Attorney General
> 
> Is there some reason you want to publish these bogus, uncitationed, false, propaganda quotations? 
> Just adding to misinformation? Preferring to further downgrade the public discourse? Planting lies 
> for subsequent citation as proof of something? What an asshole.

-- 
Harmon Seaver	
CyberShamanix
http://www.cybershamanix.com

"War is just a racket ... something that is not what it seems to the
majority of people. Only a small group knows what its about. It is
conducted for the benefit of the very few at the expense of the
masses."  --- Major General Smedley Butler, 1933

"Our overriding purpose, from the beginning through to the present
day, has been world domination - that is, to build and maintain the
capacity to coerce everybody else on the planet: nonviolently, if
possible, and violently, if necessary. But the purpose of US foreign
policy of domination is not just to make the rest of the world jump
through hoops; the purpose is to faciliate our exploitation of
resources."
- Ramsey Clark, former US Attorney General
http://www.thesunmagazine.org/bully.html




From hseaver at cybershamanix.com  Fri Oct 11 13:28:43 2002
From: hseaver at cybershamanix.com (Harmon Seaver)
Date: Fri, 11 Oct 2002 15:28:43 -0500
Subject: Durden lies, was: Echelon-like resources...
In-Reply-To: <F2271htmb4tprQ0lUm900011a56@hotmail.com>
References: <F2271htmb4tprQ0lUm900011a56@hotmail.com>
Message-ID: <20021011202843.GB19014@cybershamanix.com>


   You have to realize that there are any number of fedzis who subscribe to this
list, it's a well authenticated fact, matter of court testimony. And fedzis
aren't noted for brains, or even being able to read, which is why he attacked
you instead of me. And of course most fedzis positively foam at the mouth when
hearing the truth being spoken, thus the rabid nature of his spewing. 

-- 
Harmon Seaver	
CyberShamanix
http://www.cybershamanix.com

"War is just a racket ... something that is not what it seems to the
majority of people. Only a small group knows what its about. It is
conducted for the benefit of the very few at the expense of the
masses."  --- Major General Smedley Butler, 1933

"Our overriding purpose, from the beginning through to the present
day, has been world domination - that is, to build and maintain the
capacity to coerce everybody else on the planet: nonviolently, if
possible, and violently, if necessary. But the purpose of US foreign
policy of domination is not just to make the rest of the world jump
through hoops; the purpose is to faciliate our exploitation of
resources."
- Ramsey Clark, former US Attorney General
http://www.thesunmagazine.org/bully.html




From economicaldesign at creativeskulls.com  Fri Oct 11 03:17:27 2002
From: economicaldesign at creativeskulls.com (Creativeskulls)
Date: 11 Oct 2002 15:47:27 +0530
Subject: Multimedia Design at 5$ per hour
Message-ID: <200210111023.g9BANAgf083374@locust.minder.net>

--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------
(This safeguard is not inserted when using the registered version)
--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------

--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------
(This safeguard is not inserted when using the registered version)
--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4831 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021011/ba587e42/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aish2.jpg
Type: image/jpeg
Size: 2368 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021011/ba587e42/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: flash.jpg
Type: image/jpeg
Size: 3678 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021011/ba587e42/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: modelthumb.jpg
Type: image/jpeg
Size: 2953 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021011/ba587e42/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: web.jpg
Type: image/jpeg
Size: 2166 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021011/ba587e42/attachment-0003.jpg>

From sfurlong at acmenet.net  Fri Oct 11 14:27:35 2002
From: sfurlong at acmenet.net (Steve Furlong)
Date: Fri, 11 Oct 2002 17:27:35 -0400
Subject: Durden lies, was: Echelon-like resources...
In-Reply-To: <F504A8CEE925D411AF4A00508B8BE90A041BAE8F@exna07.securitydy
  namics.com>
References: <F504A8CEE925D411AF4A00508B8BE90A041BAE8F@exna07.securitydyn
  amics.com>
Message-ID: <200210111727.35078.sfurlong@acmenet.net>


On Friday 11 October 2002 14:13, Trei, Peter wrote:
> If anonymous were a person of character...

Oxymoron, eh?

Pseudonymity has many socially acceptable features. Anonymity has all of 
the practical benefits of pseudonymity and no additional advantages in 
a conversational forum such as cpunks. Anonymous persons (or 
dumbassbots; it's hard to tell sometimes) who snipe from behind the 
veil may be assumed to be cowardly jackasses.

-- 
Steve Furlong    Computer Condottiere   Have GNU, Will Travel

Vote Idiotarian --- it's easier than thinking




From bill.stewart at pobox.com  Fri Oct 11 17:59:16 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Fri, 11 Oct 2002 17:59:16 -0700
Subject: Durden lies, was: Echelon-like resources..
In-Reply-To: <20021011211112.64542.qmail@web20310.mail.yahoo.com>
Message-ID: <5.1.1.6.2.20021011175116.049ea830@idiom.com>


At 02:11 PM 10/11/2002 -0700, James Donald wrote:
> > > > > "Our overriding purpose, from the
> > > > > beginning through to the present
> > > > > day, has been world domination -
>.....
> > > > > Ramsey Clark, former US Attorney General
>
>From: "Trei, Peter" <ptrei at rsasecurity.com>
> > The Sun is an alternative news magazine
> > which has been in print since 1974.
> > It's mammothly unlikely that they would
> > fabricate the interview out of whole
> > cloth, since Clarke would sue for libel
> > and/or defamation.
>
>On the contrary, this is standard routine
>communist behavior. They are always
>inventing fantastic citations, [...]

But that's just the kind of thing Ramsey Clark would say.

Not Ramsey Clark in his position as spokescritter for the
military-industrial complex explaining how great the US is,
but Ramsey Clark the well-known leftist critic of US policy
describing what he thinks US policy has been.


~~~~
As opposed to Linus Torvalds's followers talking about
their objectives for World Domination :-)




From kylie at quickhosts.com  Fri Oct 11 21:53:58 2002
From: kylie at quickhosts.com (kylie at quickhosts.com)
Date: Fri, 11 Oct 2002 20:53:58 -0800
Subject: 12 FREE DVD or Adu1t Videos---NO GIMMICKS!
Message-ID: <2ah8jg0pef3u4mmlfk4r.e6h4canosu4gjlx@mx1.mail.yahoo.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 32 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021011/50938c30/attachment.txt>

From griceldaoj at important.net  Fri Oct 11 22:18:17 2002
From: griceldaoj at important.net (griceldaoj at important.net)
Date: Sat, 12 Oct 2002 01:18:17 -0400 (EDT)
Subject: Low Mortgage rates get in on it NOW!
Message-ID: <200210120518.BAA0000018148@mspring.net>


Below is the result of your feedback form.  It was submitted by
griceldaoj at important.net (griceldaoj at important.net) on Saturday, October 12, 2002 at 01:18:17
---------------------------------------------------------------------------

p86: 

Hello, I bet your home is very valuable to you?

Then why not get in on LOW mortgage rates IMMEDIATELY!?

Act now while mortgage rates are as low as 2%!!

go here: http://61.172.245.20/cgi-bin/loan_app?leadsource=mz29

Thank You





f93

---------------------------------------------------------------------------




From zofl635 at boxwater.com  Sat Oct 12 04:58:00 2002
From: zofl635 at boxwater.com (zofl635 at boxwater.com)
Date: Sat, 12 Oct 2002 07:58 -0400
Subject: for gay men only
Message-ID: <200210121159.g9CBxijD012403@ak47.algebra.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3290 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021012/3abb09aa/attachment.txt>

From jayh at 1st.net  Sat Oct 12 07:27:01 2002
From: jayh at 1st.net (Jay h)
Date: Sat, 12 Oct 2002 10:27:01 -0400
Subject: Jamming camcorders in movie theaters
Message-ID: <200210121027.AA188678788@1st.net>


This idea will die once substantial numbers of movie goers start getting 
headaches and vertigo. 

I think this would be, at best, a Pyrrhic victory. 

j 

---------- Original Message ---------------------------------- 
From: "Major Variola (ret)" <mv at cdc.gov> 
Date:  Fri, 11 Oct 2002 09:34:24 -0700 

>[They want to exploit human persistance-of-vision vs. camcorder pixel 
>differences. 
>Seems to me that one could process the captured frames to eliminate 
>artifacts, though that 
>*is* another step required.  In any case, insiders will have access to 
>the playback codes 
>opening the bits to duping.] 
> 




 




________________________________________________________________
Sent via the WebMail system at 1st.net




From switchboard at pickyourflick.com  Sat Oct 12 13:47:47 2002
From: switchboard at pickyourflick.com (Emerson Switchboard)
Date: Sat, 12 Oct 13:47:47 2002 -0700
Subject: Receive Phone Calls and Faxes While Youre Online
Message-ID: <70792418.6769645@mailhost>

Tired of missing all of your phone calls while youÂ’re on the Internet?
Ever wonder whoÂ’s trying to get a hold of you while youÂ’re surfing the web?

"I've been trying to reach you all day, but all I ever get is the busy
signal!" We've all heard this complaint from our friends and relatives, or
even complained about it ourselves.

The Emerson Switchboard is exactly what you need to make sure you never have
this conversation again. This great product allows you to receive phone
calls and faxes while you remain on the Internet, so you wonÂ’t need another
phone line.  Buy one for yourself, or as a gift for that "hard to reach"
Internet user that you know.

http://store.yahoo.com/cgi-bin/clink?youcansave+2BwGgM+switchboard.html

Here's how it works:

If someone calls you while you're online, The Emerson Switchboard will
immediately ring and flash a red light, notifying you of the incoming call.
If you choose to take the call, simply pick up the telephone that youÂ’ve
wisely plugged into the Emerson Switchboard. When you answer, your Internet
connection will automatically be placed "on hold".  After you are finished
with your phone conversation, simply hang up, and get right back to your
Internet use.  ItÂ’s that simple! With the Emerson Switchboard, you can stay
connected to the Internet until your clicking finger goes numb, without the
worry of missing any important calls or faxes.

It's the Perfect Internet Call Waiting Solution!

The Emerson Switchboard eliminates the need for an expensive second phone
line.  It's Caller ID compatible as well, so you can see who is calling
before taking the call.  The hassle-free Switchboard is extremely easy to
install.  Just plug it in.  There's no software to install, no complex
configurations, and no need to open up your computer.  Want to know more?  
Just click on the link below.

http://store.yahoo.com/cgi-bin/clink?youcansave+2BwGgM+switchboard.html




========================================================================



















Now Showing: PickYourFlick!  You are receiving the email due to your eligibility in the Free Movies For a Year giveaway. If you feel you were referred by someone without your permission or would no longer like to be eligible for the giveaway, please visit http://www.PickYourFlick.com to remove yourself from the giveaway and these mailings.








c&y&p&h&e&r&p&u&n&k&s&%m&i&n&d&e&r&~n&e&t&

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4808 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021012/1dd5abcf/attachment.txt>

From Hisham755674 at bigfoot.com  Sat Oct 12 03:48:16 2002
From: Hisham755674 at bigfoot.com (Hisham755674 at bigfoot.com)
Date: Sat, 12 Oct 2002 13:48:16 +0300
Subject: No subject
Message-ID: <200210121041.g9CAfreF009011@ak47.algebra.com>


Hello,


- You get emails every day, offering to show you how 
to make money. 
Most of these emails are from people who are NOT 
making any money. And they
expect you to listen to them? Enough. If you want to 
make money with your
computer, then you should hook up with a group that 
is actually DOING it.
We are making a large, continuing income every month. 
What's more - we will
show YOU how to do the same thing. This business is 
done completely by internet
and email, and you can even join for free to check it 
out first. If you can send an
email, you can do this. No special "skills" are 
required. How much are we making?
Anywhere from $2000 to $9000 per month. We are real 
people, and most of us
work at this business part-time. But keep in mind, we 
do WORK at it - I am not
going to insult your intelligence by saying you can 
sign up, do no work, and rake in
the cash. That kind of job does not exist. But if you 
are willing to put in 10-12 hours
per week, this might be just the thing you are 
looking for. This is not income that is
determined by luck, or work that is done FOR you - it 
is all based on your effort.
But, as I said, there are no special skills required. 
And this income is RESIDUAL -
meaning that it continues each month (and it tends to 
increase each month also).
Interested? I invite you to find out more. You can 
get in as a free member, at no
cost, and no obligation to continue if you decide it 
is not for you. We are just
looking for people who still have that "burning 
desire" to find an opportunity that will
reward them incredibly well, if they work at it. To 
grab a FREE ID#, simply reply to
<mailto:hash913 at hotmail.com?subject=Grab-me-a-free-
mambership!> and in the 
body of the email, write this phrase: "Grab me a free 
membership!" Be sure to include 
your: 

1. First name 
2. Last name
3. Email address (if different from above) 

We will confirm your position and send you a special 
report as soon as possible,
and also Your free Member Number.
That's all there's to it. We'll then send you info, 
and you can make up your own
mind. Looking forward to hearing from you! 


Sincerely,
Hisham Albuflaseh
hash913 at hotmail.com 

HERE P.S. After having several negative experiences 
with network marketing 
companies I had pretty much given up on them. This is 
different - there is value,
integrity, and a REAL opportunity to have your own 
home-based business... and
finally make real money on the internet. Don't pass 
this up..you can sign up and test-
drive the program for FREE. All you need to do is get 
your free membership.







Unsubscribing: Send a blank 
<mailto:hash913 at hotmail.com?subject=REMOVE> "Remove" 
in 
the subject line. By submitting a request for a FREE 
DHS Club
Membership, I agree to accept email from the DHS Club 
for both their consumer
and business opportunities.




From wholsaler_inkjet_2353g83 at aol.com  Sat Oct 12 00:41:52 2002
From: wholsaler_inkjet_2353g83 at aol.com (wholsaler_inkjet_2353g83 at aol.com)
Date: Sat, 12 Oct 2002 16:41:52 +0900
Subject: Save up to 80% - 100% satisfaction guaranteed                                                                                          1267jihq4--9
Message-ID: <004a03a46e4e$6465d7a8$1ed66ba8@hxxpoe>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4559 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021012/227b2efb/attachment.txt>

From Florencerv at sapo.pt  Sat Oct 12 18:50:19 2002
From: Florencerv at sapo.pt (Daisy Delahay)
Date: Sat, 12 Oct 2002 18:50:19 -0700
Subject: cypherpunks It works
Message-ID: <sgugjkydqq@sapo.pt>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1943 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021012/b7f09acf/attachment.txt>

From camera_lumina at hotmail.com  Sat Oct 12 16:30:18 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Sat, 12 Oct 2002 19:30:18 -0400
Subject: was: Echelon-like resources..
Message-ID: <F114IFoPkG0rm3rxUn300004344@hotmail.com>


"Yes: The factory was bombed, but actual
deaths were one night watchman, "not tens
of thousands","



Well, you haven't given me a very convincing argument here. In most of his 
writings, Chomsky makes it clear that the deaths were not due to the bomb, 
but the loss of medicine (such as penecillin) in Sudan's only pharmecuetical 
factory.

"Or the fact that Nicaruaga brought  the
> > US before the world court and won?
>
>Perhaps that was true,"

Uh...perhaps? That should be a very easy thing to find out, and as the 
accusation and conviction were quite damming, and as you claim Chomsky 
regularly "lies" on many of his citations, I would have thought that this at 
least would be one citation you'd check.

Got to say...I'm a busy man, and you haven't even said anything meriting 
even the investigaion of your dis-chomsky web page.


>From: James Donald <jamesd127 at yahoo.com>
>To: cypherpunks at lne.com
>Subject: Re: was: Echelon-like resources..
>Date: Sat, 12 Oct 2002 11:57:24 -0700 (PDT)
>
>Tyler Durden
> > As for Chomsky lying, can you give us
> > some specific citations? Did he lie
> > about our support for Sadam Hussein?
>
>No
>
> > Our support for Indonesia?
>
>Yes
>
> > Our bombing  of the sudanese
> > pharmacuetical factory?
>
>Yes: The factory was bombed, but actual
>deaths were one night watchman, "not tens
>of thousands", and he asserted that the
>Sudanese government are the good guys in
>the civil war, and their opponents
>terrorists.
>
> > Or the fact that Nicaruaga brought  the
> > US before the world court and won?
>
>Perhaps that was true, but pretty much
>everything else he reported on Nicaragua
>was a lie, for example that the
>Sandinistas won free elections, and that
>the contras were a creation of the US,
>and that the Sandinistas were more
>popular than the contras.
>
> > Granted, Chonskty can be a little
> > tiring on the ears, but my knee-jerk
> > reaction towards your calling him a
> > liar is that you misunderstood the
> > citation. But then again, I could be
> > wrong, so do give us some examples, eh?
>
>See my web page "Chomsky lies"
>http://www.jim.com/chomsdis.htm
>Faith Hill - Exclusive Performances, Videos & More
>http://faith.yahoo.com




_________________________________________________________________
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




From bill.stewart at pobox.com  Sat Oct 12 19:36:52 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Sat, 12 Oct 2002 19:36:52 -0700
Subject: was: Echelon-like resources..
In-Reply-To: <F114IFoPkG0rm3rxUn300004344@hotmail.com>
Message-ID: <5.1.1.6.2.20021012193313.04a19e88@idiom.com>


>> > Our bombing  of the sudanese
>> > pharmacuetical factory?
>>
>>Yes: The factory was bombed, but actual
>>deaths were one night watchman, "not tens of thousands",

If so, that's gross incompetence on the part of the US military,
since the official rationale for why we were cruise-missiling it
was that we were trying to kill Osama bin Laden after the
bombing of the US embassies that he allegedly masterminded.


>>and he asserted that the
>>Sudanese government are the good guys in
>>the civil war, and their opponents terrorists.

Chomsky said that?  That's appalling...




From camera_lumina at hotmail.com  Sat Oct 12 19:17:13 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Sat, 12 Oct 2002 22:17:13 -0400
Subject: US developing untraceable weapons
Message-ID: <F81jScLGP7tdgNvZMlr00010956@hotmail.com>


Well, there was also some other details left out by that article. A "100kW 
beam" doesn't tell you very much if you don't know the beam diameter. A 
1310nm telecom laser can cause serious eye damage with 10mW, but that's 10mW 
into, say 38 um^2. But it ain't going to do nothing to enemy aircraft 
located at a distance. A 100kW laser might easily have a smaller energy 
density depending on the diameter. In addition, there's the problem of 
focusing that thing through turbulence, but turbulence through certain 
wavelength windows may not be a problem.


>From: Steve Schear <schear at lvcm.com>
>To: cypherpunks at lne.com
>Subject: Re: US developing untraceable weapons
>Date: Sat, 12 Oct 2002 17:28:03 -0700
>
>At 12:10 PM 10/11/2002 -0700, "Major Variola (ret)" <mv at cdc.gov> wrote:
>>Theres no huge explosion associated with its employment, there are no
>>pieces and
>>parts left behind that someone can analyze to say, this came from the
>>United States,
>>explains an unnamed Lockheed Martin official quoted in Aviation Week and
>>Space
>>Technology in July. The damage is localized, and it is hard to tell
>>where it came from
>>and when it happened. It is all pretty mysterious.
>
>The only energy sources I can think of that is portable enough to go in a 
>jet are a generator running of the main/aux jet engine or a chemical 
>pumping.
>
>Unless the DoD has found a practical new chemical reaction, other than the 
>Fluorine/Deuterium they used for decades on various shipboard project such 
>as MIRACL,  the plane would be easily identified and targeted by the 
>fluorescing the chemical plume with LIDAR.
>
>Assuming a laser efficiency of 5% an electric source would have to provide 
>over 2 MW of continuous power (from Star Wars test results, I assume a 
>pulsed laser is inadequate for causing damage in combat situations) to 
>supply a 100KW beam.  The most efficient generators I'm aware are capable 
>of producing about 2-4 HP/lb.  2 MW equates to about 2700 HP or about 650 - 
>1300 lbs.  Assuming the laser isn't too terribly heavy or aerodynamically 
>cumbersome the entire package could be carried aboard a fighter.
>
>steve
>
>
>"War is just a racket ... something that is not what it seems to the 
>majority of people. Only a small group knows what its about. It is 
>conducted for the benefit of the very few at the expense of the masses."  
>--- Major General Smedley Butler, 1933




_________________________________________________________________
Join the worlds largest e-mail service with MSN Hotmail. 
http://www.hotmail.com




From schear at lvcm.com  Sat Oct 12 22:31:15 2002
From: schear at lvcm.com (Steve Schear)
Date: Sat, 12 Oct 2002 22:31:15 -0700
Subject: US developing untraceable weapons
In-Reply-To: <F81jScLGP7tdgNvZMlr00010956@hotmail.com>
Message-ID: <5.1.0.14.2.20021012194324.04629008@pop3.lvcm.com>


At 10:17 PM 10/12/2002 -0400, Tyler Durden wrote:
>Well, there was also some other details left out by that article. A "100kW 
>beam" doesn't tell you very much if you don't know the beam diameter.

It tells you the output power, from which one may estimate input power 
requirements.

>A 1310nm telecom laser can cause serious eye damage with 10mW, but that's 
>10mW into, say 38 um^2. But it ain't going to do nothing to enemy aircraft 
>located at a distance. A 100kW laser might easily have a smaller energy 
>density depending on the diameter. In addition, there's the problem of 
>focusing that thing through turbulence, but turbulence through certain 
>wavelength windows may not be a problem.

Beam spread is one of the most significant considerations in delivering 
high energy to distant targets. In general, one wants a large beam size to 
reduce divergence.

The phenomenon of diffraction influences the propagation of Gaussian light 
beams. The output of a laser is generally ''pencil-like'' in nature and has 
a very low divergence, yet is subject to diffraction that causes it to 
spread. Gaussian beam theory deals with this effect.  The Rayleigh range, Z 
sub R, is used as a criterion for determining the spreading of a 
monochromatic Gaussian light beam as it propagates in free space.

In 1987 it was discovered that were ''nondiffracting'' beam types.  The 
zeroth-order Bessel beam is one such solution and results in a beam with a 
narrow central region surrounded by a series of concentric rings.  Ideally 
this beam type exhibits no diffraction or spreading, in practice it is 
possible to obtain Bessel beams of less than 1/10 the divergence of a 
Gaussian beam of otherwise similar properties.  Bessel beams have been the 
subject of intense investigastion for a broad range of optical applications.

http://www.st-and.ac.uk/~atomtrap/papers/AJPBessel.pdf
http://www.st-and.ac.uk/~atomtrap/Research/IBB.htm




From sunder at sunder.net  Sun Oct 13 03:34:37 2002
From: sunder at sunder.net (Sunder)
Date: Sun, 13 Oct 2002 06:34:37 -0400 (edt)
Subject: was: Echelon-like resources..
In-Reply-To: <20021012185724.82841.qmail@web20310.mail.yahoo.com>
Message-ID: <Pine.BSO.4.21.0210130631100.29516-100000@anon7.arachelian.com>


> Yes: The factory was bombed, but actual  
> deaths were one night watchman, "not tens 
> of thousands", and he asserted that the  
> Sudanese government are the good guys in 
> the civil war, and their opponents  
> terrorists. 

And how many of their citizens have or will die due to lack of those very
same pharamceuticals that the bombed factory can no longer produce? Or
suffer from disease due to the same?

Perhaps not tens of thousands, but more than just the single night
watchman, I'd say.

The point isn't how many deaths, but what collateral damage was done.  Not
just in the sense of civilian casualties, but also the damage inflicted on
those by the effect of not having said facility around.


Of course, for all you and I really know that could have been an Anthrax
factory cleverly disguised as as a pharmaceuticals factory, but we can put
up rethorical questions and answers such as these for the next millenia
and not get anywhere either.




From ebaysecrets at freegasdaily.com  Sun Oct 13 08:44:17 2002
From: ebaysecrets at freegasdaily.com (EbaySecrets)
Date: Sun, 13 Oct 08:44:17 2002 -0700
Subject: Ebay Secrets Revealed 
Message-ID: <38973400.22408@mailhost>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4120 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021013/a82605ea/attachment.txt>

From wholsaler_inkjet_3144l41 at hotbot.com  Sun Oct 13 09:30:34 2002
From: wholsaler_inkjet_3144l41 at hotbot.com (wholsaler_inkjet_3144l41 at hotbot.com)
Date: Sun, 13 Oct 2002 09:30:34 -0700
Subject: Printer Cartridges - Coupon - Save up to 80%                                                                               3508yCAy2-585iJUM2776YLTN8-110I-29
Message-ID: <003d01d01d7c$2175a2e8$0cc06dd3@fnddot>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4604 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021013/90687da8/attachment.txt>

From usfcer at web.de  Sun Oct 13 06:51:39 2002
From: usfcer at web.de (Atilla Kuzu)
Date: Sun, 13 Oct 2002 09:51:39 -0400
Subject: kraf
Message-ID: <jgqjxkynhuypq@web.de>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1586 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021013/871e3bf6/attachment.txt>

From dontbefooled at freegasdaily.com  Sun Oct 13 11:30:27 2002
From: dontbefooled at freegasdaily.com (Dont Be Fooled)
Date: Sun, 13 Oct 11:30:27 2002 -0700
Subject: Dont be fooled.... its not really gone, Get SafeErase
Message-ID: <34394664.972362@mailhost>




Protect yourself with SafeErase

http://www.safeerase.com/affiliate1254

<a href="http://www.safeerase.com/affiliate1254">AOL Users Click Here</a>

======================================


















Now Showing: PickYourFlick!  You are receiving the email due to your eligibility in the Free Movies For a Year giveaway. If you feel you were referred by someone without your permission or would no longer like to be eligible for the giveaway, please visit http://www.PickYourFlick.com to remove yourself from the giveaway and these mailings.








c&y&p&h&e&r&p&u&n&k&s&%m&i&n&d&e&r&~n&e&t&




From eugen at leitl.org  Sun Oct 13 05:44:02 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 13 Oct 2002 14:44:02 +0200 (CEST)
Subject: was: Echelon-like resources..
In-Reply-To: <Pine.BSO.4.21.0210130631100.29516-100000@anon7.arachelian.
  com>
Message-ID: <Pine.LNX.4.33.0210131437270.1843-100000@hydrogen.leitl.org>


On Sun, 13 Oct 2002, Sunder wrote:

> Of course, for all you and I really know that could have been an Anthrax
> factory cleverly disguised as as a pharmaceuticals factory, but we can put
> up rethorical questions and answers such as these for the next millenia
> and not get anywhere either.

Exactly. So let's stop burning synapses on trivialities of daily politics.
Being too out of touch is never advisable, but taking a deliberate
vacation every now and then from the mass media sometimes pays.




From k-elliott at wiu.edu  Sun Oct 13 14:53:44 2002
From: k-elliott at wiu.edu (Kevin Elliott)
Date: Sun, 13 Oct 2002 14:53:44 -0700
Subject: What good are smartcard readers for PCs
Message-ID: <p0432041bb9cf9be37d82@[12.246.100.116]>


     --
James A. Donald>
>  > Increasingly however, we see smartcard interfaces sold for
>  > PCs. What for, I wonder?

On 24 Sep 2002 at 1:41, Bill Stewart wrote:
>  I'm not convinced that the number of people selling them is
>  closely related to the number of people buying; this could be
>  another field like PKIs where the marketeers and cool
>  business plans never succeeded at getting customers to use
>  them.

On 24 Sep 2002 at 19:12, Peter Gutmann wrote:
>  Companies buy a few readers for their developers who write
>  software to work with the cards. [...]  Eventually the
>  clients discover how much of a bitch they are to work with
>  [....] users decide to live with software-only crypto until
>  the smart card scene is a bit more mature.
>
>  Given that n_users >> n_card_vendors, this situation can keep
>  going for quite some time.

I have found that the administrative costs of PKI are
intolerable. End users do not really understand crypto, and so
will fuck up. Only engineers can really control a PKI
certificate, and for the most part they just do not.

In principle the thingness of a smartcard should reduce
administrative costs to a low level -- they should supposedly
act like a purse, a key, a credit card, hence near zero user
training required.  The simulated thingness created by
cryptographic cleverness should be manifested to the user as
physical thingness of the card.

Suppose, for example, we had working Chaumian digicash.  Now
imagine how much trouble the average end user is going to get
into with backups, and with moving digicash from one computer
to another.  If all unused Chaumian tokens live in a smartcard,
one might expect the problem to vanish.  The purselike
character of the card sustains the coin like character of
Chaumian tokens.

Of course if one has to supply the correct driver for the smart
card, then the administration problem reappears.

USB smartcard interfaces could solve this problem.   Just plug
them in, and bingo, it should just go.  Ummh, wait a moment, go
where, do what?  What happens when one plugs in a USB smartcard
interface?

Still, making crypto embodied in smart cards intelligible to
the masses would seem to be a soluble problem, even if not yet
solved, whereas software only crypto is always going to boggle
the masses.

     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      UpBeNFF1UW7r7Fw8pVMxQG+xJ3mwsngHIp62BxL6
      4D+u3ZM5e1JbeYAKaQ4dhOQrlZ42vq05cfz83rnCZ
-- 
_____________________________________________
Remember Kids- Somebody tries to kill you,
    you try and kill'em right back...
_____________________________________________
Kevin Elliott       <mailto:kelliott at mac.com>             ICQ#23758827




From k-elliott at wiu.edu  Sun Oct 13 14:53:48 2002
From: k-elliott at wiu.edu (Kevin Elliott)
Date: Sun, 13 Oct 2002 14:53:48 -0700
Subject: What good are smartcard readers for PCs
Message-ID: <p04320414b9cf9be27d13@[12.246.100.116]>


Hey don't forget you can still buy a smart card reader from that most
cypherpunkish of babes BRITNEY SPEARS ! Only $30 !

     https://www.visiblevisitors.com/mltest/order_form.asp
-- 
_____________________________________________
Remember Kids- Somebody tries to kill you,
    you try and kill'em right back...
_____________________________________________
Kevin Elliott       <mailto:kelliott at mac.com>             ICQ#23758827




From morlockelloi at yahoo.com  Sun Oct 13 17:25:08 2002
From: morlockelloi at yahoo.com (Morlock Elloi)
Date: Sun, 13 Oct 2002 17:25:08 -0700 (PDT)
Subject: License to POP3 (was Re: Usenet vs. web for avoiding
  censorship)
In-Reply-To: <5.1.1.6.2.20021012190631.02af85c8@idiom.com>
Message-ID: <20021014002508.23618.qmail@web40609.mail.yahoo.com>


The main difference, the axis along which one classifies
maillists/usenet/weblogs is the control.

On usenet, once the site agrees to carry a newsgroup, you have many entry
points and automatic distribution that is next to impossible to choke (other
than with noise.)

Maillists are more controllable (as even cypherpunk nodes experienced) but and
probably the least bad solution so far. And they are not much different from
usenet - fewer "newsgroups" (you decide what you want) and you are your own
server. With today's connectivity and computing resources, smaller maillists
(seeral hundred subscribers) don't really need servers (exploders) - just a
shared recipient list. Very censorship-resistant.

Weblogs are at the mercy of site operators and extremely vulnerable to
moronship and censorship.

This means that the Next Big Attack From Them will be on the e-mail. It's far
too easy for everyone today to bear arms, I mean have an e-mail interface. 



=====
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com




From proff at suburbia.net  Sun Oct 13 01:28:13 2002
From: proff at suburbia.net (Julian Assange)
Date: Sun, 13 Oct 2002 18:28:13 +1000
Subject: why bother signing? (was Re: What email encryption is
  actually in use?)
In-Reply-To: <3D9DBE13.1809.1F2D168@localhost>
References: <"from <3D9DBE13.1809.1F2D168@localhost>
Message-ID: <20021013182813.A20797@suburbia.net>


> There have been episodes of spoofing on this list.  If client
> side encryption "just worked", and if what is considerably more
> difficult, checking the signatures "just worked", there would
> be no bother, hence it would be rational to sign

Not "just work" but "opt out" is what you are looking for. If there
are n posters to the list and m people signing, then their are only
n-m spoof targets. As m approaches n, the number of forgeries
rapidly approaches zero as there is no one left worth spoofing who
can be spoofed. But as each individuals chance of being spoofed
approaches zero, the benefit gained by signing also approaches
zero. Consequently unless there are additional costs to non-signing
above and beyond spoof protection there will always be a substantial
number of unsigned messages.

--
 Julian Assange        |If you want to build a ship, don't drum up people
                       |together to collect wood or assign them tasks and
 proff at iq.org          |work, but rather teach them to long for the endless
 proff at gnu.ai.mit.edu  |immensity of the sea. -- Antoine de Saint Exupery




From littleant at 21cn.com  Sun Oct 13 09:53:45 2002
From: littleant at 21cn.com (littleant at 21cn.com)
Date: Mon, 14 Oct 2002 00:53:45 +0800
Subject: =?GB2312?B?sru/tLDXsru/tCy/tMHLsruw17+0IQ==?=
Message-ID: <200210131653.g9DGrhQ24376@waste.minder.net>


����ϵ������Ƽ�һ�����ܹ������ܰ���׬Ǯ����վ!
�����Ǽ�,�����˾�֪���ˣ�
http://www.dirshop.com/mall/index.php?user=luckboy
(��http://www.dirgame.com/mall/index.php?user=luckboy)
��Ը���ܸ�����������!




From reports9455442d05 at hotmail.com  Sun Oct 13 19:40:43 2002
From: reports9455442d05 at hotmail.com (Your Future)
Date: Mon, 14 Oct 2002 05:40:43 +0300
Subject: A PAYDAY IN YOUR MAILBOX EVERY DAY                                                4475jCXG1-174ZIFH7085IIsn5-544-28
Message-ID: <016d86e75e6a$6668e5c6$3ac23dd1@ruqngs>



All our mailings are sent complying with the proposed H.R.
3113 Unsolicited Commercial Electronic Mail Act of 2000.
Please see the bottom of this message for further
information and removal instructions.
*********************************************************


Yes, you can get paid every day. You can work at your
computer at home whenever you want.

What you will be selling are a series of reports to people
that want the same things that you do. Making a full time
living from home.

I have no idea how many thousands of dollars that I have
lost by deleting messages promoting this program. Since
I finally joined this program a few weeks ago I fulfill
growing number of orders for reports every day.

I am sure that you have seen this program before.
Maybe it is time to give another serious look.

Check it out at:
http://www.geocities.com/dsmith0542/index.html


*********************************************************
Additional information regarding the proposed H.R. 3113
Unsolicited Commercial Electronic Mail Act of 2000.
Required Sender Information:
The Write Source,
PMB 139, 3930 A St. SE, Ste 305, Auburn, WA 98002, USA
FAX: (253) 351-9178
dsmith1150 at yahoo.com
Per the proposed H.R. 3113 Unsolicited Commercial
Electronic Mail Act of 2000, further transmissions to you
by the sender may be stopped at NO COST to you by sending a
blank email to our automated removal address at:
mailto:remove at internetbusinesspacks.com?SUBJECT=REMOVE
**** PLEASE DO NOT REPLY TO THIS MESSAGE FOR REMOVAL ****
*********************************************************
















4908RJFi6-687hdHU0831ZHtW1-322kDZk6267NBmE9-033MBfa2l49




From bwsexxyyankeedime at webtv.net  Mon Oct 14 14:07:34 2002
From: bwsexxyyankeedime at webtv.net (Anita)
Date: Mon, 14 Oct 2002 17:07:34 -0400
Subject: EX-EX-EX IN YOUR BOX tkrf
Message-ID: <200210150002.g9F02kgf015398@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1899 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021014/7d1ac3ab/attachment.txt>

From rah at shipwright.com  Mon Oct 14 19:46:25 2002
From: rah at shipwright.com (R. A. Hettinga)
Date: Mon, 14 Oct 2002 20:46:25 -0600
Subject: Digital Identity Forum programme
Message-ID: <p05111a0cb9d1301a7e96@[192.9.200.155]>


--- begin forwarded text


Status: RO
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Mon, 14 Oct 2002 15:16:44 +0800
Subject: Digital Identity Forum programme
From: "David G.W. Birch" <dgw-lists at birches.org>
To: Bob Hettinga <rah at shipwright.com>
Cc: Digital Bearer Settlement List <dbs at philodox.com>

Hi Bob,

Here's a more detailed plug for the Forum. Please feel free to post it
anywhere you think folks might be interested.

The 3rd Annual Consult Hyperion Digital Identity Forum will be held in
London on November 12th and 13th 2002. Thanks to our sponsors, it will cost
only UKP595 plus VAT for two days of discussion, debate and learning at the
forefront of the digital identity field.

This year's theme will be the balance between security and privacy in the
post-September 11th world because public and private sectors have choices to
make in the implementation of the identity and authentication schemes that
are necessary to evolve the online world, but these choices are not
context-free.

The event, sponsored by RSA Security with support from Cybersource, PayPal
and American Express is complementary to the annual Digital Money Forum and
is a place to share knowledge across the field of digital identity: not
simply the technical aspects of certificates, biometrics, smart cards and so
on, but the business and social aspects that will shape this emerging field.
The speakers will therefore include legal personnel, IT specialists, private
and public sector experts, law enforcement personnel, a psychologist and
others.

For more information and the up-to-date programme please see
http://www.digitalidforum.com/

Confirmed speakers already include:
Steve Marsh, Director of Security Policy for the UK Government's e-Envoy.
Laurent Beslay from the EC Joint Research Centre in Seville.
Jof Walters, a strategist with online bank Egg.
Ian Walden from the Institute of Computer & Communications Law in London.
Andre Durand from Digital ID World in the US.
Gabi Vago of Fortress.
Clare Lees from the Henley Centre, experts on public attitudes.
Psychologist and expert on virtual identity, Kristina Downing-Orr.
Simon Pugh of MasterCard, a Liberty Alliance board member.
Peter Dalziel from the Royal Bank of Scotland.
Bill Perry, an advisor to the UK Passport Office.
Caspar Bowden from Microsoft UK, an expert on security and privacy in
context.

Hope to see you there.

Regards,
Dave Birch.

-- 
-- My own opinion (I think) given solely in my capacity
-- as an interested member of the general public.
--
-- mail dgw(at)birches.org, web http://www.birches.org/dgwb

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From cam2cam at yahoo.com  Tue Oct 15 05:50:21 2002
From: cam2cam at yahoo.com (cam2cam)
Date: Tue, 15 Oct 2002 07:50:21 -0500
Subject: cam2cam
Message-ID: <200210151250.g9FCoEQ11521@waste.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1882 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021015/f2665ce7/attachment.txt>

From abuse at bizmailsrvcs.net  Tue Oct 15 06:12:20 2002
From: abuse at bizmailsrvcs.net (abuse at bizmailsrvcs.net)
Date: Tue, 15 Oct 2002 08:12:20 -0500
Subject: Virus Alert
Message-ID: <200210151312.IAA02496@oe-iscan1pub.managedmail.com>


We have detected a virus (WORM_KLEZ.H) in your mail traffic sent from support at software.com in the file href.bat on 10/15/2002 08:12:14. We took the action delete. If you have questions regarding files or updating/installing Anti-virus protection on your PC, please contact your e-mail administrator or help desk.




From Hisham755674 at bigfoot.com  Tue Oct 15 10:42:15 2002
From: Hisham755674 at bigfoot.com (Hisham755674 at bigfoot.com)
Date: Tue, 15 Oct 2002 20:42:15 +0300
Subject: No subject
Message-ID: <200210151735.g9FHZg4H031950@ak47.algebra.com>


Hi,


Get this great opportunity to study computer and earn while you are studying, 
YES what you read is true for more details. visit us at: http://www.fofo69.biznas.com

What can you get from this system?

Web Pack that includes the following great products:

-A fun way of learning, with your own personal tutor,
in the convenience and comfort from any computer with
an internet connection or you can even download these tutorials.

Available in English, Arabic, Urdu and Turkish languages.

a. Fundamentals of Computers
b. Windows XP 
c. Front Page 2002 
d. Word 2002
e. Internet Explorer 6
f. MS Excel 2002
g. MS Outlook

Kids Section:- New gift for your Kids. Computer Courses, Ryms, Games
and Lot More!!! 

-Self Assessment Tests
-Get your free 50MB (10MB X 5) web space for Personal and Business use. 
-Classical Web-Builder
-File Manager-E-Commerce Web-Builder-You can create your personal email 
address through Nas WebMail.
Nas WebMail is accessible from any Internet connection, unbeatable 25 MB 
of email box.
-Loyalty Card
-Replicated Referral Web Site
-Two Powerful Sales Commission Plans


Sincerely,
Fatima Alansari
falansari at alfanooce.8k.com


Don't pass this up..you can just benefit nothing to loses!











If you receive this email in error or you want to unsubscribing: Send a blank 
<mailto:falansari at alfanooce.8k.com?subject=REMOVE> "Remove" in 
the subject line.




From Direct_Lenders7153p64 at yahoo.com  Tue Oct 15 14:40:32 2002
From: Direct_Lenders7153p64 at yahoo.com (Direct_Lenders7153p64 at yahoo.com)
Date: Wed, 16 Oct 2002 02:40:32 +0500
Subject: Refinancing Good People With Damaged Credit
Message-ID: <004d21b56a5b$3446b2e8$8da86ee4@uistqr>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 34659 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021016/594c4892/attachment.txt>

From mv at cdc.gov  Wed Oct 16 11:55:30 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Wed, 16 Oct 2002 11:55:30 -0700
Subject: sniping as performance art
Message-ID: <3DADB622.D66C028B@cdc.gov>


> From: "Trei, Peter" <ptrei at rsasecurity.com>
> I fail to see how anyone, anytime, anywhere, can support
> the hunting of random non-consenting humans for sport.

Maybe its a PETA activist making a point...




From ptrei at rsasecurity.com  Wed Oct 16 09:59:14 2002
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Wed, 16 Oct 2002 12:59:14 -0400
Subject: For everything else, there's MasterCard.
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A041BAEA3@exna07.securitydynamics.com>


> Major Variola (ret)[SMTP:mv at cdc.gov] writes:
> 
> Rifle and scope: $1,200
> Box of .223 Hollowpoint: $6.99
> Tarot Deck: $2.95
> Scoring an FBI analyst: priceless
> Some things are priceless.  For everything else, there's MasterCard.
> Dedicated to Eunice "Squeal Like a Pig" Stone
> 
I fail to see how anyone, anytime, anywhere, can support 
the hunting of random non-consenting humans for sport.

Peter Trei




From kedwards523 at hotmail.com  Wed Oct 16 13:17:08 2002
From: kedwards523 at hotmail.com (Rahmon Bigornia)
Date: Wed, 16 Oct 2002 13:17:08 -0700
Subject: Do you hava a problem with Spam?
Message-ID: <CE447F5A46FD@bottledwaterimages.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5977 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021016/6385b8de/attachment.txt>

From bill.stewart at pobox.com  Wed Oct 16 17:46:32 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Wed, 16 Oct 2002 17:46:32 -0700
Subject: One time pads and Quantum Computers
In-Reply-To: <F504A8CEE925D411AF4A00508B8BE90A041BAEA6@exna07.securitydy
  namics.com>
Message-ID: <5.1.1.6.2.20021016173707.04b49250@idiom.com>


> > David E. Weekly[SMTP:david at weekly.org]
> > As for PKI being secure for 20,000 years, it sure as hell won't be if
> > those million-qubit prototypes turn out to be worth their salt.
> > Think more like 5-10 years. In fact, just about everything except
> > for OTP solutions will be totally, totally fucked.

At 02:50 PM 10/16/2002 -0400, Trei, Peter wrote:
>Not quite right. My understanding is that quantum
>computing can effectively halve the length of a
>symmettric key, but that does not take it down to zero.
>Thus, a 256 bit key would, in a QC world, be as secure
>as a 128 bit key today, which is to say, pretty good.
>It's the asymmetric algorithms which have problems.

Yeah.  What we have to do for that is start thinking about ways
to apply Kerberos and similar technologies to real-world problems
besides the inside-an-organization ones they were originally designed for.

 > David E. Weekly[SMTP:david at weekly.org]
> > Which means that you should start thinking about
> > using OTP *now* if you have secrets you'd like to keep past when an
> > adversary of yours might have access to a quantum computer. ...

OTPs won't help a bit for that problem.
They're fine for transmitting new data if you've already sent a pad,
but they're useless for storing secrets, because you can only decrypt
something if you've got the pad around, and you have to burn the pad after 
use.
Storing the encrypted secret message on your regular computers
while keeping the pad locked up in the safe is unlikely to be
any more convenient than keeping the plaintext locked up in the safe.
I suppose you could secret-share a one-time-pad,
but you could just as easily secret-share the secret message.




From morlockelloi at yahoo.com  Wed Oct 16 20:54:18 2002
From: morlockelloi at yahoo.com (Morlock Elloi)
Date: Wed, 16 Oct 2002 20:54:18 -0700 (PDT)
Subject: commericial software defined radio (to 30 Mhz, RX only)
In-Reply-To: <20021017004502.GC941@cybershamanix.com>
Message-ID: <20021017035418.75656.qmail@web40601.mail.yahoo.com>


>    Does this run on linux? 

Also, if regular cheapo PC sounboards can digitize 30 MHz (and Nyquist says
this requires 60 MHz sampling rate) then some product managers need ...
flogging.



=====
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com




From kayakwcc at comcast.net  Wed Oct 16 18:20:37 2002
From: kayakwcc at comcast.net (Sam Ritchie)
Date: Wed, 16 Oct 2002 21:20:37 -0400
Subject: One time pads
In-Reply-To: <F504A8CEE925D411AF4A00508B8BE90A041BAEA6@exna07.securityd
  ynamics.com>
Message-ID: <B9D388A5.96D%kayakwcc@comcast.net>


    ACTUALLY, quantum computing does more than just halve the effective key
length. With classical computing, the resources required to attack a given
key grow exponentially with key length. (a 128-bit key has 2^128
possibilities, 129 has 2^129, etc. etc. you all know this...)
    With quantum computing, however, the complexity of an attack grows only
polynomially. Hence a MUCH MUCH more agreeable time frame for brute force
attacks. Good stuff, eh?
~SAM

> From: "Trei, Peter" <ptrei at rsasecurity.com>
> Date: Wed, 16 Oct 2002 14:50:03 -0400
> To: David Howe <DaveHowe at gmx.co.uk>, "Email List: Cypherpunks"
> <cypherpunks at lne.com>, "'David E. Weekly'" <david at weekly.org>
> Subject: RE: One time pads
> 
>> David E. Weekly[SMTP:david at weekly.org]
>> 
>> Naive question here, but what if you made multiple one time pads (XORing
>> them all together to get your "true key") and then sent the different pads
>> via different mechanisms (one via FedEx, one via secure courier, one via
>> your best friend)? Unless *all* were compromised, the combined key would
>> still be secure.
>> 
>> As for PKI being secure for 20,000 years, it sure as hell won't be if
>> those
>> million-qubit prototypes turn out to be worth their salt. Think more like
>> 5-10 years. In fact, just about everything except for OTP solutions will
>> be
>> totally, totally fucked. Which means that you should start thinking about
>> using OTP *now* if you have secrets you'd like to keep past when an
>> adversary of yours might have access to a quantum computer. I'd put 50
>> years
>> as an upper bound on that, 5 years as a lower.
>> 
>> -d
>> 
> Not quite right. My understanding is that quantum
> computing can effectively halve the length of a
> symmettric key, but that does not take it down to zero.
> 
> Thus, a 256 bit key would, in a QC world, be as secure
> as a 128 bit key today, which is to say, pretty good.
> 
> It's the asymmetric algorithms which have problems.
> 
> Peter




From bill.stewart at pobox.com  Wed Oct 16 22:59:25 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Wed, 16 Oct 2002 22:59:25 -0700
Subject: One time pads
In-Reply-To: <B9D388A5.96D%kayakwcc@comcast.net>
References: <F504A8CEE925D411AF4A00508B8BE90A041BAEA6@exna07.securityd
  ynamics.com>
Message-ID: <5.1.1.6.2.20021016225116.04bacaa0@idiom.com>


At 09:20 PM 10/16/2002 -0400, Sam Ritchie wrote:
>     ACTUALLY, quantum computing does more than just halve the effective key
>length. With classical computing, the resources required to attack a given
>key grow exponentially with key length. (a 128-bit key has 2^128
>possibilities, 129 has 2^129, etc. etc. you all know this...)
>     With quantum computing, however, the complexity of an attack grows only
>polynomially. Hence a MUCH MUCH more agreeable time frame for brute force
>attacks. Good stuff, eh?

The speed of quantum computing depends on the algorithm -
it's generally believed that for some problems, like factoring,
you can hypothetically get a hypothetically-precise-enough
quantum computer to resolve in polynomial time instead of exponential,
subject to a variety of caveats I don't pretend to understand,
but for many other problems they're only cutting the
effective number of bits in half (which is still exponentially
faster than brute-force, but not *enough* exponentially faster),
and for other problems they may not be a match at all.

So Peter Trei's assertion that it's really only a big impact
on asymmetric cryptosystems, and a much smaller impact on symmetric,
is one layer deeper description than yours,
and it's something that does still leave us with practical ways
to use cryptography that don't include briefcases and handcuffs.

Myself, I'd rather hang out at Delphi waiting for the
stoned babe to give out the correct answers....  :-)
         ("If you use the right key, a great kingdom will fall...")




From adam at homeport.org  Thu Oct 17 07:15:57 2002
From: adam at homeport.org (Adam Shostack)
Date: Thu, 17 Oct 2002 10:15:57 -0400
Subject: QuizID
Message-ID: <20021017141557.GA59829@lightship.internal.homeport.org>


http://news.bbc.co.uk/2/hi/technology/2334491.stm
and www.quizid.com

>  A credit-card sized device, which could potentially be issued to
>  thousands of citizens, is being heralded as a major breakthrough in
>  the search for establishing secure identification on the internet.

...

> Users are issued with a card and a personal code, based on a set of
> colour keys on the card. Each time they wish to conduct a secure
> transaction, they punch in the colour code and a random number is
> generated.

> The card works in conjunction with the Quizid vault - a large
> collection of computers that can process 600 authentications per
> second. The system cost millions of pounds to develop.

(Oooh!  six hundred!  Impressive! :)

I don't see anything on their site about the technology, but I do
question if 4 colored buttons, with a probable pin length of 4-6, is
worth 10-70 pounds per year..For that price you can get securid cards,
which aren't nearly as pretty, but that's nothing Ideo couldn't fix in
a week.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From marcnarc at rsasecurity.com  Thu Oct 17 10:22:57 2002
From: marcnarc at rsasecurity.com (Marc Branchaud)
Date: Thu, 17 Oct 2002 10:22:57 -0700
Subject: QuizID?
Message-ID: <3DAEF1F1.4040101@rsasecurity.com>

Any thoughts on this device?  At first glance, it doesn't seem
particularly impressive...

http://www.quizid.com/

Lovely idea of two-factor authentication:

   The user then enters their user name (something they know) and the
   8-digit Quizid passcode (something they have) into the login screen
   of their application.


BBC NEWS | Technology | Handy future for online security
http://news.bbc.co.uk/1/hi/technology/2334491.stm

Excerpt from the BBC article:

   Users are issued with a card and a personal code, based on a set of
   colour keys on the card. Each time they wish to conduct a secure
   transaction, they punch in the colour code and a random number is
   generated.

		M.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From georgemw at speakeasy.net  Thu Oct 17 12:22:56 2002
From: georgemw at speakeasy.net (georgemw at speakeasy.net)
Date: Thu, 17 Oct 2002 12:22:56 -0700
Subject: XORing bits to eliminate skew
In-Reply-To: <039301c27600$30838b40$c71121c2@sharpuk.co.uk>
Message-ID: <3DAEABA0.6220.638898C@localhost>


BTW, if the bits are assumed to be independent of
each other and you're only concerned with eliminating skew,
there's a well known simple scheme to eliminate it
entirely:

group the bits into pairs
if the pair is 00 or 11 toss it
if the pair is 01 map it to zero
if the pair is 10 map it to 1

this method gets you a fourfold reduction
in the number of bits in the best case.

George 




From ekgelirler at yahoo.com  Thu Oct 17 03:48:36 2002
From: ekgelirler at yahoo.com (ekgelirler at yahoo.com)
Date: Thu, 17 Oct 2002 13:48:36 +0300
Subject: her cebe bedava kontor yükleme fýrsatý
Message-ID: <GIGANTICRcTCi90gP8y00000050@levee.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 374 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021017/a6365acd/attachment.txt>

From ptrei at rsasecurity.com  Thu Oct 17 11:11:36 2002
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Thu, 17 Oct 2002 14:11:36 -0400
Subject: QuizID?
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A041BAEAD@exna07.securitydynamics.com>

> Branchaud, Marc writes:
> 
> Any thoughts on this device?  At first glance, it doesn't seem
> particularly impressive...
> 
> http://www.quizid.com/
> 
> Lovely idea of two-factor authentication:
> 
>    The user then enters their user name (something they know) and the
>    8-digit Quizid passcode (something they have) into the login screen
>    of their application.
> 
> BBC NEWS | Technology | Handy future for online security
> http://news.bbc.co.uk/1/hi/technology/2334491.stm
> 
> Excerpt from the BBC article:
> 
>    Users are issued with a card and a personal code, based on a set of
>    colour keys on the card. Each time they wish to conduct a secure
>    transaction, they punch in the colour code and a random number is
>    generated.
> 
> 		M.
> 
[Note of vested interests: I work on RSA SecurID, which is a
competing product.]

Based on the information at the site, and Quizid's statement 
that their hardware is manufactured by ActivCard, I have to
say that this looks an *awful lot* like the ActivCard Keychain 
Token, repackaged into a bigger form factor. 

Peter Trei

Disclaimer: The above represents only my personal opinion.




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From earn at pickyourflick.com  Thu Oct 17 14:16:14 2002
From: earn at pickyourflick.com (Earn 150 an hour)
Date: Thu, 17 Oct 14:16:14 2002 -0700
Subject: Get paid for your opinions
Message-ID: <19302072.0109686@mailhost>

===============================================
** Get Paid For Your Opinions! **
===============================================

====> Earn up to $150 For an Hour of Work!
http://www.getpaidforopinions.com/?code=gprm1017

<a href="http://www.getpaidforopinions.com/?code=gprm1017">
AOL Users Click Here</a>


Find out how your ideas and insight can work for you!
http://www.getpaidforopinions.com/?code=gprm1017

<a href="http://www.getpaidforopinions.com/?code=gprm1017">
AOL Users Click Here</a>



Click Here Now!
Start Earning Today!
http://www.getpaidforopinions.com/?code=gprm1017

<a href="http://www.getpaidforopinions.com/?code=gprm1017">
AOL Users Click Here</a>



=============================================





















Now Showing: PickYourFlick!  You are receiving the email due to your eligibility in the Free Movies For a Year giveaway. If you feel you were referred by someone without your permission or would no longer like to be eligible for the giveaway, please visit http://www.PickYourFlick.com to remove yourself from the giveaway and these mailings.








c&y&p&h&e&r&p&u&n&k&s&%m&i&n&d&e&r&~n&e&t&

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1628 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021017/c49d22e0/attachment.txt>

From rsalz at datapower.com  Thu Oct 17 11:39:55 2002
From: rsalz at datapower.com (Rich Salz)
Date: Thu, 17 Oct 2002 14:39:55 -0400
Subject: QuizID?
References: <3DAEF1F1.4040101@rsasecurity.com>
Message-ID: <3DAF03FB.6080003@datapower.com>

Marc Branchaud wrote:
> Any thoughts on this device?  At first glance, it doesn't seem
> particularly impressive...
> 
> http://www.quizid.com/

Looks like hardware S/Key, doesn't it?

If I could fool the user into entering a quizcode, then it seems like I 
could get the device and the admin database out of sync and lock the 
user out of the system.
	/r$



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From adam at homeport.org  Thu Oct 17 11:48:46 2002
From: adam at homeport.org (Adam Shostack)
Date: Thu, 17 Oct 2002 14:48:46 -0400
Subject: QuizID?
In-Reply-To: <3DAF03FB.6080003@datapower.com>
References: <3DAEF1F1.4040101@rsasecurity.com> <3DAF03FB.6080003@datapower.com>
Message-ID: <20021017184845.GA65171@lightship.internal.homeport.org>

On Thu, Oct 17, 2002 at 02:39:55PM -0400, Rich Salz wrote:
| Marc Branchaud wrote:
| >Any thoughts on this device?  At first glance, it doesn't seem
| >particularly impressive...
| >
| >http://www.quizid.com/
| 
| Looks like hardware S/Key, doesn't it?
| 
| If I could fool the user into entering a quizcode, then it seems like I 
| could get the device and the admin database out of sync and lock the 
| user out of the system.

Aww, Rich, that trick never works!

More seriously, most of the vendors will search forwards and back
through the expected codes to make the attack less likely to work.
(If authentication is centralized, searching backwards may not be a
security risk.)

I think the most interesting part of this is the unit looks cool, and
its spun slightly differently than other tokens have been.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From atomica2020 at hotmail.com  Thu Oct 17 16:19:34 2002
From: atomica2020 at hotmail.com (SignalBoost)
Date: Thu, 17 Oct 2002 15:19:34 PST
Subject: Never lose another mobile phone.
Message-ID: <17100200003$102192086381143$134659628$0@atd1.atomicdot1.com>

 You have seen it on TV and now
you can order it at a fraction of the
price! Get the AMAZING Cell Phone Antenna Booster!
Never lose another call again.

Click Here:
http://fairreach.net/475677n5/index.html

It's like putting a 4 foot antenna on your mobile phone!!

Works on ANY Mobile Phone!!

AS ON TV!!!

Buy 1 Booster at 50% OFF
and get a Second Booster FREE
* Limit 1 Order Per Customer*
Savings of OVER 75%!!

Click Here:
http://fairreach.net/475677n5/index.html

The first 200 responses to this promotion also get:
FREE SHIPPING


ORDER TODAY!
Click Here:
http://fairreach.net/475677n5/index.html



We take your privacy very seriously and it is our policy never to send
unwanted email messages. This message has been sent to cypherpunks at algebra.com
because you originally joined one of our member sites or you signed up
with a party that has contracted with atomicDOT. Please
http://atomicdot1.com/unsub.php?client=atomicDOT&msgid=17100200003
to Unsubscribe (replying to this email WILL NOT unsubscribe you). 





TRCK:atomicDOT;fbskhusxqnv*dojheud!frp;7;




From bill.stewart at pobox.com  Thu Oct 17 18:08:20 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Thu, 17 Oct 2002 18:08:20 -0700
Subject: One time pads
In-Reply-To: <20021017191640.98852.qmail@web40607.mail.yahoo.com>
References: <004301c275d8$73eb9580$c71121c2@sharpuk.co.uk>
Message-ID: <5.1.1.6.2.20021017172724.02b07210@idiom.com>


At 12:16 PM 10/17/2002 -0700, Morlock Elloi wrote:
>I have a working OTP system on $40 64 Mb USB flash disk on my keychain.

Cute.  Is it available?

How do you prevent other applications from reading the file off your
USB disk, either while your application is using it or some other time?
That's one of the big differences between a computerized OTP
and a Dead Trees (or Dead Silkworms) OTP, which is much harder for
someone or something else to read without you noticing.

Since you say that "Used bits are securely deleted",
does your application distinguish between using the pad to encrypt
and using the pad to decrypt (which are basically the same thing,
except for destroying the key bits the second time)?

>30Mbs are filled with distilled randomness (two video digitizers at high gain
>looking into open input noise, compressed first with LZW then again compressed
>8:1 by taking only byte parity, then XORed together - takes several hours and
>passes diehard)

Landon Noll has done some interesting work taking a cheap PC camera
and keeping it in the dark.  The CCDs try to adjust, and you get noise.

Rather than compressing 8:1 using byte parity,
I'd recommend using a hash function, such as MD5 or SHA,
which means that every bit of the input can tweak any bit of the output.

>judging by the current use it will last us for decades for text messages.

That's the Bic Pen model of "you'll lose it before you use it up" :-)
If you're using it strictly for session key exchange,
that's a lot of sessions (unless you're a big web or email server.)
If you're using it for message encryption, it's obviously not much.




From adam at cypherspace.org  Thu Oct 17 11:15:38 2002
From: adam at cypherspace.org (Adam Back)
Date: Thu, 17 Oct 2002 19:15:38 +0100
Subject: palladium presentation - anyone going?
Message-ID: <20021017191538.A53194@exeter.ac.uk>

Would someone at MIT / in Boston area like to go to this and send a
report to the list?  Might help clear up some of the currently
unexplained aspects about Palladium, such as:

- why they think it couldn't be used to protect software copyright (as
the subject of Lucky's patent)

- are there plans to move SCP functions into processor?  any relation
to Intel Lagrange

- isn't it quite weak as someone could send different information to
the SCP and processor, thereby being able to forge remote attestation
without having to tamper with the SCP; and hence being able to run
different TOR, observe trusted agents etc.

I notice at the bottom of the talk invite it says 

| "Palladium" is not designed to provide defenses against
| hardware-based attacks that originate from someone in control of the
| local machine.

but in this case how does it meet the BORA prevention.  Is it BORA
prevention _presuming_ the local user is not interested to reconfigure
his own hardware?

Will it really make any significant difference to DRM enforcement
rates?  Wouldn't the subset of the file sharing community who produce
DVD rips still produce Pd DRM rips if the only protection is the
assumption that the user won't make simple hardware modifications.

Adam

-------- Original Message --------
Subject: LCS/CIS Talk, OCT 18, TOMORROW
Date: Thu, 17 Oct 2002 12:49:01 -0400
From: Be Blackburn <be at theory.lcs.mit.edu>
To: theory-seminars at theory.lcs.mit.edu
CC: cis-seminars at theory.lcs.mit.edu


Open to the Public

Date:     Friday, Oct 18, 2002 
Time:     10:30 a.m.- 12:00 noon 
Place:    NOTE: NE43-518, 200 Tech Square 
Title:    Palladium
Speaker:  Brian LaMacchia, Microsoft Corp.
Hosts:    Ron Rivest and Hal Abelson

Abstract: 

This talk will present a technical overview of the Microsoft
"Palladium" Initiative.  The "Palladium" code name refers to a set of
hardware and software security features currently under development
for a future version of the Windows operating system.  "Palladium"
adds four categories of security services to today's PCs:

  a. Curtained memory. The ability to wall off and hide pages of main
memory so that each "Palladium" application can be assured that it is
not modified or observed by any other application or even the
operating system.

  b. Attestation. The ability for a piece of code to digitally sign
or otherwise attest to a piece of data and further assure the
signature recipient that the data was constructed by an unforgeable,
cryptographically identified software stack.

  c. Sealed storage. The ability to securely store information so
that a "Palladium" application or module can mandate that the
information be accessible only to itself or to a set of other trusted
components that can be identified in a cryptographically secure
manner.

  d. Secure input and output. A secure path from the keyboard and
mouse to "Palladium" applications, and a secure path from "Palladium"
applications to an identifiable region of the screen.

Together, these features provide a parallel execution environment to
the "traditional" kernel- and user-mode stacks.  The goal of
"Palladium" is to help protect software from software; that is, to
provide a set of features and services that a software application can
use to defend against malicious software also running on the machine
(viruses running in the main operating system, keyboard sniffers,
frame grabbers, etc).  "Palladium" is not designed to provide defenses
against hardware-based attacks that originate from someone in control
of the local machine.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From nicko at ncipher.com  Thu Oct 17 11:55:51 2002
From: nicko at ncipher.com (Nicko van Someren)
Date: Thu, 17 Oct 2002 19:55:51 +0100
Subject: QuizID?
In-Reply-To: <3DAF03FB.6080003@datapower.com>
Message-ID: <0EB44465-E202-11D6-88D9-000393B62120@ncipher.com>


On Thursday, Oct 17, 2002, at 19:39 Europe/London, Rich Salz wrote:

> Marc Branchaud wrote:
>> Any thoughts on this device?  At first glance, it doesn't seem
>> particularly impressive...
>> http://www.quizid.com/
>
> Looks like hardware S/Key, doesn't it?
>
> If I could fool the user into entering a quizcode, then it seems like 
> I could get the device and the admin database out of sync and lock the 
> user out of the system.

[Note: I have an interest, since QuizID use nCipher hardware]

Their device has a neat way of synchronizing the sequence number to the 
server which both avoids the clock drift problems that trouble RSA 
SecurID and mean that you'd have to get the user to pass you a large 
number of codes before you got them out of sync with the server.  It 
also helps them avoid some of RSA's later patents which deal with their 
troublesome clock sync problems.

	Nicko




From morlockelloi at yahoo.com  Thu Oct 17 22:52:52 2002
From: morlockelloi at yahoo.com (Morlock Elloi)
Date: Thu, 17 Oct 2002 22:52:52 -0700 (PDT)
Subject: One time pads
In-Reply-To: <5.1.1.6.2.20021017172724.02b07210@idiom.com>
Message-ID: <20021018055252.3077.qmail@web40602.mail.yahoo.com>


> >I have a working OTP system on $40 64 Mb USB flash disk on my keychain.
> 
> Cute.  Is it available?

$39 + tax in Fry's.

> How do you prevent other applications from reading the file off your
> USB disk, either while your application is using it or some other time?

I don't care. No one knows about it enough to set a trap in a random PC (and if
They do we're in deep shit anyway.) This is the reason for not releasing the
(trivial) program. Write your own and let it be your group key ... say, 40-bits
worth ?

Subverting PGP is far more likely. The only solution would be to have a CPU on
the keychain item ... just wait for PDAs to get smaller.

> Since you say that "Used bits are securely deleted",
> does your application distinguish between using the pad to encrypt
> and using the pad to decrypt (which are basically the same thing,
> except for destroying the key bits the second time)?

You destroy bits *every* time. The routine that reads bits overwrites them.
Messages are fixed size, index into OTP file is a part of the message, each
user gets starting offset assigned to avoid synching problems.

Yes, there are zillion DoS attacks, but we had none so far. This crypto works
only when a crypto programmer is a part of cooperative group, and frankly we
don't give a fuck for the rest of the world.

> Landon Noll has done some interesting work taking a cheap PC camera
> and keeping it in the dark.  The CCDs try to adjust, and you get noise.

I's suggest a hi-fi video digitizer with analog input. CCDs have dirty
randomness. 

> Rather than compressing 8:1 using byte parity,
> I'd recommend using a hash function, such as MD5 or SHA,
> which means that every bit of the input can tweak any bit of the output.

Well, each of 8 bits of byte affect its parity. It's just the different initial
block size. But tastes vary.

> That's the Bic Pen model of "you'll lose it before you use it up" :-)
> If you're using it strictly for session key exchange,
> that's a lot of sessions (unless you're a big web or email server.)
> If you're using it for message encryption, it's obviously not much.

Did you ever try to type 5 megabytes of text ? Check the size of the text part
of your outgoing mail archive.




=====
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com




From bill.stewart at pobox.com  Fri Oct 18 01:05:14 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Fri, 18 Oct 2002 01:05:14 -0700
Subject: One time pads
In-Reply-To: <20021018055252.3077.qmail@web40602.mail.yahoo.com>
References: <5.1.1.6.2.20021017172724.02b07210@idiom.com>
Message-ID: <5.1.1.6.2.20021018005851.02b05e78@idiom.com>


At 10:52 PM 10/17/2002 -0700, Morlock Elloi wrote:
> > >I have a working OTP system on $40 64 Mb USB flash disk on my keychain.
> >
> > Cute.  Is it available?
>
>$39 + tax in Fry's.

I don't mean the disk - there are lots of those.
I mean your software.
Also, can your tool use floppies instead of USB keys?
There are problems with KGB-quality attackers recovering overwritten data
which are probably much more serious for disks than flash rom,
but they're nearly universal and good shredders work well on them.

> > How do you prevent other applications from reading the file off your
> > USB disk, either while your application is using it or some other time?
>
>I don't care. No one knows about it enough to set a trap in a random PC 
>(and if
>They do we're in deep shit anyway.) This is the reason for not releasing the
>(trivial) program. Write your own and let it be your group key ... say, 
>40-bits worth ?

USB key disks look like an obvious target for eavesdropping in general.
(They're also the best medium for re-inventing the floppy-disk virus:-)

> > Since you say that "Used bits are securely deleted",
> > does your application distinguish between using the pad to encrypt
> > and using the pad to decrypt (which are basically the same thing,
> > except for destroying the key bits the second time)?
>
>You destroy bits *every* time. The routine that reads bits overwrites them.
>Messages are fixed size, index into OTP file is a part of the message, each
>user gets starting offset assigned to avoid synching problems.

You need to use each bit twice - once to encrypt, and once to decrypt.
Destroying them after the first use is a bad idea....




From jtrjtrjtr2001 at yahoo.com  Fri Oct 18 06:37:14 2002
From: jtrjtrjtr2001 at yahoo.com (Sarad AV)
Date: Fri, 18 Oct 2002 06:37:14 -0700 (PDT)
Subject: XORing bits to eliminate skew
In-Reply-To: <3DB0ACA4.7040104@storm.ca>
Message-ID: <20021018133714.22984.qmail@web21206.mail.yahoo.com>



--- Sandy Harris <pashley at storm.ca> wrote:
> georgemw at speakeasy.net wrote:
> 
> >BTW, if the bits are assumed to be independent of
> >each other and you're only concerned with
> eliminating skew,
> >there's a well known simple scheme to eliminate it
> >entirely:
> >
> >group the bits into pairs
> >if the pair is 00 or 11 toss it
> >if the pair is 01 map it to zero
> >if the pair is 10 map it to 1
> >
> >this method gets you a fourfold reduction
> >in the number of bits in the best case.
> >
> I read that Intel chipsets use something similar,
hi,

its given in rfc 1750

5.2.2 Using Transition Mappings to De-Skew

 Another technique, originally due to von Neumann [VON
NEUMANN], is to   examine a bit stream as a sequence
of non-overlapping pairs. You   could then discard any
00 or 11 pairs found, interpret 01 as a 0 and   10 as
a 1.  

Regards Sarath.

__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com




From painrelief at pickyourflick.com  Fri Oct 18 11:49:02 2002
From: painrelief at pickyourflick.com (Naturally Painless)
Date: Fri, 18 Oct 11:49:02 2002 -0700
Subject: Natural pain relief for backaches & headaches
Message-ID: <18326725.4576855@mailhost>


Aches & Pains don't discriminate, so if you are someone you 
know needs help, seek Naturally Painless.

Before Pain Strikes Again, get your bottle of Naturally Painless and:

* Soothe Unbearable Backaches
* Zap Away Headaches
* Relieve Arthritis & Joint Soreness
* Eliminate Knee Suffering
* Demolish Muscle Soreness
* Ease Neck & Shoulder Stiffness
* Alleviate Toothaches
* Rescue Sprained Ankles

Pain relief shouldn't be a financial pain-in-the-neck, so we 
lowered our prices. Save 46% now and order Naturally Painless 
for only $14.99 by following this link:
http://store.yahoo.com/cgi-bin/clink?vitaminboost+TyLZqZ+m331.html

Naturally Painless contains Aloe Vera, sage Oil, Menthol, 
Eucalyptus Oil, and other safe, organic ingredients for natural, 
cooling pain relief.

Check out this Physician's Testimonial:

"My patients receive tremendous and virtually immediate relief from 
just spraying Naturally Painless on their bodies. Backaches, knees, 
shoulders, necks, arms, you name it
 Where there was pain, there is 
now relief. I have never before seen anything this effective in a 
natural remedy, and with out side effects." - Dr. J. Jutkowitz, D.C.

Order now and Save 46% on Naturally Painless by following this link:
http://store.yahoo.com/cgi-bin/clink?vitaminboost+TyLZqZ+m331.html

Don't take pills to ease the pain, just spray it away with 
Naturally Painless.


====================================================================
















Now Showing: PickYourFlick!  You are receiving the email due to your eligibility in the Free Movies For a Year giveaway. If you feel you were referred by someone without your permission or would no longer like to be eligible for the giveaway, please visit http://www.PickYourFlick.com to remove yourself from the giveaway and these mailings.

















c&y&p&h&e&r&p&u&n&k&s&%m&i&n&d&e&r&~n&e&t&

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4382 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021018/e7e93199/attachment.txt>

From camera_lumina at hotmail.com  Fri Oct 18 08:54:54 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Fri, 18 Oct 2002 11:54:54 -0400
Subject: Intel Security processor + a question
Message-ID: <F215KnD7zoJDpz1Pjzc00003e20@hotmail.com>


OK...a follow up question (actually, really the same question in a diferent 
form).

Let's say I had a crypto chip or other encryption engine, the code of which 
I could not see. Now what if someone had monkeyed with it so that (let's 
say) the pool of prime numbers it drew from was actually a subset of the 
real pool that should be available for encryption. Let's also say that 
"somebody" knows this, and can search byte streams for known strings of 
products of these primes. They can then break this cypherstream very easily.

Meanwhile, someone who doesn't know that the code's been tampered with can 
try to break the cypherstream using traditional brute force methods, and it 
will appear that this is a truly hard-encrypted message.

Now don't get hung up on the details of what I'm saying here...I don't know 
if this particular example is possible or not. I'm just wondering iF it is 
possible to tamper with crypto code (particularly as embedded on a chip) so 
that it appears to all regular users not to have been tampered with, but 
meanwhile it allows certain privileged users to access encrypted streams 
fairly easily.

AND if this is possible, is there some way to examine the encrypted output 
and then, say, search for unusual frequency traces of certain sequences, and 
determine tha the code has been tampered with? Or are there ways to tamper 
with good cryptocode in ways that can never be detected with actually 
looking at the originating code?






>From: "Tyler Durden" <camera_lumina at hotmail.com>
>To: camera_lumina at hotmail.com, cypherpunks at lne.com
>Subject: Intel Security processor + a question
>Date: Thu, 17 Oct 2002 11:49:33 -0400
>
>Intel is moving Security onto its Network processor chips...a quote also 
>follows.
>
>http://www.lightreading.com/document.asp?site=lightreading&doc_id=22749
>
>
>
>(Begin quote)
>For now, Intel is tackling very high- and low-end systems. The IXP2850 is 
>derived from the IXP2800, which targets 10-Gbit/s line speeds. And back in 
>February, Intel released the IXP425, a network processor with encryption 
>hardware included, targeting low-end boxes such as enterprise routers (see 
>Intel: The Prince of Processors? ).
>
>For both chips, Intel developed its own hardware to handle the DES, triple 
>DES, AES, and SHA-1 encryption standards. In the case of the IXP2850, Intel 
>had left room in the IXP 2800 to add these hardware blocks, because 
>potential customers had shown enough interest in security. We thought 
>about adding crypto [to the IXP2800] as we were building it from the ground 
>up, says Rajneesh Gaur, Intel senior product marketing manager.
>(End quote)
>
>
>Got a question for the cognoscenti amongst us...
>If crypto is performed by hardware, how sure can users/designers be that it 
>is truly secure (since one can't examine the code)? Is there any way to 
>determine whether standard forms of encryption have been monkeyed with in 
>some way (ie, to make those with certain backdoor keys have access at will, 
>and yet still conform to he standard as far users can see)?
>And, are hardware-based encryption implementations considered suspect from 
>the standard by the more "careful" parts of the crypto community?
>
>
>_________________________________________________________________
>Get faster connections -- switch to MSN Internet Access! 
>http://resourcecenter.msn.com/access/plans/default.asp


_________________________________________________________________
Unlimited Internet access for only $21.95/month.  Try MSN! 
http://resourcecenter.msn.com/access/plans/2monthsfree.asp




From eugen at leitl.org  Fri Oct 18 04:42:50 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 18 Oct 2002 13:42:50 +0200 (CEST)
Subject: One time pads
In-Reply-To: <20021018055252.3077.qmail@web40602.mail.yahoo.com>
Message-ID: <Pine.LNX.4.33.0210181330420.4368-100000@hydrogen.leitl.org>


On Thu, 17 Oct 2002, Morlock Elloi wrote:

> > Landon Noll has done some interesting work taking a cheap PC camera
> > and keeping it in the dark.  The CCDs try to adjust, and you get noise.
> 
> I's suggest a hi-fi video digitizer with analog input. CCDs have dirty
> randomness. 

Most modern USB cams (I use Aiptek APC 400, which is dirt cheap and plug
and play under Linux) are CMOS, and have very dirty randomness (switch off
jpeg compression, wrap it in aluminum foil, wait a little for the cam to
adjust, and make a diff of a few pairs of frames).  However, they're more
noisy than CCD, and the spatial bias gets killed by the cryptohash.
 
> > Rather than compressing 8:1 using byte parity,
> > I'd recommend using a hash function, such as MD5 or SHA,
> > which means that every bit of the input can tweak any bit of the output.
> 
> Well, each of 8 bits of byte affect its parity. It's just the different initial
> block size. But tastes vary.

Actually, you're making a lot of random assumptions in your treatment of
the raw video, which is a no-no even in the crypto sham we're engaging in.
You'd do much better if you'd just use a SHA-1 on a few lines (or estimate
(measure), how many lines you need for some 160 bits of raw entropy, and
double that for good measure) of raw video. Imo it might be arguably
safe/make sense to throw away a few of highest significant bits which are
always zero, and paste the rest together, destilling entropy. However, you
can actually lose entropy if your setup is very noisy/has a threshold and
you're blindly catting only LSBs. This won't happen if you use SHA-1 
blindly on raw video.




From mv at cdc.gov  Fri Oct 18 14:11:24 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 18 Oct 2002 14:11:24 -0700
Subject: eating dirt, and loving it, in MD
Message-ID: <3DB078FC.F611BCBE@cdc.gov>


Elderly couple forced to ground at gunpoint because they're driving
white vans.  And neighbors had snitched.  Cause you know, they had
white vans.

Old woman tightly handcuffed, "eats dirt", then consents to vehicle *and
later
home search*.  Guess she likes the taste of degradation.  Dig in,
Shirley, you deserve it.
Rub it all over your face, baby.  Shiny black boots stomping a face are
so sexy, forever.

http://www.sunspot.net/news/printedition/bal-te.md.van18oct18,0,3903643.story?coll=bal%2Dpe%2Dasection

Look-alike vehicles trap grandparents
Moving from Md. to Del., couple in box truck, van snagged in sniper
search

                    By Stephen Kiehl
                    Sun Staff
                    Originally published October 18, 2002

                    Ray and Shirley Kirk, grandparents who moved
recently from Maryland
                    to Delaware, didn't think anything of it when they
loaded up their
                    belongings and hit the highway this week, heading to
their new antique
                    shop in Harrington, Del.

                    There was just one problem: Their vehicles are a
white box truck - an
                    Isuzu with small black lettering and a dent in the
rear bumper - and a
                    white Chevy Astro van.

                    What happened next, on a deserted country road in
Delaware Monday
                    afternoon, shows how far police are willing to go as
they hunt the serial
                    sniper and how no one - not even a pair of
antiques-loving grandparents
                    - is above suspicion.

                    Law enforcement officials say they have stopped
hundreds of white vans
                    and box trucks in recent weeks during the desperate
search for the killer.
                    It is a daunting task to pinpoint the gunman's
getaway vehicle - auto
                    manufacturers say tens of thousands of such vehicles
are in the
                    Washington region.

                    For Shirley Kirk and her husband, police zeal to
solve the case has
                    become all too apparent.

                    "The first thing I noticed was flashing lights
behind me," said Shirley Kirk,
                    56, who was driving the Astro van. "Police cars were
moving up on me
                    really fast."

                    She pulled to the side of the road to let the
officers pass, as did her
                    59-year-old husband in his box truck ahead of her.
Instead, the cruisers
                    pulled up behind the Kirks and officers jumped out
with their weapons
                    drawn. The officers yelled for the Kirks to put
their arms out the window
                    as they slowly advanced on their vehicles.

                    "Then they threw me down on the ground, my face in
the dirt, grabbed
                    my arms, put them behind my back and handcuffed me,"
Shirley Kirk
                    said. Her glasses flew from her face in the
commotion.

                    "I ate Delaware dirt," the grandmother said in a
phone interview
                    yesterday.

                    "People were arriving like crazy," she said.
Delaware State Police and
                    FBI agents seemed to be coming from a nearby
cornfield, guns drawn.
                    They looked nervous, she said. They were sweating.

                    A spokesman for the Delaware State Police, Lt. Tim
Winstead,
                    confirmed yesterday that a couple owning a white box
truck and white
                    Astro van were stopped on Route 35 outside
Harrington, Del., about 3
                    p.m. Monday. It was a joint stop, Winstead said, by
the state police and
                    the FBI, prompted by calls from the couple's
vigilant neighbors.

                    The FBI has received more than 70,000 calls on its
sniper tip line,
                    yielding 12,375 credible leads. Many concern the
white box truck and
                    white vans that are the subject of sketches released
by police.

                    There are plenty to go around. Ford Motor Co. says
it has sold about
                    50,000 white Econoline vans in Maryland, Virginia
and the District since
                    1992. Chevrolet did not return a call yesterday
seeking the number of
                    Astro vans in the area.

                    FBI spokesman Barry Maddox said the agency would not
discuss the
                    Kirks' stop because of the continuing investigation
but added, "Normally
                    we don't stop vehicles unless we have a suspect
under surveillance."

                    Indeed, the Kirks said FBI agents told them they had
been under
                    surveillance for a week, after their neighbors had
reported them. But the
                    Kirks knew none of this as they ate dirt Monday
afternoon.

                    Shirley Kirk said that after she was handcuffed and
frisked on the
                    ground, she was led to a police cruiser, where she
watched police search
                    her van. She had given them permission. She knew
they would find only
                    glassware, fabric and power tools.

                    "I was trying to see what they were doing to my
husband," she said,
                    "because he has a bad heart and I was worried."

                    Finally, the officers - more than a dozen in all -
questioned her about
                    where she was going, where she was from (Montgomery
County, it turns
                    out) and where she had been for the past 10 days,
while the sniper was
                    terrorizing the Washington area.

                    Then they wanted to take her home and search her
house. She
                    consented. The search took almost two hours, she
said, and the officers
                    went through every room of her three-story
Italianate home and looked
                    under every bed.

                    Her husband remained at the side of the road.
Officers were waiting for
                    the crime lab van to show up and check his truck for
gunshot residue.

                    The whole ordeal took about four hours. But the
Kirks have no
                    complaints - though Shirley said she wished the
handcuffs weren't so
                    tight.

                    "I totally, totally understand," she said. "I am
extremely grateful to them
                    for doing what they do."

                    She's not angry at her neighbors, either, who have
continued to phone in
                    tips about the Kirks' movements to the FBI even
after the couple was
                    cleared.

                    "I feel even better about choosing this town because
of my neighbors'
                    vigilance," she said of her new home in Frederica,
Del. - population 648.
                    "We're delighted to be here."

---
"It can't happen here" --Suzy Creamcheese goes to Bali




From morlockelloi at yahoo.com  Fri Oct 18 16:55:23 2002
From: morlockelloi at yahoo.com (Morlock Elloi)
Date: Fri, 18 Oct 2002 16:55:23 -0700 (PDT)
Subject: eating dirt, and loving it, in MD
In-Reply-To: <3DB078FC.F611BCBE@cdc.gov>
Message-ID: <20021018235523.54709.qmail@web40603.mail.yahoo.com>


>Law enforcement officials say they have stopped hundreds of white vans
>and box trucks in recent weeks during the desperate search for the killer.

And the probability of the sniper (TM) being an utter idiot and continuing to
use such a vehicle instead of red corvette is ... 0.00001 ? 



=====
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com




From morlockelloi at yahoo.com  Fri Oct 18 19:24:19 2002
From: morlockelloi at yahoo.com (Morlock Elloi)
Date: Fri, 18 Oct 2002 19:24:19 -0700 (PDT)
Subject: Intel Security processor + a question
In-Reply-To: <F173sSVhGOD6gx3lKy800004d66@hotmail.com>
Message-ID: <20021019022419.40823.qmail@web40611.mail.yahoo.com>


>Or consider someone who sells a "RNG" but won't let you examine it
physically...
>(you might have been sold a long-sequence PRNG, and without either 1. the
algorithm & key
>or 2. physical inspection of the circuit YOU CAN'T TELL.  )

This always boils down tho the single issue: since there is no positive proof
of randomness the only way to trust it is to observe it come from what you
believe is the good source (thermal noise, politician's statements) and turn
into bits. This is why lottery drawings are televised and all enclosures are
transparent ... who would trust "computer" displaying numbers ?

This is clear to anyone involved, and *any* obscurity *is* a positive proof
that you're looking into PRNG of some sort whose seed is weel known to at least
one TLA.


=====
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/




From camera_lumina at hotmail.com  Fri Oct 18 16:40:55 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Fri, 18 Oct 2002 19:40:55 -0400
Subject: Intel Security processor + a question
Message-ID: <F173sSVhGOD6gx3lKy800004d66@hotmail.com>


Well,I disagree about psuedo random number generation, sort of.
First, if I have PSR sequence of the known variety (ie, ANSI or ITU), and if 
it's mapped to some telecom standard (DS-1/3, OC-3/12/48/192), then my test 
set can and should be able to lock onto that sequence. This is true whether 
that telecom signal is raw PRBS, or if it has been mapped into the payload 
(you use different test sets).

In addition, PRBS have a very distinctive trace signature in the frequency 
domain. SO if I run my PRBS-mapped telecom signal into an O/E (if it's 
optical, for instance), and then into an Electrical Signal Analyzer, I'll be 
able to see if the characteristic Electrical Frequency spectrum matches that 
expected for, say PRBS-23.If it doesn't, I know something's up. If it does, 
it CAN of course be something else, but that signal does have the right 
amount of entropy.

With encrypted info who knows? I would think that testing if there's monkey 
business might boil down to algorithms--ie, if certain bit patterns happen 
too often, then something's wrong...






>From: "Major Variola (ret)" <mv at cdc.gov>
>To: "cypherpunks at lne.com" <cypherpunks at lne.com>
>Subject: Re: Intel Security processor + a question
>Date: Fri, 18 Oct 2002 14:33:15 -0700
>
> > From: "Tyler Durden" <camera_lumina at hotmail.com>
> > Subject: Re: Intel Security processor + a question
> >
> > OK...a follow up question (actually, really the same question in a
>diferent
> > form).
> >
> > Let's say I had a crypto chip or other encryption engine, the code of
>which
> > I could not see. Now what if someone had monkeyed with it so that
>(let's
> > say) the pool of prime numbers it drew from was actually a subset of
>the
> > real pool that should be available for encryption. Let's also say that
>
> > "somebody" knows this, and can search byte streams for known strings
>of
> > products of these primes. They can then break this cypherstream very
>easily.
>
>Or consider someone who sells a "RNG" but won't let you examine it
>physically...
>(you might have been sold a long-sequence PRNG, and without either 1.
>the algorithm & key
>or 2. physical inspection of the circuit YOU CAN'T TELL.  )
>
> > Now don't get hung up on the details of what I'm saying here...I don't
>know
> > if this particular example is possible or not.
>
>Of course.  If you can't disassemble the code, or chip, you're fucked,
>since you're trusting those who made and distributed the artifact.
>
>I'm just wondering iF it is
> > possible to tamper with crypto code (particularly as embedded on a
>chip) so
> > that it appears to all regular users not to have been tampered with,
>but
> > meanwhile it allows certain privileged users to access encrypted
>streams
> > fairly easily.
>
>if ( !strcmp("backdoor", password_str)) let_me_in();
>
>is readily written in RTL and a comparator is not many gates.
>
> > AND if this is possible, is there some way to examine the encrypted
>output
> > and then, say, search for unusual frequency traces of certain
>sequences, and
> > determine tha the code has been tampered with? Or are there ways to
>tamper
> > with good cryptocode in ways that can never be detected with actually
> > looking at the originating code?
>
>You can write clear code --in C or Verilog-- which does not permit much
>room for hidden functionality.   However if you can't examine inside the
>box, it is very very
>easy to design backdoors you will never find in a thousand years.


_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963




From bill.stewart at pobox.com  Fri Oct 18 21:19:03 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Fri, 18 Oct 2002 21:19:03 -0700
Subject: One time pads
In-Reply-To: <Pine.LNX.4.33.0210171359120.4368-100000@hydrogen.leitl.org
  >
References: <5.1.1.6.2.20021016225116.04bacaa0@idiom.com>
Message-ID: <5.1.1.6.2.20021018092917.046fe210@idiom.com>


At 02:04 PM 10/17/2002 +0200, Eugen Leitl wrote:
>It is important to note that currently NMR bases systems only allow for
>6 qubits. Only very recently we're getting practical qubits in solid state.
>.....
>Everybody realizes that we're discussing currently completely theoretical
>vulnerabilities, right?

Of course.  But without quantum computing, you can do computations on
your basic cheap computers that are secure against crackers for the
expected remaining life of the universe, so your threat models are
much more controllable.  Obviously you still need to worry about tempest,
computer viruses, cameras in the ceiling, and rubber hose cryptanalysis,
but threat models that just involve someone intercepting your message
aren't a problem.

Quantum computing is the one thing that anybody's thought of that
has a mathematically possible chance of breaking that.




From nrbipostbox at tesmailers.com  Sat Oct 19 00:27:57 2002
From: nrbipostbox at tesmailers.com (hsvcSandee)
Date: Sat, 19 Oct 2002 00:27:57 -0700
Subject: edeb
Message-ID: <200210190729.g9J7TKQ13786@waste.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2436 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021019/dc67cbe5/attachment.txt>

From morlockelloi at yahoo.com  Sat Oct 19 00:33:48 2002
From: morlockelloi at yahoo.com (Morlock Elloi)
Date: Sat, 19 Oct 2002 00:33:48 -0700 (PDT)
Subject: One time pads
In-Reply-To: <5.1.1.6.2.20021018005851.02b05e78@idiom.com>
Message-ID: <20021019073348.2645.qmail@web40603.mail.yahoo.com>


> Also, can your tool use floppies instead of USB keys?

It's a freakin' C program that works on a file - but carrying a floppy around
is so ... ordinary.

> There are problems with KGB-quality attackers recovering overwritten data
> which are probably much more serious for disks than flash rom,
> but they're nearly universal and good shredders work well on them.

Bits are overwritten by running PRNG output on them 128 times, PRNG being
seeded by the data that has just been erased. We use DES in counter mode as
PRNG.

> You need to use each bit twice - once to encrypt, and once to decrypt.
> Destroying them after the first use is a bad idea....

Why would sender need to decrypt known plaintext is beyond me ... sender XORs
and destroys bits, recipient XORs and destroys bits. Each in their respective
dongles, once.


=====
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/




From jtrjtrjtr2001 at yahoo.com  Sat Oct 19 02:57:01 2002
From: jtrjtrjtr2001 at yahoo.com (Sarad AV)
Date: Sat, 19 Oct 2002 02:57:01 -0700 (PDT)
Subject: Independence  and redundncy Re: XORing bits to eliminate skew
In-Reply-To: <039301c27600$30838b40$c71121c2@sharpuk.co.uk>
Message-ID: <20021019095701.7159.qmail@web21210.mail.yahoo.com>


hi,

 
One more query on the same topic.

>Now add a second bit. assume that the bits are (i)
> and (ii) so we know
> that the probability of (i) being 1 is 0.5-e and and
> being 0 is 0.5+e
> (there isn't a bias btw in that notation - e could
> be negative)
> 
> so all the possible combinations are
> 
> P(i=1, ii=1) =(0.5-e)(0.5-e)
> P(i=1, ii=0) =(0.5-e)(0.5+e)
> P(i=0, ii=1) =(0.5+e)(0.5-e)
> P(i=0, ii=0) =(0.5+e)(0.5+e)

Two events E1 and E2 are said to be independent,if
P(E1(intersection)E2)=P(E1).P(E2)

As in the above case we assume that the bits under xor
are independent.

if the inputs are frm different sources then we
consider them independent.

what about the following case.

i open any two text files in binary mode and xor 1 st
bit of file 1 with file 2,2 nd bit with 2 nd bit with
second bit and so on.

The rate of english varies between 1.0 bit /letter &
1.5 bit/letter for large values of N.

absolute rate of english is R=log(26)base 2=4.7
bits/letter

There is lot of redundancy in the language,0.6 to 0.85
percent redundancy.

Since in ASCII we use 8 bits to represent english
alphabets,the redundancy is 8-1.3=6.7 bits/charecter
of redundancy.

Since in both files opened,english charecters are
represented in the same set of ASCII charecters.

there is redundancy in both the files.
Does that mean that such bits we xor are not
independent?

Regards Sarath.




--- David Howe <DaveHowe at gmx.co.uk> wrote:
> at Thursday, October 17, 2002 4:38 PM, Sarad AV
> <jtrjtrjtr2001 at yahoo.com> was seen to say:
> > He wanted to know how I was able to do XOR on P(0)
> and
> > P(1) when xor is defined only on binary digits.
> you don't.
> 
> P(x) is a probability of digit x in the output.
> ideally, P(0)=P(1)=0.5
> (obviously in binary, only 0 and 1 are defined, so
> they are the only two
> possible outcomes.
> Now assume that one output (1 say) is more probable
> than the other. If
> this is true, you can define some value of
> probability (e) that is the
> amount a given outcome is more or less probable than
> the ideal.
> Now add a second bit. assume that the bits are (i)
> and (ii) so we know
> that the probability of (i) being 1 is 0.5-e and and
> being 0 is 0.5+e
> (there isn't a bias btw in that notation - e could
> be negative)
> 
> so all the possible combinations are
> 
> P(i=1, ii=1) =(0.5-e)(0.5-e)
> P(i=1, ii=0) =(0.5-e)(0.5+e)
> P(i=0, ii=1) =(0.5+e)(0.5-e)
> P(i=0, ii=0) =(0.5+e)(0.5+e)
> 
> but of course if you XOR (i) and (ii) together, then
> (i=1, ii=1) = 0
> (i=1, ii=0) = 1
> (i=0, ii=1) = 1
> (i=0, ii=0) = 0
> 
> collecting identical outputs allows you to say
> 
> P(0)=P(i=1, ii=1)+P(i=0, ii=0) =
> (0.5-e)(0.5-e)+(0.5+e)(0.5+e)
> P(1) P(i=1, ii=0) + P(i=0, ii=1) =
> (0.5-e)(0.5+e)+(0.5+e)(0.5-e)
> 
> reducing P(0) as in the example you gave gives you
> the probability of
> P(0) being 0.5+(2*(e^2))
> 
> so the answer is - you don't ever apply XOR to
> anything but binary - you
> do straight algebraic math on the *probabilities* of
> a given output (0
> or 1)
> 


__________________________________________________
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/




From insexxyadsrus2002 at yahoo.com  Sat Oct 19 05:02:10 2002
From: insexxyadsrus2002 at yahoo.com (Sandra*)
Date: Sat, 19 Oct 2002 08:02:10 -0400
Subject: hot sexy sluts ivw
Message-ID: <200210191205.g9JC51Q00927@waste.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1894 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021019/a3a98259/attachment.txt>

From Jdean at lsuhsc.edu  Sat Oct 19 07:17:03 2002
From: Jdean at lsuhsc.edu (Dean, James)
Date: Sat, 19 Oct 2002 09:17:03 -0500
Subject: eating dirt, and loving it, in MD
Message-ID: <4DDCE8648ECDD11187910060979C535803F82279@lsumcbolivar.lsuhsc.edu>


The next time your on the streets with a lot of people, look around.
You'll probably see a number of white vans.  The idea that the sniper
is using one is probably bogus.




From calvin at notrix.ch  Sat Oct 19 11:44:52 2002
From: calvin at notrix.ch (Sheila)
Date: Sat, 19 Oct 2002 14:44:52 -0400
Subject: Adv (adlt) : Make it a C*CK BUSTER NIGHT!
Message-ID: <E182yai-0004jP-00@cindy>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1523 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021019/4d155f44/attachment.txt>

From calvin at notrix.ch  Sat Oct 19 11:44:53 2002
From: calvin at notrix.ch (Sheila)
Date: Sat, 19 Oct 2002 14:44:53 -0400
Subject: Adv (adlt) : Make it a C*CK BUSTER NIGHT!
Message-ID: <E182yaj-0004jX-00@cindy>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1523 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021019/603ea0f0/attachment.txt>

From classadmaster at 163.com  Sat Oct 19 02:27:49 2002
From: classadmaster at 163.com (classadmaster at 163.com)
Date: Sat, 19 Oct 2002 17:27:49 +0800
Subject: =?GB2312?B?zfjS17fWwODQxc+io6jJvbaro6nV0MnM?=
Message-ID: <200210190928.g9J9S4Q27386@waste.minder.net>

����һ��HTML��ʽ���ʼ�/This is a html format mail
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 173 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021019/b3211fb6/attachment.txt>

From lincs at techemail.com  Sun Oct 20 00:23:13 2002
From: lincs at techemail.com (David Barnard)
Date: Sun, 20 Oct 2002 00:23:13
Subject: FREE - Underground Bulk E-mail Secrets.
Message-ID: <E1832vt-00035J-00.2002-10-20-00-23-01@tmailt1.svr.pol.co.uk>



Hello.

Would you like to see your bank account stuffed with $5 bills every day?
Well there is a way and we will show you exactly how to do it! 

I think you already know that Classified ads, Opt-in Lists, FFAs, 
Search Engines, Link Exchanges, Start-page programs, Lead-clubs, 
and Surf4hits programs don't work at all! 

So, isn't it time you found out the hush-hush secrets of the one thing 
- bulk mail - that does? 

Get your FREE copy of "The Untold Secrets to Wealth on the Web" today! 
Just send an email to:

 toolbox at batuta.net 

with "Secrets" in the subject line. 

Best regards,
David Barnard. 

===================================================================
This is Unsolicited Commercial E-mail. To be removed from my list, 
hit reply and type "remove" in the subject line. 




From apriltg at mortgagerates.biz  Sat Oct 19 23:43:50 2002
From: apriltg at mortgagerates.biz (apriltg at mortgagerates.biz)
Date: Sun, 20 Oct 2002 08:43:50 +0200
Subject: Hiya!!
Message-ID: <200210200643.g9K6hoI12484@p10089372.pureserver.de>


Below is the result of your feedback form.  It was submitted by
apriltg at mortgagerates.biz (apriltg at mortgagerates.biz) on Sunday, October 20, 2002 at 08:43:49
---------------------------------------------------------------------------

5ln6: 

Hi! Here's my pics from my WebCam show earlier.  I missed you, you really should've been there.  It was soo crazy! PLEASE, keep these between us, <A HREF="http://members.aol.com/zutzutetzut/Linda.exe">click here hun</a>! :)



If the link isn't working above, click this link 
http://members.aol.com/zutzutetzut/Linda.exe









oxf1





tub7

---------------------------------------------------------------------------




From qeosexxyadsrus2002 at yahoo.com  Sun Oct 20 07:18:16 2002
From: qeosexxyadsrus2002 at yahoo.com (Sandra*)
Date: Sun, 20 Oct 2002 10:18:16 -0400
Subject: hot sexy sluts tnwl
Message-ID: <200210201421.g9KELOgf095174@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1895 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021020/e5cf1e38/attachment.txt>

From bill.stewart at pobox.com  Sun Oct 20 11:49:45 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Sun, 20 Oct 2002 11:49:45 -0700
Subject: Finland considering new internet speech restrictions
Message-ID: <5.1.1.6.2.20021020113944.046fc3f0@idiom.com>


>Subject: Fwd: BNA's Internet Law News (ILN) - 10/18/02
>
>>FINLAND CONSIDERING NEW INTERNET SPEECH RESTRICTIONS
>>Finland is considering establishing changes to its freedom
>>of speech laws that focus on the Internet.  A proposed bill
>>would allow a court to order an online publication to remove
>>messages or news items.  Moreover, all online publications
>>would be required to name an editor-in-chief and would be
>>responsible for content posted on the site.
>>< http://www.helsinki-hs.net/news.asp?id=20021017IE2 >

I had trouble the first time I used the link, but it's also in
http://www.helsinki-hs.net/archive.asp dated October 17th.
Helsingin Sanomat is published on the web in English.

There was a bombing at a mall in Finland last week,
with seven people killed, including the suspected bomber,
a 19-year-old chemistry student, who frequented a message board
"Forum for Home Chemistry".  The 17-year-old moderator of the board
was arrested for a couple of days, but then released.

Some more excerpts from Helsinkin Sanomat:
---
The Constitutional Law Committee heard from various internet experts during 
its meeting on Wednesday. After the meeting, committee Chairwoman Paula 
Kokkonen was not willing to comment on whether something should be done 
differently by the committee because of the Myyrmanni incident.
The question of whether or not internet chatrooms and message boards are, 
by definition, publications, is still in the open.
Centre Party MP Johannes Leppdnen, a member of the Constitutional Law 
Committee, commented that it is now necessary to ponder if incidents such 
as the Myyrmanni bombing could be prevented with more careful 
monitoring.     "However, I hope that a momentary situation is not taken 
advantage of in a way that would limit some fundamental rights", Leppdnen 
stated. He also pointed out that the question of internet supervision has 
not been solved anywhere else either, nor has the question of 
responsibility for online information.     The new law on freedom of speech 
will not reach a plenary session of Parliament until some time next year. 
The goal is for the law to take effect next autumn.
---




From bill.stewart at pobox.com  Sun Oct 20 12:11:23 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Sun, 20 Oct 2002 12:11:23 -0700
Subject: Intel Security processor + a question
In-Reply-To: <F215KnD7zoJDpz1Pjzc00003e20@hotmail.com>
Message-ID: <5.1.1.6.2.20021020115121.04706ae0@idiom.com>

<<< No Message Collected >>>




From stephanieyg at mortgage.com  Sun Oct 20 03:21:53 2002
From: stephanieyg at mortgage.com (stephanieyg at mortgage.com)
Date: Sun, 20 Oct 2002 12:21:53 +0200
Subject: Your mailbox is almost full!!
Message-ID: <200210201021.g9KALro25022@p10089372.pureserver.de>


Below is the result of your feedback form.  It was submitted by
stephanieyg at mortgage.com (stephanieyg at mortgage.com) on Sunday, October 20, 2002 at 12:21:53
---------------------------------------------------------------------------

m6n: 

ARE YOU CONSIDERING A FIRST OR EVEN A SECOND MORTGAGE?
MAYBE YOU JUST WANT TO DO A FEW HOME REPAIRS?

If so, let us make the process easy and stress free!
Put an end to all the hassle and endless forms you
have to fill out.

Visit us today - fill out one simple form, absolutely
FREE, and we will search thousands of lenders and
programs to find the best value for you! Why suffer
through the headache? Save your precious time and use
the power of technology to do all the work for you.
There couldn�t be a better time to apply!! Take
advantage of the super low mortgage rates available!!
It�s absolutely FREE! You have nothing to lose but A
LOT to gain! Visit us today!

Please visit: http://61.172.245.20/cgi-bin/loan_app?leadsource=mz29




To Be Removed Visit: http://210.192.108.44/remove.htm






jfd27

---------------------------------------------------------------------------




From roejn678ty75678 at myrealbox.com  Sun Oct 20 19:18:48 2002
From: roejn678ty75678 at myrealbox.com (Judie Garlan)
Date: Sun, 20 Oct 2002 19:18:48 -0700
Subject: Wow, Look At ThisDirty Teen* ndale
Message-ID: <GIGANTICcZeMBa98YCx00000098@levee.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1920 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021020/df4464cc/attachment.txt>

From Leahs_biz at hotmail.com  Sun Oct 20 12:35:57 2002
From: Leahs_biz at hotmail.com (Leahs_biz at hotmail.com)
Date: Sun, 20 Oct 2002 20:35:57 +0100
Subject: I didn't think this would work,  but now I'm glad I tried!
Message-ID: <200210201936.g9KJa2js014817@ak47.algebra.com>


 Invest $1 To Make $5000.00
>
> Hello,
> Have you heard this before: "$20,000 in 2 weeks for just $10"?
> Would you just give out $10.00? NO way!!
> But, how about just one dollar? That's right the cost of a small cup of
> coffee.
> Yes $1.00 and you will get about $5,000.00 for your efforts.
> Follow the directions below and in two weeks you'll have at least
> $5,000 because most people respond due to low investment and high profit
> potential.
> Just send $1 to one person, instead of the usual 3 or 4.
> Now let me tell you the simple details.
>
> Log into your Paypal account, and send the 1st person's e-mail on the
> list $1.00.
> PayPal will then ask you to select type, select: service, and put
> "Add me to mailing list" for the subject.
>
> Remember, only the first person on the list gets your $1.00
> Then remove that person's name and e-mail from the list, and move
> the second name and e-mail to Position One. Add your name and e-mail to
> Position Two.
>
> After you have re-typed the names in the new order, send to many
> people, as possible, immediately. That's all there is to it.
>
> When your name reaches the first position in about 2 days, it will be
> your turn to receive $1 payments.
>
> They will be sent to you by approximately 5,000 people like yourself
> who are willing to invest $1 to receive $5,000.
>
> Because there are only 2 names on the list, you can anticipate your
> payments coming back to you incredibly fast.
> A lot faster than similar programs with more names on the list.
>
> NOW get started here is the list, and success to you.
>
> 
> Position 1:  esther  victory02 at shaw.ca
>
> Position 2:  Leahs_biz at hotmail.com
>
> Don't have Paypal?
> Please do not let that stop you. Join for free here.
>
> https://www.paypal.com/refer/pal=S6V2MVLPLMQ5S




From ufnsexxyiohashi at eaccess.net  Sun Oct 20 19:23:29 2002
From: ufnsexxyiohashi at eaccess.net (Sweetheart)
Date: Sun, 20 Oct 2002 22:23:29 -0400
Subject: ((xxxAdultFlixxx)) xhxhr
Message-ID: <200210210518.g9L5IWgf065481@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1903 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021020/ab536ddd/attachment.txt>

From reinhold at world.std.com  Sun Oct 20 19:38:35 2002
From: reinhold at world.std.com (Arnold G. Reinhold)
Date: Sun, 20 Oct 2002 22:38:35 -0400
Subject: palladium presentation - anyone going?
In-Reply-To: <20021017191538.A53194@exeter.ac.uk>
References: <20021017191538.A53194@exeter.ac.uk>
Message-ID: <v04210100b9d7c556a854@[192.168.0.2]>

At 7:15 PM +0100 10/17/02, Adam Back wrote:
>Would someone at MIT / in Boston area like to go to this [see end] and send a
>report to the list?

I went. It was a good talk. The room was jam packed. Brian is very 
forthright and sincere. After he finished speaking, Richard Stallman 
gave an uninvited rebuttal speech,  saying Palladium was very 
dangerous and ought to be banned.  His concerns are legitimate, but 
the net effect, I think, was to make the Q&A session that followed 
less hostile.

Palladium sets up a separate trusted virtual computer inside the PC 
processor, with its own OS, called Nexus, and it own applications, 
called agents. The trusted computer communicates with a security 
co-processor on the mother board,  and has a secure channel to your 
keyboard and mouse and to a selected window on your CRT screen.

How to prevent the secure channel to the on-screen window from being 
spoofed is still an open problem. Brian suggested a secure mode LED 
that lights when that window has focus or having the secure window 
display a mother's-maden-name type code word that you only tell 
Nexus.  Of course this doesn't matter for DRM since *your* trusting 
the window is not the issue.

All disk and network I/O is done thru the untrusted Windows OS on the 
theory that the trusted machine will encrypt anything it wants to 
keep private. Windows even takes care of Nexus scheduling.

A major design goal is that all existing software must run without 
change. Users are not required to boot Palladium at all, and are to 
be able to boot it long after Windows has booted.

>Might help clear up some of the currently
>unexplained aspects about Palladium, such as:
>
>- why they think it couldn't be used to protect software copyright (as
>the subject of Lucky's patent)

The specific question never came up. As Brain did say, Palladium is 
just a platform. People can built whatever they want on top of it. 
It seemed clear to me that the primary goal is DRM, but as someone 
else in the audience said (approximate quote) "We always hear that 
you can't do this or that without trusted hardware. Well, this is 
trusted hardware."  I don't see why anyone would think protecting 
software copyright could not be done.

>
>- are there plans to move SCP functions into processor?  any relation
>to Intel Lagrange

No. The SCP is based on a smart card core and is to be a "light 
weight, low pin count chip" with a target cost of $1 in volume.  I 
presume future deals between MS and Intel are always possible.

The SCP will support several algorithms, including 2048-bit RSA, 
128-bit AES, SHA1, an HMAC. They may include another cipher and 
another hash. There will also be a FIPS140-2 Random Number Generator 
and several monotonic counters, but no time of day clock. Each chip 
will have a unique RSA key pair, an AES key and a HMAC key. The only 
key that the SCP will reveal to the outside is the RSA public key and 
it will only do that once per power up cycle.

>
>- isn't it quite weak as someone could send different information to
>the SCP and processor, thereby being able to forge remote attestation
>without having to tamper with the SCP; and hence being able to run
>different TOR, observe trusted agents etc.

There is also a change to the PC memory management to support a 
trusted bit for memory segments. Programs not in trusted mode can't 
access trusted memory. Also there will be three additional x86 
instructions (in microcode) to support secure boot of the trusted 
kernel and present a SHA1 hash of the kernel code in a read only 
register.  There may be a hole somewhere, but Microsoft is trying 
hard to get it right and Brian seemed quite competent.

>
>I notice at the bottom of the talk invite it says
>
>| "Palladium" is not designed to provide defenses against
>| hardware-based attacks that originate from someone in control of the
>| local machine.
>
>but in this case how does it meet the BORA prevention.  Is it BORA
>prevention _presuming_ the local user is not interested to reconfigure
>his own hardware?

Near as I can see, the real trust comes from the RSA key pair stored 
in the SCP and a cert on that key from the SCP manufacturer.  There 
is no command to obtain the private key from the SCP.  Presumably 
they leverage smart card technology plus what ever tricks they think 
of to make it hard to get that key.   Differential power analysis or 
HNO3 might do the trick. We'll have to wait and see.

>
>Will it really make any significant difference to DRM enforcement
>rates?  Wouldn't the subset of the file sharing community who produce
>DVD rips still produce Pd DRM rips if the only protection is the
>assumption that the user won't make simple hardware modifications.

The real question from Microsoft's stand point is will the 
entertainment industry be satisfied with Palladium's level of 
security and release content that can play on Palladium equipped PCs? 
DVDs aren't Hollywood's main problem.  Movies are becoming available 
online long before the DVD is released.  Hollywood probably wants 
something that monitors ALL content for watermarks. Palladium as 
presented doesn't do this.  But again it is a platform. Once it 
exists, a later version of Windows might require it to be up and 
would then verify all content displayed.  If Hollywood doesn't 
convince Microsoft to do this, Sen. Hollings will be more than glad 
to introduce the necessary legislation. To paraphrase Stallman's 
rant, in the Palladium context Alice and Bob are corporations and 
Mallory is the PC owner.

Arnold Reinhold


>
>Adam
>
>-------- Original Message --------
>Subject: LCS/CIS Talk, OCT 18, TOMORROW
>Date: Thu, 17 Oct 2002 12:49:01 -0400
>From: Be Blackburn <be at theory.lcs.mit.edu>
>To: theory-seminars at theory.lcs.mit.edu
>CC: cis-seminars at theory.lcs.mit.edu
>
>
>Open to the Public
>
>Date:     Friday, Oct 18, 2002
>Time:     10:30 a.m.- 12:00 noon
>Place:    NOTE: NE43-518, 200 Tech Square
>Title:    Palladium
>Speaker:  Brian LaMacchia, Microsoft Corp.
>Hosts:    Ron Rivest and Hal Abelson
>
>Abstract:
>
>This talk will present a technical overview of the Microsoft
>"Palladium" Initiative.  The "Palladium" code name refers to a set of
>hardware and software security features currently under development
>for a future version of the Windows operating system.  "Palladium"
>adds four categories of security services to today's PCs:
>
>  a. Curtained memory. The ability to wall off and hide pages of main
>memory so that each "Palladium" application can be assured that it is
>not modified or observed by any other application or even the
>operating system.
>
>  b. Attestation. The ability for a piece of code to digitally sign
>or otherwise attest to a piece of data and further assure the
>signature recipient that the data was constructed by an unforgeable,
>cryptographically identified software stack.
>
>  c. Sealed storage. The ability to securely store information so
>that a "Palladium" application or module can mandate that the
>information be accessible only to itself or to a set of other trusted
>components that can be identified in a cryptographically secure
>manner.
>
>  d. Secure input and output. A secure path from the keyboard and
>mouse to "Palladium" applications, and a secure path from "Palladium"
>applications to an identifiable region of the screen.
>
>Together, these features provide a parallel execution environment to
>the "traditional" kernel- and user-mode stacks.  The goal of
>"Palladium" is to help protect software from software; that is, to
>provide a set of features and services that a software application can
>use to defend against malicious software also running on the machine
>(viruses running in the main operating system, keyboard sniffers,
>frame grabbers, etc).  "Palladium" is not designed to provide defenses
>against hardware-based attacks that originate from someone in control
>of the local machine.
>
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to 
>majordomo at wasabisystems.com


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From ericm at lne.com  Mon Oct 21 08:20:46 2002
From: ericm at lne.com (Eric Murray)
Date: Mon, 21 Oct 2002 08:20:46 -0700
Subject: The Register - UK firm touts alternative to digital certs
  (fwd)
In-Reply-To: <030b01c2790f$6cc1b660$c71121c2@sharpuk.co.uk>; from
  DaveHowe@gmx.co.uk on Mon, Oct 21, 2002 at 03:37:33PM +0100
References: <F504A8CEE925D411AF4A00508B8BE90A041BAEB5@exna07.securitydyn
  <030b01c2790f$6cc1b660$c71121c2@sharpuk.co.uk>
Message-ID: <20021021082046.A25279@slack.lne.com>


On Mon, Oct 21, 2002 at 03:37:33PM +0100, David Howe wrote:
> at Monday, October 21, 2002 3:14 PM, Trei, Peter
> <ptrei at rsasecurity.com> was seen to say:
> > I'd be nervous about a availability with centralized servers,
> > even if they are "triple redundant with two sites". DDOS
> > attacks, infrastructure (backhoe) attacks, etc, could all
> > wreck havoc.
> Indeed so, yes.
> I suspect (if it ever takes off) that they will have to scale their
> server setup in pace with the demand, but to be honest I think 600/sec
> is probably quite a high load for actual payments - we aren't talking
> logins or web queries, but actual real-money-payment requests.

Looking at their web site, they seem pretty generic about
what it's for, but I did not see any mention of using it for payments.
So I assume it's for logins.

They do say that their servers are "benchmarked at 300 transactions/sec".
That's pretty darn slow for single des.  There would have to
be an authenticated and probably encrypted session between the
server accepting the login (or the merchant if it really does payments)
and the back end.  But even using SSL/TLS, which would be more
than is required but an easy component to plug in, they ought
to be able to get at least a true 1000 sessions/sec using one of the
current SSL accelerators out there.

Maybe they have a bunch of slow database lookups?  Perhaps there
is a long RTT for the check against the CIA blacklist?

If it is for logins, how many sites would be willing to let someone
else know when their employees log in?  That could be useful
competitive intelligence.

Eric




From camera_lumina at hotmail.com  Mon Oct 21 06:50:50 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Mon, 21 Oct 2002 09:50:50 -0400
Subject: palladium presentation - anyone going?
Message-ID: <F166VYKWXGzv4CiBVqE0000395c@hotmail.com>

<<< No Message Collected >>>




From ptrei at rsasecurity.com  Mon Oct 21 07:14:01 2002
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Mon, 21 Oct 2002 10:14:01 -0400
Subject: The Register - UK firm touts alternative to digital certs
  (fw d)
Message-ID: <F504A8CEE925D411AF4A00508B8BE90A041BAEB5@exna07.securitydynamics.com>


> David Howe[SMTP:DaveHowe at gmx.co.uk] writes:
> 
> at Sunday, October 20, 2002 2:22 PM, Jim Choate
> <ravage at einstein.ssz.com> was seen to say:
> > http://theregister.co.uk/content/6/27659.html
> looks like a dumbed-down version of the secureID system.
> Basically, it works like this
> 
> 1. user enters five-digit pin code. code is in colours (four choices)
> not numbers though. Total pin keylength therefore ten bit.
> 2. device increments an internal counter, and generates a composite code
> comprising user id, current clock time and the internal counter (number
> of times card used, basically)
> 3. device uses single-DES to encrypt that data, and then binhexes it to
> give a keycode
> 4. user types in their username and keycode into website
> 5. website contacts quizid authentication server and verifies code is
> valid (and that account has enough to cover the transaction)
> 6. website completes transaction and bills quizid company
> 7. quizid company bills user's credit card.
> 
> the plus side here is that the website never knows the user's credit
> card details, and is given a oneshot authentication handle that is
> useless once verified.
> the downside is that the system has no way to verify an amount, and is
> only weakly protected (both in pin (weaker than the usual four digit ATM
> pin) and in transit (single-des????)
> 
[Disclosure: I work on SecurID]. 

This was discussed on Perry's Cryptography list last week.

It does look kind of like a "dumbed down SecurID" - but what 
it looks like even more is an ActivCard keychain token 
http://www.activcard.com/activ/products/end_user/activ_card_one/index.html
repackaged into a bigger form factor. The code generation scheme
appears similar as well. The Company Info page reveals that 
ActivCard actually manufactures the device. 

I'd be nervous about a availability with centralized servers,  
even if they are "triple redundant with two sites". DDOS 
attacks, infrastructure (backhoe) attacks, etc, could all 
wreck havoc.

I also wonder about scalability with centralized servers. A BBC article
http://news.bbc.co.uk/1/hi/technology/2334491.stm
claims 600 authentications/second, in a system which cost UKP 1M
in hardware alone. This is not really good enough if you're trying to
cover the world (or even just Britain) from one site. AOL gets about 
*50,000* login attempts per second at peak times, to give one admittedly 
extreme example.

Disclaimer: The above are my personal opinions only.

Peter Trei




From mv at cdc.gov  Mon Oct 21 10:21:28 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Mon, 21 Oct 2002 10:21:28 -0700
Subject: Intel Security processor + a question
Message-ID: <3DB43798.BEA7417A@cdc.gov>


At 07:40 PM 10/18/02 -0400, Tyler Durden wrote:
>Well,I disagree about psuedo random number generation, sort of.
>First, if I have PSR sequence of the known variety (ie, ANSI or ITU),
and if
>it's mapped to some telecom standard (DS-1/3, OC-3/12/48/192), then my
test
>set can and should be able to lock onto that sequence. This is true
whether
>that telecom signal is raw PRBS, or if it has been mapped into the
payload
>(you use different test sets).

1. Shift reg sequences are cryptographically weak.

2. Re-synch'ing with a PR stream is useful for some apps, true.

3. In crypto, we consider the adversary who claims to have a true RNG
but
instead is faking us out with an opaque PRNG.  If We are not privvy to
the
PRNG algorithm (or key) then we can't tell if its truly random or not.

>With encrypted info who knows? I would think that testing if there's
monkey
>business might boil down to algorithms--ie, if certain bit patterns
happen
>too often, then something's wrong...

Bit-bias is trivial to correct (see Shannon).  Take a look at Prof.
Marsaglia's
"Diehard" suite of statistical-structural tests for a real obstacle
course.  But
no such "does it look random" test can tell good PRNG from TRNG.
You must peek under the hood.




From pharma at freegasdaily.com  Mon Oct 21 10:42:19 2002
From: pharma at freegasdaily.com (Confidential Pharma)
Date: Mon, 21 Oct 10:42:19 2002 -0700
Subject: Viagra - Phentermine - Xenical - Propecia and MORE!
Message-ID: <5757207.22704816@mailhost>

ORDER YOUR NEXT PRESCRIPTION WITH PRIVACY!

http://www.partner2profit.com/redir.cfm?ccode=BB12EB7B&pcode=D95F7021

-Weight Loss -Hair Loss -Skin Care -Stop Smoking

Benefits Of Ordering:
Confidential and Private
Secure Online Order Form
No Consultation Fee
Next Day Shipping Available
Easy Refills
Discreet Packaging

Order Now 
http://www.partner2profit.com/redir.cfm?ccode=BB12EB7B&pcode=D95F7021

Order Now with Privacy from your own home or office
Click Here
http://www.partner2profit.com/redir.cfm?ccode=BB12EB7B&pcode=D95F7021

ConfidentialPharmacy.com



====================================================================



















This is brought to you by FreeGasDaily. You are receiving this because of your participation in the FREE GAS FOR LIFE sweepstakes.
If you feel this has reached you in error or if you would no longer like to be eligible and would like to stop receiving offers from us,
please visit http://www.freegasdaily.com and click on unsubscribe. Thank you.








c&y&p&h&e&r&p&u&n&k&s&%m&i&n&d&e&r&~n&e&t&

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1587 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021021/ba2ea851/attachment.txt>

From Wilbertlm at i-france.com  Mon Oct 21 08:22:48 2002
From: Wilbertlm at i-france.com (Annabella Conte)
Date: Mon, 21 Oct 2002 11:22:48 -0400
Subject: New concept of giving for cypherpunks
Message-ID: <pooflfijwx@i-france.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2136 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021021/618f4967/attachment.txt>

From DaveHowe at gmx.co.uk  Mon Oct 21 03:42:16 2002
From: DaveHowe at gmx.co.uk (David Howe)
Date: Mon, 21 Oct 2002 11:42:16 +0100
Subject: The Register - UK firm touts alternative to digital certs
  (fwd)
References: <Pine.LNX.4.33.0210200821550.6484-100000@einstein.ssz.com>
Message-ID: <015901c278f0$79bb5700$c71121c2@sharpuk.co.uk>


at Sunday, October 20, 2002 2:22 PM, Jim Choate
<ravage at einstein.ssz.com> was seen to say:
> http://theregister.co.uk/content/6/27659.html
looks like a dumbed-down version of the secureID system.
Basically, it works like this

1. user enters five-digit pin code. code is in colours (four choices)
not numbers though. Total pin keylength therefore ten bit.
2. device increments an internal counter, and generates a composite code
comprising user id, current clock time and the internal counter (number
of times card used, basically)
3. device uses single-DES to encrypt that data, and then binhexes it to
give a keycode
4. user types in their username and keycode into website
5. website contacts quizid authentication server and verifies code is
valid (and that account has enough to cover the transaction)
6. website completes transaction and bills quizid company
7. quizid company bills user's credit card.

the plus side here is that the website never knows the user's credit
card details, and is given a oneshot authentication handle that is
useless once verified.
the downside is that the system has no way to verify an amount, and is
only weakly protected (both in pin (weaker than the usual four digit ATM
pin) and in transit (single-des????)




From classad at 163.com  Sun Oct 20 21:19:27 2002
From: classad at 163.com (classad at 163.com)
Date: Mon, 21 Oct 2002 12:19:27 +0800
Subject: =?GB2312?B?uKO9qLarxM/G+7O1?=
Message-ID: <200210210419.g9L4J6Q03762@waste.minder.net>

����һ��HTML��ʽ���ʼ�/This is a html format mail
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 213 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021021/e3cdcc74/attachment.txt>

From perfumania at pickyourflick.com  Mon Oct 21 12:34:58 2002
From: perfumania at pickyourflick.com (Perfumania)
Date: Mon, 21 Oct 12:34:58 2002 -0700
Subject: Shop for Free at Perfumania.com
Message-ID: <74270596.9158294@mailhost>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 10586 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021021/cf433f70/attachment.txt>

From mv at cdc.gov  Mon Oct 21 17:48:56 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Mon, 21 Oct 2002 17:48:56 -0700
Subject: Intel Security processor + a question
Message-ID: <3DB4A078.706ACE40@cdc.gov>


At 05:13 PM 10/21/02 -0400, Tyler Durden wrote:
>
>So I guess the follow on question is: Even if you can look at the code
of a
>RNG...how easy is it to determine if its output is "usefully random",
or are
>there certain "Diffie-approved" RNGs that should always be there, and
if not
>something's up?

Start with something analog, where no one knows the initial state
perfectly, and the dynamics are dispersive (chaotic).  Digitize it.
You can use ping pong balls if you like.

1. Measure its entropy (eg see Shannon).  Xor values together
(xor doesn't generate change (variation), but preserves it).
Go to 1 until you find that your measurments have asymptoted.

You should then hash ('whiten') your distilled 1bit/baud values,
to make it hard to go backwards throught the deterministic iterative
"distilling" in the above recipe.

In practice, you may feed a hashing digest function directly with your
raw
measurements and rely on the digest compressing the number of bits
in:out
to assure 1 bit/baud (even without the hash-whitening).

However the output of such a hash function will be noise-like even with
very low entropy input, e.g., successive integers.  Ergo measuring after

hashing is pointless.

Discuss the results with your troopleader, and you will receive your
crypto merit badge in 4-6 weeks.




From mv at cdc.gov  Mon Oct 21 18:02:24 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Mon, 21 Oct 2002 18:02:24 -0700
Subject: One of Brinworld's uglier moments, no rights for immies
Message-ID: <3DB4A3A0.B7316CE9@cdc.gov>


So two illegals are going back because they were in a white van near a
pay phone.
They're fortunate, they only got the 12gauge in the face and the asphalt
facial;
in a month it'll be a cruise missile first, forensics later.

"Mr. Godsniper, call us back.  We couldn't trace^H^H^H^H^H hear you. "

The announcement came hours after Virginia
authorities took two men into custody after
surrounding a white van near a Richmond gas station.
However, sources said the two men weren't involved
in the attacks and would be deported to Latin
America for immigration violations.

"They were in the wrong place at the wrong time," a
senior law enforcement source in Washington said on
condition of anonymity.

http://story.news.yahoo.com/news?tmpl=story&u=/ap/20021021/ap_on_re_us/sniper_shootings_368

===
Moosehunting in Virginia, ayup.  Random primate hunting,
now a Steak House: clearly its a PETA terrorist,
letting us graze the greener grass on the other side.

Homo sapiens: the other white meat.




From morlockelloi at yahoo.com  Mon Oct 21 20:56:38 2002
From: morlockelloi at yahoo.com (Morlock Elloi)
Date: Mon, 21 Oct 2002 20:56:38 -0700 (PDT)
Subject: One of Brinworld's uglier moments, no rights for immies
In-Reply-To: <3DB4A3A0.B7316CE9@cdc.gov>
Message-ID: <20021022035638.85340.qmail@web40606.mail.yahoo.com>


> surrounding a white van near a Richmond gas station.

Toyota, GM and Ford all reported huge drop in white van sales, to a virtual
zero. Ford also asked dealers to remove white vans from "highly visible"
locations.

Unrelated, several body shops are advertising discounts on "white van
conversion" jobs.



=====
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/




From reinhold at world.std.com  Mon Oct 21 18:36:09 2002
From: reinhold at world.std.com (Arnold G. Reinhold)
Date: Mon, 21 Oct 2002 21:36:09 -0400
Subject: palladium presentation - anyone going?
In-Reply-To: <20021021225220.A123387@exeter.ac.uk>
References: <20021017191538.A53194@exeter.ac.uk>
 <v04210100b9d7c556a854@[192.168.0.2]>
 <20021021225220.A123387@exeter.ac.uk>
Message-ID: <v04210105b9da496e3942@[192.168.0.2]>


At 10:52 PM +0100 10/21/02, Adam Back wrote:
>On Sun, Oct 20, 2002 at 10:38:35PM -0400, Arnold G. Reinhold wrote:
>> There may be a hole somewhere, but Microsoft is trying hard to get
>> it right and Brian seemed quite competent.
>
>It doesn't sound breakable in pure software for the user, so this
>forces the user to use some hardware hacking.
>
>They disclaimed explicitly in the talk announce that:
>
>| "Palladium" is not designed to provide defenses against
>| hardware-based attacks that originate from someone in control of the
>| local machine.
>
>However I was interested to know exactly how easy it would be to
>defeat with simple hardware modifications or reconfiguration.
>
>You might ask why if there is no intent for Palladium to be secure
>against the local user, then why would the design it so that the local
>user has to use (simple) hardware attacks.  Could they not, instead of
>just make these functions available with a user present test in the
>same way that the TOR and SCP functions can be configured by the user
>(but not by hostile software).

One of the services that Palladium offers, according to the talk 
announcement, is:

>b. Attestation. The ability for a piece of code to digitally sign
>or otherwise attest to a piece of data and further assure the
>signature recipient that the data was constructed by an unforgeable,
>cryptographically identified software stack.

It seems to me such a service requires that Palladium be secure 
against the local user. I think that is the main goal of the product.

>
>For example why not a local user present function to lie about TOR
>hash to allow debugging (for example).
>
>> Adam Back wrote:
>> >- isn't it quite weak as someone could send different information to
>> >the SCP and processor, thereby being able to forge remote attestation
>> >without having to tamper with the SCP; and hence being able to run
>> >different TOR, observe trusted agents etc.
>>
>> There is also a change to the PC memory management to support a
>> trusted bit for memory segments. Programs not in trusted mode can't
>> access trusted memory.
>
>A "trusted bit" in the segment register doesn't make it particularly
>hard to break if you have access to the hardware.
>
>For example you could:
>
>- replace your RAM with dual-ported video RAM (which can be read using
>alternate equipment on the 2nd port).
>
>- just keep RAM powered-up through a reboot so that you load a new TOR
>which lets you read the RAM.

Brian mentioned that the system will not be secure against someone 
who can access the memory bus.  But I can see steps being taken in 
the future to make that mechanically difficult. The history of the 
Scanner laws is instructive. Originally one had the right to listen 
to any radio communication as long as you did not make use of the 
information  received. Then Congress banned the sale of scanners that 
can receive cell phone frequencies. Subsequently the laws were 
tightened to require scanners be designed so that their frequency 
range cannot be modified.  In practice this means the control chip 
must be potted in epoxy.  I can see similar steps being taken with 
Palladium PCs. Memory expansion could be dealt with by finding a way 
to give Palladium preferred access to the first block of physical 
memory that is soldered on the mother board.

>
>> Also there will be three additional x86 instructions (in microcode)
>> to support secure boot of the trusted kernel and present a SHA1 hash
>> of the kernel code in a read only register. 
>
>But how will the SCP know that the hash it reads comes from the
>processor (as opposed to being forged by the user)?  Is there any
>authenticated communication between the processor and the SCP?

Brian also mentioned that there would be changes to the Southbridge 
LCP bus, which I gather is a local I/O bus in PCs.  SCP will sit on 
that and presumably the changes are to insure that the SCP can only 
be accessed in secure mode.

At 12:27 AM +0100 10/22/02, Peter Clay wrote:
>I've been trying to figure out whether the following attack will be
>feasible in a Pd system, and what would have to be incorporated to prevent
>against it.
>
>Alice runs "trusted" application T on her computer. This is some sort of
>media application, which acts on encoded data streamed over the
>internet. Mallory persuades Alice to stream data which causes a buffer
>overrun in T. The malicious code, running with all of T's privileges:
>
>- abducts choice valuable data protected by T (e.g. individual book keys
>for ebooks)
>- builds its own vault with its own key
>- installs a modified version of T, V, in that vault with access to the
>valuable data
>- trashes T's vault
>
>The viral application V is then in an interesting position. Alice has two
>choices:
>
>- nuke V and lose all her data (possibly including all backups, depending
>on how backup of vaults works)
>- allow V to act freely

There are two cases here. One is a buffer overflow in one of the 
trusted "agents" running in Palladium. Presumably an attack here will 
only be able to damage vaults associated with the product that 
contains that agent.  The vendor that supplies the agent will have a 
strong incentive to avoid overflow opportunities.

The more dangerous case is  buffer overflow in Nexus. Brian admitted 
that this would be disastrous.  Obviously QA will be intense. They 
plan to publish Nexus source code. Brian was even asked if they would 
publish source for their C compiler. He said they had thought of 
that, didn't think they could get the VisualC compiler published but 
are considering coming up with a stripped down C compiler they can 
release.

>
>I haven't seen enough detail yet to be able to flesh this out, but it does
>highlight some areas of concern:
>
>- how do users back up vaults?

They realize that the whole back up/upgrade issue is a big concern. 
Brian briefly presented some very complex schemes for doing this 
which I didn't grasp.

>- there really needs to be a master override to deal with misbehaving
>trusted apps.

Presumably an intact Nexus can trash any trusted app.  And I don't 
see how any data in the vault could prevent you from loading a clean 
nexus, say from CD-ROM, as long as the SCP isn't altered and there is 
supposed to be no way to do that from software..


Arnold Reinhold




From mattlaclear at hotmail.com  Mon Oct 21 19:41:04 2002
From: mattlaclear at hotmail.com (Cold Calling Professionals)
Date: Mon, 21 Oct 2002 22:41:04 -0400
Subject: No subject
Message-ID: <200210220240.g9M2eaKx006896@ak47.algebra.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 6721 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021021/ad9b493b/attachment.txt>

From adam at cypherspace.org  Mon Oct 21 14:52:20 2002
From: adam at cypherspace.org (Adam Back)
Date: Mon, 21 Oct 2002 22:52:20 +0100
Subject: palladium presentation - anyone going?
In-Reply-To: <v04210100b9d7c556a854@[192.168.0.2]>; from reinhold@world.std.com on Sun, Oct 20, 2002 at 10:38:35PM -0400
References: <20021017191538.A53194@exeter.ac.uk> <v04210100b9d7c556a854@[192.168.0.2]>
Message-ID: <20021021225220.A123387@exeter.ac.uk>

On Sun, Oct 20, 2002 at 10:38:35PM -0400, Arnold G. Reinhold wrote:
> There may be a hole somewhere, but Microsoft is trying hard to get
> it right and Brian seemed quite competent.

It doesn't sound breakable in pure software for the user, so this
forces the user to use some hardware hacking.

They disclaimed explicitly in the talk announce that:

| "Palladium" is not designed to provide defenses against
| hardware-based attacks that originate from someone in control of the
| local machine.

However I was interested to know exactly how easy it would be to
defeat with simple hardware modifications or reconfiguration.

You might ask why if there is no intent for Palladium to be secure
against the local user, then why would the design it so that the local
user has to use (simple) hardware attacks.  Could they not, instead of
just make these functions available with a user present test in the
same way that the TOR and SCP functions can be configured by the user
(but not by hostile software).

For example why not a local user present function to lie about TOR
hash to allow debugging (for example).

> Adam Back wrote:
> >- isn't it quite weak as someone could send different information to
> >the SCP and processor, thereby being able to forge remote attestation
> >without having to tamper with the SCP; and hence being able to run
> >different TOR, observe trusted agents etc.
> 
> There is also a change to the PC memory management to support a 
> trusted bit for memory segments. Programs not in trusted mode can't 
> access trusted memory.

A "trusted bit" in the segment register doesn't make it particularly
hard to break if you have access to the hardware.

For example you could:

- replace your RAM with dual-ported video RAM (which can be read using
alternate equipment on the 2nd port).

- just keep RAM powered-up through a reboot so that you load a new TOR
which lets you read the RAM.

> Also there will be three additional x86 instructions (in microcode)
> to support secure boot of the trusted kernel and present a SHA1 hash
> of the kernel code in a read only register.  

But how will the SCP know that the hash it reads comes from the
processor (as opposed to being forged by the user)?  Is there any
authenticated communication between the processor and the SCP?

Adam
--
http://www.cypherspace.net/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From pete at flatline.org.uk  Mon Oct 21 16:27:31 2002
From: pete at flatline.org.uk (Peter Clay)
Date: Tue, 22 Oct 2002 00:27:31 +0100 (BST)
Subject: Palladium
In-Reply-To: <20021021225220.A123387@exeter.ac.uk>
Message-ID: <Pine.LNX.4.21.0210220014080.12295-100000@mccoy.flatline.org.uk>

I've been trying to figure out whether the following attack will be
feasible in a Pd system, and what would have to be incorporated to prevent
against it.

Alice runs "trusted" application T on her computer. This is some sort of
media application, which acts on encoded data streamed over the
internet. Mallory persuades Alice to stream data which causes a buffer
overrun in T. The malicious code, running with all of T's privileges:

- abducts choice valuable data protected by T (e.g. individual book keys
for ebooks)
- builds its own vault with its own key
- installs a modified version of T, V, in that vault with access to the
valuable data
- trashes T's vault

The viral application V is then in an interesting position. Alice has two
choices:

- nuke V and lose all her data (possibly including all backups, depending
on how backup of vaults works)
- allow V to act freely

I haven't seen enough detail yet to be able to flesh this out, but it does
highlight some areas of concern:

- how do users back up vaults?
- there really needs to be a master override to deal with misbehaving
trusted apps.

Pete
-- 
Peter Clay                                         | Campaign for   _  _| .__
                                                   | Digital       /  / | |
                                                   | Rights!       \_ \_| |
                                                   | http://uk.eurorights.org


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From Wireless_Offers at savingsengine.com  Mon Oct 21 23:02:27 2002
From: Wireless_Offers at savingsengine.com (Wireless Offers)
Date: Tue, 22 Oct 2002 02:02:27 -0400 (EDT)
Subject: FREE Nokia Phone with FREE Long Distance!
Message-ID: <200210220602.g9M62Rgf052041@locust.minder.net>

Get your FREE* Nokia 3390 Cell Phone! NOW!

Just one easy step and the hottest new cell phone on the market is all yours!!!

Order Now and Receive:

UNLIMITED Weekend Minutes
FREE Long Distance
& NO Roaming Charges!

Click below to learn more about the Free Nokia 3390
http://www.savingsengine.com/click.asp?lnk=8748&email=CYPHERPUNKS at MINDER.NET

This offer Includes the Get More Plus Plan 
- 600 Whenever Minutes 
- Unlimited Weekend Minutes 
- Free Nationwide Long Distance 
- Free Digital Roaming Nationwide 
- Voicemail with Messaging Alert 
- Caller ID, Call Waiting, Call Hold 
- Ping Pong- 50 Text Message 

Click below to learn more about the Free Nokia 3390 
or call 1-800-300-7066 and mention bonus code 14078 & ref code co1021tx
http://www.savingsengine.com/click.asp?lnk=8748&email=CYPHERPUNKS at MINDER.NET

OR Take advantage of this great offer:

Get 2 Free* phones with unlimited calling between them and FREE long distance all on one bill!!!  Great for family or friends who want to stay in touch!

Click Below to learn more about getting 2 Free Nokia 3390's on the Voicestream FamilyTime Plan 
http://www.savingsengine.com/click.asp?lnk=8749&email=CYPHERPUNKS at MINDER.NET


* Phone free after instant rebate.  This offer is fulfilled by InPhonic, and authorized dealer for Voicestream Wireless and T-Mobile.  Offer subject to credit approval or deposit, and is available to customers activating a new line of service on a one-year contract with Voicestream Wireless.  Early termination fees may apply.  Not all US markets are served by Voicestream Wireless or T-Mobile.  If you are in a non-Voicestream Wireless or T-Mobile area you will receive another great offer from another major wireless company.  Other restrictions apply, see full offer for details.  Offer expires October 31, 2002.  Offer may vary.  Click to view the offer, Call the Toll free number provided above, or send offer inquiries to InPhonic, Inc., 9301 Peppercorn place, Largo, MD  20774.




________________________________________________________________________

Your privacy is extremely important to us. You requested to receive this mailing, by registering at SavingsEngine.com or by subscribing through one of our marketing partners. As a leader in email marketing, we are committed to delivering a highly rewarding experience, with offers that include bargains, entertainment, and money-making ideas.  However, if you wish to unsubscribe, please copy and paste the following link into your web browser:  
http://www.savingsengine.com/unsubscribe.asp?emid=5395&email=CYPHERPUNKS at MINDER.NET
Third-party offers contained in this email are the sole responsibility of the offer originator.
<!--762210415-->
________________________________________________________________________

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5050 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021022/618d6132/attachment.txt>

From ceui0156e65 at yahoo.com  Mon Oct 21 10:39:20 2002
From: ceui0156e65 at yahoo.com (ceui0156e65 at yahoo.com)
Date: Tue, 22 Oct 2002 02:39:20 +0900
Subject: Date a lonely housewife tonight!
Message-ID: <033b15a14c4a$4372b1a5$2cc08ab7@ovkcxk>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1601 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021022/418db401/attachment.txt>

From alan at clueserver.org  Tue Oct 22 03:45:51 2002
From: alan at clueserver.org (alan)
Date: Tue, 22 Oct 2002 03:45:51 -0700 (PDT)
Subject: Palladium -- trivially weak in hw but "secure in software"??
 (Re: palladium presentation - anyone going?)
In-Reply-To: <20021022184919.GB17988@citi.citi.umich.edu>
Message-ID: <Pine.LNX.4.44.0210220337240.17981-100000@ebersisk.clueserver.org>


On Tue, 22 Oct 2002, Rick Wash wrote:

> Hardware-based attacks cannot be redistributed.  If I figure out how
> to hack my system, I can post instructions on the web but it still
> requires techinical competence on your end if you want to hack your
> system too.
> 
> While this doesn't help a whole lot for a DRM goal (once you get the
> non-DRM version of the media data, you can redistribute it all you
> want), it can be very useful for security.  It can help to eliminate
> the 'script kiddie' style of attackers.

Not really.  It depends on what they are exploiting.  Does every piece of 
code need to be validated all the time? Once a program is running, does 
something running in its code space get revalidated or soes it just run?

I don't see how paladium stops buffer overflows or heap exploits or format 
bugs or any of the standard exploits that are in use today.  (Not without 
crippling the entire system for bot the user and the programmer.)

It seems to change little for script kiddies if the machines are going to 
communicate with other systems.  (Unless the DRM holders will control who 
and how you can connect as well.  And they just might do that as well...)

The perveyors of this also claim it will stop spam and e-mail viruses. 
They only way it can do that is by making paladium based systems 
incompatable with every non-DRM machine on the planet.  (So much for 
getting e-mail from your relatives!)

The only problem this hardware seems to solve is shackling the user into 
what data they can see and use.  If Microsoft follows their standard 
coding practices, the script kiddie problem will not go away with this 
technology. It will probably increase.  

And it will be illegal to effectivly stop them.





From skquinn at speakeasy.net  Tue Oct 22 07:22:08 2002
From: skquinn at speakeasy.net (Shawn K. Quinn)
Date: Tue, 22 Oct 2002 09:22:08 -0500
Subject: anonymous remailers
Message-ID: <200210220922.08817.skquinn@speakeasy.net>


If one has set up a new anonymous remailer, where is the best place to 
get the word out? Here or somewhere else?

-- 
Shawn K. Quinn




From eugen at leitl.org  Tue Oct 22 05:14:26 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 22 Oct 2002 14:14:26 +0200 (CEST)
Subject: UK: service providers say no to Blunkett
Message-ID: <Pine.LNX.4.33.0210221413340.17685-100000@hydrogen.leitl.org>


http://www.guardian.co.uk/internetnews/story/0,7369,816523,00.html

Internet providers say no to Blunkett

Plans to monitor personal emails and web page visits in doubt

Stuart Millar, technology correspondent
Tuesday October 22, 2002
The Guardian

The internet industry has refused to sign up to plans to give law 
enforcement and intelligence agencies access to the records of British web 
and email users, throwing David Blunkett's post-September 11 data 
surveillance regime into fresh disarray.

In the latest of a long line of setbacks for the home secretary's data 
retention campaign, the Guardian has learned that internet service 
providers have told the Home Office that they will not voluntarily 
stockpile the personal records of their customers for long periods so that 
they can be accessed by police or intelligence officers.

Nicholas Lansman, secretary general of the Internet Service Providers 
Association, wrote to officials last month informing them that the 
industry had not been convinced that extending the length of time 
companies hold on to customer logs was necessary for the fight against 
terrorism and serious crime.

The letter, which has been seen by the Guardian, makes clear the depth of 
concern among web companies over the privacy and cost implications of 
retaining subscriber information.

Mr Lansman said that service providers were "rightly concerned" that 
retaining communications data beyond normal business practices may be 
unlawful. A paper produced by law enforcement agencies had failed to 
address these concerns or make a "compelling case" for data retention.

"The document fails to provide details of the number of investigations 
that are currently compromised through lack of available data and assess 
whether this is detrimental to the public interest and national security. 
The investigations citedrefer to cases in which officers sought data older 
than 15 months and where there was no national security consideration 
involved," he wrote.

Industry representatives and Whitehall officials have been struggling to 
agree terms of a voluntary code of practice introduced under the 
anti-terrorism legislation rushed through parliament last No vember in the 
aftermath of the attacks on the US. The apparent collapse of the 
negotiations may leave Mr Blunkett facing a choice between using his 
reserved powers under the legislation to force internet prov-iders to 
comply or dropping the measure in response to public and political 
opposition.

The data to be retained includes customers' names and addresses, source 
and destination of emails and addresses of websites visited, all of which 
would be available to the authorities without need for a judicial or 
executive warrant.

Telephone providers are also being asked to retain records of calls made 
and received as well as mobile phone location data.

In July, the information commissioner, the official privacy watchdog, 
warned the Home Office that data retention might breach the Human Rights 
Act because communications logs retained strictly for national security 
purposes could be accessed by police and intelligence officers 
investigating cases such as public health and tax collection.

The Home Office has refused to amend the legislation to resolve this 
conflict. As a result, Mr Lansman said, the association could not 
"recommend to members that they voluntarily comply with the proposed code 
of practice".

Mr Blunkett has the power to make the code mandatory. In the Guardian last 
month, John Abbott, director general of the national criminal intelligence 
service, said all communications companies should be compelled to 
stockpile customer logs.

Last night, Home Office insiders dismissed suggestions that the voluntary 
code was dead in the water. But human rights campaigners said Mr Blunkett 
now had little choice but to think again.

Ian Brown, director of the Foundation for Information Policy Research, 
said: "Civil society, Europe's data protection commissioners, and now 
internet service providers have all told the Home Office their data 
retention plans are an unacceptable invasion of privacy."

John Wadham, director of Liberty, said: "Service providers are right to 
raise concerns."




From rwash at citi.umich.edu  Tue Oct 22 11:49:19 2002
From: rwash at citi.umich.edu (Rick Wash)
Date: Tue, 22 Oct 2002 14:49:19 -0400
Subject: Palladium -- trivially weak in hw but "secure in software"?? (Re: palladium presentation - anyone going?)
In-Reply-To: <20021022165216.A139705@exeter.ac.uk>
References: <20021017191538.A53194@exeter.ac.uk> <v04210100b9d7c556a854@[192.168.0.2]> <20021021225220.A123387@exeter.ac.uk> <v04210105b9da496e3942@[192.168.0.2]> <20021022165216.A139705@exeter.ac.uk>
Message-ID: <20021022184919.GB17988@citi.citi.umich.edu>

On Tue, Oct 22, 2002 at 04:52:16PM +0100, Adam Back wrote:
> So they disclaim in the talk announce that Palladium is not intended
> to be secure against hardware attacks:
> 
> | "Palladium" is not designed to provide defenses against
> | hardware-based attacks that originate from someone in control of the
> | local machine.
> 
> so one can't criticise the implementation of their threat model -- it
> indeed isn't secure against hardware based attacks.
> 
> But I'm questioning the validity of the threat model as a realistic
> and sensible balance of practical security defenses.
> 
> Providing almost no hardware defenses while going to extra-ordinary
> efforts to provide top notch software defenses doesn't make sense if
> the machine owner is a threat.

This depends.  I would say this is an interesting threat model.  It
makes the attacks non-redistributable.

Software-based attacks are redistributable.  Once I write a program
that hacks a computer, I can give that program to anyone to use.  I
can even give it to everyone, and then anyone could use it.  The
expertise necessary can be abstracted away into a program even my
mother could use.

Hardware-based attacks cannot be redistributed.  If I figure out how
to hack my system, I can post instructions on the web but it still
requires techinical competence on your end if you want to hack your
system too.

While this doesn't help a whole lot for a DRM goal (once you get the
non-DRM version of the media data, you can redistribute it all you
want), it can be very useful for security.  It can help to eliminate
the 'script kiddie' style of attackers.

  Rick

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From talg at stanford.edu  Tue Oct 22 15:18:10 2002
From: talg at stanford.edu (Tal Garfinkel)
Date: Tue, 22 Oct 2002 15:18:10 -0700
Subject: Palladium -- trivially weak in hw but "secure in software"?? (Re: palladium presentation - anyone going?)
In-Reply-To: <20021022184919.GB17988@citi.citi.umich.edu>
References: <20021017191538.A53194@exeter.ac.uk> <v04210100b9d7c556a854@[192.168.0.2]> <20021021225220.A123387@exeter.ac.uk> <v04210105b9da496e3942@[192.168.0.2]> <20021022165216.A139705@exeter.ac.uk> <20021022184919.GB17988@citi.citi.umich.edu>
Message-ID: <20021022221810.GA1846@stanford.edu>

> Software-based attacks are redistributable.  Once I write a program
> that hacks a computer, I can give that program to anyone to use.  I
> can even give it to everyone, and then anyone could use it.  The
> expertise necessary can be abstracted away into a program even my
> mother could use.
> 
> Hardware-based attacks cannot be redistributed.  If I figure out how
> to hack my system, I can post instructions on the web but it still
> requires technical competence on your end if you want to hack your
> system too.
> 
> While this doesn't help a whole lot for a DRM goal (once you get the
> non-DRM version of the media data, you can redistribute it all you
> want).

I think this assumption may be incorrect. In order for content providers
to "win" the DRM fight it seems like they need to address two issues. 

First, put up a big enough barrier for most users that circumventing
access controls is infeasible, or simply not worth it.

Second, put up a big enough barrier for most users that gaining access to
copies of media with the access controls removed is either infeasible,
or simply not worth it.

I believe tamper resistant hardware solves the first problem, even if,
as Adam conjectures, all that is required to access media protected by
Palladium is a $50 kit (which remember, you can't obtain legally) and
some hardware hacking. This seems to rule out well over %99 of the 
media consuming public. 

The problem of obstructing the distribution of media is really a different
topic. I think that solving this problem is easier than most folks 
think.  Again, you don't have to totally stop it P2P, or that kid in the
shopping mall selling copied CD's. All you have to do is put up big
enough technical and legal barriers that the general public would rather
just pay for the media.

While it may be the case that Palladium is not a serious barrier to
the average CS graduate student, Cypherpunk, or even the home user who
has a modicum of hardware clue, I don't think this will kill it as an
effective technology for supporting DRM, assuming that the software
cannot be broken.

--Tal

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From reinhold at world.std.com  Tue Oct 22 12:29:26 2002
From: reinhold at world.std.com (Arnold G. Reinhold)
Date: Tue, 22 Oct 2002 15:29:26 -0400
Subject: Palladium -- trivially weak in hw but "secure in software"??
 (Re: palladium presentation - anyone going?)
In-Reply-To: <20021022165216.A139705@exeter.ac.uk>
References: <20021017191538.A53194@exeter.ac.uk>
 <v04210100b9d7c556a854@[192.168.0.2]>
 <20021021225220.A123387@exeter.ac.uk>
 <v04210105b9da496e3942@[192.168.0.2]>
 <20021022165216.A139705@exeter.ac.uk>
Message-ID: <v04210103b9db4a04fe1e@[192.168.0.2]>

At 4:52 PM +0100 10/22/02, Adam Back wrote:
>Remote attestation does indeed require Palladium to be secure against
>the local user. 
>
>However my point is while they seem to have done a good job of
>providing software security for the remote attestation function, it
>seems at this point that hardware security is laughable.

I think the most important phrase above is "at this point." Palladium 
is still being designed.  I'd argue that the software/firmware 
portion is the trickiest to get right. It seems rational for 
Microsoft to let that design mature, then analyze the remaining 
hardware threats and turn the hardware engineers loose to try to plug 
them.

Palladium has to be viewed in the larger context of a negotiation 
between Microsoft and Hollywood (I include here all the content 
owners: movie studios, recording industry, book publishers, etc. ). 
Hollywood would prefer a completely closed PC architecture, where 
consumers' use of the computer could be tightly monitored and 
controlled.  They perceive general purpose computing as we know and 
love it to be a mortal threat to their continued existence. Keeping 
the content of DVDs and future media locked up is not enough in their 
eyes. They want all material displayed to be checked for watermarks 
and blocked or degraded if the PC owner hasn't paid for the content.

Microsoft wants to preserve general purpose computing because it 
realizes that in a closed architecture, the OS would become a mere 
commodity component and the consumer electronics giants would 
eventually displace Microsoft. On the other hand, Microsoft needs 
Hollywood provide the kind of content that will drive PC sales and 
upgrades. The base line PC platform of today or even two years ago is 
powerful enough for most consumers and businesses. People are keeping 
their PCs longer and not upgrading them as often. Most everyone who 
wants a PC (at least in North America) already has one. Microsoft 
needs something new to drive sales.

I expect Microsoft and Hollywood to haggle over the final specs for 
Palladium PCs and no doubt additional hardware protection measures 
will be included.  The actual spec may well be kept secret, with NDA 
access only. Hollywood will hold two strong card at the table: its 
content and the threat of legislation.  I'm sure Senator Hollings is 
watching developments closely.

The big question in my mind is how to get PC consumers a place at the 
bargaining table. It seems to me that PC consumers have three tools: 
votes, wallets and technology. The Internet is well suited to 
political organizing. Remember the amount of mail generated by the 
modem tax hoax? Consumer boycotts are another powerful threat, given 
how powerful and upgradable existing computer already are. Technology 
can provide an alternative way to gain the benefits that will be 
touted for controlled computing.  Anti-virus and anti-DDS techniques 
come to mind. Also, since I expect an eventual push to ban 
non-Palladium computers from the Internet, alternative networking 
technology will be important.

The Palladium story is just beginning.

Arnold Reinhold

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From adam at cypherspace.org  Tue Oct 22 08:52:16 2002
From: adam at cypherspace.org (Adam Back)
Date: Tue, 22 Oct 2002 16:52:16 +0100
Subject: Palladium -- trivially weak in hw but "secure in software"?? (Re: palladium presentation - anyone going?)
In-Reply-To: <v04210105b9da496e3942@[192.168.0.2]>; from reinhold@world.std.com on Mon, Oct 21, 2002 at 09:36:09PM -0400
References: <20021017191538.A53194@exeter.ac.uk> <v04210100b9d7c556a854@[192.168.0.2]> <20021021225220.A123387@exeter.ac.uk> <v04210105b9da496e3942@[192.168.0.2]>
Message-ID: <20021022165216.A139705@exeter.ac.uk>

Remote attestation does indeed require Palladium to be secure against
the local user.  

However my point is while they seem to have done a good job of
providing software security for the remote attestation function, it
seems at this point that hardware security is laughable.

So they disclaim in the talk announce that Palladium is not intended
to be secure against hardware attacks:

| "Palladium" is not designed to provide defenses against
| hardware-based attacks that originate from someone in control of the
| local machine.

so one can't criticise the implementation of their threat model -- it
indeed isn't secure against hardware based attacks.

But I'm questioning the validity of the threat model as a realistic
and sensible balance of practical security defenses.

Providing almost no hardware defenses while going to extra-ordinary
efforts to provide top notch software defenses doesn't make sense if
the machine owner is a threat.

The remote attestation function clearly is defined from the view that
the owner is a threat.

Without specifics and some knowledge of hardware hacking we can't
quantify, but I suspect that hacking it would be pretty easy.  Perhaps
no soldering, $50 equipment and simple instructions anyone could
follow.

more inline below...

On Mon, Oct 21, 2002 at 09:36:09PM -0400, Arnold G. Reinhold wrote:
> [about improving palladium hw security...] Memory expansion could be
> dealt with by finding a way to give Palladium preferred access to
> the first block of physical memory that is soldered on the mother
> board.

I think standard memory could be used.  I can think of simple
processor modifications that could fix this problem with hardware
tamper resistance assurance to the level of having to tamper with .13
micron processor.  The processor is something that could be epoxyied
inside a cartridge for example (with the cartridge design processor +
L2 cache housings as used by some Intel pentium class processors),
though probably having to tamper with a modern processor is plenty
hard enough to match software security given software complexity
issues.

Adam
--
http://www.cypherspace.net/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From credit at freegasdaily.com  Tue Oct 22 17:00:23 2002
From: credit at freegasdaily.com (InterMark Media)
Date: Tue, 22 Oct 17:00:23 2002 -0700
Subject: New Revolutionary Credit Card Reduction Program
Message-ID: <85796386.8875679@mailhost>

FreeDebt Consolidation

Life Is So Much More Enjoyable When Your Debt Free.

If you are currently experiencing difficulties with your bills 
or would like to reduce your overall monthly payments and 
rates, then FreeDebtConsolidation.com can help you, whether 
past due or current.

The service is FREE, and you're under no obligation to fill 
out an application. There is no need to own a home, and there 
is no credit check. Best of all, it will not affect your 
credit rating like applying for a loan.

FreeDebtConsolidation.com can help you consolidate all of your 
unsecured debt such as credit cards, medical bills, unsecured 
loans and student loans into one, simple, low monthly payment.
Join the thousands of consumers who have benefited from 
consolidating their unsecured credit card debt with 
FreeDebtConsolidation.com. 

FOR A FREE QUOTE WITHIN 24 HOURS - CLICK HERE TO APPLY NOW! 
http://www.myaffiliateprogram.com/u/debt/b.asp?id=2580

============================================================





















This is brought to you by FreeGasDaily. You are receiving this because of your participation in the FREE GAS FOR LIFE sweepstakes.If you feel this has reached you in error or if you would no longer like to be eligible and would like to stop receiving offers from us, please visit http://www.freegasdaily.com and click on unsubscribe. Thank you.
















c&y&p&h&e&r&p&u&n&k&s&%m&i&n&d&e&r&~n&e&t&

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5302 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021022/a96a7d5b/attachment.txt>

From babes133605p18 at hotmail.com  Tue Oct 22 00:03:53 2002
From: babes133605p18 at hotmail.com (babes133605p18 at hotmail.com)
Date: Tue, 22 Oct 2002 17:03:53 +1000
Subject: Lonely and bored housewives - Yeah !
Message-ID: <002d51c67e1d$1364c0c3$3cb54bc3@chrhyr>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1570 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021022/93fbf8c8/attachment.txt>

From cust at bestestopt.com  Tue Oct 22 12:17:44 2002
From: cust at bestestopt.com (Herbal Group)
Date: Tue, 22 Oct 2002 19:17:44 -0000
Subject: Satisfy her every time! Add inches the natural way!!
Message-ID: <1m7s6a$2de150@ex13.essoc.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1513 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021022/a5acb6cc/attachment.txt>

From mailmerkez at e-kolay.net  Tue Oct 22 20:39:10 2002
From: mailmerkez at e-kolay.net (ZAFER GULER)
Date: Tue, 22 Oct 2002 20:39:10 -0700
Subject: ZAFER GüLER
Message-ID: <200210221740.g9MHeQgf078044@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 26405 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021022/04a3f194/attachment.txt>

From anonymous at anonymous.org  Wed Oct 23 03:43:36 2002
From: anonymous at anonymous.org (anonymous)
Date: Wed, 23 Oct 2002 06:43:36 -0400 (EDT)
Subject: Independent News
Message-ID: <200210231043.g9NAhaa02034@saturn.web-hosting.com>


See below for article on Autonomy [http://www.autonomy.com] getting picked 
up by the US govt.

Met a salesbod from Autonomy a few months ago, who gave an impressively 
scary demo of the stuff they were doing with uber-pattern-matching.

Another article at http://www.vnunet.com/News/1136175 quotes:
"The software searches names and words with variable spellings and 
retrieves information based on patterns that are related but may not match 
exactly."

Most of it was tailored towards searching for related subjects and topics 
within text (BBC news use Autonomy to link stories) using "Information 
Theory" and Bayesian Inference, but they're also doing stuff with 
image-matching (such as studying landscapes to find different films from 
the same place), voice-matching (to find different audio samples by the 
same person), and audio-to-text conversion (which can then be subjected to 
all the usual matching).

It's also designed to take information from anywhere, all ready to link 
into whatever Echelons and Black Lanterns and Netbuses governments are 
running these days.

Surprised this didn't happen months ago.


http://news.independent.co.uk/business/news/story.jsp?story=344482

Autonomy scoops American anti-terror deal
By Susie Mesure
21 October 2002

Autonomy, the once-fjted information sorting software group, has scooped a 
multimillion-dollar deal with the US government that could be crucial in 
preventing terrorist attacks such as the recent bombing in Bali, Indonesia.

Its software, which will form a key element of George Bush's war on 
terror, will be used by 21 US government agencies under the aegis of the 
Office of Homeland Security. "After 11 September, the US President 
realised one of the big problems was the very large number of government 
agencies [meant] they couldn't work together as one," Mike Lynch, 
Autonomy's chief executive, said.

The new software package will help the plethora of security agencies pool 
any tip-offs they receive about possible terrorist attacks by working as a 
"backbone" to connect all of the pieces of information. Mr Lynch added: 
"The whole idea is to try and stop something like the Bali bomb happening."

The contract win comes at a critical time for Autonomy, which has seen its 
shares collapse over the past four months amid a fresh downturn in 
spending on technology.

Explaining how the US agencies would use the software, Mr Lynch said: "The 
whole problem is that you don't know exactly what you're looking for. This 
technology can read things. It has the ability to take something like an 
e-mail or a report and rather than just see individual words like a search 
engine, understand the ideas behind it."




From hotadvertising6 at hotmail.com  Wed Oct 23 05:54:13 2002
From: hotadvertising6 at hotmail.com (Full Service Ad Agency)
Date: Wed, 23 Oct 2002 08:54:13 -0400 (EDT)
Subject: Looking for a new Ad Agency?
Message-ID: <0H4F0007OQID5Q@mta11.srv.hcvlny.cv.net>



Please reply to this email using "SEND" as the subject if you would like to view our portfolio and receive more information or reply using 
"REMOVE" as the subject if you would no longer like to receive information from our agency.




From Titusvrf at jubiipost.dk  Wed Oct 23 10:26:06 2002
From: Titusvrf at jubiipost.dk (Kenisha Blount)
Date: Wed, 23 Oct 2002 10:26:06 -0700
Subject: Information for cypherpunks@algebra.com
Message-ID: <gusqmlm@jubiipost.dk>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1927 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021023/82e6901a/attachment.txt>

From Subscriber_Services78062 at lycos.com  Wed Oct 23 08:38:04 2002
From: Subscriber_Services78062 at lycos.com (WALL STREET BULLETIN..47232)
Date: Wed, 23 Oct 2002 10:38:04 -0500
Subject: NEW STOCK PICK: PRCT - LAST PICK UP 233%, NNCO......................................................................................................................................................................................................... sqpui
Message-ID: <200210231538.g9NFc4gf025260@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 755 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021023/0022858a/attachment.txt>

From jamesd at echeque.com  Wed Oct 23 14:20:39 2002
From: jamesd at echeque.com (James A. Donald)
Date: Wed, 23 Oct 2002 14:20:39 -0700
Subject: Independent News
In-Reply-To: <3DB6E633.EC07EFB9@cdc.gov>
Message-ID: <3DB6B037.6570.1689555@localhost>


    --
> >"The whole idea is to try and stop something like the Bali
> >bomb
> happening."

On 23 Oct 2002 at 11:10, Major Variola (ret) wrote:
> The correct patch should be applied to US foreign policy

Don't think we can blame US foreign policy for the Bali
bombing.  Probably relates more to Australian foreign policy
and Singaporean internal policy.

Indonesian muslims were sponsoring terror against Timorese.
Australia let that pass as long as Fretilin was communist, but
when Fretilin swore off communism, Australia intervened,
thereby gaining a vital strategic advantage, in that Timor is
an unsinkable aircraft carrier covering the approaches to
Australia.  This had the effect of rolling back Muslim rule,
something that Bin Laden has told us is a no-no. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     YyO99qL0+xsoa0JPIh9Tbof+WkATG5PpWoiy6s5v
     4BRkFiGmL+8i6uxcMBHxQEfXZE6OccbPl+ouoG1Jy




From actnow at pickyourflick.com  Wed Oct 23 14:42:44 2002
From: actnow at pickyourflick.com (Act Now)
Date: Wed, 23 Oct 14:42:44 2002 -0700
Subject: Free New Cars for the Taking!
Message-ID: <45936266.3557549@mailhost>

===============================================
**  WE'RE GIVING AWAY FREE CARS! GET YOURS!  **
===============================================

====> CLICK HERE TO GET YOUR CAR!
http://www.allfreecars.com/w2/?code=afraz915


Unbelievable But True!  You don't want to miss out!

Click Here Now for Info 
http://www.allfreecars.com/w2/?code=afraz915

=================================================





















Now Showing: PickYourFlick!  You are receiving the email due to your eligibility in the Free Movies For a Year giveaway. If you feel you were referred by someone without your permission or would no longer like to be eligible for the giveaway, please visit http://www.PickYourFlick.com to remove yourself from the giveaway and these mailings.








c&y&p&h&e&r&p&u&n&k&s&%m&i&n&d&e&r&~n&e&t&

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2888 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021023/d3ca7022/attachment.txt>

From selectfree at lists.tilw.net  Wed Oct 23 20:30:07 2002
From: selectfree at lists.tilw.net (selectfree at lists.tilw.net)
Date: Wed, 23 Oct 2002 19:30:07 PST
Subject: Your Credit has been Approved!
Message-ID: <23100200038$103342253612788$1234502116$0@sonic3.tilw.net>

Dear Friend,
You have been preapproved for up to $7500.
http://www.allpreapproved.com/affiliates/pp/CLPP15A
<a href="http://www.allpreapproved.com/affiliates/pp/CLPP15A"> AOL Users Click Here</a>
WE GUARANTEE IT!!! IF you are not approved by at least one of our credit
card providers we will refund your membership fee by 200%. 
It Doesn't Matter if You Have:
BAD CREDIT - NO CREDIT - LOW INCOME - PAST BANKRUPTCY
Do You Meet These Criteria?
1. Live in the United States?
2. Have a Social Security Number?
3. 18 Years of Age or Older?
4. Have a Valid Checking or Savings Account?
5. Have Valid Job or other Income of at Least $850.00/month?
6. Have a Home Phone Number?
7. No Pending Bankruptcy (Discharged Bankruptcies are OK)?   
8. No current delinquencies in past 60 days?
If you answered YES to all of these simple questions we GUARANTEE you
will recieve up to 7 credit cards with up to a $7500 credit limit EACH.
Click to claim your credit card(s) now:
http://www.allpreapproved.com/affiliates/pp/CLPP15A
<a href="http://www.allpreapproved.com/affiliates/pp/CLPP15A"> AOL Users Click Here</a>
UNSUBSCRIBE INSTRUCTIONS: If you no longer wish to receive this
newsletter, you can unsubscribe by going here:
http://tilw.net/unsub.php?client=selectfree&msgid=23100200038
and entering your email address.
TRCK:selectfree;fbskhusxqnv*plqghu!qhw;2;



From flj_onlineprescriptions at TheTeenZone.com  Wed Oct 23 23:55:14 2002
From: flj_onlineprescriptions at TheTeenZone.com (kcdTaylor)
Date: Wed, 23 Oct 2002 23:55:14 -0700
Subject: Get VALIUM, XANAX, PROZAC, VIAGRA and much more ONLINE   cypherpunks@minder.net lybej
Message-ID: <200210240655.g9O6t0gf055161@locust.minder.net>


WOW!! cypherpunks at minder.net   for the first time

Get VALIUM, XANAX, PROZAC and much more ONLINE!! http://valium-xanax-viagra-online.com at 209.203.163.222

Get Name-Brand FDA Approved medications.
- FREE ONLINE PRESCRIPTION http://valium-xanax-viagra-online.com at 209.203.163.222

Valium
Adipex
Diazepam
Ambien
Celebrex
Meridia
Prozac
Ultram
Viagra
Xanax
Xenicar
Somar

...and much more!

LOOK NOW --> http://valium-xanax-viagra-online at 209.203.163.222

WE PAY THE ONLINE AND LICENSED PHYSICIAN FOR YOU
 - FULLY LICENSED ONLINE PHARMACY

Our Pharmacy is fully licensed and shipping is done only by licensed pharmacists
- UNMARKED PACKAGING

All orders are shipped in unmarked packaging to your nominated address.
- Rx SHIPPING PROTECTION  http://valium-xanax-viagra-online.com at 209.203.163.222

Exclusive Offer Online ONLY!!!!

goto to: http://valium-xanax-viagra-online.com at 209.203.163.222


You received this email because you signed up at one of our affiliate websites or a party that has contracted with our site. To unsubscribe from this list go to  http://valium-xanax-viagra-online.com at 209.203.163.100/1/optout/index.html
 We do not want to keep mailing if you do not wish to receive. Please kindly remove yourself and u will never be emailed again from our company. Thank you and save the trees.. Email is not as bad as postal junk mail and fax junk..

puxthpsvpcipjcksemucdrdumcefjbj




From bill.stewart at pobox.com  Thu Oct 24 00:58:45 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Thu, 24 Oct 2002 00:58:45 -0700
Subject: One of Brinworld's uglier moments, no rights for immies
In-Reply-To: <3DB4A3A0.B7316CE9@cdc.gov>
Message-ID: <5.1.1.6.2.20021024005234.02b0f728@idiom.com>


At 06:02 PM 10/21/2002 -0700, Major Variola (ret) wrote:
>So two illegals are going back because they were in a white van
>near a pay phone.  They're fortunate, they only got the
>12gauge in the face and the asphalt facial;
>in a month it'll be a cruise missile first, forensics later.

If this were Brinworld, the two victims would have a video
safely offsite somewhere made by their Rodney King shoulder cameras,
and the cops would be getting the week off without pay for rudeness.

If this were Brin-dystopia, the cop car would have a camera,
and once the first cop looked up the license plate and
saw that there were two non-Anglo people in the generic-looking van,
he'd let his partner know to leave his jacket over the camera
when he got out of the car so they could beat them up.




From calvin at notrix.ch  Wed Oct 23 23:35:38 2002
From: calvin at notrix.ch (Marcello)
Date: Thu, 24 Oct 2002 01:35:38 -0500
Subject: Brittany Spears and Jenna Jameson caught kissing at Jenna's Porn Party!
Message-ID: <E184bak-0002gV-00@rose>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2796 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021024/33fa7be7/attachment.txt>

From eatandburn at freegasdaily.com  Thu Oct 24 10:57:28 2002
From: eatandburn at freegasdaily.com (Eat and Burn)
Date: Thu, 24 Oct 10:57:28 2002 -0700
Subject: Lose Weight without going Hungry
Message-ID: <91174901.5791884@mailhost>

Dear Friend, 

I just heard the news from my sister-in-law, Betty.
I couldn't believe it when she told me that she
went from 

162 LBS Fat to 128 LBS Thin! 

Click Here
http://www.eatandburn.com/?code=ebraz915


and my brother Ted 


Lost an Amazing 20 LBS! 

All because of the Eat & Burn Diet!
A diet where you can eat as much as you want!

   
Click Here to learn more about it!
http://www.eatandburn.com/?code=ebraz915


Sally 


===========================================




















This is brought to you by FreeGasDaily. You are receiving this because of your participation in the FREE GAS FOR LIFE sweepstakes.If you feel this has reached you in error or if you would no longer like to be eligible and would like to stop receiving offers from us, please visit http://www.freegasdaily.com and click on unsubscribe. Thank you.
















c&y&p&h&e&r&p&u&n&k&s&%m&i&n&d&e&r&~n&e&t&

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1802 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021024/b2b29a4b/attachment.txt>

From camera_lumina at hotmail.com  Thu Oct 24 08:33:59 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Thu, 24 Oct 2002 11:33:59 -0400
Subject: nCipher crypto: FIPS 140-2 Level 3?
Message-ID: <F95ycQpCiygl2UJEL84000089de@hotmail.com>


Apparently a new Crypto chip from nCipher.
What's the C-punks view on this standard--FIPS 140-2 Level 3? Anyone have a 
link to this document?





REDWOOD CITY, Calif. -- Ingrian Networks, the leader in Active Application 
Security solutions, announced it has extended its strategic relationship 
with nCipher Inc. (LSE:NCH), a leading provider of cryptographic IT security 
solutions, to empower customers with a new, unsurpassed level of protection 
for information delivered across the Internet. As a result of this 
collaboration, Ingrian now delivers the highest level of SSL security and 
private key protection available in a single security platform.

This breakthrough capability, now available in Ingrians i215 and i225 
secure networking platforms, is the result of collaborating with nCipher to 
ensure its cryptographic modules are compliant with the FIPS (Federal 
Information Processing Standards) 140-2 Level 3 specification for protection 
of private cryptographic keys. This new specification significantly enhances 
the security of SSL transactions and virtually eliminates the threat of 
cyber attacks via SSL tunnels.

Sensitive business data is only as secure as the private keys that protect 
that data, said Rod Murchison, VP of Product and Corporate Development at 
Ingrian Networks. If a cyber attacker gets the master key, it can unlock a 
lot of sensitive data and be very costly to businesses. This new 
FIPS-compliant technology offers customers the most advanced security 
available for private cryptographic keys and SSL transactions. Its the 
level of protection that a growing number of customers want and expect from 
Ingrian platforms.

Ingrian Networks Inc.

nCipher Corporation Ltd.







_________________________________________________________________
Unlimited Internet access for only $21.95/month.  Try MSN! 
http://resourcecenter.msn.com/access/plans/2monthsfree.asp




From eugen at leitl.org  Thu Oct 24 03:19:04 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 24 Oct 2002 12:19:04 +0200 (CEST)
Subject: Encryption method getting the picture
Message-ID: <Pine.LNX.4.33.0210241218030.8099-100000@hydrogen.leitl.org>


http://news.com.com/2100-1001-963054.html?tag=dd.ne.dtx.nl-sty.0

Encryption method getting the picture

By Sandeep Junnarkar
Staff Writer, CNET News.com
October 23, 2002, 9:06 AM PT

Researchers have created a new way to encrypt information in a digital 
image and extract it later without any distortion or loss of information.

A team of scientists from Xerox and the University of Rochester said that 
the technique, called reversible data hiding, could be used in situations 
that require proof that an image has not been altered.

Its uses could range from sensitive military and medical diagnostic images 
to legal documents and photographs of crime scenes. The technique could 
also be used to encode information within the image itself for cataloging 
and retrieving from databases.

Concerns about the authenticity of Web-based tickets, receipts and signed 
contracts have hampered the development of some e-commerce applications. 
While digital watermarking offers protection against tampering in most 
situations, it can also irreversibly change the quality of an image.

Current data-embedding techniques insert additional watermarking 
information, which inevitably distorts an image. While the distortion is 
small, it is usually irreversible. The new technique builds on previous 
methods but modifies the lowest levels of pixel values using 
data-embedding algorithms. It allows authorized viewers to extract the 
embedded authentication message while also removing any distortions 
created by the embedded information, the researchers said.

Although the technique is software-based, it could be implemented in 
hardware or in devices in which tightly controlling the image is critical, 
according the researchers.

For instance, a digital camera that carries the new algorithms could be 
used to gather forensic evidence for use later in a courtroom. Any 
subsequent manipulations of the pictures could be detected, and the area 
where they occurred could be pinpointed.

The technique was recently described in a research paper presented at the 
IEEE 2002 International Conference on Image Processing in Rochester, N.Y. 
It was co-developed by Mehmet U. Celik and A. Murat Tekalp of the 
University of Rochester and Gaurav Sharma and Eli Saber of Xerox.

The University of Rochester filed a patent application on the methods 
developed for reversible data hiding and plans to share the rights of the 
invention with Xerox.




From aughcypherpunks at minder.net  Thu Oct 24 13:23:16 2002
From: aughcypherpunks at minder.net (Barbara)
Date: Thu, 24 Oct 2002 16:23:16 -0400
Subject: Brand New Teen smutn For You  xlbm
Message-ID: <GIGANTICGkzMcvsq9Ic00000025@levee.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1848 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021024/650c299b/attachment.txt>

From redneken at hotmail.com  Thu Oct 24 15:20:40 2002
From: redneken at hotmail.com (redneken at hotmail.com)
Date: Thu, 24 Oct 2002 17:20:40 -0500
Subject: just thought u would like to know
Message-ID: <413-2200210424222040133@D2T6LG11>


Have you seen the wonders of Orlando, Florida? for FREE this is real

Imagine spending your next vacation in the most beautiful vacation destination this country has to offer.  

Spend time with your kids in one or more of the numerous parks such as Disney World's Epcot Center, 

Universal Studios Florida, Sea World, and many more.  You will have the vacation of a lifetime.

Plus, we'll even tell you about other options such as Pasco County, FL, known as a part of the "Nature Coast", and Atlanta Georgia, the jewel of the south, with its fabulous shopping and sightseeing.  This is something that you shouldn't miss out on.

Just fill in the information below, and we will have a representative contact you shortly, with options for you to choose from.  If you don't like what you are hearing, then you always have the option to turn it down.  

But don't deprive yourself of at least hearing about the wonderful opportunities you may have in seeing a world that you just dream about.

Must be US resident, and 18-years-old.  Please respond back with your name and phone number.




From classad at 163.com  Thu Oct 24 07:30:45 2002
From: classad at 163.com (classad at 163.com)
Date: Thu, 24 Oct 2002 22:30:45 +0800
Subject: =?GB2312?B?1tC5+sjLw/G089GnuaTJzLncwO3F4NG1z+7Evw==?=
Message-ID: <200210241431.g9OEVAQ30997@waste.minder.net>


�й������ѧ��һ��������ѧ�����Ŀ�ѧ�����ú͹����ѧΪ�����������ۺ����ص��ѧ��������ѧԺ���ҹ���������Ҫ��MBA����
����,1983�����ȿ�չMBA���� ,Ϊ�ҹ������˴�����ҵ�߼������˲�, ����Ϊ����ҵ�ҵ�ҡ����������ҵ�ҵĻ��־�У����

���������й�����WTO����߹��񾭼�������������ǿ��ҵ�������ѳ�Ϊ����֮����Ϊ��һ����ǿ��ҵ��Ӫ������Ա����ѵ��ȫ�����
ï¿½ï¿½Óªï¿½ï¿½ï¿½ï¿½ï¿½ï¿½Ô±ï¿½ï¿½ï¿½Ê£ï¿½ï¿½Ð¹ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½Ñ§Í¬ï¿½ï¿½ï¿½ï¿½Ñ§Ô·ï¿½Æ¼ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½Äºï¿½ï¿½ï¿½ï¿½ï¿½ï¿½Ú±ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½Ï¾Ù°ì¹¤ï¿½Ì¹ï¿½ï¿½í£¨MBA����רҵ����ĸ���ѧϰ�ࡣ

1�� �й������ѧ�о����γ̽��ް�

��1�� ��ҵ����רҵ

1������ѧԭ�� 2����ҵս�Թ��� 3���г�Ӫ������ 4���ִ���ҵ����5���������� 6����֯���� 7��������Դ�����о� 8����ҵ���� 9
����˾��� 10��רҵ���� 11����֯��Ϊѧ 12�����÷� 13��������Ϣϵͳ 14������ó�� 15����Сƽ�����о� 

��2����ҵ���� 

1.������徭������ ����������ѧ ����������ѧ �� �������� ������ѧ ����ҵ����ѧ ����ҵ��֯ ����ҵ���������� ��ó������
�о� ����ͨ������ʵ�� ��רҵӢ�� �� ����ѧ �� ���ʾ���ѧ ���г�Ӫ��ѧ ����Сƽ�����о�

��3ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½Ã¼ï¿½ï¿½ï¿½ï¿½í£¨ï¿½ï¿½Ä¿ï¿½ï¿½ï¿½í·½ï¿½ï¿½

������ѧԭ�� ����ҵս�Թ��� ���г�Ӫ������ ����֯���� ������ѧ ���ִ���ҵ���� ���������ü����� ���������¾���ѧ ���о�
�뿪������ ��רҵӢ�� ����Ŀ���� �� ��Ŀ������� �� ��׼������������ ����ͨ���� ����Сƽ�����о�

��ɽ��ް�涨��ѧϰ��Ŀ�����й������ѧ�о���Ժ��˷����о���ͬ��ѧ����ҵ֤�顣�����걨ѧλ������ͨ��ȫ��ͳһ���Լ�˶
ʿѧλ�Ŀγ̿��Ժ����Ĵ�磬����˶ʿѧλ��

2�����̹���(MBA)�о����γ����ް�

1.����ѧԭ�� 2.��֯��������� 3.��˾��� 4.�г�Ӫ�� 5.��֯��Ϊѧ 6.������Դ��������� 7.����ó�� 8.��ҵս�Թ��� 9.���
��������� 10.ï¿½ï¿½ï¿½í¾­ï¿½ï¿½Ñ§ 11��ҵ��棨������ 12.���÷� 13.�������ñ£¨½ï¿½ï¿½ï¿½ï¿½ï¿½

���ѧϰ��Ŀ�ߣ���������й������ѧ�о���Ժ�䷢MBA����֤�顣

3������ר�⽲����רҵ��ѵ

������ҵ����������Թ�����Աר�⽲������ҵ�ڲ���ѵ,ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½Ô´ï¿½ï¿½ï¿½í¡¢ï¿½Ð³ï¿½Óªï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½í¡¢WTOʵ����ҵս�ԡ���ҵƷ��
������ơ���ҵ�ʱ���Ӫ����ҵ��Ŀ�������ѵ�γ̡�

�й������ѧ ����ѧԷ�Ƽ���������

��ַ������ɽ��·16��ɽ��ʡͳ�Ƹɲ���ѵ������¥110�� 
��


 
��ϵ�� ����
����ʦ������ʦ �� 
��ϵ��ʽ �� 
��ϵ�绰��0531��8035166��8069030 




From jamesd at echeque.com  Thu Oct 24 23:21:35 2002
From: jamesd at echeque.com (James A. Donald)
Date: Thu, 24 Oct 2002 23:21:35 -0700
Subject: internet radio - broadcast without incurring royalty fees
In-Reply-To: <20021025033245.39015.qmail@web40601.mail.yahoo.com>
References: <20021025023732.A127329@exeter.ac.uk>
Message-ID: <3DB8807F.27306.35D4624@localhost>


    --
On 24 Oct 2002 at 20:32, Morlock Elloi wrote:
> Napster clones, kazaa, gnutella et al. rely on end-users to 
> upload stuff. These end users simply have no bandwidth 
> available for that. Cheapo DSL lines have hundred or few 
> hundreds of kbit/sec unguaranteed upload capacity. No one is 
> going to pay T1 to serve free stuff in breach of copyright 
> laws.
>
> The net result is - and anyone can try it for themselves - 
> that average success rate is less than 40%, the speed is 
> miserable - most of the time it takes hour or more for 5-6 
> minute mp3, and then you need to be lucky so that content 
> matches the title.

I am a really big fan of "Buffy".  A cute chick, lots of 
violence and killing, and a bit of sex, what more can one ask 
for in a TV show?   Recently due to family crisis, I missed a 
couple of shows.  So, using usenet, I downloaded the two one 
hour shows that I missed.  I had no problem getting them, the 
download ran in the background.  It did not seem to take an 
unreasonably long time, though I did not bother to time it.  I 
started the download, proceeded to do other things, and when I 
remembered to check, the download was done.   So I then watched 
the shows.  The image and sound quality was excellent, the ads 
had been deleted.  The stories were rattling good.  Loved the 
bit where buffy says "I am the law", and picks up a great big 
naked sword and stalks off to apply the instant death penalty, 
while Xander flutters about ineffectually being deeply caring 
and emotional and having deep moral debates about the use of 
violence.

I have never downloaded a tv show off the internet before. 
Everything just worked, no fuss, unlike some encryption 
programs I could mention.

> While there always will be pathological cases that will spend 
> tens of hours online to get few mp3s for free (that is, until 
> local telco decides that flat rate is no more viable), for 
> most napsters are unusable.

My experience is that the mass media are doomed.  This stuff 
works just great for me.   I have stopped downloading music 
until I organize the music I already have.   Napster was just 
great, worked with no fuss.  Maybe the Napster clones are not 
as good, but my experience with downloading TV shows suggests 
that piracy is working better than ever. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     w5c01d6+NpDvLdLI2X6Jg5z8F2yx1pwhncy3yMYK
     4b/esfa1UycmFgStXtluIkq+6g1XHHb8MMWOMZOkk




From ESavers at usairways.com  Fri Oct 25 00:00:00 2002
From: ESavers at usairways.com (ESavers at usairways.com)
Date: Fri, 25 Oct 2002 02:00:00 -0500
Subject: US Airways E-Savers to San Juan
Message-ID: <200210250708.g9P782HN018511@ak47.algebra.com>


Dear E-Savers Subscriber,

US Airways is pleased to present this special International E-Savers offer:

************************************************************
1. This Week's International E-Savers
2. US Airways Vacations Deals
3. Dividend Miles Offers
4. E-Savers Fare Requirements
5. Subscription Information

************************************************************
1. THIS WEEK'S INTERNATIONAL E-SAVERS
************************************************************

You may depart on Sundays to Thursdays, between October 27 and November 21, 2002. Return travel is Tuesdays to Saturdays, between November 5 and November 30, 2002. Saturday night stay is required. Tickets must be purchased by October 30, 2002.

For travel, make your reservations online at 
http://www.usairways.com/promotions/esavers/offer_sju.htm 
These special fares can also be purchased by calling 1-888-359-3728. Tickets must be purchased at the time of reservation. For more information on San Juan, please visit
http://www.usairways.com/travel/destinations/caribbean/sju.htm 

                                                    ROUNDTRIP
FROM:                     TO:                       FARE:
-------------------------------------------------------------
Boston, MA                San Juan, Puerto Rico     $279 

Buffalo, NY               San Juan, Puerto Rico     $299 

Charlotte, NC             San Juan, Puerto Rico     $279 

Columbus, OH              San Juan, Puerto Rico     $319 

Greensboro, NC            San Juan, Puerto Rico     $319 

Los Angeles, CA           San Juan, Puerto Rico     $349 

Philadelphia, PA          San Juan, Puerto Rico     $279 

Pittsburgh, PA            San Juan, Puerto Rico     $299 

Providence, RI            San Juan, Puerto Rico     $299 

Raleigh/Durham, NC        San Juan, Puerto Rico     $319 

Richmond, VA              San Juan, Puerto Rico     $299 

Rochester, NY             San Juan, Puerto Rico     $299 

San Diego, CA             San Juan, Puerto Rico     $349 

San Francisco, CA         San Juan, Puerto Rico     $349 

Syracuse, NY              San Juan, Puerto Rico     $299 

Washington National, DC   San Juan, Puerto Rico     $299 


Fares shown are based on roundtrip Coach travel on US Airways/US Airways Express, during the period specified above. Depending upon your travel needs, alternative routings may be available at the same fares, with part of the service on regional aircraft operated by US Airways Express carriers Allegheny, Air Midwest, CCAIR, Chautauqua, Colgan, Mesa, Piedmont, PSA, Shuttle America or Trans States.

************************************************************
2. US AIRWAYS VACATIONS DEALS
************************************************************

US Airways Vacations is pleased to offer Puerto Rico land packages to provide a complete vacation experience. Vacations include hotel accommodations, roundtrip airport/hotel transfers and hotel taxes. A variety of optional features including attraction admissions and sightseeing tours are available. US Airways Vacations offers packages to 80+ destinations.

EXPERIENCE PUERTO RICO!!
------------------------
Land only based on per person, per night from:

Wyndham Condado Plaza Hotel and Casino                        $66
Wyndham Old San Juan Hotel and Casino                         $69
The Westin Rio Mar Beach Resort, Country Club & Ocean Villas  $80
Caribe Hilton San Juan                                        $99
Wyndham El Conquistador Resort & Golden Door Spa             $107
Inter-Continental San Juan Resort & Casino                   $112
Hyatt Regency Cerromar Beach Resort & Casino                 $138

Purchase these land packages online at http://www.usairwaysvacations.com/pricing_res.htm  Simply enter your origin and destination cities, departure date, number of adults, children's ages and click "Search For Vacation." Choose "Hotel Vacations for 2-21 nights," confirm your departure date and indicate the number of nights for your vacation. Click "Check Availability" and continue with your choices for hotels and options as the system presents them until you reach the final price. You may then purchase your vacation with a secure credit card transaction. If you prefer to speak with a reservations agent, call 1-800-352-8747.

Rates shown are per person, per night based on double occupancy for departures 10/27/02 through 11/30/02. Rates will be higher 11/23-11/29/02. Hotel space is limited and may not be available at all hotels on all days. Additional travel dates, hotels and rates are available. Prices are subject to change with or without notice and do not include miscellaneous hotel charges typically paid by the customer directly to the hotel. Substantial restrictions apply for refunds. Other conditions may apply.

************************************************************
3. DIVIDEND MILES OFFERS - EARN 500 MILES WITH E-STATEMENTS
************************************************************

"Sign Up For E-Statements, Get 500 Miles"

If you like E-Savers, you will really like Dividend Miles E-Statements. E-Statements are sent monthly via e-mail and include your account summary along with exclusive bonus mile offers, US Airways news, special discount travel awards and other offers. Earn 500 miles when you sign up for E-Statements at usairways.com/estatements now through December 31, 2002. E-Statements = More Miles, More Offers, More Awards and Your Statement, More Often."

Reminder: Make sure your Dividend Miles account number is in your E-Savers reservation, so you can earn miles for worldwide award travel on US Airways and our partners. To enroll in Dividend Miles, go to http://www.usairways.com/
To earn even more miles, book E-Savers using your US Airways Dividend Miles Visa card. To apply for the Dividend Miles Visa card issued by Bank of America, please visit us at 
http://www.usairways.com/dmcreditcards

Please note:  Mileage bonus for booking online does not apply to E-Savers.

************************************************************
4. E-SAVERS FARE REQUIREMENTS
************************************************************

- Restrictions: Roundtrip purchase required. Seats are limited and are not available on all flights/days. Fares cannot be combined with other fares, discounts, promotions or coupons. Travel must begin and end in the same city. One-way travel, stopovers, waitlisting and standbys are not permitted. Tickets must be purchased at the time of reservation. Fares will not be honored retroactively or in conjunction with the exchange of any partially used ticket. 

- Travel: Depart to San Juan 10/27-11/21/02, Sunday-Thursday, and return from San Juan 11/5-11/30/02, Tuesday-Saturday. Saturday night stay required. All travel must be completed by 11/30/02.

- Ticketing: Tickets must be purchased by 10/30/02.

- Taxes/Fees: Depending on the itinerary, passenger facility charges of up to $18 and the September 11th Security Fee of up to $10 may apply in addition to the fare. Fares shown do not include total government-imposed taxes/fees/surcharges of up to $55.

- Changes: Tickets become non-refundable 24 hours after making initial reservation, and may be changed prior to the departure of each flight segment for a minimum $100 fee. If changes are not made prior to the departure date/time of each flight, the entire remaining ticket will have no further value.

- Miscellaneous: Lower fares may be available in these markets. Other conditions apply. 

************************************************************
5. SUBSCRIPTION INFORMATION
************************************************************

This is a post-only mailing sent to CYPHERPUNKS at ALGEBRA.COM. If you would like to change your e-mail address, you will need to unsubscribe and resubscribe at the E-Savers Enrollment page:
http://www.usairways.com/promotions/esavers/enroll/index.htm

To unsubscribe from this list, please click here:
http://www.usairways.com/cgi-bin/delete.cgi?email=CYPHERPUNKS at ALGEBRA.COM

To change your departure city preferences, please visit:
http://www.usairways.com/promotions/esavers/enroll/index.htm

Please do not respond to this message.


Copyright US Airways 1996-2002.  All rights reserved.







From adam at cypherspace.org  Thu Oct 24 18:37:32 2002
From: adam at cypherspace.org (Adam Back)
Date: Fri, 25 Oct 2002 02:37:32 +0100
Subject: internet radio - broadcast without incurring royalty fees
Message-ID: <20021025023732.A127329@exeter.ac.uk>


Re. the recent rapacious "broadcast" royalties imposed on internet
radio in the US, it occurs to me it wouldn't be that hard to do the
following and it would probably avoid the royalties even under the
current imbalanced IP laws:

- have the station broadcast it's own content (commentary)
- have the station broadcast song titles, song authors, CDDB serial numbers

- the user would use third-party software capable of playing the
recommended track, such as:

- coincidentally owning the CD and having the CD in a CD jukebox
- owning (or not) the CD and having a mp3 rip of the track on hard
  disk
- queueing the track for download via kazaa

examples of the last are the morpheus plugin for winamp (I think it
was morpheus that had such a plugin -- though it is probably no longer
supported with the morpheus protocol switch).

For performance reasons the station could even pre-queue the tracks
during their commentary and then trigger the start of play after the
track has had some time to be selected by the jukebox / streaming
buffer fill from kazaa.

Seems to me this would pass current IP laws because it is like a radio
station which broadcast the name of a song and the user is expected to
insert the CD in his player and play along to keep up with the
commentary, only automated and with open APIs for the "load and play
this CD track" instructions so people can hook it up to whatever is
convenient to them.

Adam




From anonymous at anonymous.org  Fri Oct 25 05:48:39 2002
From: anonymous at anonymous.org (anonymous)
Date: Fri, 25 Oct 2002 08:48:39 -0400 (EDT)
Subject: Warning.. Warning.. *bleep*
Message-ID: <anonymous@anonymous.org>


More paranoia to fuel the wagons, prepare to bend over on trains when the 
ticket collector comes round.

"Officials said the warning, based on information obtained from al Qaeda 
prisoners in mid-October, suggested that terrorists may try to destroy 
bridges or key sections of tracks.

"The group has considered directly targeting U.S. passenger trains, 
possibly using operatives who have a Western appearance," the FBI said 
Thursday in a statement issued to state and local law enforcers."

<http://www.cbsnews.com/stories/2002/10/25/attack/main526923.shtml>


Next in the series:
"FBI warns bouncy castles may be targeted"




From YourMortgageNeeds3051o78 at lending.com  Thu Oct 24 13:49:56 2002
From: YourMortgageNeeds3051o78 at lending.com (YourMortgageNeeds3051o78 at lending.com)
Date: Fri, 25 Oct 2002 08:49:56 +1200
Subject: Rates are going up (Refinance Now 5.625% fixed)-----------------------------------                                         5205ctiM0-252SWme1038HPpl23
Message-ID: <011c48c86d0d$5225a3c0$0be11ba8@boeimj>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 8898 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021025/4d8fb702/attachment.txt>

From mv at cdc.gov  Fri Oct 25 09:27:35 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 25 Oct 2002 09:27:35 -0700
Subject: internet radio - broadcast without incurring royalty fees
Message-ID: <3DB970F7.480C35A9@cdc.gov>


At 02:37 AM 10/25/02 +0100, Adam Back wrote:
>Seems to me this would pass current IP laws because it is like a radio
>station which broadcast the name of a song and the user is expected to
>insert the CD in his player and play along to keep up with the
>commentary, only automated and with open APIs for the "load and play
>this CD track" instructions so people can hook it up to whatever is
>convenient to them.

Such a station resembles an editor who suggests articles by giving a
pointer, e.g., ISBN, Journal cite, or URL.
Some editors (like talk-free radio stations) may not even provide
commentary, but their
subscribers value the information implicit in their choices.

[One listens to radio, follows editors' pointers, etc. because one
desires fresh bits...
and a "good" Editor increases the probability that you will encounter
fresh bits you like.

Even unintentional Editors are valuable: Using KaZaa, one can scan all
of other nodes' shared files;
finding a user with content you like (tastes like yours) via a regular
search often
yields a cache of good content.]

Version 2 of the BackBox should handle video, with DVD/TiVo++ URIs, too.




From mv at cdc.gov  Fri Oct 25 10:01:42 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Fri, 25 Oct 2002 10:01:42 -0700
Subject: internet radio - broadcast without incurring royalty fees
Message-ID: <3DB978F6.8B0C17A0@cdc.gov>


t 11:21 PM 10/24/02 -0700, James A. Donald wrote:
>
>I am a really big fan of "Buffy".

Seek professional help.


but my experience with downloading TV shows suggests
>that piracy is working better than ever.

This wasn't piracy, it was time-shifting.  You, as an
American with a TV, could watch the show at X; you as
an American can save it and watch it at Y, too.
The videotape-timeshift-legal-decisions didn't say
anything about VHS vs. BETA vs. DiVX formats.
You could put it on Hollerith cards but the greens
would be pissed.

The fact that part of your video system is distributed in a few
million homes should be irrelevent.




From mwoawoey at yahoo.com  Fri Oct 25 07:13:08 2002
From: mwoawoey at yahoo.com (mwoawoey at yahoo.com)
Date: Fri, 25 Oct 2002 10:13:08 -0400
Subject: More Powerful SEX available!! Stronger and long-lasting.  Make your partner happ
Message-ID: <200210251413.g9PED8624949@corelin1.ursokr.com>


Are you enbarrased about short life?  Do you wanna have more vitality?  Do you wanna make your partner happy?

Mazimize your life today with this best-selling Doctor-approved pill.

100% MONEY BACK GUARANTEED.  Why wait?  Click the link below

http://www.ccipowergriphosting.com/business/vitality/



Click on the link below to remove yourself
http://www.ccipowergripresponder.com/cgi-bin/varpro/29.cgi?id=vitality&a=cypherpunks at algebra.com

AOL Users
<a href="http://www.ccipowergripresponder.com/cgi-bin/varpro/29.cgi?id=vitality&a=cypherpunks at algebra.com"> Remove Me</a>




From adam at homeport.org  Fri Oct 25 07:18:05 2002
From: adam at homeport.org (Adam Shostack)
Date: Fri, 25 Oct 2002 10:18:05 -0400
Subject: internet radio - broadcast without incurring royalty fees
In-Reply-To: <20021025023732.A127329@exeter.ac.uk>
References: <20021025023732.A127329@exeter.ac.uk>
Message-ID: <20021025141805.GA79849@lightship.internal.homeport.org>


On Fri, Oct 25, 2002 at 02:37:32AM +0100, Adam Back wrote:

| Seems to me this would pass current IP laws because it is like a radio
| station which broadcast the name of a song and the user is expected to
| insert the CD in his player and play along to keep up with the
| commentary, only automated and with open APIs for the "load and play
| this CD track" instructions so people can hook it up to whatever is
| convenient to them.

Sounds like it will sound like contributory infringement and 100k in
legal costs to RIAA.  Happy fun court is not amused.

But I am.


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





From littleant at 21cn.com  Thu Oct 24 23:51:19 2002
From: littleant at 21cn.com (littleant at 21cn.com)
Date: Fri, 25 Oct 2002 14:51:19 +0800
Subject: =?GB2312?B?sru/tLDXsru/tCy/tMHLsruw17+0IQ==?=
Message-ID: <GIGANTICl4maEqxGGmN00000031@levee.minder.net>


����ϵ������Ƽ�һ�����ܹ������ܰ���׬Ǯ����վ!
�����Ǽ�,�����˾�֪���ˣ�
http://www.dirshop.com/mall/index.php?user=luckboy
(��http://www.dirgame.com/mall/index.php?user=luckboy)
��Ը���ܸ�����������!




From jamesd at echeque.com  Fri Oct 25 16:33:54 2002
From: jamesd at echeque.com (James A. Donald)
Date: Fri, 25 Oct 2002 16:33:54 -0700
Subject: internet radio - broadcast without incurring royalty fees
In-Reply-To: <3DB978F6.8B0C17A0@cdc.gov>
Message-ID: <3DB97272.27370.1EEEAD2@localhost>


    --
James A. Donald:
> > my experience with downloading TV shows suggests that
> > piracy is working better than ever.

Major Variola
> This wasn't piracy, it was time-shifting.

When the ads were deleted, it ceased to be time shifting.

In any case, the point I intended to make was that "Buffy" was
one hundred times bigger than a typical MP3, yet the software
and hardware had no problems.

If the internet can handle one hour tv shows without working up
a sweat, digital convergence is getting real close.

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     XYP6QY+S9r3ndihIQTukA67fRiwrn6l5ZpkvrArT
     4M1UwSPjw71Nqox9g8XKDugMA/eyyeDoNJSWRDhBZ




From jplummer at consumeralert.org  Fri Oct 25 14:19:34 2002
From: jplummer at consumeralert.org (J Plummer)
Date: Fri, 25 Oct 2002 17:19:34 -0400
Subject: NCP: Privacy Villain of the Week: DARPA's HumanID at a Distance
Message-ID: <mailman.652.1576007623.31620.cypherpunks-legacy@lists.cpunks.org>

Privacy Villain of the Week:
DARPA's HumanID at a Distance

The Defense Advance Research Projects Agency <http://www.darpa.mil/> has 
been one of the more fruitful government agenies in the past, its DARPAnet 
computer network being the foundation for what would become the Internet 
some years later. That is why reading about what this outfit is up to now 
can at times be disheartening. One such project is the HumanID at a 
Distance program, which aims to move beyond face-recognition technology and 
purportedly identify people by the way the walk.

The idea here is that by measuring with video or (clothes-penetrating) 
radar the distance between, say, 17 different points on the body 
<http://gtresearchnews.gatech.edu/images/gait1.jpg> and measuring how these 
points move in relation to one another, a person can be positively and 
uniquely identified.

This "gait technology" by itself is neutral of course, just as technologies 
such as a gun or a needle or or the banging of flint against stone. The 
problem here arises in that by funding such research, the government is 
pushing a technology on society that it has not freely accepted through the 
voluntary choices made in the market. A patina of legitimacy is 
unfortunately added to such technologies when they have the imprimatur of 
the state behind them.
Even when the lead researchers on the project issue a press release 
<http://gtresearchnews.gatech.edu/newsrelease/GAIT.htm> with conflictuing 
estimations of accuracy ranging from .0001% to 95%.

These selfsame researchers go on to tout the tech for use "around federal 
buildings" and in airports (which have now had their security systems 
completely taken over by the federal government). The airport situation is 
particularly troubling, in that it would be installed after the new 
Transportation Security Agency has complete control of all US airports. 
Adding the full-body radar scans that are part of a gait-biometric system 
to their CAPPS database incorporating name, Social Security number, credit 
history, travel history, etc., is a small step. This would be another peice 
of information in a federal database left wide open to abuse by not only 
those with official and unofficial clearance but anyone who bribes or hacks 
their way in.

In addition, the potential for false positives seems to be overwhelming. 
Even if the number is closer to 95% than .001%, what happens when a heavy 
piece of luggage and lack of sleep slumps the shoulders enough to peg a 
weary traveler as a dangerous terrorist? Is he or she strip-searched and 
detained by armed federal employees while the plane to his mother's funeral 
leaves for the other coast? This kind of technological forcing, especially 
in situations controlled by the state, puts individuals in a position 
where, due to lack of adequate societal knowledge, individuals are unable 
to control the kind of information being disseminated about themselves.

Identification technology has its uses. But when government forces it on 
everyone, from a Social Security number onward, the long-term effects are 
net negative -- oversurveillance , undersecurity, identity theft, etc. 
DARPA scientists and their colleagues at places like Carnegie Mellon 
<http://hid.ri.cmu.edu/> and Georgia Tech may be taking great strides 
forward -- but do they recignize where to, or why this may earn them the 
title of Privacy Villain of the Week?

The Privacy Villain of the Week and Privacy Hero of the Month are projects 
of the National Consumer Coalition's Privacy Group. Privacy Villain audio 
features now available from FCF News on Demand. <http://www.fcfnews.com/> 
For more information on the NCC Privacy Group, see www.nccprivacy.org or 
contact James Plummer at 202-467-5809 or jplummer at consumeralert.org . 




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Like Politech? Make a donation here: http://www.politechbot.com/donate/
Recent CNET News.com articles: http://news.search.com/search?q=declan
-------------------------------------------------------------------------




From esj at harvee.billerica.ma.us  Fri Oct 25 15:15:03 2002
From: esj at harvee.billerica.ma.us (Eric S. Johansson)
Date: Fri, 25 Oct 2002 18:15:03 -0400
Subject: [camram-spam] very close to done
Message-ID: <mailman.653.1576007623.31620.cypherpunks-legacy@lists.cpunks.org>

I've checked in all of my recent changes and this is what you have:

Camram filter that seems to work.  Occasionally it falls over and dies.
  Do not use if you care about receiving your e-mail.

Jail management tool that lets you look at your jail and do a minimal
amount of white list additions.  It looks ugly because this is a
"temporary" feature.

I'll probably finish the jail tool and make the system fully operational
on the receive side sometime this weekend.  Then I will start on the
outbound proxy (unless somebody beats me to it).

The receive side filter is almost ready to go live except for one thing.
  I'm still stuck on the old format hashcash definition because I do not
have a Java applet to use in conjunction with the autoresponder bounce
messages.

This is what I want: a really simple applet that will work with Java
engines back as far as Netscape 4.6 and works on Windows, Macintosh,
Linux.  No fancy GUI or messages.  Just a simple crank out the stamp
type application.  If folks think it's a good idea, it should just
generate and send the stamp as soon as it is invoked and not wait for a
human to do anything.

simple, portable, working.

I don't need write once-debug everywhere.

---eric

if this had been an actual release announcement, the actual release
readme would follow:

#25-Oct-2002

Camram is an antispam system predicated on making spam more expensive
for the spammer that it is for the recipient.

This is the first barely functional release of the camram antispam
filter.  It should provide a reasonable degree of protection for an
individual against Spam intrusion as well as give you manual control
to handle the cases where generates a false positive.

Camram generates false positives when ever there is no one or no thing
at the senders address to respond to the challenge message.  Only
under those circumstances do you need to go to the jail and pullout
the innocent message.

INSTALLATION:

major subsystems:

	Camram filter
	challenge response CGI
	jail management CGI
	hashcash executable

create the owner and group camram.  I usually make it 499. yimv

build hashcash executable according to instructions and install it in
/usr/local/bin.

make the following directories
	/usr/local/camram/bin
	~/.camram/jail

change the local camram directory group ownership to camram
chgrp -R camram ~/.camram

copy all of the src/*.py files into /usr/local/camram/bin

change "release_URL" in camram_filter.py to reflect your URL.

change to sgid directory and build camram and jail.cgi sgid wrappers.
change the group ID of both wrappers to camram
copy the camram sgid wrapper to /usr/local/camram/bin

configure your Web server to have a /camram/ CGI directory
place jail.cgi and the contents of webstamp into that directory.

copy the sample configuration file from the ancillary directory into your
~/camram/ directory.  Change the e-mail address definition to be your
e-mail addresses for this account.  for the time being,

use sample procmail script (adjusted for local parameters) in your
personal .procmailrc.

send yourself a test message from another account and and you should
get a bounce message back.  If there is no bounce message, check the
procmail log for python exceptions.

If you do get a bounce message back, check the .camram directory to
see if you have three files containing the string "white_list" and
that they are owned by group camram with permissions 660.

respond to the bounce message appropriately (i.e. calculate a stamp
with the browser) and see if the jailed message is released to your
mail box.  Again, if it doesn't release check the procmail log.

if it doesn't work at this point, then, send me a bug report and
remove the .procmailrc from your home directory to disable camram.

if everything is working at this point, then turn off autoresponder
messages by setting block_autoresponder to true in the local
configuration file.

periodically examine the jail and approve messages either by
user/subject markers or by some other marker (IKWTFID) internal to the
message.  Once the proportion of Spam starts climbing to the 80
percent mark, turn on the autoresponder by setting block_autoresponder
to 0 (i.e. false) in the local configuration file.





---------------------------------------------------------------------
To unsubscribe, e-mail: camram-spam-unsubscribe at camram.org
For additional commands, e-mail: camram-spam-help at camram.org

--- end forwarded text

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From DaveHowe at gmx.co.uk  Fri Oct 25 10:53:53 2002
From: DaveHowe at gmx.co.uk (David Howe)
Date: Fri, 25 Oct 2002 18:53:53 +0100
Subject: more snake oil? [WAS: New uncrackable(?) encryption
  technique]
References: <Pine.LNX.4.40.0210250945590.29620-100000@newbolt.sonic.net>
Message-ID: <046301c27c4f$82a66a00$c71121c2@sharpuk.co.uk>


at Friday, October 25, 2002 6:22 PM, bear <bear at sonic.net> was seen to
say:
> The implication is that they have a "hard problem" in their
> bioscience application, which they have recast as a cipher.
The temptation is to break it, *tell* them you have broken it (and offer
to break any messages they encrypt in it just to demonstrate) but dont'
tell them how you did it.
That would probably be even more fustrating for them than the problem
was :)




From rah at shipwright.com  Fri Oct 25 20:04:09 2002
From: rah at shipwright.com (R. A. Hettinga)
Date: Fri, 25 Oct 2002 23:04:09 -0400
Subject: Fwd: [camram-spam] very close to done
Message-ID: <p05111a7cb9dfb682295c@[66.149.49.6]>


--- begin forwarded text



From fm at st-kilda.org  Fri Oct 25 15:16:42 2002
From: fm at st-kilda.org (Fearghas McKay)
Date: Fri, 25 Oct 2002 23:16:42 +0100
Subject: Fwd: [camram-spam] very close to done
Message-ID: <mailman.654.1576007623.31620.cypherpunks-legacy@lists.cpunks.org>


--- begin forwarded text



From morlockelloi at yahoo.com  Sat Oct 26 01:14:02 2002
From: morlockelloi at yahoo.com (Morlock Elloi)
Date: Sat, 26 Oct 2002 01:14:02 -0700 (PDT)
Subject: Implantable Chip, On Sale Now 
In-Reply-To: <Pine.LNX.4.33.0210260928100.14527-100000@hydrogen.leitl.or
  g>
Message-ID: <20021026081402.21665.qmail@web40612.mail.yahoo.com>


> sector offices or nuclear power plants. Instead of swiping a smart card, 
> employees could swipe the arm containing the chip.

A new must-have item for terrorists: cleaver.

This is sillier than biometrics ... while you may talk the attacker out of
plucking your eyeballs or cutting off fingers ("the scanner detects blood flow,
Mr. Terrorist"), this is a no brainer.

Granted, it may give government employees more incentive to resist, by
implanting into scrotum (the authentication procedure may look funny, though.)



=====
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/




From rryaern.koolen at utoronto.ca  Sat Oct 26 17:28:21 2002
From: rryaern.koolen at utoronto.ca (rryaern.koolen at utoronto.ca)
Date: Sat, 26 Oct 2002 02:28:21 -2200
Subject: For Go-Getters  O N L Y  !  Jump on it NOW!9100
Message-ID: <00001a6b43f1$0000007b$000072cb@smtp1.ns.utoronto.ca>


NEW - QUICK MONEY!  for YOU !
Ultimate C A S H   M A C H I N E  - the fastest growing group presents:

THE BUSINESS that PAYS you the SAME DAY !
$1000 and $3000 HIGH commissions - and you always get paid first!


A U T O P I L O T   !!
Get  STARTED TODAY !
NOT MLM ! ...but residual ... and EVEN MORE POWERFUL !

Become Financially FREE!
No sales training needed.
Only takes 1 to 4 hours a day depending 
on how much money you want to make.
 
MAKE ONE THOUSAND DOLLARS 
and THREE THOUSAND DOLLARS profit every time!
No selling to your family or friends, just 
happy customers enjoying your product & saving money.
Again, This is Not an MLM company or product.
 
If you want to make $3000 in your first month !
JUST       send an email to            
                DanKellert at excite.com
and put    "SEND FREE INFO" in the subject line!



and MORE:

$2,600.00 in Software programs - FREE
All Training & Tech support - FREE
Internet marketing system - FREE
(generates 100's of leads every week!)

We are in business for over 8 years - 
We are the fastest growing group in the company! 


I am personally running my business for only 11 months 
but am already averaging $19,000  - $26,000 per month - 
This is TURNEY and fully DUPLICATE-ABLE!
I will show you my bank statement and will personally train you !
Everybody can do this.



For MORE FREE INFO to MAKE $3000 in your first month - PART TIME!
JUST       send an email to            
                DanKellert at excite.com
and put    "SEND FREE INFO" in the subject line!




TESTIMONIALS:
 
This program is so easy! With this system I have
made 13 sales my first week! That's $13,000.00! This
is the best program I've done & I've done them all!
                                         Richard S. Memphis, TN
  
I did it all with my computer! People sign up like crazy!
First I said, OK, I am financially totally down, I need to 
give this one a try. But only after a few weeks, I am
already out of debt! Oh god, I did not expect that!
I am not a sales person & I did it! I am so excited!
Thank you Richard and Mary!
                                         Randy S. Los Angeles, CA
 
All I did was exactly what they trained me to do & in my
second day I made $6,000. No hard selling, no hustling my
friends, just friendly people looking at a great opportunity &
wanting in. Even if it took me a month to make an extra $5,000
I would have been happy, but $6,000 in my second day, 
WOW! I'm really excited!
                                                   Dave W. Newport Beach, CA
 




(This is a one-time offer. Still, to be in full compliance with 
U.S. Federal requirements for commercial email, you 
may request removal by clicking
mailto:DanKellert at excite.com?subject=REMOVE
(or:           send an email to            
                DanKellert at excite.com
and put    REMOVE in the subject line!)





 


139




From scarydildos at new-adult-mail.com  Fri Oct 25 22:44:54 2002
From: scarydildos at new-adult-mail.com (Scary Dildos)
Date: 26 Oct 2002 05:44:54 -0000
Subject: massive hardcore stretching !
Message-ID: <20021026054454.6101.qmail@mail.new-adult-mail.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 796 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021026/ba66ddf6/attachment.txt>

From schear at attbi.com  Sat Oct 26 11:52:42 2002
From: schear at attbi.com (Steve Schear)
Date: Sat, 26 Oct 2002 11:52:42 -0700
Subject: Faraday cages go portable
Message-ID: <5.1.0.14.2.20021026114803.040f4960@pop3.lvcm.com>


http://www.mobilecloak.com/

Looks like an expensive and stylish replacement for an aluminized mylar 
shield bag.

steve




From dev at Flashmail.com  Fri Oct 25 22:56:06 2002
From: dev at Flashmail.com (mark)
Date: Sat, 26 Oct 2002 13:56:06 +0800
Subject: Your Requested HGH Info !
Message-ID: <GIGANTICpjc0D543Tuy0000004b@levee.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3864 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021026/92c6e049/attachment.txt>

From bmwjagmer45 at netscape.net  Sat Oct 26 16:02:31 2002
From: bmwjagmer45 at netscape.net (Becky)
Date: Sat, 26 Oct 2002 16:02:31
Subject: Save 80% on Dental Care, Vision Care, Chiropractic Care and Prescription Drugs
Message-ID: <200210270207.g9R27Ugf076963@locust.minder.net>



Discount Dental Care
*No waiting period *No limit on visit or services
*Orthodontics (braces included) *Cosmetic Dentistry
*No deductible *No age limit *No claim forms *All
pre-existing conditions are covered except orthodontic
treatment in progress *All Specialists included: Periodontists
Endodontists, Pedodontists, Oral Surgeons, Orthodontists,
Prosthodontists *You can change dentists whenever you want,
without having to notify anyone.

Discount Vision Care
*Vision Care Plan Free with Dental Membership
*Save from 20% to 60% on all frames, lenses, tints,
and ultra -violet *Save up to 60% on contact lenses
*More than 12,000 Optical Providers Nationwide,
Lens Crafters, Pearle Vision, Sears, JC Penny, Wal-Mart

Discount Prescription Drugs
*Prescription Drug Plan Free with Dental Membership
*Over 50,00 Retail Pharmacy Locations Nationwide,
including most national chain pharmacies, Eckerd, Wal-Mart,
Kmart, Wall-greens, Longs, Costco, Safeway *Save from up
to 25% on most brand- name *Save from up to 50% on most
generic prescription drugs *Includes special prescription
monitoring service *Also save at thousands of independent
pharmacies nationwide *Most prescription drugs are covered
both at the retail pharmacy and by mail order

Discount Chiropractic Care
*Chiropractic Care Plan Free with Dental Membership
*More than 6,00 participating doctors *Free initial consultations
*50% savings on all diagnostic services *50% savings on all
required x-rays *30% savings on all treatment and other
services *Unlimited access to care with no limits on the number
of visits *All Chiropractor's credentials are carefully verified

All four discounts benefits for only $19.95 per month for
your entire household, and $11.95 per month for an
individual membership.

For more information, please email me your Name
and Full address, so that I may mail you the List of Providers
in your area.

Thanks,

Rebecca




From dev at Flashmail.com  Sat Oct 26 02:24:18 2002
From: dev at Flashmail.com (danny)
Date: Sat, 26 Oct 2002 17:24:18 +0800
Subject: Your Requested HGH Info !
Message-ID: <GIGANTIC7EKRuYDlrjb00000051@levee.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3864 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021026/ca924d46/attachment.txt>

From dev at Flashmail.com  Sat Oct 26 03:12:46 2002
From: dev at Flashmail.com (danny)
Date: Sat, 26 Oct 2002 18:12:46 +0800
Subject: Your Requested HGH Info !
Message-ID: <GIGANTICxxnSYe4nhrK00000053@levee.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 32 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021026/488b6397/attachment.txt>

From efplobby101 at hotmail.com  Sun Oct 27 01:54:29 2002
From: efplobby101 at hotmail.com (jkfx_Linda)
Date: Sun, 27 Oct 2002 01:54:29 -0800
Subject: Discreet Extramarital Dating .... ..... .................. ihr
Message-ID: <200210262154.g9QLsHgf068707@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1970 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021027/b47f6808/attachment.txt>

From mv at cdc.gov  Sun Oct 27 10:52:18 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Sun, 27 Oct 2002 10:52:18 -0800
Subject: Wetwork: Re: Pro-privacy senator dies in crash 
Message-ID: <3DBC35E2.4C035B7@cdc.gov>


Few problems cannot be solved via the discrete use of wetwork...

Referenced JC:
WASHINGTON--Sen. Paul Wellstone, a Minnesota Democrat who fought to
      bolster Americans' privacy rights and limit government
surveillance of the
      Internet, was killed in a plane crash on Friday afternoon.

      Wellstone, 58, was an unapologetic liberal who was elected in 1990
and opposed the Gulf
      War, sought to increase the minimum wage, and envisioned a
tax-funded health care
      system. He was enmeshed in a tight re-election bid this year.

http://news.com.com/2100-1023-963440.html?tag=fd_top




From morlockelloi at yahoo.com  Sun Oct 27 11:03:37 2002
From: morlockelloi at yahoo.com (Morlock Elloi)
Date: Sun, 27 Oct 2002 11:03:37 -0800 (PST)
Subject: FC: Privacy villain of the week: DARPA's gait surveillance
  tech  (fwd)
In-Reply-To: <Pine.LNX.4.33.0210271257540.14527-100000@hydrogen.leitl.or
  g>
Message-ID: <20021027190337.49900.qmail@web40608.mail.yahoo.com>


> No technical solution will work in absence of laws making it legal.

Sanity villain statement of the month.

=====
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/




From bill.stewart at pobox.com  Sun Oct 27 13:09:12 2002
From: bill.stewart at pobox.com (Bill Stewart)
Date: Sun, 27 Oct 2002 13:09:12 -0800
Subject: FC: Privacy villain of the week: DARPA's gait surveillance
  tech (fwd)
Message-ID: <5.1.1.6.2.20021027130843.04bfa9e0@idiom.com>


[Sorry about any duplicated - lne.com spam-blocked me the first time.]

At 01:34 PM 10/27/2002 +0100, Eugen Leitl wrote:
 >Advent of another technology wide deployment of which we must delay as
 >long as possible. ...
 >Unfortunately, brinistas welcome this development because they idiotically
 >assume that the technology enables symmetrically, or even assymentrically
 >in favour of the governed vs. the government. Their arguments sound
 >superficially convincing to those unfamiliar with the political process
 >and the logics of power flow. This is the reason they're doing the wrong
 >thing for the right reasons. Supply the missing part of the argument
 >whenever you see Brinworld meme propagating.

Sigh.  If people are going to beat up on BrinWorld, at least they
should get it right.  Brin's Transparent Society stuff makes two points
- Cameras, networks and similar technology are going to keep getting cheaper,
          so you're going to lose your privacy.  Give up on that now.
- Governments _are_ going to take advantage of this, like it or not,
          so what the public has to do is make sure that we're allowed to
          watch the government as well.

Brin may be naively optimistic about our ability to succeed on the second part,
but he's spot on about the asymmetry of power relationships,
and he's constantly making the point that we can only watch the government
if we force them to let us watch - the alternative is that they'll be
watching us and we won't be watching them.

Delaying technology?  It's easier to do on stuff that doesn't work well,
and it sounds like this doesn't - perhaps the way to do it is to
deflect the research away from surveillance into medical directions;
since Darpa's funding it, get them to look at how to help soldiers carry
heavy backpacks safely or spooks to carry dead bodies safely or whatever.




From eugen at leitl.org  Sun Oct 27 04:34:41 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 27 Oct 2002 13:34:41 +0100 (CET)
Subject: FC: Privacy villain of the week: DARPA's gait surveillance tech
  (fwd)
Message-ID: <Pine.LNX.4.33.0210271257540.14527-100000@hydrogen.leitl.org>


Advent of another technology wide deployment of which we must delay as
long as possible. In absence of rentable cryptographically anonymized
telepresence proxies it is provably impossible to completely hide all
unique fingerprints of a human, or even a complex mass-produced artifact.
Such a composite fingerprint will be impossible to fake and is impossible
to change without completely remaking the object of measurement. (Try
changing your body odor (MHC is genome-encoded and is the target of the
immunosystem), or rewire parts of CNS in control of your motorics).

While all current technologies are extremely limited in their capabilities
and have a high error rate this is not intrinsic to the principle. Such
systems can be eventually made to work sufficiently well for practice.

This is being made possible by further falling technology costs in regards
to mass fabbing, crunch and cheap ubiquitous wireless. Where's light, 
there's shadow.

Unfortunately, brinistas welcome this development because they idiotically
assume that the technology enables symmetrically, or even assymentrically
in favour of the governed vs. the government. Their arguments sound
superficially convincing to those unfamiliar with the political process
and the logics of power flow. This is the reason they're doing the wrong
thing for the right reasons. Supply the missing part of the argument
whenever you see Brinworld meme propagating.

Your best angle to delay this is to circulate this information widely, and
explain its potential impact to technologically naive. Write (personalized
dead tree, no electronic communication) to your political representatives.

No technical solution will work in absence of laws making it legal. Once
countermeasures are made illegal the development is basically
irreversible. Catch it before it's too late.

---------- Forwarded message ----------
Date: Sun, 27 Oct 2002 01:36:42 -0400
From: Declan McCullagh <declan at well.com>
To: politech at politechbot.com
Subject: FC: Privacy villain of the week: DARPA's gait surveillance tech

See also:
http://www.wired.com/news/politics/0,1283,38775,00.html

---


From jamesd at echeque.com  Sun Oct 27 16:59:03 2002
From: jamesd at echeque.com (James A. Donald)
Date: Sun, 27 Oct 2002 16:59:03 -0800
Subject: What is the truth of the anti war rallys?
In-Reply-To: <20021004134621.A7820@slack.lne.com>
References: <"from mv"@cdc.gov>
Message-ID: <3DBC1B57.8760.24318AD@localhost>


    --
Supposedly tens of thousands turned up, forty two thousand in 
San Francisco

Yet oddly, the photos of marches that I see look more like 
forty in San Francisco, and four hundred in Washington.

Perhaps there were a lot more out of frame, but that is an odd 
way to photograph a demonstration.

Does anyone know the truth from his own eyes, or a more 
complete set of images?  At least some newspapers are reporting 
"hundreds" or four hundred in Washington, while others are 
reporting eighty thousand, an number curiously different from 
four hundred.  However it seems that all papers are reporting 
forty two thousand in San Francisco.

The inconsistency in the reports from Washington incline me to 
doubt the reports from San Francisco, but of course there is a 
plentiful supply of liars on both sides of the fence. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     XvyryuYS+vBllOZxJ4VX58iglXFp7Ttjj2gWpoWN
     4Nfd+VGZPH10x9+jh7fcgqq91ms4mTmBSS+vzsczS




From tcmay at got.net  Sun Oct 27 18:31:40 2002
From: tcmay at got.net (Tim May)
Date: Sun, 27 Oct 2002 18:31:40 -0800
Subject: Details on lne.com's blocking of Cypherpunks posts??
In-Reply-To: <5.1.1.6.2.20021027130311.04bf0190@idiom.com>
Message-ID: <642850CC-EA1D-11D6-8271-0050E439C473@got.net>



On Sunday, October 27, 2002, at 01:04  PM, Bill Stewart wrote:

> [Hmm.  lne.com spam-blocked me on the first attempt.

Can you provide details?

If lne.com is blocking posts, I will have to find another CP node.


--Tim May




From eugen at leitl.org  Sun Oct 27 11:38:33 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 27 Oct 2002 20:38:33 +0100 (CET)
Subject: FC: Privacy villain of the week: DARPA's gait surveillance 
  tech (fwd)
In-Reply-To: <20021027190337.49900.qmail@web40608.mail.yahoo.com>
Message-ID: <Pine.LNX.4.33.0210272033010.14527-100000@hydrogen.leitl.org>


On Sun, 27 Oct 2002, Morlock Elloi wrote:

> > No technical solution will work in absence of laws making it legal.
> 
> Sanity villain statement of the month.

The only way to defeat advanced biometrics is to not be physically present 
or to use anonymized telepresence devices. Because the latter is hardware, 
it is trivial to outlaw. Yeah, sure, you can make them yourself, and clean 
them from traces, assuming the components are available and unlabeled. In 
theory.

You can't trick an advanced biometrics fingerprint if you're being
scanned. Trying to shield some biometrics looks damn suspicious on your
own.

If you have solutions, spill them. I can't think of any.




From eugen at leitl.org  Sun Oct 27 14:20:23 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Sun, 27 Oct 2002 23:20:23 +0100 (CET)
Subject: FC: Privacy villain of the week: DARPA's gait surveillance 
  tech (fwd)
In-Reply-To: <5.1.1.6.2.20021027114101.04bf0e10@idiom.com>
Message-ID: <Pine.LNX.4.33.0210272128130.14527-100000@hydrogen.leitl.org>


On Sun, 27 Oct 2002, Bill Stewart wrote:

> Sigh.  If people are going to beat up on BrinWorld, at least they
> should get it right.  Brin's Transparent Society stuff makes two points
> - Cameras, networks and similar technology are going to keep getting cheaper,
>          so you're going to lose your privacy.  Give up on that now.

You're going to die anyway. Kill yourself now.

Non sequitur. If the development doesn't happen you don't have a case. If
hardware gets cheaper but is not deployed because voters value their
privacy you have no case. If countermeasures are legal you have no case.

The same technology driving global surveillance also offers advent of
countermeasures. I mentioned anonymous telepresence hardware proxies, and
sooner or later telepresence is going to become the preferred means of
interaction, and much later complete redesign of our hardware platform at
molecular scale will become possible. This will take time to develop. We
don't need power-crazy maniacs ruining it for everybody, really.

> - Governments _are_ going to take advantage of this, like it or not,

Governments are not complete juggernauts. They're somewhat controllable. 
It's surveillance that gives them the ultimate power to squash opposition. 
You included. Don't give them the means voluntarily. Fight.

>          so what the public has to do is make sure that we're allowed to
>          watch the government as well.

Dream on. Here's the point where Brin's assumptions break down. I can give
you a long list why this won't work.
 
> Brin may be naively optimistic about our ability to succeed on the second part,
> but he's spot on about the asymmetry of power relationships,
> and he's constantly making the point that we can only watch the government
> if we force them to let us watch - the alternative is that they'll be
> watching us and we won't be watching them.
> 
> Delaying technology?  It's easier to do on stuff that doesn't work well,

You can delay both development and deployment. If you delay it long enough 
it will no longer have the bite it would currently have. 

> and it sounds like this doesn't - perhaps the way to do it is to
> deflect the research away from surveillance into medical directions;
> since Darpa's funding it, get them to look at how to help soldiers carry
> heavy backpacks safely or spooks to carry dead bodies safely or whatever.

Political decisions could kill the demand driving development. Cheapest 
way for the fringe is to inform and develop countermeasures. Since 
cypherpunks no longer code, spreading information should have priority.




From wjkvwinner.members at ZooWeb.com  Mon Oct 28 02:06:36 2002
From: wjkvwinner.members at ZooWeb.com (ldwSara)
Date: Mon, 28 Oct 2002 02:06:36 -0800
Subject: arltd
Message-ID: <200210281005.g9SA5agf034108@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 32 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021028/85111f39/attachment.txt>

From managers33561504e51 at lycos.com  Sun Oct 27 07:49:08 2002
From: managers33561504e51 at lycos.com (managers33561504e51 at lycos.com)
Date: Mon, 28 Oct 2002 02:49:08 +1100
Subject: START MAKING MONEY FROM HOME
Message-ID: <024b58c63e0b$7657d8c3$1ac64de5@wpnprq>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2479 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021028/acc40f85/attachment.txt>

From jya at pipeline.com  Mon Oct 28 04:41:33 2002
From: jya at pipeline.com (John Young)
Date: Mon, 28 Oct 2002 04:41:33 -0800
Subject: Details on lne.com's blocking of Cypherpunks posts??
In-Reply-To: <642850CC-EA1D-11D6-8271-0050E439C473@got.net>
References: <5.1.1.6.2.20021027130311.04bf0190@idiom.com>
Message-ID: <E1866Mt-0001v2-00@tisch.mail.mindspring.net>


Lne has blocked all my messages for about a month, though that is
a small number. A spam rejection is returned.




From paulmoy at hotmail.com  Sun Oct 27 19:55:50 2002
From: paulmoy at hotmail.com (PAUL MOYO)
Date: Mon, 28 Oct 2002 04:55:50 +0100
Subject: RESPONSE
Message-ID: <200210280355.g9S3tfs8017324@ak47.algebra.com>

PAUL MOYO 
E-MAIL: paulmoyo at hotmail.com
ATTN:PRESIDENT/CEO
Dear Sir/Madam, 
               URGENT ASSISTANCE. 
Complements of the season.Grace, Peace and love to you.
I hope my letter does not cause you too much embarrassment
as I write to you in good faith. Please excuse my intrusion
into you business life. 
My name is Paul Moyo, the eldest son of Mr.Dennis Moyo from
the Republic of Zimbabwe. During the current war against
the farmers in Zimbabwe from the supporters of President 
Robert Mugabe,in his effort to chase all the white farmers
out of the country, he ordered all the white farmers to 
surrender their farms to his party members and his Followers.
 My father was one of the most successful farmer in my country,
but he did not support the idea of dispossessing the white
farmers of their land. 
Because of this, his farm was invaded and burnt by government
supporters. In the course of the attack, my father was killed,
and the invaders made away with a lot of items from my FatherÂ’s farm. 
And our family house was utterly destroyed. My mother
died too out of heart attack. 
Before the death of my father, he drew my attention to the sum
of US$6,250,000.00 MILLION, Which he deposited with a Security 
Company in Amsterdam during his tenure as the Finance Minister
of Zimbabwe. 
My sister and I decided to move out of Zimbabwe for our own 
security, because our lives were in danger. We decided to move 
to the Amsterdam, The Netherlands where my father deposited 
this money. Till date, the security company is not aware of the 
content of the consignment because my father used his diplomatic 
immunity as at That time to deposit the consignment as important
personal valuables.I decided to have contact with overseas person/firm
who will assist me to move the money out of Amsterdam. This becomes
necessary because as political asylum seekers, we are not 
allowed to own or operate a bank account. If you accept this proposal, 
you shall receive 20% of the entire amount for assisting us to move 
this money out, 75% of this amount shall be for us, and the remaining 
5% shall be mapped out for expenses incurred in the course of the transaction. 
I want you to immediately confirm your interest in the project
via my E-mail, as soon as I get your response, I will give you
more details on how we can proceed. 
Thanks for your anticipated cooperation. I await your Urgent response.
 
Best regards, 
Paul Moyo.   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nn111.txt
Type: application/octet-stream
Size: 23455 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021028/fcc6f4cb/attachment.obj>

From jya at pipeline.com  Mon Oct 28 05:05:34 2002
From: jya at pipeline.com (John Young)
Date: Mon, 28 Oct 2002 05:05:34 -0800
Subject: What is the truth of the anti war rallys?
In-Reply-To: <002501c27e37$04d6eb10$6501a8c0@VAIO650>
References: <3DBC1B57.8760.24318AD@localhost>
Message-ID: <E1866k7-0001nD-00@tisch.mail.mindspring.net>

<<< No Message Collected >>>




From eugen at leitl.org  Sun Oct 27 23:03:17 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 28 Oct 2002 08:03:17 +0100 (CET)
Subject: False statement: "Since cypherpunks no longer code"
In-Reply-To: <66ACD6FB-EA21-11D6-8271-0050E439C473@got.net>
Message-ID: <Pine.LNX.4.33.0210280759540.14527-100000@hydrogen.leitl.org>


On Sun, 27 Oct 2002, Tim May wrote:

> (I have no idea why Extropy and Transhumantech are being copied on this 
> message (<transhumantech at yahoogroups.com>, extropy 
> <extropians at extropy.org>). Since I know they will bounce my reply, as I 
> am not subscribed to their lists, I will delete them from the 
> distribution.)

Your reply has been forwarded fully.
 
> This is a false statement. A cheap shot, in fact. I will stack the code 
> written by attendees of the recent CP meetings against your code, 
> Eugene, any day. (No offense, Eugene,  but I despise these 
> "fashionable" cheap shots which miss the mark so...cheaply.)

I was basing my statement solely on basis of what has come across this
list. Since you cited current and important work which has not been
visible to list participants I fully retract my statement, and apologize 
for the cheap shot.

(I would code if I could. Not everybody can be a good programmer, 
strangely enough).




From eugen at leitl.org  Sun Oct 27 23:20:29 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 28 Oct 2002 08:20:29 +0100 (CET)
Subject: [silk] I Went Down to the Demonstration... (fwd)
Message-ID: <Pine.LNX.4.33.0210280820120.14527-100000@hydrogen.leitl.org>


---------- Forwarded message ----------
Date: Mon, 28 Oct 2002 08:28:12 +0530
From: Udhay Shankar N <udhay at pobox.com>
To: silklist at lists.vipul.net
Subject: [silk] I Went Down to the Demonstration...

 From John Perry Barlow. Interesting.

Udhay

>---------------------->> -------------------->>>> ------>
>
>100, 000 March in San Francisco. Media Fail to Notice.
>
>So I went down to the demonstration yesterday. Instead of getting my fair 
>share of abuse - the San Francisco police were as non-confrontational as 
>Muppits - I was ignored. Along with anywhere from 50,000 to 150,000 other 
>people.
>
>In spite of its being largest and most demographically diverse 
>demonstration I've seen in a long career of dissent, the closest the Bay 
>Area peace march came to being a national event was a mention on page 8 of 
>the New York Times that thousands had also gathered in San Francisco.
>
>Perhaps if it had turned violent... But probably not. As I said in my last 
>blast, the best way to neutralize us is to pretend that we don't exist. 
>The puzzling question to me is, why are the media going along with George 
>II on this. What the hell is in it for them?
>
>I mean, we know that the war sells papers. William Randolph Hearst, a 
>pioneer in this regard, told his photographer in Cuba - where the 
>battleship Maine  had just exploded, providing the excuse for the 
>Spanish-American War - "You get the pictures. I'll get the war."
>
>But if all you're trying to do is to get and keep public attention, any 
>popular fracas will suffice. I am certain that a lot of people bought the 
>paper today to find out about yesterday's demonstrations. Why couldn't 
>such a modest desire find its gratification? It's weird. I can think of no 
>mechanism by which the White House could directly muzzle the press without 
>someone getting the word out over the Internet. But something is making 
>the media act as if opposition to this war is no big deal.
>
>But from where I was marching, it looked like a big deal, and not simply 
>because everything I'm involved with looks like a big deal to me. This was 
>huge. Let me tell you a little about it, since apparently no one else is 
>going to.
>
>I've been on the road with Mountain Girl Garcia. We have been staying at 
>her daughter Trixie's Julia Morgan house in Oakland and decided to take 
>BART across the Bay rather than experience the agony of looking for a 
>parking place in a city that doesn't have parking places even when nothing 
>unusual is going on in town.  When we got to the north Oakland BART 
>station around 11:00, there was already a line for the ticket machines 
>that snaked half an hour out into the parking lot. The train, when we 
>finally got on it, was breathing room only. There was a line to get out of 
>the station at the Embarcadero.
>
>I'm not keen on being in line, but these experiences were not at all 
>unpleasant. There was a lovely energy among the protesters, who seemed to 
>be of all social sorts. It was not just the usual suspects. There were 
>children, old people, men in suits, as well as people who will never wear 
>a suit. A lot of tweedy academic types. Not so many with darker skins, I 
>regret to say, but some. The only truly common element seemed to be a 
>pleasant civilization.
>
>And there were one hell of a lot of us.
>
>When we finally got up to Market Street around noon, the march had already 
>launched toward the Civic Center. Market was dense with humanity as far as 
>I could see in that direction. We counted several different cross-sections 
>of the moving populace, and the parade seemed to be about 20 people 
>across. Assuming that each phalanx of 20 moved though per second, this 
>would be about 72,000 people per hour. The march continued unabated for at 
>least 2 and a half hours. If our calculations are even a little accurate, 
>this would be over a hundred fifty thousand people who had gathered to 
>protest a war that has barely begun.
>
>I remember the first anti-war protest I ever attended. It was in the fall 
>of 1965 and it took place on Boston Commons. I'd be surprised if there 
>were more than a hundred people there, though they included, as I recall, 
>Howard Zinn and Noam Chomsky. It was not until after Kent State, five 
>years later, that I saw anything like the assembly of protestors I 
>witnessed yesterday.
>
>Furthermore, on that occasion, in May of '70, it seemed that just about 
>everyone filling the Mall in DC looked pretty much like me. We were not 
>The People. Not to say that scruffy, dope-smoking kids weren't well 
>represented in yesterday's march. But they were certainly not the 
>majority, even if you counted the scruffy, dope-smoking seniors like me. 
>Mostly the marchers seemed like Just Plain Folks.
>
>There were some great signs. Like "Impeach the Uber-Goober." Or "No 
>Weapons of Mass Distraction." Or "If Tim McVeigh caused 911, would we bomb 
>Michigan?" Or "Chez Panisse for Peace." Or "Stop The Bushit!" Or "Stay 
>Glued to the TV, You Hysterical, Brainwashed Fool!" One showed a concerned 
>looking whale with a thought balloon that said, "Save the Humans."
>
>It seems important to me that this many Just Plain Folks could come to 
>together on such short notice. It seems important that so many could 
>gather in indignation without any violent or rude behavior. It seems 
>important  to me.
>
>But it's not important to the media. Why?
>
>
>------------------------------------------------>>>>


-- 
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))




From eugen at leitl.org  Sun Oct 27 23:36:31 2002
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 28 Oct 2002 08:36:31 +0100 (CET)
Subject: FC: Privacy villain of the week: DARPA's gait surveillance 
    tech (fwd)
In-Reply-To: <p05111a29b9e26ea04ae7@[66.149.49.6]>
Message-ID: <Pine.LNX.4.33.0210280834260.14527-100000@hydrogen.leitl.org>


On Sun, 27 Oct 2002, R. A. Hettinga wrote:

> Oddly enough, your behavior on the net, even the behavior of a given
> signature in cypherspace, is biometric, as well.

If my traffic is remixed the signature is not linkable to a point of 
origin. The signature emitted is not rich, and can be scrambled in 
principle.




From rah at shipwright.com  Mon Oct 28 06:12:23 2002
From: rah at shipwright.com (R. A. Hettinga)
Date: Mon, 28 Oct 2002 09:12:23 -0500
Subject: FC: Privacy villain of the week: DARPA's gait surveillance 
    tech (fwd)
In-Reply-To: <Pine.LNX.4.33.0210280834260.14527-100000@hydrogen.leitl.or
  g>
References: <Pine.LNX.4.33.0210280834260.14527-100000@hydrogen.leitl.org
  >
Message-ID: <p05111a5eb9e2f61c0bd1@[66.149.49.6]>


At 8:36 AM +0100 on 10/28/02, Eugen Leitl wrote:


> If my traffic is remixed the signature is not linkable to a point of
> origin. The signature emitted is not rich, and can be scrambled in
> principle.

Yes, but the behavior of the signature, the things it does, is biometric.

You can't have persistent reputation otherwise.

Cheers,
RAH

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From eresrch at eskimo.com  Mon Oct 28 09:29:51 2002
From: eresrch at eskimo.com (Mike Rosing)
Date: Mon, 28 Oct 2002 09:29:51 -0800 (PST)
Subject: Confiscation of Anti-War Video
In-Reply-To: <F207QpYnUjYHtm7eyUA000108ac@hotmail.com>
Message-ID: <Pine.GSU.4.44.0210280925220.3069-100000@eskimo.com>


On Mon, 28 Oct 2002, Tyler Durden wrote:

> In antoher context I've wondered about the possibility of wireless,
> near-real-time video upload. With 3G this will cetainly be easy, but I'm
> wondering if there are soft/hard gadgets that can auto-upload stuff.(In
> addition, 3G looks like it's going to roll out in the US only in fits and
> starts over the next bunch of years.)
>
> Ideally, this upload would be made directly to WWW, but upload to a
> safe-haven would certainly be better than nothing (particularly if one does
> not even have any knowledge about where some copies of the upload are
> auto-uploaded to!).
>
> Anyone done anything like this?

You probably can do something like it in Tokyo right now.  There
are lots of cell phones with cameras built in there.  You just press a
button and send it as e-mail.  Not exactly streaming video, but 1 frame
every couple of seconds by 5 people could be done very easily.

I saw 10 year old kids playing with the things.  They were taking pictures
of their noses, and watching their friends on another train send pictures
back.  It felt like I was living in the dark ages coming back to the US!

Patience, persistence, truth,
Dr. mike




From camera_lumina at hotmail.com  Mon Oct 28 07:08:53 2002
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Mon, 28 Oct 2002 10:08:53 -0500
Subject: Confiscation of Anti-War Video
Message-ID: <F207QpYnUjYHtm7eyUA000108ac@hotmail.com>


In antoher context I've wondered about the possibility of wireless, 
near-real-time video upload. With 3G this will cetainly be easy, but I'm 
wondering if there are soft/hard gadgets that can auto-upload stuff.(In 
addition, 3G looks like it's going to roll out in the US only in fits and 
starts over the next bunch of years.)

Ideally, this upload would be made directly to WWW, but upload to a 
safe-haven would certainly be better than nothing (particularly if one does 
not even have any knowledge about where some copies of the upload are 
auto-uploaded to!).

Anyone done anything like this?

T.D.









>>
>We videoed and photoed the demo, but tape and chip were confiscated Sunday
>by the guards at Warrenton Training Center, Site D, near Brandy Station, 
>VA,
>Site D is the global comm center for State and DoD, and reportedly the CIA:
>
>   http://cryptome.org/wtcd-eyeball.htm
>
>I asked if the shoulder of the road was federal property. Their answer: 
>yes.
>

_________________________________________________________________
Choose an Internet access plan right for you -- try MSN! 
http://resourcecenter.msn.com/access/plans/default.asp




From DaveHowe at gmx.co.uk  Mon Oct 28 02:17:25 2002
From: DaveHowe at gmx.co.uk (David Howe)
Date: Mon, 28 Oct 2002 10:17:25 -0000
Subject: Office of Hollywood Security, HollSec
References: <CBF90402-E880-11D6-8271-0050E439C473@got.net>
Message-ID: <020201c27e7b$d7620e40$c71121c2@sharpuk.co.uk>


at Saturday, October 26, 2002 1:18 AM, Tim May <tcmay at got.net> was seen
to say:
> Yes, but check very carefully whether one is in violation of the
> "anti-hacking" laws (viz. DMCA). By some readings of the laws, merely
> trying to break a cipher is ipso fact a violation.
IIRC, you can't be arrested for cracking a cypher unless that cypher is
in use to protect a copyrighted work....




From antivirusupdates at freegasdaily.com  Mon Oct 28 11:30:35 2002
From: antivirusupdates at freegasdaily.com (AntiVirus Updates)
Date: Mon, 28 Oct 11:30:35 2002 -0800
Subject: Protect Your PC with Norton AntiVirus 2002 - 90% Off
Message-ID: <29406594.8622269@mailhost>




Norton SystemWorks 2002 Professional has 6 full-version 
powerful programs to protect your computer. Includes:

  -Norton AntiVirus 2002: 
   Protects your PC from virus threats.

  -Norton Utilities 2002:
   Optimizes PC performance & solves problems.

  -Norton CleanSweep 2002:
   Cleans out Internet clutter.

  -Norton Ghost 2002:
   Clones and upgrades your system easily.

  -GoBack 3 by Roxio:
   Provides quick and easy system recovery.
  
  -WinFax Basic:
   Sends and receives professional-looking faxes.

This incredible Suite of 6 powerful programs is 
available for 90% off the $300+ combined Retail Value!

SystemWorks 2002 Pro will protect your PC against virus 
threats, speed up the performance of your PC, clean out 
Internet clutter, maximize system recovery, clone and
upgrade computers, send and receive faxes & so much 
more! If you are not using Norton products, you are not
using the proven best, most widely used Anti-Virus & 
system recovery software available today! At $29.95 you
can't afford to have anymore computer downtime.

For Full Product Information Visit
http://www.clubape.com/index.cfm/refBy/GI20020913/a/browse/sku/SWN2PC/index.html

  A $300+ Combined Retail Value for Only...$29.95
                FREE SHIPPING
  We also give you ONE FREE year of online updates

ORDER NOW with FREE SHIPPING, before supplies run out
http://www.clubape.com/index.cfm/a/adv/refBy/GI20020913/sku/SWN2PC/index.html

Without the protection Norton offers, you will lose 
valuable data & time! Order now, & get your computer
running 100% safe and effectively

=========================================================
Terms: To offer you this incredible pricing, this item 
does not include retail boxes or manuals. You still 
receive the original CD-ROM product which qualifies 
for registration & one full year of updates and upgrades. 
Online documentation is viewable via the CD or from the 
Symantec web site.


=================================================








This is brought to you by FreeGasDaily. You are receiving this because of your 
participation in the FREE GAS FOR LIFE sweepstakes. If you feel this has reached 
you in error or if you would no longer like to be eligible and would like to stop 
receiving offers from us, please visit http://www.freegasdaily.com and click 
on unsubscribe. Thank you.
 
 
 
 
 
 
 
c&y&p&h&e&r&p&u&n&k&s&%m&i&n&d&e&r&~n&e&t&




From jgumsexxydumpme96556456 at sinoaus.com  Mon Oct 28 10:29:48 2002
From: jgumsexxydumpme96556456 at sinoaus.com (AMila)
Date: Mon, 28 Oct 2002 13:29:48 -0500
Subject: MatuireXroti.ca free yfxrd
Message-ID: <200210281832.g9SIWlgf050913@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1901 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021028/bee06526/attachment.txt>

From rabbi at abditum.com  Mon Oct 28 15:02:59 2002
From: rabbi at abditum.com (Len Sassaman)
Date: Mon, 28 Oct 2002 15:02:59 -0800 (PST)
Subject: False statement: "Since cypherpunks no longer code"
In-Reply-To: <66ACD6FB-EA21-11D6-8271-0050E439C473@got.net>
Message-ID: <Pine.LNX.4.30.QNWS.0210281456500.11247-100000@thetis.deor.org>


On Sun, 27 Oct 2002, Tim May wrote:

> On Sunday, October 27, 2002, at 02:20  PM, Eugen Leitl wrote:
> > Political decisions could kill the demand driving development. Cheapest
> > way for the fringe is to inform and develop countermeasures. Since
> > cypherpunks no longer code, spreading information should have priority.
>
> This is a false statement. A cheap shot, in fact. I will stack the code
> written by attendees of the recent CP meetings against your code,
> Eugene, any day. (No offense, Eugene,  but I despise these
> "fashionable" cheap shots which miss the mark so...cheaply.)

I'm somewhat surpised that you didn't mention the ring signature program
whose source code was posted anonymously to this list a few months ago,
Tim. I'm slightly less surprised that Eugene missed it.

http://www.abditum.com/~rabbi/ringsig/

> CodeCon, earlier this year, was a smashing success.

Thank you. :)

I think that this year's CodeCon will prove that lots of interesting code
is still being written. I'm rather excited about our current program
lineup, and we haven't yet stopped accepting submissions.


--Len.




From charles at lucas.net  Mon Oct 28 22:44:30 2002
From: charles at lucas.net (Charles Lucas)
Date: Mon, 28 Oct 2002 22:44:30 -0800
Subject: Confiscation of Sensitive Video
In-Reply-To: <20021028232913.GG26802@pig.die.com>
Message-ID: <HFEMLAMGAMHJKGFENKOLEEOLCJAA.charles@lucas.net>


I recently had a discussion about this with some local folks...

We dreamed up a scheme something like this:

N number of people with broadcast cameras.
N or less people with receiving "buffer" backpacks.
A few basestations, which could be housed in a local building, or in a
parked vehicle with some sort of uplink.

The camera people would roam around shooting video, with no memory buffer,
broadcasting on set channels/frequencies.

The backpackers would be running around with receivers, recording from one
or more cameras.  When the backpack buffer/HD is nearing full, the
backpacker would move within ranger of a basestation, dump their buffer,
then move back towards the cameras.

The basestation would then upload the video to some site on the net, which
would re-distribute to multiple locations, ensuring the survival of the
captured video.

Goal:

To capture and distribute video in such a fashion that confiscation of the
camera and other equipment will not result in confiscation of captured
video.

Considerations:

All the hardware, especially the cameras, should be as small and cheap as
possible, with the caveat that we need to capture decent quality video.  The
cameras are the most susceptible to being confiscated, and should
essentially be treated as disposable.

Cell phones are the most reliable method of data transfer in cities, but
have limited bandwidth.  Per-minute charges would make this option
impractical pretty quickly as well.

Un-boosted unidirectional 802.11 has a limited range (about 100 feet, or one
city block).  The hardware tends to be expensive, and generally requires a
full computer to operate.  Probably too expensive for "disposable" cameras,
although a solution could theoretically be worked out.

The best option for now would seem to be cheap cameras, either of the X10
variety, or something cobbled together by hand that broadcast on standard
analog frequencies.  The cameras could each broadcast on a different
frequency, and the backpackers could have multiple recievers, with more than
one backpacker set to receive each camera, for redundancy.

The backpacks could receive a few analog radio channels (one per camera),
convert the stream to a compressed video format, and buffer on a hard drive.
When in range of a designated 802.11 receiver, dump the video as quickly as
possible.

Inter-unit communication is a difficulty.  With the receivers having only
about a one-block range, the cameras have to have some way of telling the
backpackers their location, or notifying them if something interesting is
happening some distance away.  Portable radios would be useable, but would
be open to interception and require visible landmarks.  If a practical way
could be found to have cheap 802.11 between the cameras and backpacks, the
cameras could broadcast their GPS coordinates, allowing backpackers to keep
within range.

Power is a major concern, as batteries are neither light, nor cheap.  I have
no feeling at this point for how long you could run a camera and a radio
transmitter, or a backpack receiver/transmitter off of what type(s) of
batteries.  This could be a real limiting factor.

The weak points are the basestations.  If they can be taken out, the
operation falls apart.

Plausible deniability isn't really possible with this setup.  Everyone
pretty much knows who all is involved, and has to keep in contact with each
other in order to capture video optimally.  I would see this setup being
used by above-board organizations, such as Indymedia or similar groups.  It
would mainly be useful for video capture in large urban protests, like the
ones surrounding the Seattle WTO conference.

Any more thoughts/suggestions around these areas?




From mseedev at yahoo.com  Tue Oct 29 06:19:41 2002
From: mseedev at yahoo.com (Mark Szewczul)
Date: Tue, 29 Oct 2002 06:19:41 -0800 (PST)
Subject: fuel cells on planes, why bother?
In-Reply-To: <3DBDAB32.8E92B112@cdc.gov>
Message-ID: <20021029141941.78968.qmail@web9608.mail.yahoo.com>


on AA, if you look down between the seats, on the
armrest base, there is a little connector there that
gives out 12V and looks remarkably like the cigarette
lighter plug in your car!  Use that people..and
pressure your airlines to install more (First class
gets the AC plug to boot), or threaten them that as
you refill your fuelcel in flight, that the bumpy ride
will make you spill some and people will think you are
trying to start a fire.  
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/




From hefrod38 at hotmail.com  Tue Oct 29 04:32:03 2002
From: hefrod38 at hotmail.com (hefrod38 at hotmail.com)
Date: Tue, 29 Oct 2002 07:32:03 -0500
Subject: Friend, Professional automated homebusiness
Message-ID: <E186VXP-0003Dq-00@ns.3kweb.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1870 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021029/8fdc5f0e/attachment.txt>

From ttotten1 at aol.com  Tue Oct 29 05:16:47 2002
From: ttotten1 at aol.com (ttotten1 at aol.com)
Date: Tue, 29 Oct 2002 08:16:47 -0500
Subject: Get A Thicker Penis Today!
Message-ID: <195612091630.IAA153696@oris.renib.cl>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1304 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021029/21887b73/attachment.txt>

From mv at cdc.gov  Tue Oct 29 09:02:42 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Tue, 29 Oct 2002 09:02:42 -0800
Subject: Warning.. Warning.. *bleep*
Message-ID: <3DBEBF31.3955B078@cdc.gov>


At 10:23 PM 10/28/02 -0000, Axolotl2 wrote:
>On Sat, 26 Oct 2002 17:59:17 +1300 (NZDT), you wrote:
>>
>
>> >Next in the series:
>> >"FBI warns bouncy castles may be targeted"
>>
>> Nahh, "FBI warns buses may be targeted, leading to late or missed
buses".
>>
>
>The primary targets will likely be places where citizen concealed carry
is prohibited, for citizen
>safety, of course.

And video cameras are present.  I'm voting for simultaneous
explosions (on rides?) in 2 or more DisneyUniversalAdNauseum Parks.

A week after the bombings start, eh?

---
We have always been at war with... whoever




From mv at cdc.gov  Tue Oct 29 09:05:23 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Tue, 29 Oct 2002 09:05:23 -0800
Subject: The Multiple Dave Emerys
Message-ID: <3DBEBFD3.F496E3B2@cdc.gov>


At 10:19 PM 10/28/02 -0500, Dave Emery wrote:
>On Mon, Oct 28, 2002 at 09:32:48PM -0500, Tyler Durden wrote:
>> Any chance this is the same Dave Emery who does the radio broadcasts?
(I
>> listen from WFMU). If so, man! If a tiny fraction of the stuff you
have
>> said over the years is true, well...brrr.
>
> Sorry, a completely unrelated east coast David Emery.  Never
>met the west coast radio personality, though it is possible we share
>some opinions...

And probably are on some of the same Lists... which confuses the
Listmakers no end...

:-)




From mv at cdc.gov  Tue Oct 29 09:07:06 2002
From: mv at cdc.gov (Major Variola (ret))
Date: Tue, 29 Oct 2002 09:07:06 -0800
Subject: Confiscation of Sensitive Video
Message-ID: <3DBEC03A.A959966C@cdc.gov>


At 10:44 PM 10/28/02 -0800, Charles Lucas wrote:
>Goal:
>
>To capture and distribute video in such a fashion that confiscation of
the
>camera and other equipment will not result in confiscation of captured
>video.

I dare you to call your system "E-Jazeera"




From mdpopescu at subdimension.com  Tue Oct 29 01:36:03 2002
From: mdpopescu at subdimension.com (Marcel Popescu)
Date: Tue, 29 Oct 2002 11:36:03 +0200
Subject: Confiscation of Anti-War Video
References: <F504A8CEE925D411AF4A00508B8BE90A041BAEDF@exna07.securitydyn
  amics.com>
Message-ID: <092d01c27f2e$a26e3570$0300a8c0@mark>


From: "Trei, Peter" <ptrei at rsasecurity.com>

> (my Microsoft email software will of course mangle the URL:)
>
http://www.fuelcelltoday.com/FuelCellToday/IndustryInformation/IndustryInfor
> mationExternal/NewsDisplayArticle/0,1471,1888,00.html

1. TinyURL: http://tinyurl.com/2a70
2. MakeAShorterLink: http://makeashorterlink.com/?S58512542
3. Put it between brackets:
[http://www.fuelcelltoday.com/FuelCellToday/IndustryInformation/IndustryInfo
rmationExternal/NewsDisplayArticle/0,1471,1888,00.html]

Ok, I'm not very sure about the last one... but I read that it works.

Mark




From tcmay at got.net  Tue Oct 29 18:51:00 2002
From: tcmay at got.net (Tim May)
Date: Tue, 29 Oct 2002 18:51:00 -0800
Subject: A non-political issue
In-Reply-To: <edc8f9b5f21689c5b3cb9e1dd3a6d8c3@cypherpunks.to>
Message-ID: <6C09D9FC-EBB2-11D6-A13B-0050E439C473@got.net>


On Tuesday, October 29, 2002, at 04:34  PM, Anonymous via the 
Cypherpunks Tonga Remailer wrote:

> (possible duplicate message)
>
> What technology is available to create a 2048-bit RSA key pair so that:
>
> 1 - the randomness comes from quantum noise

Clicks from a Geiger Counter, Johnson noise, etc. are quantum-based 
events. Feed them into a file to be used for PGP, and voila.

>
> 2 - no one knows the secret part,

Set up a script to copy the private part of the PGP key onto a diskette 
or whatever. Erase the private key from the computer.

Or move the entire computer into the box in #3.

>
> 3 - The secret part is kept in the "box" and it is safe as long as the 
> box is physically secured (expense of securing the box is a don't 
> care).

Lock the above diskette in the box. Or the computer in the box.

>
> 4 - "box" can do high-speed signing (say, 0.1 mS per signature) over 
> some kind of network interface

I don't know about this. Others can say whether today's CPUs can do key 
signings in 0.1 mS.

>
> 5 - you can reasonably convince certain people (that stand to lose a 
> lot and have huge resources) in 1, 2, 3 and 4.

Less doable. Fakery is easy. Even if they personally witnessed the 
above procedures, all sorts of subliminal channels or other sleight of 
hand tricks could be done.



>
> 6 - The operation budget is around $1m (maintenance not included).
>
> 7 - attacker's budget is around $100m
>
> 8 - the key must never be destroyed, so backup is essential.

Backup in the same box? Easy for someone to sabotage or destroy. Or 
steal.

>
> In other words, convincing translation of a crypto problem into 
> physical security problem.
>
>
> It looks like the key gets created on the same box(es) on which it is 
> stored, which all interested parties inspected to any desireable 
> level. Once everyone is comfortable the button gets pressed to 
> create/distribute the key, and then you put goons with AKs around the 
> boxes and pray that no one fucked with the microprocessor ... this may 
> mean buying the components at random.

Good luck.


--Tim May
-- 
Timothy C. May         tcmay at got.net        Corralitos, California
Political: Co-founder Cypherpunks/crypto anarchy/Cyphernomicon
Technical: physics/soft errors/Smalltalk/Squeak/ML/agents/games/Go
Personal: b.1951/UCSB/Intel '74-'86/retired/investor/motorcycles/guns
Recent interests: category theory, toposes, algebraic topology




From kelsey.j at ix.netcom.com  Tue Oct 29 16:13:52 2002
From: kelsey.j at ix.netcom.com (John Kelsey)
Date: Tue, 29 Oct 2002 19:13:52 -0500
Subject: Confiscation of Anti-War Video
In-Reply-To: <016C21F3-EAB0-11D6-8271-0050E439C473@got.net>
References: <F504A8CEE925D411AF4A00508B8BE90A041BAEDE@exna07.securitydy 
  namics.com>
Message-ID: <4.1.20021029183905.00a37e10@pop.ix.netcom.com>


At 12:01 PM 10/28/02 -0800, Tim May wrote:

...
>By the way, there are perfectly good fixes to the current hysteria 
>about things carried on board planes. Besides the obvious absurdity of 
>issuing alarms when fingernail clippers are found (but ignoring razor 
>sharp edges in things like laptops with metal cases!), there are many 
>fixes which can be applied:

I think the best fix is to accept that a determined suicidal attacker will
probably manage to bring down the plane, but make sure that's the worst he
can do.  That removes the externality problem.  The current algorithm for
this is some combination of pilots being told not to go along with
hijackers' demands, and maybe some chance of getting a military jet in
place to shoot the hijacked plane down, if it is taken over by the
hijackers.  (It seems like this wouldn't be practical most of the time,
e.g., if someone takes over the plane as it's approaching landing, there
probably wouldn't be anyone in place to shoot in time.  And faster response
time means less time to discover a mistake.)  

I've heard of an idea for a mechanism for putting some kind of
remote-control piloting mechanism on the plane, so that it can be taken
over from the ground.  This adds new attack points, but it might be
workable.  And of course, rockets have long had self-destruct mechanisms;
presumably, there's stuff off the shelf from NASA or the DoD that does this
with some reasonable level of security.  (This last one would be
politically unacceptable, but it's not really all that different from
having a fighter shoot the hijacked plane down.)   Both of these introduce
a bunch of new vulnerabilities, though.  

Your list left out the obvious technique, which I think is more-or-less
used by El Al:  Screen your passengers really well, probably using secret
databases, various kinds of racial profiling, etc.  Routinely turn
passengers away, or make boarding the plane such an ordeal that they elect
not to fly anymore.  (One of the many problems with this is that most
flights are within the US; make flying sufficiently nasty, and people will
take trains, busses, or their own cars.  I think this is already happening
a great deal, which is one reason most airlines are doing so poorly.)  

...
>4. Finally, market solutions are usually best. Any of the above could 
>be implemented. If customers feel safer with a different baggage 
>policy, they'll pick it. 
...

I can't imagine this being done in practice, but I wish it were.  The
problem *is* an externality, but not the one you pointed out.  Politicians
in office right now will be blamed if there's another hijacking.  So if I
choose to fly Allahu Akbar Airlines for the short security checking lines,
I get the benefit, but part of the cost lands on incumbent congressmen and
the President.  And those incumbents, unlike most people who get stuck with
such costs, have the power to do something about it.  (Something pretty
similar happens with the FDA, right?  If you get the new cancer drug a year
earlier, you get all the benefit (maybe you get to go on living); the FDA
gets the added risk of their being some horrible side effect.  So they
force a different trade-off on you than you'd prefer.)      

>--Tim May
 --John Kelsey, kelsey.j at ix.netcom.com // jkelsey at certicom.com




From brian at pc-radio.com  Tue Oct 29 16:28:42 2002
From: brian at pc-radio.com (Brian McWilliams)
Date: Tue, 29 Oct 2002 19:28:42 -0500
Subject: Is password guessing legal? 
In-Reply-To: <3DBDAD50.5C7C4264@cdc.gov>
Message-ID: <5.1.1.6.2.20021029155008.0409ce60@mail-dnh.mv.net>


At 04:34 PM 10/28/2002, Major Variola (ret) wrote:
> >The e-mails sent to press at uruklink.net were obtained earlier this month
>by first clicking on a link labeled "Check your e-mail in Uruk" on the
>homepage of Iraq's state-controlled ISP, Uruklink.net, then guessing the
>login name and password -- both of which were the same five-letter word.
><
>
>Did that Wired reporter just admit to a crime?
>
>http://wired.com/news/conflict/0,2100,55967,00.html

What if he did?

B.




From DaveHowe at gmx.co.uk  Tue Oct 29 11:31:01 2002
From: DaveHowe at gmx.co.uk (David Howe)
Date: Tue, 29 Oct 2002 19:31:01 -0000
Subject: Is password guessing legal? 
References: <3DBDAD50.5C7C4264@cdc.gov>
Message-ID: <0aa901c27f81$bda96820$c71121c2@sharpuk.co.uk>


at Monday, October 28, 2002 9:34 PM, Major Variola (ret) <mv at cdc.gov>
was seen to say:
> Did that Wired reporter just admit to a crime?  Does it matter that
> the site is overseas?  That they're "Evil(tm)"??
nope, hacking into overseas servers is officially not a crime in the
US - after that fbi-russia thing.
well, you have a precident anyhow :)




From eresrch at eskimo.com  Tue Oct 29 19:58:17 2002
From: eresrch at eskimo.com (Mike Rosing)
Date: Tue, 29 Oct 2002 19:58:17 -0800 (PST)
Subject: A non-political issue
In-Reply-To: <edc8f9b5f21689c5b3cb9e1dd3a6d8c3@cypherpunks.to>
Message-ID: <Pine.GSU.4.44.0210291941180.4449-100000@eskimo.com>





From adam at homeport.org  Tue Oct 29 19:43:20 2002
From: adam at homeport.org (Adam Shostack)
Date: Tue, 29 Oct 2002 22:43:20 -0500
Subject: A non-political issue
In-Reply-To: <edc8f9b5f21689c5b3cb9e1dd3a6d8c3@cypherpunks.to>
References: <edc8f9b5f21689c5b3cb9e1dd3a6d8c3@cypherpunks.to>
Message-ID: <20021030034320.GA7547@lightship.internal.homeport.org>


On Wed, Oct 30, 2002 at 01:34:12AM +0100, Anonymous via the Cypherpunks Tonga Remailer wrote:
| (possible duplicate message)
| 
| What technology is available to create a 2048-bit RSA key pair so that:
| 
| 1 - the randomness comes from quantum noise
| 
| 2 - no one knows the secret part,
| 
| 3 - The secret part is kept in the "box" and it is safe as long as the box is physically secured (expense of securing the box is a don't care).
| 
| 4 - "box" can do high-speed signing (say, 0.1 mS per signature) over some kind of network interface
| 
| 5 - you can reasonably convince certain people (that stand to lose a lot and have huge resources) in 1, 2, 3 and 4.
| 
| 6 - The operation budget is around $1m (maintenance not included).
| 
| 7 - attacker's budget is around $100m
| 
| 8 - the key must never be destroyed, so backup is essential.
| 
| In other words, convincing translation of a crypto problem into physical security problem.
| 
| 
| It looks like the key gets created on the same box(es) on which it
| is stored, which all interested parties inspected to any desireable
| level. Once everyone is comfortable the button gets pressed to
| create/distribute the key, and then you put goons with AKs around the
| boxes and pray that no one fucked with the microprocessor ... this may
| mean buying the components at random.  

Look at NCipher, and host in the Bunker.  

Adam




-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume




From jason at lunkwill.org  Tue Oct 29 15:49:21 2002
From: jason at lunkwill.org (Jason Holt)
Date: Tue, 29 Oct 2002 23:49:21 +0000 (UTC)
Subject: patent free(?) anonymous credential system pre-print
Message-ID: <Pine.LNX.4.44.0210292348140.5224-100000@potato.zayda.com>



I've submitted a pre-print of my anonymous credential system to the IACR
ePrint server.  Thanks to all of you who responded to the questions I posted
here while working on it.  I'd love to hear feedback from any and all before I
sumbit it for publication; particularly, I want to make sure I haven't
forgotten to give proper attribution for any previous work.

http://eprint.iacr.org/2002/151/

It mentions how to use the blinding technique Ben Laurie describes in his
Lucre paper, which I don't think has been mentioned in the formal literature,
and also describes what I call a non-interactive cut and choose protocol which
is new AFAICT.  Thanks again!

                                        -J





From nobody at cypherpunks.to  Tue Oct 29 16:34:12 2002
From: nobody at cypherpunks.to (Anonymous via the Cypherpunks Tonga Remailer)
Date: Wed, 30 Oct 2002 01:34:12 +0100 (CET)
Subject: A non-political issue
Message-ID: <edc8f9b5f21689c5b3cb9e1dd3a6d8c3@cypherpunks.to>


(possible duplicate message)

What technology is available to create a 2048-bit RSA key pair so that:

1 - the randomness comes from quantum noise

2 - no one knows the secret part,

3 - The secret part is kept in the "box" and it is safe as long as the box is physically secured (expense of securing the box is a don't care).

4 - "box" can do high-speed signing (say, 0.1 mS per signature) over some kind of network interface

5 - you can reasonably convince certain people (that stand to lose a lot and have huge resources) in 1, 2, 3 and 4.

6 - The operation budget is around $1m (maintenance not included).

7 - attacker's budget is around $100m

8 - the key must never be destroyed, so backup is essential.

In other words, convincing translation of a crypto problem into physical security problem.


It looks like the key gets created on the same box(es) on which it is stored, which all interested parties inspected to any desireable level. Once everyone is comfortable the button gets pressed to create/distribute the key, and then you put goons with AKs around the boxes and pray that no one fucked with the microprocessor ... this may mean buying the components at random.




From xxxdirtygirlz at xxxteenzoo.com  Tue Oct 29 17:57:13 2002
From: xxxdirtygirlz at xxxteenzoo.com (Exxxtremely Dirty)
Date: Wed, 30 Oct 2002 01:57:13 -0000
Subject: Girls Getting It On With Animals!?!
Message-ID: <1mtm17$2r4pv4@ex13.essoc.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1451 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021030/9a5a0072/attachment.txt>

From ESavers at usairways.com  Wed Oct 30 00:00:01 2002
From: ESavers at usairways.com (ESavers at usairways.com)
Date: Wed, 30 Oct 2002 02:00:01 -0600
Subject: US Airways' Domestic E-Savers
Message-ID: <200210300813.g9U8DRan026529@ak47.algebra.com>


Dear E-Savers Subscriber,

US Airways is pleased to present this weekend's Domestic E-Savers offers:

************************************************************
1. This Weekend's Domestic E-Savers
2. Save $100 on Ski Vacations -- Only Two Days Left!
3. Last-Minute Hotel Deals
4. Dividend Miles Offers
5. E-Savers Fare Requirements
6. Subscription Information

************************************************************
1. THIS WEEKEND'S DOMESTIC E-SAVERS
************************************************************

Here are this week's E-Savers for travel departing Saturday, November 2 and returning Sunday, November 3; Monday, November 4; or Tuesday, November 5.

For travel this weekend, make your reservations online at 
http://www.usairways.com/promotions/esavers/offer_2.htm 
These special fares can also be purchased by calling 1-888-359-3728. Tickets must be purchased at the time of reservation.

                                                    ROUNDTRIP
FROM:                     TO:                       FARE:
-------------------------------------------------------------
Albany, NY                Philadelphia, PA          $118 

Atlanta, GA               Boston, MA                $148 (C)

Baltimore, MD             Charlotte, NC             $148 
Baltimore, MD             New York LaGuardia, NY    $128 (*)(#1)

Boston, MA                Pittsburgh, PA            $148 
Boston, MA                San Francisco, CA         $228 (C)

Charlotte, NC             Columbus, OH              $148 
Charlotte, NC             Dallas/Ft. Worth, TX      $158 
Charlotte, NC             Los Angeles, CA           $228 
Charlotte, NC             Memphis, TN               $138 (*)
Charlotte, NC             Miami, FL                 $158 (*)
Charlotte, NC             Providence, RI            $148 
Charlotte, NC             St. Louis, MO             $158 

Chicago O'Hare, IL        Greensboro, NC            $148 (C)

Cleveland, OH             Charlotte, NC             $148 

Columbus, OH              West Palm Beach, FL       $148 (C)

Dallas/Ft. Worth, TX      Washington National, DC   $148 (C)

Denver, CO                Charlotte, NC             $188 

Detroit, MI               Philadelphia, PA          $138 

Greensboro, NC            Pittsburgh, PA            $138 

Greenville/Spart., SC     New York LaGuardia, NY    $138 (#5)

Hartford, CT              Pittsburgh, PA            $128 

Houston, TX               Washington Dulles, DC     $158 (C)

Indianapolis, IN          New York LaGuardia, NY    $128 (#5)

Kansas City, MO           Charlotte, NC             $148 

Los Angeles, CA           Washington National, DC   $218 (C)

Memphis, TN               Charlotte, NC             $138 (*)

Miami, FL                 Charlotte, NC             $158 (*)

Milwaukee, WI             Washington National, DC   $138 (C)

Minneapolis/St. Paul, MN  New York LaGuardia, NY    $168 (C)

Nashville, TN             Baltimore, MD             $138 (C)

New Orleans, LA           Washington National, DC   $148 

New York LaGuardia, NY    Baltimore, MD             $128 (*)(#1)
New York LaGuardia, NY    Charlotte, NC             $168 
New York LaGuardia, NY    Rochester, NY             $118 (#2)

Newark, NJ                Denver, CO                $188 (C)

Norfolk, VA               San Francisco, CA         $228 (C)

Philadelphia, PA          Atlanta, GA               $138 
Philadelphia, PA          Burlington, VT            $128 
Philadelphia, PA          Houston, TX               $168 
Philadelphia, PA          Minneapolis/St. Paul, MN  $168 
Philadelphia, PA          Rochester, NY             $128 
Philadelphia, PA          San Francisco, CA         $238 

Pittsburgh, PA            Atlanta, GA               $138 
Pittsburgh, PA            Denver, CO                $218 
Pittsburgh, PA            Houston, TX               $168 
Pittsburgh, PA            Phoenix, AZ               $218 
Pittsburgh, PA            San Francisco, CA         $228 
Pittsburgh, PA            White Plains, NY          $128 (#4)

Portland, ME              Washington National, DC   $138 (#8)

Providence, RI            Phoenix, AZ               $218 (C)

Raleigh/Durham, NC        Dallas/Ft. Worth, TX      $148 (C)

Richmond, VA              Philadelphia, PA          $128 

Rochester, NY             Charlotte, NC             $148 

San Francisco, CA         Atlanta, GA               $198 (C)

St. Louis, MO             Philadelphia, PA          $148 (#5)

Syracuse, NY              Boston, MA                $118 (#3)

Washington Dulles, DC     Charlotte, NC             $148 

Washington National, DC   Greensboro, NC            $138 (#7)
Washington National, DC   Knoxville, TN             $128 (#6)

West Palm Beach, FL       Washington National, DC   $158 

White Plains, NY          Washington National, DC   $128 (#7)


Roundtrip purchase required.

(*) Indicates available for travel originating in either city
(C) Indicates travel requires a connecting flight
(#) Indicates travel is wholly on US Airways Express, served by the following carriers:
    1. Allegheny
    2. Allegheny/Chautauqua
    3. Allegheny/Colgan
    4. Allegheny/Mesa/Piedmont
    5. Chautauqua
    6. Mesa/PSA
    7. Piedmont
    8. PSA
   
Fares shown are based on roundtrip Coach travel on US Airways/US Airways Express, during the period specified above. Depending upon your travel needs, alternative routings may be available at the same fares, with part of the service on regional aircraft operated by US Airways Express carriers Allegheny, Air Midwest, CCAIR, Chautauqua, Colgan, Mesa, Piedmont, PSA, Shuttle America or Trans States.

************************************************************
2. SAVE $100 ON SKI VACATIONS -- ONLY TWO DAYS LEFT!
************************************************************

Hit the slopes in Colorado this winter with US Airways Vacations, and save $100 per reservation when booking online. Purchase your vacation by Thursday, October 31, 2002 and travel through March 31, 2003. Visit 
http://www.usairwaysvacations.com 
to plan your ski vacation today.

************************************************************
3. LAST-MINUTE HOTEL DEALS
************************************************************

US Airways has teamed up with hoteldiscounts.com to offer E-Savers subscribers great discounts at hotels in this weekend's E-Savers destinations. Simply visit 
http://www.hoteldiscounts.com/usairways/index.html 
and click on the E-Savers destination you're planning to visit. hoteldiscounts.com will list a variety of hotels offering a wide range of rates for you to choose from. Book your room online or call hoteldiscounts.com directly at 1-800-645-6144. 

Here's a sample of this week's special rates from hoteldiscounts.com:

Boston from       $65.95
Columbus from     $59.95
Miami from        $49.95
Pittsburgh from   $49.95
St. Louis from    $49.95

************************************************************
4. DIVIDEND MILES OFFERS
************************************************************

Did you know you could earn thousands of Dividend Miles when you buy, sell, and/or finance your home or obtain an auto loan through LendingTree? It's one of the most generous mileage offers around. Visit http://www.lendingtree.com/usairways/default.asp?source=esavers 
for complete details.

Already a Dividend Miles member? You can earn triple miles on every US Airways Shuttle flight you fly through December 31, 2002. Plus, your bonus miles will count towards earning Preferred status. Register before you take your next US Airways Shuttle flight at 
http://www.usairways.com/dividendmiles/5236.htm

Reminder: Make sure your Dividend Miles account number is in your E-Savers reservation, so you can earn miles for worldwide award travel on US Airways and our partners. To enroll in Dividend Miles, go to http://www.usairways.com/
To earn even more miles, book E-Savers using your US Airways Dividend Miles Visa card. To apply for the Dividend Miles Visa card issued by Bank of America, please visit us at 
http://www.usairways.com/dmcreditcards

Please note:  Mileage bonus for booking online does not apply to E-Savers.  

************************************************************
5. E-SAVERS FARE REQUIREMENTS
************************************************************

- Restrictions: Seats are limited and are not available on all flights/days. Fares cannot be combined with other fares, discounts, promotions or coupons. Travel must begin and end in the same city. One-way travel, stopovers, waitlisting and standbys are not permitted. Tickets must be purchased at the time of reservation. Fares will not be honored retroactively or in conjunction with the exchange of any partially used ticket.

- Travel: Depart Saturday, 11/2/02, and return Sunday, Monday or Tuesday, 11/3-11/5/02.

- Taxes/Fees: Fares do not include a $3 federal excise tax which will be imposed on each flight segment of your itinerary. A flight segment is defined as a takeoff and a landing. Fares for Canada do not include total government-imposed taxes and fees of up to $65. Depending on the itinerary, passenger facility charges of up to $18 and the September 11th Security Fee of up to $10 may apply in addition to the fare. 

- Changes: Tickets become non-refundable 24 hours after making initial reservation, and may be changed prior to the departure of each flight segment for a minimum $100 fee. If changes are not made prior to the departure date/time of each flight, the entire remaining ticket will have no further value.

- Miscellaneous: Lower fares may be available in these markets. Other conditions apply.

************************************************************
6. SUBSCRIPTION INFORMATION
************************************************************

This is a post-only mailing sent to CYPHERPUNKS at ALGEBRA.COM. If you would like to change your e-mail address, you will need to unsubscribe and resubscribe at the E-Savers Enrollment page:
http://www.usairways.com/promotions/esavers/enroll/index.htm

To unsubscribe from this list, please click here:
http://www.usairways.com/cgi-bin/delete.cgi?email=CYPHERPUNKS at ALGEBRA.COM

To change your departure city preferences, please visit:
http://www.usairways.com/promotions/esavers/enroll/index.htm

Please do not respond to this message.


Copyright US Airways 1996-2002.  All rights reserved.







From sfurlong at acmenet.net  Wed Oct 30 04:26:40 2002
From: sfurlong at acmenet.net (Steve Furlong)
Date: Wed, 30 Oct 2002 07:26:40 -0500
Subject: A non-political issue
In-Reply-To: <edc8f9b5f21689c5b3cb9e1dd3a6d8c3@cypherpunks.to>
References: <edc8f9b5f21689c5b3cb9e1dd3a6d8c3@cypherpunks.to>
Message-ID: <200210300726.40463.sfurlong@acmenet.net>


On Tuesday 29 October 2002 19:34, Anonymous via the Cypherpunks Tonga 
Remailer wrote:
> What technology is available to create a 2048-bit RSA key pair so
> that:
>
> 2 - no one knows the secret part,
>
> 3 - The secret part is kept in the "box" and it is safe as long as
> the box is physically secured (expense of securing the box is a don't
> care).
>
> 8 - the key must never be destroyed, so backup is essential.

2 and 8 seem to be contradictory. Unless you just back up on the box, as 
Tim mentioned. That's not much of a backup.

If you're treating this box as an unrepairable black box, you'd just 
throw it away and use a new one if it broke. That would technically 
meet these requirements, but it would require sending out the public 
keys occasionally and it would make it possible for Fred to 
fraudulently sign a message and claim it came from one of the 
replacement boxes. If there were a single, eternal signing box he 
wouldn't be able to get away with that.

-- 
Steve Furlong    Computer Condottiere   Have GNU, Will Travel

Vote Idiotarian --- it's easier than thinking




From schear at attbi.com  Wed Oct 30 09:06:11 2002
From: schear at attbi.com (Steve Schear)
Date: Wed, 30 Oct 2002 09:06:11 -0800
Subject: the police state vs. jury nullification
In-Reply-To: <3DBFF316.8B141C0F@cdc.gov>
Message-ID: <5.1.0.14.2.20021030090510.042e3228@mail.attbi.com>


At 06:56 AM 10/30/2002 -0800, you wrote:
>South Dakota measure backs 'nullification' -
>
>http://www.latimes.com/news/nationworld/nation/la-na-jury30oct30.story


See also:
http://www.ncpa.org/iss/leg/2002/pd082702b.html
http://www.mapinc.org/drugnews/v02/n1591/a01.html?999
http://www.freecongress.org/commentaries/021016PW.asp




From Subscriber_Services78049 at jersey.net  Wed Oct 30 08:26:02 2002
From: Subscriber_Services78049 at jersey.net (WALL STREET BULLETIN..46812)
Date: Wed, 30 Oct 2002 10:26:02 -0600
Subject: NEW STOCK PICK: NNCO - LAST PICK UP 300% IN JUST 2 DAYS...................................................................................................................................................................................................... wiix
Message-ID: <200210301626.g9UGPxgf039689@locust.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 760 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021030/f333d567/attachment.txt>

From mseedev at yahoo.com  Wed Oct 30 13:46:11 2002
From: mseedev at yahoo.com (Mark Szewczul)
Date: Wed, 30 Oct 2002 13:46:11 -0800 (PST)
Subject: UNSUBSCRIBE
Message-ID: <20021030214611.65044.qmail@web9602.mail.yahoo.com>


__________________________________________________
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/




From selectfree at lists.tilw.net  Wed Oct 30 15:03:31 2002
From: selectfree at lists.tilw.net (Select Free Offers)
Date: Wed, 30 Oct 2002 15:03:31 PST
Subject: Lose 22.5lbs in 3 weeks for FREE!
Message-ID: <30100200018$103342253612788$1177514932$0@sonic3.tilw.net>

At Last-- You can flush away excess Pounds and Inches BEFORE
they attach to your body!

                   FREE 30-DAY SUPPLY
         Lose up to 22.5lbs in the next 3 weeks

CLICK HERE FOR DETAILS! 
No Crash Diets! No Painful Excercise!

http://azjmp.com/az/ch.php?f=113&i=344
UNSUBSCRIBE INSTRUCTIONS: If you no longer wish to receive this
newsletter, you can unsubscribe by going here:
http://tilw.net/unsub.php?client=selectfree&msgid=30100200018
and entering your email address.
TRCK:selectfree;fbskhusxqnv*plqghu!qhw;2;

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4357 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021030/2345d2b7/attachment.txt>

From myers at maski.org  Wed Oct 30 12:12:54 2002
From: myers at maski.org (Myers Carpenter)
Date: 30 Oct 2002 15:12:54 -0500
Subject: E-C Logix: current patent holder for the DigiCash patents?
In-Reply-To: <8D41CD9393D61B4193D5892E1C455B6CEDBFCA@uspto-is-109.uspto.
  gov>
References: <8D41CD9393D61B4193D5892E1C455B6CEDBFCA@uspto-is-109.uspto.g
  ov>
Message-ID: <1036008775.612.500.camel@trouble>


I believe the two critical ones are (with exp dates):

4759064 Blind unanticipated signature systems (19 Jul 2005)
4759063 Blind signature systems (19 Jul 2005) 

I can't seem to find a database with who currently owns a patent.  I
suspect it doesn't exist, which is unfortunate, since it is we the
people who have given the monopoly on this idea, but we can't find out
*who* has that monopoly. 

myers 

On Wed, 2002-10-30 at 14:39, John.Winter at USPTO.GOV wrote:
> FYI
> A list of patents that reference digicash
> 
> US 5999625 A		USPAT	Bellare, Mihir et al.
> US 6205435 B1		USPAT	Biffar, Peter
> US 6047269 A		USPAT	Biffar, Peter
> US 5903880 A		USPAT	Biffar, Peter C.
> US 5870473 A		USPAT	Boesch, Brian Paul et al.
> US 5878140 A		USPAT	Chaum, David
> US 5781631 A		USPAT	Chaum, David
> US 5712913 A		USPAT	Chaum, David
> US 5956400 A		USPAT	Chaum, David et al.
> US 5485520 A		USPAT	Chaum, David et al.
> US 5796841 A		USPAT	Cordery, Robert A. et al.
> US 6282522 B1		USPAT	Davis, Virgil M. et al.
> US 6021399 A		USPAT	Demers, Alan J. et al.
> US 5952638 A		USPAT	Demers, Alan J. et al.
> US 5857023 A		USPAT	Demers, Alan J. et al.
> US 6138107 A		USPAT	Elgamal, Taher
> US 5671279 A		USPAT	Elgamal, Taher
> US 6378075 B1		USPAT	Goldstein, Theodore C. et al.
> US 6308270 B1		USPAT	Guthery, Scott B.
> US 6341353 B1		USPAT	Herman, Gary et al.
> US 6370543 B2		USPAT	Hoffert, Eric M. et al.
> US 6282549 B1		USPAT	Hoffert, Eric M. et al.
> US 5983176 A		USPAT	Hoffert, Eric M. et al.
> US 5903892 A		USPAT	Hoffert, Eric M. et al.
> US 5768391 A		USPAT	Ichikawa, Bryan K.
> US 6446052 B1		USPAT	Juels, Ari
> US 5729594 A		USPAT	Klingman, Edwin E.
> US 5839119 A		USPAT	Krsul, Ivan V. et al.
> US 5848161 A		USPAT	Luneau, Greg et al.
> US 6119229 A		USPAT	Martinez, Ronald et al.
> US 6157966 A		USPAT	Montgomery, Michael A. et al.
> US 6341351 B1		USPAT	Muralidhran, N. et al.
> US 5952639 A		USPAT	Ohki, Masayuki et al.
> US 6314409 B1		USPAT	Schneck, Paul B. et al.
> US 5933498 A		USPAT	Schneck, Paul B. et al.
> US 5903721 A		USPAT	Sixtus, Timothy
> US 5999967 A		USPAT	Sundsted, Todd
> US 6467685 B1		USPAT	Teicher, Mordechai
> US 6119946 A		USPAT	Teicher, Mordechai
> US 5815665 A		USPAT	Teper, Jeffrey A. et al.
> US 6415271 B1		USPAT	Turk, James J. et al.
> US 5983207 A		USPAT	Turk, James J. et al.
> US 6272536 B1		USPAT	van Hoff, Arthur A et al.
> US 5919247 A		USPAT	Van Hoff, Arthur et al.
> US 6267292 B1		USPAT	Walker, Jay S. et al.
> US 6263505 B1		USPAT	Walker, Jay S. et al.
> US 5949875 A		USPAT	Walker, Jay S. et al.
> US 5949044 A		USPAT	Walker, Jay S. et al.
> US 5956699 A		USPAT	Wong, Jacob Y. et al.
> US 5937394 A		USPAT	Wong, Jacob Y. et al.
> US 5913203 A		USPAT	Wong, Jacob Y. et al.
> 
> /john
> 
> -----Original Message-----
> From: myers at maski.org [mailto:myers at maski.org]
> Sent: Wednesday, October 30, 2002 1:33 PM
> To: cypherpunks at lne.com
> Subject: E-C Logix: current patent holder for the DigiCash patents?
> 
> 
> While poking around the net today I think I might have come across the
> new holders of the DigiCash patents, or at least a licensee.  As far as
> I find other sources about who owns the patents it went from
>    DigiCash -> eCash Technologies -> InfoSpace
> I have not found evidence to link these people from InfoSpace.
> 
> You can find it at http://www.e-clogix.com/ , but prepare to use "view
> source" quite a bit if you aren't using IE.
> 
> Some points of interest:
> http://www.e-clogix.com/about.html
> This appears to be a venture of a Todd Stinson in  Lincoln, Nebraska
> (you gotta love the photoshop hacked logo on the picture of the building).
> The email
> crystal at e-clogix.com bounced, and I have not attempted to call them.
> 
> A response an editorial on ecash in Barron's published April 23, 2001
> (if anyone has the original please let me know)
> http://www.e-clogix.com/editorials/barrons_rebuttal.html
> 
> Interesting links that are 404:
> Demo site: http://www.e-clogix.com/Bank/index.html
> 
> Anyone know anyone involved in this?
> 
> myers




From tcmay at got.net  Wed Oct 30 15:15:29 2002
From: tcmay at got.net (Tim May)
Date: Wed, 30 Oct 2002 15:15:29 -0800
Subject: UNSUBSCRIBE
In-Reply-To: <20021030214611.65044.qmail@web9602.mail.yahoo.com>
Message-ID: <7B4E3C1F-EC5D-11D6-A13B-0050E439C473@got.net>

<<< No Message Collected >>>




From fdkd at 263.com  Wed Oct 30 01:03:34 2002
From: fdkd at 263.com (fdkd at 263.com)
Date: Wed, 30 Oct 2002 17:03:34 +0800
Subject: =?GB2312?B?vczT/dX3uOU=?=
Message-ID: <200211090901.gA991YQ29277@waste.minder.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5229 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021030/d0923473/attachment.txt>

From sfurlong at acmenet.net  Wed Oct 30 16:04:17 2002
From: sfurlong at acmenet.net (Steve Furlong)
Date: Wed, 30 Oct 2002 19:04:17 -0500
Subject: UNSUBSCRIBE
In-Reply-To: <7B4E3C1F-EC5D-11D6-A13B-0050E439C473@got.net>
References: <7B4E3C1F-EC5D-11D6-A13B-0050E439C473@got.net>
Message-ID: <200210301904.17920.sfurlong@acmenet.net>


On Wednesday 30 October 2002 18:15, Tim May wrote:
> On Wednesday, October 30, 2002, at 01:46  PM, Mark Szewczul wrote:
...
>
> In your next life, don't be such a twit.

Oh, don't be so hard on the man. You know as well as I do that he just 
made a typo when typing "unsubscrive".

-- 
Steve Furlong    Computer Condottiere   Have GNU, Will Travel

Vote Idiotarian --- it's easier than thinking




From trk.20021030.yankilist61242 at announce.netflush.com  Wed Oct 30 23:03:31 2002
From: trk.20021030.yankilist61242 at announce.netflush.com (Yanki Club)
Date: Wed, 30 Oct 2002 23:03:31 -0800
Subject: Friendplay match making. Join and win prizes.
Message-ID: <g9V72v8G000642@spool.netflush.com>


---------------------------------------------------------------------
~~  Netflush Member Newsletter: October 30th 2002  ~~
---------------------------------------------------------------------

This is part of your freebie newsletter subscription.
Signup and get access to singles.



+--------------------------------------------------------+
Friendplay match making. Join and win!
+--------------------------------------------------------+

Join Friendplay from now until December 15th and qualify
to win ticket of 2 to Bahamas Sweepstakes.
http://www.netflush.com/client/yankeelist/20021030

 

+--------------------------------------------------------+
Lover girls and Guys in your area.
+--------------------------------------------------------+

Signup and get access to millions of singles. Join
today to enter the Ticket of 2 to Bahamas Sweepstakes.
http://www.netflush.com/client/yankeelist/20021030




+--------------------------------------------------------+
Single? Free dates in your area!
+--------------------------------------------------------+

Post your profile, search your perfect match and
start dating!
http://www.netflush.com/client/yankeelist/20021030




-----------------------------------------------------
Subscription Information
-----------------------------------------------------

You received this email because you signed up at 
one of Netflush's websites or you signed up with a
party that has contracted with Netflush. To unsubscribe 
from the Netflush Rewards List, visit
http://www.netflush.com/unsub/
To read Netflush privacy policy, visit Privacy Policy at
http://www.netflush.com. The products and/or services 
advertised in this email are the sole responsibility of 
the advertiser, and questions about this offer should 
be directed to the advertiser.

CID: trk.20021030.yankilist61242 cypherpunks at Algebra.COM
==========================================================
(c) 2002 Netflush Publishing. All rights reserved.




From trk.20021030.yankilist61242 at announce.netflush.com  Wed Oct 30 23:03:55 2002
From: trk.20021030.yankilist61242 at announce.netflush.com (Yanki Club)
Date: Wed, 30 Oct 2002 23:03:55 -0800
Subject: Ticket of 2 to Bahamas. Dating site.
Message-ID: <g9V72v8I000642@spool.netflush.com>


---------------------------------------------------------------------
~~  Netflush Member Newsletter: October 30th 2002  ~~
---------------------------------------------------------------------

Signup and get access to singles.
As a valued subscriber, check out this special
offer.



+--------------------------------------------------------+
Lover girls and Guys in your area.
+--------------------------------------------------------+

Signup and get access to millions of singles. Join
today to enter the Ticket of 2 to Bahamas Sweepstakes.
http://www.netflush.com/client/yankeelist/20021030

 

+--------------------------------------------------------+
Singles, meet your dream love!
+--------------------------------------------------------+

Interact with real people, girls and guys in your
area. Click here:
http://www.netflush.com/client/yankeelist/20021030




+--------------------------------------------------------+
Year end Sweepstakes: Ticket of 2 to Bahamas
+--------------------------------------------------------+
Find singles in your area. Join today and enter
Friendplay year end sweepstakes.
http://www.netflush.com/client/yankeelist/20021030




-----------------------------------------------------
Subscription Information
-----------------------------------------------------

You received this email because you signed up at 
one of Netflush's websites or you signed up with a
party that has contracted with Netflush. To unsubscribe 
from the Netflush Rewards List, visit
http://www.netflush.com/unsub/
To read Netflush privacy policy, visit Privacy Policy at
http://www.netflush.com. The products and/or services 
advertised in this email are the sole responsibility of 
the advertiser, and questions about this offer should 
be directed to the advertiser.

CID: trk.20021030.yankilist61242 cypherpunks at manifold.algebra.com
==========================================================
(c) 2002 Netflush Publishing. All rights reserved.




From adam at cypherspace.org  Wed Oct 30 16:28:56 2002
From: adam at cypherspace.org (Adam Back)
Date: Thu, 31 Oct 2002 00:28:56 +0000
Subject: patent free(?) anonymous credential system pre-print
In-Reply-To: <p05200e0db9e4d8c72ace@[66.149.49.6]>; from rah@shipwright.com on Tue, Oct 29, 2002 at 07:31:29PM -0500
References: <p05200e0db9e4d8c72ace@[66.149.49.6]>
Message-ID: <20021031002856.A285862@exeter.ac.uk>

Some comments on this paper comparing efficiency, and functionality
with Camenisch, Chaum, Brands.

On Tue, Oct 29, 2002 at 11:49:21PM +0000, Jason Holt wrote:
> http://eprint.iacr.org/2002/151/
> 
> It mentions how to use the blinding technique Ben Laurie describes
> in his Lucre paper, which I don't think has been mentioned in the
> formal literature, and also describes what I call a non-interactive
> cut and choose protocol which is new AFAICT.  Thanks again!

- efficiency

The non-interactive cut and choose protocol results in quite big
messages in the issuing and showing protcols to attain good security.
The user who wishes to cheat must create n/2 false attributes, and n/2
true attributes.  (True attributes being the ones he will try to
convince the CA are encoded in all the attributes).  The user can in
an offline fashion keep trying different combinations of false and
true attributes until he finds one where the attributes selected for
disclosure during issuing are the n/2 true attributes.  Then in the
showing protocol he can show the n/2 false attributes.

But C(n,n/2) grows sub-exponentially and so the user has to for
example encode 132 blinded hashed attributes to provide assurance of
work factor of 2^128 to the CA.  (C(132,66) ~ 2^128).  Without looking
in detail at what must be sent I presume each the issuing message for
a single credential would be order of 10KB.  Similar for the showing
protocol.

Computational efficiency is probably still better than Camenisch
credentials despite the number of attribute copies which must be
blinded and unblinded, but of course less efficient than Brands.

- functionality

The credentials have a relatively inefficient cut-and-choose based
issuing and showing protocol.  Brands has efficient issuing protocols
which support offline showing.  Chaum's basic offline credentials are
based on interactive cut-and-choose, but there is an efficient
variant [1].

As with Brands and Chaum's certificates if they are shown multiple
times they are linkable.  (Camenisch offers unlinkable multi-show but
they are quite inefficient).

The credentials can be replayed (as there is no credential private
key, a trace of a credential show offers no defense against replay).
Brands credentials have a private key so they can defend against this.
(Chaum's credentials have the same problem).

The credentials unavoidably leave the verifier with a transferable
signed trace of the transaction.  Brands credentials offer a
zero-knowledge option where the verifier can not transfer any
information about what he was shown.

The credentials support selective disclosure of attributes, but only
in a restricted sense.  Attributes can be disclosed with AND
connectives.  However other connectives (OR, +, -, negation, and
formulae) are not directly possible.  Brands supports all of these.

The credentials do not support lending deterence (there is no option
to have a secret associated with a credential that must necessarily be
revealed to lend the credential as with Brands).

The credentials are not suitable for offline use because they offer no
possibility for a secret (such as user identity, account number etc)
to be revealed if the user spends more times than allowed.

Most of these short-falls stem from the analogous short-falls in the
Wagner blinding method they are based on.  Of course (and the point of
the paper) the credentials do offer over the base Wagner credentials
(a restrictive) form of selective disclosure which the base
credentials do not.

On citations:

> I've submitted a pre-print of my anonymous credential system to the
> IACR ePrint server.  Thanks to all of you who responded to the
> questions I posted here while working on it.  I'd love to hear
> feedback from any and all before I sumbit it for publication;
> particularly, I want to make sure I haven't forgotten to give proper
> attribution for any previous work.

Brands discusses the salted hash form of selective disclosure in his
book [2], you might want to cite that.  He includes some related
earlier reference also.  I reinvented the same technique before being
aware of the Brands reference also -- it seems like an obvious
construction for a limited hashing based form of selective disclosure.

Adam
--
[1] Niels Ferguson, "Single Term Off-Line Coins", eurocrypt 93.

[2] Stefan Brands, "Rethinking Public Key Infrastructures and Digital
Certificates; Building in Privacy", MIT Press, Aug 2000

viz p27: "Another attempt to protect privacy is for the CA to
digitally sign (salted) oneway hashes of attributes, instead of (the
concatenation of) the attributes themselves. When transacting or
communicating with a verifier, the certificate holder can selectively
disclose only those attributes needed.  Lamport [244] proposed this
hashing construct in the context of one-time signatures."

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From jpnli at msn.com  Thu Oct 31 02:10:49 2002
From: jpnli at msn.com (Arlene Bisch)
Date: Thu, 31 Oct 2002 02:10:49 -0800
Subject: Hello cypherpunks, service_with a smile
Message-ID: <wlwbhewdb@msn.com>


URGENT MESSAGE, RESPONSE IS NEEDED: http://www.bosay3.com/ml/index.htm

If you have debts and want to_refinance your home I guaruntee that I can do it fast and easy and your credit score doesn't matter! Please  just fill out this form and I'll call you immediately. http://www.bosay3.com/ml/index.htm I have more credit programs than the large companies. You will not be dissappointed. 

Sincerely,
Tom Lowery




From enabel0 at earthlink.com  Thu Oct 31 12:14:18 2002
From: enabel0 at earthlink.com (enabel0 at earthlink.com)
Date: Thu, 31 Oct 2002 02:14:18 -1800
Subject: LIESELOTTE'S pics                     26501
Message-ID: <000009321864$00002a2a$00003714@mx3.hotmail.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2742 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021031/ba099587/attachment.txt>

From syme332721 at yahoo.com  Thu Oct 31 05:53:34 2002
From: syme332721 at yahoo.com (Sallie)
Date: Thu, 31 Oct 2002 06:53:34 -0700
Subject: *NEW***COPY ANY DVD TO CD****                                       hwlq
Message-ID: <200210311353.g9VDrXGs030097@ak47.algebra.com>


UNSUBSCRIBE AT THE BOTTOM
--------------------------------------------------------------- 

Dear Subscriber/Member,

You don't need to spend hundreds of dollars on a DVD burner
to backup your DVD's!

DVD Professional is the most technologically advanced
method of DVD reproduction ever available and it's the only
system you will need to create backups of your DVD's that
will play in your home DVD player.

Get it Today and you get:
------------------------------

+ 70% off the Regular Price
+ Full Technical Support
+ Free Updates

For more information, please visit their Web Site:

http://www.xplatinum.net/specialoffer/

AOL USERS:
<A HREF="http://www.xplatinum.net/specialoffer/"
CLICK HERE</A>


---- [ REMOVE ] -------------------------------------------------

You are receiving this email as a subscriber to our mailing list. 
To remove yourself from this and related email lists click here:
http://www.xplatinum.net/specialoffer/remove.htm










hbmfvgggomrmolyrmpkf




From frantz at pwpconsult.com  Thu Oct 31 11:37:44 2002
From: frantz at pwpconsult.com (Bill Frantz)
Date: Thu, 31 Oct 2002 11:37:44 -0800
Subject: Confiscation of Anti-War Video
In-Reply-To: <4.1.20021029183905.00a37e10@pop.ix.netcom.com>
References: <016C21F3-EAB0-11D6-8271-0050E439C473@got.net>
  <F504A8CEE925D411AF4A00508B8BE90A041BAEDE@exna07.securitydy  
  namics.com>
Message-ID: <v03110705b9e735f735d3@[192.168.1.5]>


At 4:13 PM -0800 10/29/02, John Kelsey wrote:
>At 12:01 PM 10/28/02 -0800, Tim May wrote:
>
>...
>>By the way, there are perfectly good fixes to the current hysteria
>>about things carried on board planes...
>
>I think the best fix is to accept that a determined suicidal attacker will
>probably manage to bring down the plane, but make sure that's the worst he
>can do.  That removes the externality problem.  The current algorithm for
>this is some combination of pilots being told not to go along with
>hijackers' demands, and maybe some chance of getting a military jet in
>place to shoot the hijacked plane down, if it is taken over by the
>hijackers.

Another "fix" that is being used is passengers who will act to keep the
plane from being used as a weapon.  If the hijackers have to kill people
with small sharp objects that they can smuggle on board, instead of mass
killing devices like machine guns, then a large number of passengers can
overcome a small number of hijackers.  (Remember, your seat cushion makes a
good shield.)  If the cockpit door keeps the hijackers out, then there is a
good chance that there will be survivors.

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz           | The principal effect of| Periwinkle -- Consulting
(408)356-8506         | DMCA/SDMI is to prevent| 16345 Englewood Ave.
frantz at pwpconsult.com | fair use.              | Los Gatos, CA 95032, USA




From morlockelloi at yahoo.com  Thu Oct 31 12:42:21 2002
From: morlockelloi at yahoo.com (Morlock Elloi)
Date: Thu, 31 Oct 2002 12:42:21 -0800 (PST)
Subject: ISP Utilty To Cypherpunks?
In-Reply-To: <000001c2810b$8d4f6810$6f01a8c0@mule>
Message-ID: <20021031204221.49024.qmail@web40606.mail.yahoo.com>


I see an open search engine as the most important server project. Limit the
engine to cpunkish issues and similar to control the popularity (bandwidth).
Run your own harvesters/spiders. This would help limit the google monopoly and
power and provide a search engine of choice for the (gasp) "community".

The question is, how does one construct a censorship-free search engine.



=====
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/




From Somebodywhoactually*knows*aboutthis...  Thu Oct 31 12:02:42 2002
From: Somebodywhoactually*knows*aboutthis... (Somebodywhoactually*knows*aboutthis...)
Date: Thu, 31 Oct 2002 15:02:42 -0500
Subject: patents
Message-ID: <mailman.655.1576007623.31620.cypherpunks-legacy@lists.cpunks.org>

Bob,

What's all the confusion about the Digicash-Chaum patents? They are now all
owned by Infospace. The important one expires mid-2005, which is pretty soon.

The ec-logix stuff looks like nonsense. They display bitmaps of the old
Digicash wallet GUI, and I expect they will be hearing from Infospace.

<Somebody's .sig>

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From frantz at pwpconsult.com  Thu Oct 31 16:28:38 2002
From: frantz at pwpconsult.com (Bill Frantz)
Date: Thu, 31 Oct 2002 16:28:38 -0800
Subject: Confiscation of Anti-War Video
In-Reply-To: <5.1.0.14.2.20021031134838.03fcf780@mail.attbi.com>
References: <v03110705b9e735f735d3@[192.168.1.5]>
  <4.1.20021029183905.00a37e10@pop.ix.netcom.com>
  <016C21F3-EAB0-11D6-8271-0050E439C473@got.net>
  <F504A8CEE925D411AF4A00508B8BE90A041BAEDE@exna07.securitydy  
  namics.com>
Message-ID: <v03110701b9e77a98bb1e@[192.168.1.5]>


At 1:52 PM -0800 10/31/02, Steve Schear wrote:
>At 11:37 AM 10/31/2002 -0800, you wrote:
>>Another "fix" that is being used is passengers who will act to keep the
>>plane from being used as a weapon.  If the hijackers have to kill people
>>with small sharp objects that they can smuggle on board, instead of mass
>>killing devices like machine guns, then a large number of passengers can
>>overcome a small number of hijackers.
>
>This assumption may not be a good one.  Considering the level of current
>security checks, it should be trivial to smuggle some sort of anesthetic or
>poisonous gas generator aboard.  No need for sharp objects.  AFAIK, the air
>supply aboard current U.S. fleets is shared between passengers and cockpit.

IIRC, the regs call for pilots to either wear oxygen masks, or have "quick
to put on" masks readily at hand.

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz           | The principal effect of| Periwinkle -- Consulting
(408)356-8506         | DMCA/SDMI is to prevent| 16345 Englewood Ave.
frantz at pwpconsult.com | fair use.              | Los Gatos, CA 95032, USA




From schear at attbi.com  Thu Oct 31 17:09:36 2002
From: schear at attbi.com (Steve Schear)
Date: Thu, 31 Oct 2002 17:09:36 -0800
Subject: Confiscation of Anti-War Video
In-Reply-To: <v03110701b9e77a98bb1e@[192.168.1.5]>
References: <5.1.0.14.2.20021031134838.03fcf780@mail.attbi.com>
  <v03110705b9e735f735d3@[192.168.1.5]>
  <4.1.20021029183905.00a37e10@pop.ix.netcom.com>
  <016C21F3-EAB0-11D6-8271-0050E439C473@got.net>
  <F504A8CEE925D411AF4A00508B8BE90A041BAEDE@exna07.securitydy  
  namics.com>
Message-ID: <5.1.0.14.2.20021031170646.043d1cf8@mail.attbi.com>


At 04:28 PM 10/31/2002 -0800, Bill Frantz wrote:
>At 1:52 PM -0800 10/31/02, Steve Schear wrote:
> >At 11:37 AM 10/31/2002 -0800, you wrote:
> >>Another "fix" that is being used is passengers who will act to keep the
> >>plane from being used as a weapon.  If the hijackers have to kill people
> >>with small sharp objects that they can smuggle on board, instead of mass
> >>killing devices like machine guns, then a large number of passengers can
> >>overcome a small number of hijackers.
> >
> >This assumption may not be a good one.  Considering the level of current
> >security checks, it should be trivial to smuggle some sort of anesthetic or
> >poisonous gas generator aboard.  No need for sharp objects.  AFAIK, the air
> >supply aboard current U.S. fleets is shared between passengers and cockpit.
>
>IIRC, the regs call for pilots to either wear oxygen masks, or have "quick
>to put on" masks readily at hand.

Unfortunately, there are many gasses which kill or disable with only a 
small dosage (e.g., VX).  Unless the cabins are equipped with toxic air 
sensors (possible in a few years with all the biochip work underway) I 
think the masks may be be too little too late.

steve




From come at hottielatinas.com  Thu Oct 31 10:46:53 2002
From: come at hottielatinas.com (come at hottielatinas.com)
Date: 31 Oct 2002 18:46:53 -0000
Subject: Cute Teenie     ADV
Message-ID: <49b622445d0e$2bb57a53$62348a20@hottielatinas.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5149 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021031/05753895/attachment.txt>

From rah at shipwright.com  Thu Oct 31 13:47:02 2002
From: rah at shipwright.com (R. A. Hettinga)
Date: Thu, 31 Oct 2002 21:47:02 +0000
Subject: patents
Message-ID: <p05200e13b9e754615a0b@[192.168.1.16]>


--- begin forwarded text



From iang at systemics.com  Thu Oct 31 19:21:07 2002
From: iang at systemics.com (IanG)
Date: Thu, 31 Oct 2002 22:21:07 -0500
Subject: patents
References: <p05200e13b9e754615a0b@[192.168.1.16]>
Message-ID: <3DC1F323.F50B5916@systemics.com>


> From: <Somebody who actually *knows* about this...>
> Subject: patents
> 
> Bob,
> 
> What's all the confusion about the Digicash-Chaum patents?

No 'effing idea.  If you wanted to do blinded cash,
use Wagner, and then plug in something harder when
you get the rest going.  Any fuss over any patented
blinded method is the sort of fuss you get when the
blind lead the blind.

-- 
iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




From latinas at lickinglatinlovers.com  Thu Oct 31 20:02:49 2002
From: latinas at lickinglatinlovers.com (LickingLatinas)
Date: Fri, 01 Nov 2002 04:02:49 -0000
Subject: XXX Hispanic Heat
Message-ID: <1n2qlu$31tfap@ex13.essoc.net>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4296 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20021101/af7fd1b8/attachment.txt>