PayPal

From jal at jal.org Sun Jun 1 10:20:12 2003 From: jal at jal.org (Jamie Lawrence) Date: Sun, 1 Jun 2003 12:20:12 -0500 Subject: Apple's "Rendezvous" bites "Itunes" In-Reply-To: <20030529204819.A18619@cluebot.com> References: <3ED61A54.743CAA38@cdc.gov> <20030529172325.GI4093@jal.clueinc.net> <20030529204819.A18619@cluebot.com> Message-ID: <20030601172012.GK4093@jal.clueinc.net> On Thu, 29 May 2003, Declan McCullagh wrote: > On Thu, May 29, 2003 at 12:23:25PM -0500, Jamie Lawrence wrote: > > If you bought a 'product' from a closed system and didn't take self > > help measures, why are you surprised when that closed system changes? > > > > Really, there's no story here. > > That's true at one level -- it was expected when security is breached > (or appears to have been breached; I haven't looked at the details myself). Not sure that's I'd call it a security breach - it is a design change. One that is actually quite easy to work around, although Apple's intention is not really hurt by that fact. > But then again when you have millions of people affected, that's generally > a solid news story, in my experience. Good point. I'm not a journalist, so my first take on things doesn't tend to run in that direction. > -Declan -j -- Jamie Lawrence jal at jal.org "They [RIAA,MPAA] are trying to invent a new crime: interference with a business model." - Bruce Schneier From sunder at sunder.net Sun Jun 1 09:23:32 2003 From: sunder at sunder.net (Sunder) Date: Sun, 1 Jun 2003 12:23:32 -0400 (edt) Subject: Nigerian Spammers Using TDD/TTY Telephone Relay Service In-Reply-To: Message-ID: I'm actually having fun with these fuckers. Most of their spams contain a request for a contact. So I give them the phone number of the FBI, CIA, WhiteHouse, and other agencies as a call back number with a note saying "Yes, I'd love to help you, please call me back at _____ as soon as possible!" ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Tue, 27 May 2003, Tim May wrote: > Perhaps rather than retaliating against spammers, as many here have > written about, we should be talking about mail-bombing and spam-bombing > any politician or lawmaker who supports anti-spam legislation. From smb at research.att.com Sun Jun 1 09:59:53 2003 From: smb at research.att.com (Steven M. Bellovin) Date: Sun, 01 Jun 2003 12:59:53 -0400 Subject: [spam] Re: Nullsoft's WASTE communication system Message-ID: <20030601165953.6DAB57B4D@berkshire.research.att.com> In message , "John Brothers" writes: > >> Any license that you may >> believe you acquired with the Software is void, revoked and terminated. > > >Can you void and/or revoke the GPL? It doesn't matter if the GPL statement wasn't inserted by the real owner of the work. Note that the employees almost certainly do not own the "work for hire" -- it would be Nullsoft/AOL Time Warner that does. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book) From ekr at rtfm.com Sun Jun 1 15:08:56 2003 From: ekr at rtfm.com (Eric Rescorla) Date: 01 Jun 2003 15:08:56 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: References: Message-ID: "Scott Guthery" writes: > When I drill down on the many pontifications made by computer > security and cryptography experts all I find is given wisdom. Maybe > the reason that folks roll their own is because as far as they can see > that's what everyone does. Roll your own then whip out your dick and > start swinging around just like the experts. > > Perhaps I'm not looking in the right places. I wade through papers from > the various academic cryptography groups, I hit the bibliographies > regularly, I watch the newgroups, and I follow the patent literature. After > you blow the smoke away, there's always an "assume a can opener" > assumption. The only thing that really differentiates the experts from the > naifs is the amount of smoke. Hmm.... I'd characterize the situation a little differently. There are a number of standard building blocks (3DES, AES, RSA, HMAC, SSL, S/MIME, etc.). While none of these building blocks are known to be secure, we know that: (1) They have withstood a lot of concerted attempts to attack them. (2) Prior attempts at building such systems revealed a lot of problems which these building blocks are designed to avoid. (3) People who attempt to design new systems generally make some of the mistakes from (2) and so generally design a system inferior to the standard ones. We're slowly proving the correctness of these building blocks and replacing the weaker ones with others that rely upon tighter proofs (e.g. OAEP for PKCS-1) but it's a long process. However, I don't think it's helpful to design a new system that doesn't have any obvious advantages over one of the standard systems. -Ekr -- [Eric Rescorla ekr at rtfm.com] http://www.rtfm.com/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From ekr at rtfm.com Sun Jun 1 16:33:10 2003 From: ekr at rtfm.com (Eric Rescorla) Date: 01 Jun 2003 16:33:10 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: References: Message-ID: "Scott Guthery" writes: > Suppose. Just suppose. That you figured out a factoring > algorithm that was polynomial. What would you do? Would > you post it immediately to cypherpunks? Well, OK, maybe > you would but not everyone would. In fact some might > even imagine they could turn a sou or two. And you can > bet the buyer wouldn't be doing any posting. With apologies > to Bon Ami, "Hasn't cracked yet" is not a compelling security > story. It's vastly better than "just designed last week by someone who has no relevant experience" -Ekr -- [Eric Rescorla ekr at rtfm.com] http://www.rtfm.com/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From rsalz at datapower.com Sun Jun 1 15:16:04 2003 From: rsalz at datapower.com (Rich Salz) Date: Sun, 1 Jun 2003 18:16:04 -0400 (EDT) Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: Message-ID: > There are a number of standard building blocks (3DES, AES, RSA, HMAC, > SSL, S/MIME, etc.). While none of these building blocks are known > to be secure .. So for the well-meaning naif, a literature search should result in "no news is good news." Put more plainly, if you looked up hash and didn't find news of a SHA break, then you should know to use SHA. That assumes you've heard of SHA in the first place. Perhaps a few "best practices" papers are in order. They might help the secure (distributed) computing field a great deal. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html From sguthery at mobile-mind.com Sun Jun 1 16:05:44 2003 From: sguthery at mobile-mind.com (Scott Guthery) Date: Sun, 1 Jun 2003 19:05:44 -0400 Subject: Maybe It's Snake Oil All the Way Down Message-ID: Suppose. Just suppose. That you figured out a factoring algorithm that was polynomial. What would you do? Would you post it immediately to cypherpunks? Well, OK, maybe you would but not everyone would. In fact some might even imagine they could turn a sou or two. And you can bet the buyer wouldn't be doing any posting. With apologies to Bon Ami, "Hasn't cracked yet" is not a compelling security story. Cheers, Scott -----Original Message----- From: Rich Salz [mailto:rsalz at datapower.com] Sent: Sun 6/1/2003 6:16 PM To: Eric Rescorla Cc: Scott Guthery; cypherpunks; cryptography at metzdowd.com Subject: Re: Maybe It's Snake Oil All the Way Down > There are a number of standard building blocks (3DES, AES, RSA, HMAC, > SSL, S/MIME, etc.). While none of these building blocks are known > to be secure .. So for the well-meaning naif, a literature search should result in "no news is good news." Put more plainly, if you looked up hash and didn't find news of a SHA break, then you should know to use SHA. That assumes you've heard of SHA in the first place. Perhaps a few "best practices" papers are in order. They might help the secure (distributed) computing field a great deal. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html From timcmay at got.net Sun Jun 1 19:13:28 2003 From: timcmay at got.net (Tim May) Date: Sun, 1 Jun 2003 19:13:28 -0700 Subject: The Streisand imagecriminal lives 2-3 parcels away from me Message-ID: Ken Adelman, the retired gazillionaire who has gained new fame as a photographer of the California coastline, lives a couple of parcels from me, perhaps half a kilometer. For a while now, I'd wondered who owned the heliport that had helicopters departing and arriving a few times a week (that I knew of...could have been more). I couldn't actually see the heliport, due to some ridges and some trees, but I could see the choppers banking over my hilltop and disappearing behind a ridge. Well, today I did some Googling on Ken Adelman, who I already knew was a Corralitos resident. I had no idea where in my little community he lived, only that he had California's largest private solar cell array (and had gotten into yet another controversy, with PG&E, our power monopoly, when he proposed to connect his array to the grid and be paid for the power he _added_ to the grid, as per official law and PG&E policy...it seems PG&E really doesn't _want_ the sheeple generating power, though they tolerate tiny, hobbyist generators...but Adelman['s array was an actual competitor, and would cost them money, so they tried to nix it...another story). In reading about the controversy over Streisand's property, I saw that Adelman is using his own helicopter. A bell went off in my head and I Googled to find his home address. His address in the phone book is unlisted, but he gave his home address in one or more of his ventures, and so up it popped in a Google search on his name: 1365 Meadowridge Rd., the road just before mine (Allan Lane) off of Brown's Valley Road. My address is 427 Allan Lane. Entering these into Yahoo or Mapquest shows how close our properties are. Here's one such street map: His property is about where the first "d" in Meadowridge Rd. appears. My property is at the end of Allan Lane. Obviously, then, it is his helicopter I've been seeing flying over to about that spot. (Tiny chance it's someone else's...) BTW, I don't think this Ken Adelman, who is now 39-40, is the same Ken Adelman who advised Reagan in the 1980s on arms control--the D.C.-based Adelman was graying and balding at least 15 years ago, so I doubt they're the same person. But I haven't done enough Googling, nor have I found images of the Corralitos version, to be sure. More research is needed. --Tim May "That the said Constitution shall never be construed to authorize Congress to infringe the just liberty of the press or the rights of conscience; or to prevent the people of the United States who are peaceable citizens from keeping their own arms." --Samuel Adams From mv at cdc.gov Sun Jun 1 19:21:41 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 01 Jun 2003 19:21:41 -0700 Subject: "PGP Encryption Proves Powerful" Message-ID: <3EDAB4B5.3070505@cdc.gov> At 11:18 AM 6/1/03 -0400, Ian Grigg wrote: >There is a reason that the AK47 is the weapon of >choice: it is an extraordinarily simple weapon. >Training is probably about half the requirements >of say the M16. That makes a difference, much >more so than, say, the increased accuracy of the >M16! Got evidence? The benefits of the AK involve the *weapon's* robustness, not its user interface. Also, a 7.62 beats a 5+change mm any day. >Phsycologically, it makes us unhappy to realise >that the 911 attackers were actually quite simple, >so we don't. We build up Osama bin Laden to be >a mastermind, a sort of James Bond-qualified evil >guy who constructs plans of insidious cunning. OBL is at least 2 standard deviations smarter than Bush, and probably one more than Rummy too. Thinking otherwise is buying into the "madman" propoganda. >All this is a long winded way of saying your >average terrorist is much more like your grandma >when it comes to tech. Highly competant in the >kitchen, but can't send an email to save herself. Except that post sat-phone, the Base has plenty of motivation to train well in opsec. Or catch a tomahawk. You working for Fox News these days? Or just wishful thinking? From mv at cdc.gov Sun Jun 1 19:28:45 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Sun, 01 Jun 2003 19:28:45 -0700 Subject: Nullsoft's WASTE communication system Message-ID: <3EDAB65D.7030801@cdc.gov> At 01:09 PM 5/30/03 -0400, John Brothers wrote: > >> Any license that you may >> believe you acquired with the Software is void, revoked and terminated. > >Can you void and/or revoke the GPL? Who cares? There is *no* obligation that you check back with Nullsoft to re-read their terms. They can whine about licenses all they want, but no downloader has any need to check back, or change their behavior. E.g., Realmedia may have pulled an early Free version their .ram generator, but its out there. I think people have not quite gotten their hands around the speed at which information can be disseminated online. -Monica Lewinsky, LATimes 9 may 01 From adam at homeport.org Sun Jun 1 16:54:45 2003 From: adam at homeport.org (Adam Shostack) Date: Sun, 1 Jun 2003 19:54:45 -0400 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: References: Message-ID: <20030601235444.GA79867@lightship.internal.homeport.org> The assumption that "having cracked a cipher" leads to "can make lots of money from the break" is one held mostly by those who have never attacked real systems, which have evolved with lots of checks and balances. The very best way to make money from cracking ciphers seems to be to patent the break, and the fixes, and then consult to those who use the cipher, because they need your expertise to fix their systems. P. may have a patent on this method. Adam On Sun, Jun 01, 2003 at 07:05:44PM -0400, Scott Guthery wrote: | Suppose. Just suppose. That you figured out a factoring | algorithm that was polynomial. What would you do? Would | you post it immediately to cypherpunks? Well, OK, maybe | you would but not everyone would. In fact some might | even imagine they could turn a sou or two. And you can | bet the buyer wouldn't be doing any posting. With apologies | to Bon Ami, "Hasn't cracked yet" is not a compelling security | story. | | Cheers, Scott | | -----Original Message----- | From: Rich Salz [mailto:rsalz at datapower.com] | Sent: Sun 6/1/2003 6:16 PM | To: Eric Rescorla | Cc: Scott Guthery; cypherpunks; cryptography at metzdowd.com | Subject: Re: Maybe It's Snake Oil All the Way Down | | | | > There are a number of standard building blocks (3DES, AES, RSA, HMAC, | > SSL, S/MIME, etc.). While none of these building blocks are known | > to be secure .. | | So for the well-meaning naif, a literature search should result in "no | news is good news." Put more plainly, if you looked up hash and didn't | find news of a SHA break, then you should know to use SHA. That assumes | you've heard of SHA in the first place. | | Perhaps a few "best practices" papers are in order. They might help | the secure (distributed) computing field a great deal. | /r$ | -- | Rich Salz Chief Security Architect | DataPower Technology http://www.datapower.com | XS40 XML Security Gateway http://www.datapower.com/products/xs40.html -- "It is seldom that liberty of any kind is lost all at once." -Hume From cpunk at lne.com Sun Jun 1 20:00:00 2003 From: cpunk at lne.com (cpunk at lne.com) Date: Sun, 1 Jun 2003 20:00:00 -0700 Subject: Cypherpunks List Info Message-ID: <200306020300.h52300QX009585@gw.lne.com> Cypherpunks Mailing List Information Last updated: Sep 12, 2002 This message is also available at http://www.lne.com/cpunk Instructions on unsubscribing from the list can be found below. 0. Introduction The Cypherpunks mailing list is a mailing list for discussing cryptography and its effect on society. It is not a moderated list (but see exceptions below) and the list operators are not responsible for the list content. Cypherpunks is a distributed mailing list. A subscriber can subscribe to one node of the list and thereby participate on the full list. Each node (called a "Cypherpunks Distributed Remailer", although they are not related to anonymous remailers) exchanges messages with the other nodes in addition to sending messages to its subscribers. A message posted to one node will be received by the list subscribers on the other nodes, and vice-versa. 1. Filtering The various CDRs follow different policies on filtering spam and to a lesser extent on modifying messages that go to/from their subscribers. Filtering is done, on nodes that do it, to reduce the huge amount of spam that the cypherpunks list is subjected to. There are three basic flavors of filtering CDRs: "raw", which send all messages to their subscribers. "cooked" CDRs try to eliminate the spam on that's on the regular list by automatically sending only messages that are from cypherpunks list subscribers (on any CDR) or people who are replying to list messages. Finally there are moderated lists, where a human moderator decides which messages from the raw list to pass on to subscribers. 2. Message Modification Message modification policy indicates what modifications, if any, beyond what is needed to operate the CDR are done (most CDRs add a tracking X-loop header on mail posted to their subscribers to prevent mail loops). Message modification usually happens on mail going in or out to each CDR's subscribers. CDRs should not modify mail that they pass from one CDR to the next, but some of them do, and others undo those modifications. 3. Privacy Privacy policy indicates if the list will allow anyone ("open"), or only list members, or no one ("private") , to retrieve the subscribers list. Note that if you post, being on a "private" list doesn't mean much, since your address is now out there. It's really only useful for keeping spammers from harvesting addresses from the list software. Digest mode indicates that the CDR supports digest mode, which is where the posts are batched up into a few large emails. Nodes that support only digest mode are noted. 4. Anonymous posting Cypherpunks encourages anonymous posting. You can use an anonymous remailer: http://www.andrebacard.com/remail.html http://anon.efga.org/Remailers http://www.gilc.org/speech/anonymous/remailer.html or you can send posts to the list via cpunks_anon at einstein.ssz.com and your mail's headers will be stripped before posting. Note that this doesn't provide complete anonymity since the receiving site will still have log file entries showing the source of the mail (or you have to trust that they delete them). You also will be 'sharing' a reputation with the other entities that post through this alias, and some of them are spammers, so some subscribers will have this alias filtered. 5. Unsubscribing Unsubscribing from the cypherpunks list: Since the list is run from a number of different CDRs, you have to figure out which CDR you are subscribed to. If you don't remember and can't figure it out from the mail headers (hint: the top Received: line should tell you), the easiest way to unsubscribe is to send unsubscribe messages to all the CDRs listed below. How to figure out which CDR you are subscribed to: Get your mail client to show all the headers (Microsoft calls this "internet headers"). Look for the Sender or X-loop headers. The Sender will say something like "Sender: owner-cypherpunks at lne.com". The X-loop line will say something like "X-Loop: cypherpunks at lne.com". Both of these inticate that you are subscribed to the lne.com CDR. If you were subscribed to the algebra CDR, they would have algebra.com in them. Once you have figured out which CDR you're subscribed to, look in the table below to find that CDRs unsubscribe instructions. 6. Lunatics, spammers and nut-cases "I'm subscribed to a filtering CDR yet I still see lots of junk postings". At this writing there are a few sociopaths on the cypherpunks list who are abusing the lists openness by dumping reams of propaganda on the list. The distinction between a spammer and a subscriber is nearly always very clear, but the dictinction between a subscriber who is abusing the list by posting reams of propaganda and a subscriber who is making lots of controversial posts is not clear. Therefore, we tolerate the crap. Subscribers with a low crap tolerance should check out mail filters. Procmail is a good one, although it works on Unix and Unix-like systems only. Eudora also has a capacity for filtering mail, as do many other mail readers. An example procmail recipie is below, you will of course want to make your own decisions on which (ab)users to filter. # mailing lists: # filter all cypherpunks mail into its own cypherspool folder, discarding # mail from loons. All CDRs set their From: line to 'owner-cypherpunks'. # /dev/null is unix for the trash can. :0 * ^From.*owner-cypherpunks at .* { :0: * (^From:.*ravage at ssz\.com.*|\ ^From:.*jchoate at dev.tivoli.com.*|\ ^From:.*mattd at useoz.com|\ ^From:.*proffr11 at bigpond.com|\ ^From:.*jei at cc.hut.fi) /dev/null :0: cypherspool } 7. List of current CDRs All commands are sent in the body of mail unless otherwise noted. --------------------------------------------------------------------------- Algebra: Operator: Subscription: "subscribe cypherpunks" to majordomo at algebra.com Unsubscription: "unsubscribe cypherpunks" to majordomo at algebra.com Help: "help cypherpunks" to majordomo at algebra.com Posting address: cypherpunks at algebra.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- CCC: Operator: drt at un.bewaff.net Subscription: "subscribe [password of your choice]" to cypherpunks-request at koeln.ccc.de Unsubscription: "unsubscribe " to cypherpunks-request at koeln.ccc.de Help: "help" to to cypherpunks-request at koeln.ccc.de Web site: http://koeln.ccc.de/mailman/listinfo/cypherpunks Posting address: cypherpunks at koeln.ccc.de Filtering policy: This specific node drops messages bigger than 32k and every message with more than 17 recipients or just a line containing "subscribe" or "unsubscribe" in the subject. Digest mode: this node is digest-only NNTP: news://koeln.ccc.de/cbone.ml.cypherpunks Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Infonex: Subscription: "subscribe cypherpunks" to majordomo at infonex.com Unsubscription: "unsubscribe cypherpunks" to majordomo at infonex.com Help: "help cypherpunks" to majordomo at infonex.com Posting address: cypherpunks at infonex.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Lne: Subscription: "subscribe cypherpunks" to majordomo at lne.com Unsubscription: "unsubscribe cypherpunks" to majordomo at lne.com Help: "help cypherpunks" to majordomo at lne.com Posting address: cypherpunks at lne.com Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to lne CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. messages are demimed (MIME attachments removed) when posted through lne or received by lne CDR subscribers 2. leading "CDR:" in subject line removed 3. "Reply-to:" removed Privacy policy: private Info: http://www.lne.com/cpunk; "info cypherpunks" to majordomo at lne.com Archive: http://archives.abditum.com/cypherpunks/index.html (thanks to Steve Furlong and Len Sassaman) --------------------------------------------------------------------------- Minder: Subscription: "subscribe cypherpunks" to majordomo at minder.net Unsubscription: "unsubscribe cypherpunks" to majordomo at minder.net Help: "help" to majordomo at minder.net Posting address: cypherpunks at minder.net Filtering policy: raw Message Modification policy: no modification Privacy policy: private Info: send mail to cypherpunks-info at minder.net --------------------------------------------------------------------------- Openpgp: [openpgp seems to have dropped off the end of the world-- it doesn't return anything from sending help queries. Ericm, 8/7/01] Subscription: "subscribe cypherpunks" to listproc at openpgp.net Unsubscription: "unsubscribe cypherpunks" to listproc at openpgp.net Help: "help" to listproc at openpgp.net Posting address: cypherpunks at openpgp.net Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Ssz: Subscription: "subscribe cypherpunks" to majordomo at ssz.com Unsubscription: "unsubscribe cypherpunks" to majordomo at ssz.com Help: "help cypherpunks" to majordomo at ssz.com Posting address: cypherpunks at ssz.com Filtering policy: raw Message Modification policy: Subject line prepended with "CDR:" Reply-to cypherpunks at ssz.com added. Privacy policy: open Info: http://www.ssz.com/cdr/ --------------------------------------------------------------------------- Sunder: Subscription: "subscribe" to sunder at sunder.net Unsubscription: "unsubscribe" to sunder at sunder.net Help: "help" to sunder at sunder.net Posting address: sunder at sunder.net Filtering policy: moderated Message Modification policy: ??? Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- Pro-ns: Subscription: "subscribe cypherpunks" to majordomo at pro-ns.net Unsubscription: "unsubscribe cypherpunks" to majordomo at pro-ns.net Help: "help cypherpunks" to majordomo at pro-ns.net Posting address: cypherpunks at pro-ns.net Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to local CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. leading "CDR:" in subject line removed 2. "Reply-to:" removed Privacy policy: private Info: http://www.pro-ns.net/cpunk From nobody at dizum.com Sun Jun 1 13:20:06 2003 From: nobody at dizum.com (Nomen Nescio) Date: Sun, 1 Jun 2003 22:20:06 +0200 (CEST) Subject: web apps with large volumes of bidirectional http traffic Message-ID: <96db83a7d4e5f75a202e8e2ff7030d37@dizum.com> Ryan Lackey writes: > I need to find some relatively widely deployed applications which have > frequent user interactions (rapid clicking on links, from as large a > population of links as possible, and also form filling and such). > > (it should be pretty obvious what this is for) It's not, really. Maybe some kind of cover traffic for an underlying hidden data stream? Or maybe you will create a client which mimics a human person, and sends information by choosing what to click on? Sounds like a pretty low-bandwidth channel. > I'd like: > > 0) *rapid*/frequent user interactions; fast clicking on things (like every > second, no more than 5 seconds) > > 1) "sticky"...long interactions with a given site (on the order of hours) > (also all links need to be under the same url/same server) These two don't make much sense together: someone is going to sit there, interacting with a server for hours, clicking every second? That sounds more like a job than something people would do voluntarily. You're either going to need to accept a much lower click rate, or else a much shorter connection time. Okay, maybe one of the online fantasy games services like EverQuest? I hear people get addicted to those and spend hours on them, but I think they do a lot of typing rather than mouse clicks. Or one of the shoot-em-ups? Those probably use the mouse a lot more. They aren't really "web applications" though. Does it really have to be a web app? > So far, the best ideas: > 1) Porn > 2) Mailing lists with lots of internal links (next, reply, etc.) > 3) Sites with search engines with lots of linked data (encyclopedia, > etc.) > 4) html games (or flash, maybe) -- either imagemaps, or just tables, > things like chess, or puzzles, or whatever Most of those won't satisfy your click rate and connect time goals. > I'd definitely appreciate any suggestions on possible web apps which > meet these criteria; reply to lists or ryan at venona.com. > > I'll post when it's ready. Maybe you could give some more clues... --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From declan at well.com Sun Jun 1 20:51:57 2003 From: declan at well.com (Declan McCullagh) Date: Sun, 1 Jun 2003 23:51:57 -0400 Subject: BIS Disk Full In-Reply-To: <20030531203426.F17E29D332@smtp.infonex.com>; from anonymous@anonymizer.com on Sat, May 31, 2003 at 01:34:00PM -0700 References: <20030531203426.F17E29D332@smtp.infonex.com> Message-ID: <20030601235157.A27454@cluebot.com> URL? Is it this? http://snap.bis.doc.gov/ Email to crypt at bis does not bounce, at least not immediately. -Declan On Sat, May 31, 2003 at 01:34:00PM -0700, Anonymous wrote: > I tried to notify the BIS that I was posting some code and I got this > error back: > > : > > 170.110.31.61 failed after I sent the message. > > Remote host said: Can't create transcript file ./xfh4VJhUa02511: No space left on device > > > > : > > 170.110.31.61 failed after I sent the message. > > Remote host said: Can't create transcript file ./xfh4VJhVC02512: No space left on device > Are our rights suspended until they get their system fixed? :-) From ravage at einstein.ssz.com Mon Jun 2 04:53:39 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Mon, 2 Jun 2003 06:53:39 -0500 (CDT) Subject: Kazaa, Brilliant move will spanner MPAA, RIAA (fwd) Message-ID: http://www.theinquirer.net/?article=9801 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From schear at attbi.com Mon Jun 2 08:15:59 2003 From: schear at attbi.com (Steve Schear) Date: Mon, 02 Jun 2003 08:15:59 -0700 Subject: Patriot Act humor Message-ID: <5.2.1.1.0.20030602081504.0425b400@mail.attbi.com> Attorney General John Ashcroft is visiting an elementary school. After the typical civics presentation to the class, he announces, "All right boys and girls, you can ask me questions now." A young boy named Bobby raises his hand and says, I have three questions, Mr. Ashcroft: 1. How did Bush win the election with fewer votes than Gore? 2. Why are you using the USA Patriot Act to limit Americans civil liberties? 3. Why hasn't the U.S. caught Osama bin Laden? Just then, the bell sounds and all the kids run out to the playground. Fifteen minutes later the kids return to class, and Ashcroft says, "I'm sorry, we were interrupted by the bell. Now, who has a question to ask me?" A young girl named Suzy raises her hand and says: I have five questions, Mr. Ashcroft: 1. How did Bush win the election with fewer votes than Gore? 2. Why are you using the USA Patriot Act to limit Americans civil liberties? 3. Why hasn't the U.S. caught Osama bin Laden? 4. Why did the bell go off 20 minutes early? 5. Where's Bobby? "A Jobless Recovery is like a Breadless Sandwich." -- Steve Schear From hseaver at cybershamanix.com Mon Jun 2 07:07:54 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Mon, 2 Jun 2003 09:07:54 -0500 Subject: The Streisand imagecriminal lives 2-3 parcels away from me In-Reply-To: References: Message-ID: <20030602140754.GB20933@cybershamanix.com> On Sun, Jun 01, 2003 at 07:13:28PM -0700, Tim May wrote: > > His address in the phone book is unlisted, but he gave his home address > in one or more of his ventures, and so up it popped in a Google search > on his name: 1365 Meadowridge Rd., the road just before mine (Allan > Lane) off of Brown's Valley Road. My address is 427 Allan Lane. > Entering these into Yahoo or Mapquest shows how close our properties > are. Isn't your local assessor's database online? Here in WI, at least for most of it, I can just look up someones name and find *all* the property they own. Or conversely, look up an address and find out who owns it, also what they paid for it, tax assessment, etc. Some properties, of course, are owned by corporations or LLC or partnerships so you have to also go to the state databases to find out who the people are behind the LLC or whatever. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From ericm at lne.com Mon Jun 2 09:24:29 2003 From: ericm at lne.com (Eric Murray) Date: Mon, 2 Jun 2003 09:24:29 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDB5A82.5B9C1073@systemics.com>; from iang@systemics.com on Mon, Jun 02, 2003 at 10:09:06AM -0400 References: <3EDB5A82.5B9C1073@systemics.com> Message-ID: <20030602092429.A13213@slack.lne.com> On Mon, Jun 02, 2003 at 10:09:06AM -0400, Ian Grigg wrote: > A lot of the tools and blocks are too hard to > understand. "Inaccessible" might be the proper > term. This might apply to, for example, SSL, > and more so to IPSec. These have a lower survival > rate, simply because as developers look at them, > their eyes glaze over and they move on. I heard > one guy say that "you can read SSH in an hour > and understand what's going on, but not SSL." Some who can't understand SSL won't be able to do better. Especially since there is at least one very good book on it. > Also, a lot of cryptosystems are put together > by committees. SSH was originally put together > by one guy. He did the lot. The original SSH protocol had holes so large that you could drive a truck through them. Tatu posted it to various lists and got lots of advice on how to clean it up. It still had holes that were being found years later. SSLv2, which was also designed by an individual, also had major flaws. And that was the second cut! I haven't seen v1, maybe Eric can shed some light on how bad it was. Peer review is not "design by comittie". It is the way to get strong protocols. When I have to roll my own (usually because its working in a limited environment and I don't have a choice) I get it reviewed. The protocol designer usually misses something in his own protocol. > I'd say that conditions for Internet crypto system > success would include: 0. USE EXISTING SECURITY PRIMITIVES which allows you to > 4. Concentrate on the application, not the crypto. Rolling your own crypto is where 95% of crypto apps fail... the developers either take too much time on it to the detrimient of the useability because it is the sexy thing to work on, or they write an insecure algorithm/protocol/system. Usually they do both! Eric --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From iang at systemics.com Mon Jun 2 07:09:06 2003 From: iang at systemics.com (Ian Grigg) Date: Mon, 02 Jun 2003 10:09:06 -0400 Subject: Maybe It's Snake Oil All the Way Down References: Message-ID: <3EDB5A82.5B9C1073@systemics.com> A lot of the tools and blocks are too hard to understand. "Inaccessible" might be the proper term. This might apply to, for example, SSL, and more so to IPSec. These have a lower survival rate, simply because as developers look at them, their eyes glaze over and they move on. I heard one guy say that "you can read SSH in an hour and understand what's going on, but not SSL." (This was the point raised by the chap who recently wanted to role his own from a pouch of fine cut RSA.) Also, a lot of cryptosystems are put together by committees. SSH was originally put together by one guy. He did the lot. Allegedly, a fairly grotty protocol with a number of weakneses, but it was there and up and running. And SSH-2 is apparantly nice, elegant and easy to understand, now that it has been fixed up. (SSH is the only really successful net crypto system, IMHO, in that it actually went into its market and made a mark. It's the only cryptosystem that is as easy to use as its non-crypto competitor, telnet. It's the only one where people switch and never return.) PGP was also mildly successful, and was done by one guy, PRZ. The vision was very clear. All others had to do was to fix the bugs... Sadly, free versions never quite made the jump into GUI mail clients, so widespread success was denied to it. I'd say that conditions for Internet crypto system success would include: 1. One guy, or one very small, very close team. 2. The whole application is rolled out, ready to use. 3. Crypto is own-rolled, tuned to the application. 4. Concentrate on the application, not the crypto. 5. The application meets a ready need, and 6. The app is easy to use. 7. User doesn't need to ask anyone's permission. These aren't very strong indicators of success, if only because there have been so few fires, for so much smoke. Counterexamples are speakfreely, which was again one lone hacker (John Walker?). Maybe it stalled on latter points. (One doesn't hear much about crypto phones these days. Was this really a need?) My own "interested" protocol (SOX, done by Gary H, not me) trys to meet the above criterion and hasn't succeeded, like all other money protocols. I leave speculation on why success is still just around the corner to others :-) So, I'm with Scott on that. When it comes down to it, there's an awful lot of smoke, and precious little real life crypto success out there. It's no wonder that people roll their own. -- iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From timcmay at got.net Mon Jun 2 10:53:01 2003 From: timcmay at got.net (Tim May) Date: Mon, 2 Jun 2003 10:53:01 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDB5A82.5B9C1073@systemics.com> Message-ID: <0DC7D8E8-9523-11D7-88B5-000A956B4C74@got.net> On Monday, June 2, 2003, at 07:09 AM, Ian Grigg wrote: > > PGP was also mildly successful, and was done by > one guy, PRZ. The vision was very clear. All others > had to do was to fix the bugs... Sadly, free versions > never quite made the jump into GUI mail clients, so > widespread success was denied to it. > I would've characterized PGP version 2, 1992, as the first usable version. And it was done by about half a dozen people. The first version was not, to my knowledge, actually used by anyone. It might have done better had creaping featuritus and the "integration with mailers and other programs" and the "better GUI" distractions not dissipated so much energy. Also, the Clipper chip politics and the belief that PRZ was about to be arrested gave PGP a certain kind of notoriety...it became "cool" ("bad," "def") to use PGP. These days, "that's _so_ 90s." --Tim May From ekr at rtfm.com Mon Jun 2 12:14:07 2003 From: ekr at rtfm.com (Eric Rescorla) Date: 02 Jun 2003 12:14:07 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDB9C13.AC1F7A9@systemics.com> References: <3EDB5A82.5B9C1073@systemics.com> <20030602092429.A13213@slack.lne.com> <3EDB9C13.AC1F7A9@systemics.com> Message-ID: Ian Grigg writes: > Eric Murray wrote: > It may be that the SSL underlying code is > perfect. But that the application is weak > because the implementor didn't understand > how to drive it; in which case, if he can > roll his own, he may end up with a more > secure overall package. I don't think this is likely to be true. In my experience, people who learn enough to design their own thing also learn enough to be able to do SSL properly. > > SSLv2, which was also designed by an > > individual, also had major flaws. And that was the > > second cut! I haven't seen v1, maybe Eric can > > shed some light on how bad it was. > > [ Someone commented before that v1 was not deemed > serious (Marc A?) and v2 was the more acceptable > starting point (Weinsteins?). ] That's not true as far as I know. V1 and V2 were designed by the same guy (Kipp Hickman). V1 is actually very similar to V2, except that the integrity stuff is all screwed up. As far as I can tell, the fact of the matter is that Kipp didn't understand the security issues until Abadi and to some extent Schiffman sold them some clues. > > Peer review is not "design by comittie". > > Let me clarify. SSL - the protocol - was not > designed by committee, but, the size of the teams > involved in the crypto systems was in excess of > the people who were intimately familiar with the > protocol. For the most familiar example, browsing, > there were, it seems, many people involved in the > overall grafting of SSL into the original HTML/HTTP > system. As far as I know, that's not the case. The original Netscape team was very small and there really weren't any significant choices to be made. > > It is > > the way to get strong protocols. When I have to roll my > > own (usually because its working in a limited environment > > and I don't have a choice) > > I get it reviewed. The protocol designer usually misses > > something in his own protocol. > > Sure. If someone does roll their own, then they > should get it reviewed. That's not my experience. WEP and PPTP come to mind. > > > I'd say that conditions for Internet crypto system > > > success would include: > > > > 0. USE EXISTING SECURITY PRIMITIVES > > :-) > > I know this is the mantra of the field. > > Quesion is: which PRIMITIVES? > > 1. RSA? > 2. SSL, written from the RFC? > 3. OpenSSL, the toolkit? EKR's fine effort? > 4. RSADSI security consultants, selling you > theirs? > 5. ... I would say the highest level primitives you can get away with. > But, that assumes an awful lot. For a start, > that it exists. SSL is touted as the answer > to everything, but it seems to be a connection > oriented protocol, which would make it less > use for speech, media, mail, chat (?), by way > of example. SSL is quite fine for chat, actually. It's one of the major things that people use for IM. The issue with speech and media isn't connection-orientation but rather datagram versus stream data. > Then there is understanding, both of the > protocol, and the project's needs. I know > that when I'm in a big project and I come > across a complex new requirement, often, it > is an open question as to whether make or > buy is the appropriate choice. I do know > that 'make' will always teach me about the > subject, and eventually, it will teach me > which one to buy, or it will give me a > system tuned to my needs. The history of people who go this course suggests otherwise. They generally get lousy solutions. -Ekr -- [Eric Rescorla ekr at rtfm.com] http://www.rtfm.com/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From camera_lumina at hotmail.com Mon Jun 2 09:30:47 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 02 Jun 2003 12:30:47 -0400 Subject: Maybe It's Snake Oil All the Way Down Message-ID: "Scott Guthery" writes: > > When I drill down on the many pontifications made by computer > > security and cryptography experts all I find is given wisdom. Maybe > > the reason that folks roll their own is because as far as they can see > > that's what everyone does. Roll your own then whip out your dick and > > start swinging around just like the experts. > > > > Perhaps I'm not looking in the right places. I wade through papers from > > the various academic cryptography groups, I hit the bibliographies > > regularly, I watch the newgroups, and I follow the patent literature. >After > > you blow the smoke away, there's always an "assume a can opener" > > assumption. The only thing that really differentiates the experts from >the > > naifs is the amount of smoke. This kind of thinking is similar to the difference between and engineer's persepective and that of a mathematician or "pure" scientist. Basically, it might not be bad to consider all crypto systems 'insecure' to some extent. However, for well-designed cryptosystems the cost of breaking can be made to scale with the level of security needed. -TD _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus From mv at cdc.gov Mon Jun 2 13:32:06 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Mon, 02 Jun 2003 13:32:06 -0700 Subject: Typical PGP user mistakes Message-ID: <3EDBB446.53B5852E@cdc.gov> I recall reading at least one study of learning PGP and its UI. I have had the chance to observe half a dozen (albeit, smarter than normal) others' (mostly engineers) learning curves. All are using PGP 7.03 and Eudora 3.05. We are not using public key servers. Mistakes include: * neglecting to encrypt to an intended recipient's key * encrypting to self (only) * not encrypting to self, requiring a recipient to send it back to you * accidentally multiply encrypting a message (ie, you encrypt the encrypted ASCII) Problems also include not being able to rename the email address associated with a key, leading to some recipients being recognized and encrypted to, others not. Also errors if there are spaces added to the PGP ASCII block. Yes, there are checkbox-features and PGP Groups and sufficient GUI feedback such that these mistakes are "not the tool's fault". And I/we appreciate these features and overall excellent design. Yet there are also people who enjoy studying UI design, cognition, learning, etc. and perhaps these anecdotal observations would be useful. After all, Enigma was broken by exploiting the man-machine interface. No one new to any tool should be using it for life-critical apps before competent. The above mistakes more self-inflicted denial of service problems than tool weaknesses. In fact, one group member accidentally sent email to a random user in the sender's ISP (because of the sender's Eudora-alias not matching the alias he typed in the To: field). This didn't matter because the content was encrypted. You often put locks on things (cars, homes, throwaway email accounts) to protect against benign, accidental intrusions, even if the lock is easily defeated/circumvented. We just happened to be using a strong lock, endorsed by the Red Brigade :-) ------- Pierre Curie didn't die from radiation poisoning, he was hit by a horse drawn cart From iang at systemics.com Mon Jun 2 11:48:51 2003 From: iang at systemics.com (Ian Grigg) Date: Mon, 02 Jun 2003 14:48:51 -0400 Subject: Maybe It's Snake Oil All the Way Down References: <3EDB5A82.5B9C1073@systemics.com> <20030602092429.A13213@slack.lne.com> Message-ID: <3EDB9C13.AC1F7A9@systemics.com> Eric Murray wrote: > > On Mon, Jun 02, 2003 at 10:09:06AM -0400, Ian Grigg wrote: > > A lot of the tools and blocks are too hard to > > understand. "Inaccessible" might be the proper > > term. This might apply to, for example, SSL, > > and more so to IPSec. These have a lower survival > > rate, simply because as developers look at them, > > their eyes glaze over and they move on. I heard > > one guy say that "you can read SSH in an hour > > and understand what's going on, but not SSL." > > Some who can't understand SSL won't be able to do better. > Especially since there is at least one very good book on it. That presupposes that one can do "better" using SSL because SSL is "better". It is a challenge to translate SSL's strong peer reviewed heritage into a secure crypto system. In practice, if the tool is hard to use, an implementation opens itself up for problems in its usage of SSL. There can be bugs in the interface, bugs in the architecture reflected by the complexity of the interface, and there can be bugs in the underlying tools. It may be that the SSL underlying code is perfect. But that the application is weak because the implementor didn't understand how to drive it; in which case, if he can roll his own, he may end up with a more secure overall package. > > Also, a lot of cryptosystems are put together > > by committees. SSH was originally put together > > by one guy. He did the lot. > > The original SSH protocol had holes so large that > you could drive a truck through them. Tatu posted > it to various lists and got lots of advice on > how to clean it up. It still had holes that were being > found years later. Yep. But the application got up and going, he didn't wait for the protocol to be perfected, which mean that the the application had a much greater chance of ultimate success, and many more scenarios were protected than otherwise would have been. Now it's a good protocol (Peter G reports that it is highly analogous to SSL, but with its own packet formats). It's hole-filled first effort doesn't seem to have done it so much harm. > SSLv2, which was also designed by an > individual, also had major flaws. And that was the > second cut! I haven't seen v1, maybe Eric can > shed some light on how bad it was. [ Someone commented before that v1 was not deemed serious (Marc A?) and v2 was the more acceptable starting point (Weinsteins?). ] > Peer review is not "design by comittie". Let me clarify. SSL - the protocol - was not designed by committee, but, the size of the teams involved in the crypto systems was in excess of the people who were intimately familiar with the protocol. For the most familiar example, browsing, there were, it seems, many people involved in the overall grafting of SSL into the original HTML/HTTP system. Hence, SSL as a protocol might be a fine piece of work. SSL as a browsing application is flawed, and that's partly because too many different people and agendas were involved. (I think the design-by-committee criticism would stick more strongly to IPSec.) > It is > the way to get strong protocols. When I have to roll my > own (usually because its working in a limited environment > and I don't have a choice) > I get it reviewed. The protocol designer usually misses > something in his own protocol. Sure. If someone does roll their own, then they should get it reviewed. > > I'd say that conditions for Internet crypto system > > success would include: > > 0. USE EXISTING SECURITY PRIMITIVES :-) I know this is the mantra of the field. Quesion is: which PRIMITIVES? 1. RSA? 2. SSL, written from the RFC? 3. OpenSSL, the toolkit? EKR's fine effort? 4. RSADSI security consultants, selling you theirs? 5. ... > which allows you to > > > 4. Concentrate on the application, not the crypto. > > Rolling your own crypto is where 95% of crypto apps fail... > the developers either take too much time on it to the detrimient > of the useability because it is the sexy thing to work on, or > they write an insecure algorithm/protocol/system. Usually > they do both! It's true that if there is a perfectly good alternative available, it is probably more expensive to roll your own than to use the perfectly good alternative. But, that assumes an awful lot. For a start, that it exists. SSL is touted as the answer to everything, but it seems to be a connection oriented protocol, which would make it less use for speech, media, mail, chat (?), by way of example. It's also very much oriented to x.509 and similar certificate/PKI models, which means it is difficult to use in web of trust (I know this because we started on the path of adding web of trust and text signing features to x.509 before going back to OpenPGP), financial and nymous applications whereby trust is bootstrapped a different way. Then there is understanding, both of the protocol, and the project's needs. I know that when I'm in a big project and I come across a complex new requirement, often, it is an open question as to whether make or buy is the appropriate choice. I do know that 'make' will always teach me about the subject, and eventually, it will teach me which one to buy, or it will give me a system tuned to my needs. In contrast, using a black box is always a big risk. Which black box? There are always 10 experts for every black box out there, and they are all asking for lots of bux to say they're right. And, traditionally, when you buy in a black box, chances are, it's a grey box, or it's a black bucket, or... >From the outside world's point of view, it still seems a very plausible decision to roll ones own crypto. ( Has anyone read Ferguson and Schneier's _Practical Cryptography_ ? Does it address this issue of how an outsider decides how to "make or buy"? I just read the reviews on Amazon, they are ... entertaining! http://www.amazon.com/exec/obidos/tg/detail/-/0471223573/qid=1054578908/sr=8-1/ref=sr_8_1/103-4510729-0384610?v=glance&s=books&n=507846 ) -- iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From shamrock at cypherpunks.to Mon Jun 2 22:13:00 2003 From: shamrock at cypherpunks.to (Lucky Green) Date: Mon, 2 Jun 2003 22:13:00 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDB5A82.5B9C1073@systemics.com> Message-ID: <000101c3298e$cf6edd30$6401a8c0@VAIO650> Ian Grigg wrote: > Also, a lot of cryptosystems are put together > by committees. SSH was originally put together > by one guy. He did the lot. Allegedly, a fairly > grotty protocol with a number of weakneses, but > it was there and up and running. And SSH-2 is > apparantly nice, elegant and easy to understand, > now that it has been fixed up. ssh2 is in essence a re-invention of what SSL did without having to use X.509 keys. This reinvention was, IMHO, largely the result of the limitations of the ssh1 design. > (SSH is the only really successful net crypto > system, IMHO, in that it actually went into its > market and made a mark. It's the only cryptosystem > that is as easy to use as its non-crypto competitor, > telnet. It's the only one where people switch and > never return.) I trust that we can agree that the volume of traffic and number of transactions protected by SSL are orders of magnitude higher than those protected by SSH. As is the number of users of SSL. The overwhelming majority of which wouldn't know ssh from telnet. Nor would they know what to do at a shell prompt and therefore have no use for either ssh or telnet. Given that SSL use is orders of magnitude higher than that of SSH, with no change in sight, primarily due to SSL's ease-of-use, I am a bit puzzled by your assertion that ssh, not SSL, is the "only really successful net crypto system". --Lucky From PaulLambert at AirgoNetworks.Com Mon Jun 2 22:50:20 2003 From: PaulLambert at AirgoNetworks.Com (Paul Lambert) Date: Mon, 2 Jun 2003 22:50:20 -0700 Subject: BIS Disk Full Message-ID: >Is it this? >http://snap.bis.doc.gov/ The correct URL is: http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html This site contains the full process "to export encryption source code that would be considered publicly available" The site has you e-mail to three addresses: crypt at bis.doc.gov, enc at ncsc.mil, web_site at bis.doc.gov You can also send a disk to both to 14th Street and Pennsylvania Avenue and Fort Meade.... I've submitted twice and never gotten an acknowledgement ... can't imagine that they are that busy. Paul >-----Original Message----- >From: Declan McCullagh [mailto:declan at well.com] >Sent: Sunday, June 01, 2003 8:52 PM >To: Anonymous >Cc: cypherpunks at lne.com >Subject: Re: BIS Disk Full > > >URL? > >Is it this? >http://snap.bis.doc.gov/ > >Email to crypt at bis does not bounce, at least not immediately. > >-Declan > >On Sat, May 31, 2003 at 01:34:00PM -0700, Anonymous wrote: >> I tried to notify the BIS that I was posting some code and I >got this >> error back: >> > : >> > 170.110.31.61 failed after I sent the message. >> > Remote host said: Can't create transcript file >./xfh4VJhUa02511: No >> > space left on device >> > >> > : >> > 170.110.31.61 failed after I sent the message. >> > Remote host said: Can't create transcript file >./xfh4VJhVC02512: No >> > space left on device >> Are our rights suspended until they get their system fixed? :-) ----- End forwarded message ----- From mv at cdc.gov Tue Jun 3 02:55:04 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 03 Jun 2003 02:55:04 -0700 Subject: Human Rights Program Rescues Computer Data [crypto, distributed storage] Message-ID: <3EDC7077.E5B81BFA@cdc.gov> Human Rights Program Rescues Computer Data On April 7, thieves broke into the offices of Guatemala's human rights ombudsman, in a town about 150 miles from Guatemala City; several hours later, the home of a human rights advocate in the capital was also burglarized. The crimes, which were reported by the Associated Press (AP) the next day, did not surprise Gustavo Meono, director of a group founded by Nobel Peace Laureate Rigoberta Menchu. He told the AP (New York Times, 8 April 2003) that thieves often target the offices and homes of human rights activists. They "come for information and take files and computer hard drives." What the thieves may not yet know, however, is that AAAS's human rights staff has devised a way of protecting the data that have become so precious to both sides in the effort to demonstrate who did what to whom during the country's civil war from 1960 to 1996. Some of the information collected in the stolen computers represented science-based evidence for prosecuting people accused of killings and torture, rapes and kidnappings, according to Alvaro Caballeros, an archivist at the Association for the Advancement of the Social Sciences in Guatemala (AVANCSO). "The need for AAAS's help was related to security," Caballeros said. "Our archives are very important to our work collecting information and interviews regarding what happened during the war." AAAS's data-protection project was carried out with funding from The John D. and Catherine T. MacArthur Foundation, which recently provided $700,000 to allow the Association's human rights program to continue providing technical assistance and quantitative analyses for large-scale human rights data projects in Africa, Asia, South America, and Eastern Europe. AAAS computer engineer Miguel Cruz flew to Guatemala in November, carrying a "giant black duffel bag, full of tools and computer networking equipmentcables, routers, hubs..." His job was to set up a system that would allow Guatemala's human rights groups to encrypt the information they generated and to have it automatically copied onto network servers managed from safe locations in other countries. "We determined that the only really safe place to keep the data was out of the country," Cruz said. Word of his work spread among the human rights organizations, and volunteers began showing up to help Cruz install the basic infrastructure that was missing in most of the buildings. "I initially trained about half a dozen people in the basics of network wiring, and they all pitched in, putting their jobs on hold to work late into the evening wielding crimpers, digital cable testers, screwdrivers, and hammers," Cruz recounted. "In an incidental way, of course, the project has provided some good old-fashioned direct development assistance, by providing hands-on learning about cutting-edge technology. It wasn't the goal, but it's a nice side-effect, especially considering that all the assistance actually made the project faster and cheaper." http://www.aaas.org/news/newsandnotes/inside96.shtml From cryptomjs at eudoramail.com Tue Jun 3 03:34:43 2003 From: cryptomjs at eudoramail.com (Mark Saarelainen) Date: Tue, 03 Jun 2003 03:34:43 -0700 Subject: KMOKMOXT .... instructions for you Max ... Message-ID: KMOKMOXT .... instructions for MAX Need a new email address that people can remember Check out the new EudoraMail at http://www.eudoramail.com From pgut001 at cs.auckland.ac.nz Mon Jun 2 08:54:53 2003 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Tue, 3 Jun 2003 03:54:53 +1200 Subject: Maybe It's Snake Oil All the Way Down Message-ID: <200306021554.h52Fsrf17422@medusa01.cs.auckland.ac.nz> Ian Grigg writes: >Also, a lot of cryptosystems are put together by committees. SSH was >originally put together by one guy. He did the lot. Allegedly, a fairly >grotty protocol with a number of weakneses, but it was there and up and >running. And SSH-2 is apparantly nice, elegant and easy to understand, now >that it has been fixed up. Actually SSHv2 is just SSL with a different packet format (when I did my SSHv2 implementation I recycled the code from the SSL engine, it was that close [0]). That's probably a good indication that SSL/SSHv2 is a fairly optimal (security/functionality/implementability/etc) design for an application-level security protocol if two groups independently came up with the same design, which brings us back the original question of why on earth Nullsoft tried to roll their own. Peter. [0] Note that my SSL implementation follows the standard SSL ladder diagram rather than the state-machine that SSL implementations are usually described as, which made it trivial to switch over for SSHv2 use. I've never understood why every explanation of the SSL protocol I've ever seen uses ladder diagrams but once they talk about implementation details they assume you're doing it as a state machine, which makes it vastly harder to implement. For example all the stuff about pending cipher suites and whatnot follows automatically (and transparently) from the ladder diagram, but is a real pain to sort out in a state machine. From iang at systemics.com Tue Jun 3 05:40:05 2003 From: iang at systemics.com (Ian Grigg) Date: Tue, 03 Jun 2003 08:40:05 -0400 Subject: Maybe It's Snake Oil All the Way Down References: <3EDB5A82.5B9C1073@systemics.com> <20030602092429.A13213@slack.lne.com> <3EDB9C13.AC1F7A9@systemics.com> Message-ID: <3EDC9725.6588CFEA@systemics.com> Eric Rescorla wrote: > > Ian Grigg writes: > > Eric Murray wrote: > > It may be that the SSL underlying code is > > perfect. But that the application is weak > > because the implementor didn't understand > > how to drive it; in which case, if he can > > roll his own, he may end up with a more > > secure overall package. > I don't think this is likely to be true. In my experience, > people who learn enough to design their own thing also learn > enough to be able to do SSL properly. True, although, that begs the question as to how they learn. Only by doing, I'd say. I think one learns a lot more from making mistakes and building ones own attempt than following the words of wise. > > > SSLv2, which was also designed by an > > > individual, also had major flaws. And that was the > > > second cut! I haven't seen v1, maybe Eric can > > > shed some light on how bad it was. > > > > [ Someone commented before that v1 was not deemed > > serious (Marc A?) and v2 was the more acceptable > > starting point (Weinsteins?). ] > That's not true as far as I know. V1 and V2 were designed > by the same guy (Kipp Hickman). V1 is actually very similar > to V2, except that the integrity stuff is all screwed up. > As far as I can tell, the fact of the matter is that Kipp > didn't understand the security issues until Abadi and > to some extent Schiffman sold them some clues. OK. Then I am confused about the post that came out recently. It would be very interesting to hear the story, written up. > > Sure. If someone does roll their own, then they > > should get it reviewed. > That's not my experience. WEP and PPTP come to mind. Ah, good point: There should be some point on that list about building ones cryptosystem outside the domain of an institution, which tends to have too many conflicting requirements, and cannot limit itself to a simple system. (And, yes, some protocols don't get peer reviewed. I wasn't debating that.) > > But, that assumes an awful lot. For a start, > > that it exists. SSL is touted as the answer > > to everything, but it seems to be a connection > > oriented protocol, which would make it less > > use for speech, media, mail, chat (?), by way > > of example. > SSL is quite fine for chat, actually. It's one of the > major things that people use for IM. The issue with > speech and media isn't connection-orientation but > rather datagram versus stream data. I knew I was in trouble on chat, that's why I stuck the interrogation mark in there :-) We recently added an email-like capability to our (homegrown) crypto system, and intend to expand that to chat. But, in order to do that, we have to expand the crypto subsystem (SOX) to include connection-oriented modes. [ Hence, an open question floating around here is "why don't we use SSL" which hasn't been definitively answered as yet. ] > > Then there is understanding, both of the > > protocol, and the project's needs. I know > > that when I'm in a big project and I come > > across a complex new requirement, often, it > > is an open question as to whether make or > > buy is the appropriate choice. I do know > > that 'make' will always teach me about the > > subject, and eventually, it will teach me > > which one to buy, or it will give me a > > system tuned to my needs. > The history of people who go this course suggests otherwise. > They generally get lousy solutions. I think it would be very interesting to do a study of all the cryptosystems out there and measure what succeeds, what doesn't, what's secure, and what's not. What cost too much money and what saved money. One of the issues that we see is that too many security people assume that "insecure" is "bad". What they fail to perceive is that an insecure system is often sufficient for the times and places. WEP for example is perfectly fine, unless you are attacked by a guy with a WEP cracking kit! Then it's a perfectly lousy cryptosubsystem. It's like the GSM story, whereby 8 years down the track, Lucky Green cracked the crypto by probing the SIMs to extract the secret algorithm over a period of many months (which algorithm then fell to Ian Goldberg and Dave Wagner in a few hours). In that case, some GSM guy said that, it was good because it worked for 8 years, that shows the design was good, doesn't it? And Lucky said, now you've got to replace hundreds of millions of SIMs, that's got to be a bad design, no? (Lucky might be able to confirm the real story there.) Different ways of looking at the same thing. They are both valid points of view. To work out the difference, we need to go to costs and benefits. Who won and who lost? I never heard how it panned out. -- iang From ekr at rtfm.com Tue Jun 3 08:41:31 2003 From: ekr at rtfm.com (Eric Rescorla) Date: 03 Jun 2003 08:41:31 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDC9725.6588CFEA@systemics.com> References: <3EDB5A82.5B9C1073@systemics.com> <20030602092429.A13213@slack.lne.com> <3EDB9C13.AC1F7A9@systemics.com> <3EDC9725.6588CFEA@systemics.com> Message-ID: Ian Grigg writes: > Eric Rescorla wrote: > True, although, that begs the question as > to how they learn. Only by doing, I'd say. > I think one learns a lot more from making > mistakes and building ones own attempt than > following the words of wise. One learns by *practicing*. That said, though, there's next to no need for people to know how to design their own communications security protocols, so it's not really that important for them to learn. > OK. Then I am confused about the post that > came out recently. It would be very interesting > to hear the story, written up. The rough version of it is in my book. -Ekr -- [Eric Rescorla ekr at rtfm.com] http://www.rtfm.com/ From adam at homeport.org Tue Jun 3 06:49:00 2003 From: adam at homeport.org (Adam Shostack) Date: Tue, 3 Jun 2003 09:49:00 -0400 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <200306031311.h53DBpL25265@medusa01.cs.auckland.ac.nz> References: <200306031311.h53DBpL25265@medusa01.cs.auckland.ac.nz> Message-ID: <20030603134859.GA6622@lightship.internal.homeport.org> On Wed, Jun 04, 2003 at 01:11:51AM +1200, Peter Gutmann wrote: | "Lucky Green" writes: | | >I trust that we can agree that the volume of traffic and number of | >transactions protected by SSL are orders of magnitude higher than those | >protected by SSH. As is the number of users of SSL. The overwhelming majority | >of which wouldn't know ssh from telnet. Nor would they know what to do at a | >shell prompt and therefore have no use for either ssh or telnet. | | Naah, that third sentence is wrong. It's: | | The overwhelming majority of [SSL users] wouldn't know SSL from HTTP with a | padlock GIF in the corner. | | >Given that SSL use is orders of magnitude higher than that of SSH, with no | >change in sight, primarily due to SSL's ease-of-use, I am a bit puzzled by | >your assertion that ssh, not SSL, is the "only really successful net crypto | >system". | | I think the assertion was that SSH is used in places where it matters, while | SSL is used where no-one really cares (or even knows) about it. Joe Sixpack | will trust any site with a padlock GIF on the page. Most techies won't access | a Unix box without SSH. Quantity != quality. | | If you could wave a magic wand and make one of the two protocols vanish, I'd | notice the loss of SSH immediately (I couldn't send this message for | starters), but it would take days or weeks before I noticed the loss of SSL. One of the papers at the security and econ workshop last week asserted that the reason ssh took off was actually because it makes life easier if you need to munge X displays. ADam -- "It is seldom that liberty of any kind is lost all at once." -Hume --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From sunder at sunder.net Tue Jun 3 07:03:04 2003 From: sunder at sunder.net (Sunder) Date: Tue, 3 Jun 2003 10:03:04 -0400 (edt) Subject: web apps with large volumes of bidirectional http traffic In-Reply-To: <20030530154131.GA19269@venona.com> Message-ID: Easy. Setup an open http proxy and advertise it. :) squid's your friend. But your bandwidth will suffer so you may need some bandwidth controls. Then, watch the logs for statistics. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Fri, 30 May 2003, Ryan Lackey wrote: > I need to find some relatively widely deployed applications which have > frequent user interactions (rapid clicking on links, from as large a > population of links as possible, and also form filling and such). > > (it should be pretty obvious what this is for) > > I'd like: > > 0) *rapid*/frequent user interactions; fast clicking on things (like every > second, no more than 5 seconds) > > 1) "sticky"...long interactions with a given site (on the order of hours) > (also all links need to be under the same url/same server) > > 2) large number of potential links for users to click on, with > desirable properties for click distribution (I *think* I want them to > be nearly equally likely, but I might just want a defined > distribution, or I might even want the opposite of that) > > 3) relatively small data sizes for downloaded data, UNLESS downloaded > data is generated unique and "randomly" > > 4) widely deployed already on the internet, or compelling enough that > there would be a decent number of potential server operators. > Obviously I could *create* an app which has the desirable > characteristics, but I'd like something which can deal with existing > data or apps served over the internet) > > 5) good data on how likely users are to click on things, how fast they > click, etc., so one could easily operate within those parameters. > > So far, the best ideas: > 1) Porn > 2) Mailing lists with lots of internal links (next, reply, etc.) > 3) Sites with search engines with lots of linked data (encyclopedia, > etc.) > 4) html games (or flash, maybe) -- either imagemaps, or just tables, > things like chess, or puzzles, or whatever > > I'd definitely appreciate any suggestions on possible web apps which > meet these criteria; reply to lists or ryan at venona.com. > > I'll post when it's ready. > > Thanks, > Ryan > -- > Ryan Lackey [RL960-RIPE AS24812] ryan at venona.com +1 202 258 9251 > OpenPGP DH 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F From bill.stewart at pobox.com Tue Jun 3 10:26:09 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 03 Jun 2003 10:26:09 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDC9725.6588CFEA@systemics.com> References: <3EDB5A82.5B9C1073@systemics.com> <20030602092429.A13213@slack.lne.com> <3EDB9C13.AC1F7A9@systemics.com> Message-ID: <5.1.1.6.2.20030603101255.02e7f4d0@idiom.com> At 08:40 AM 06/03/2003 -0400, Ian Grigg wrote: >Eric Rescorla wrote: > > > > Ian Grigg writes: >.... > > I don't think this is likely to be true. In my experience, > > people who learn enough to design their own thing also learn > > enough to be able to do SSL properly. > >True, although, that begs the question as >to how they learn. Only by doing, I'd say. >I think one learns a lot more from making >mistakes and building ones own attempt than >following the words of wise. The catch, of course, is that most cryptosystems are only useful if they're widely deployed. Learning from mistakes is good, but endangering large numbers of users in the process is bad. By contrast, learning cryptanalysis doesn't have this weakness - if you can't crack somebody else's code, no problem, (with obvious exceptions for people who need to learn cryptanalysis quickly in wartime or whatever, or undertrained cryptanalysts who are hired by people who are learning cryptography by making mistakes...) >WEP for example is perfectly fine, unless >you are attacked by a guy with a WEP cracking kit! >Then it's a perfectly lousy cryptosubsystem. Even ROT-13's not too bad unless somebody tries to crack it, though some people who've spent way too much time with it can just read the stuff by recognizing it as an alternate font :-) Somebody else followed up by mentioning that, while GSM's privacy encryption is cracked, their authentication encryption isn't, and they aren't getting massively attacked. I thought the state of the art at this point was that the authentication is also crackable, but it's currently enough work that nobody's or almost nobody's bothering, because governments can get what they want by telling phone companies to give them the information, and regular criminals can get the equivalent of cracking GSM authentication by stealing mobile phones more easily than by hiring cryptanalysts, and unlike satellite TV smartcard cracking, nobody's figured out any potential market opportunities for widespread cracked GSM. From kelsey.j at ix.netcom.com Tue Jun 3 07:42:01 2003 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Tue, 03 Jun 2003 10:42:01 -0400 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDB5A82.5B9C1073@systemics.com> References: Message-ID: <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> At 10:09 AM 6/2/03 -0400, Ian Grigg wrote: ... > (One doesn't hear much about >crypto phones these days. Was this really a need?) I think phones that encrypt the landline part of the call are pretty low-priority for most of us, since it costs something to eavesdrop on these calls. But anything that goes over the air, whether cellphone or cordless phone, ought to be properly encrypted, and it isn't now. This is a big vulnerability in a lot of places, and once you've built the intercept and decrypting hardware, it's easy to eavesdrop on huge numbers of people. You can imagine either rogue cops and spies doing this, or private criminals. I keep wondering how hard it would be to build a cordless phone system on top of 802.11b with some kind of decent encryption being used. I'd really like to be able to move from a digital spread spectrum cordless phone (which probably has a 16-bit key for the spreading sequence or some such depressing thing) to a phone that can't be eavesdropped on without tapping the wire. And for cellphones, I keep thinking we need a way to sell a secure cellphone service that doesn't involve trying to make huge changes to the infrastructure, which probably means a call center that handles all contact with the cellphone itself, always encrypted. Something like this would allow me to buy a phone and sign a contract, and quickly get real security on all my digital calls going over the air. End-to-end encryption isn't nearly as important. There's no reason it couldn't be supported, of course, when both endpoints had the right kind of phone, but it's a small additional value. The big win is to stop spewing private conversations over the radio in the clear. >iang --John Kelsey, kelsey.j at ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From sunder at sunder.net Tue Jun 3 08:00:07 2003 From: sunder at sunder.net (Sunder) Date: Tue, 3 Jun 2003 11:00:07 -0400 (edt) Subject: The Streisand imagecriminal lives 2-3 parcels away from me In-Reply-To: Message-ID: That's all nice and good, but why should it be on cypherpunks? Where's the relevance to this list? Why is Ken, or his addres or helipad an interest to the cypherpunks? Why is PG&E's monopolistic's actions against him relevant to the topics of this list? What's next? The Cypherpunk Equirer? IMHO, neither he, nor the Streisand creature have any relevance here - there perhaps was some relevance in terms of that lawsuit the bitch started, but, who gives a shit who your neighbors are? Should I start spamming this list with details about my neighbors? ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Sun, 1 Jun 2003, Tim May wrote: > Ken Adelman, the retired gazillionaire who has gained new fame as a > photographer of the California coastline, lives a couple of parcels > from me, perhaps half a kilometer. From tim at dierks.org Tue Jun 3 08:14:46 2003 From: tim at dierks.org (Tim Dierks) Date: Tue, 03 Jun 2003 11:14:46 -0400 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <200306031311.h53DBpL25265@medusa01.cs.auckland.ac.nz> Message-ID: <6.0.0.9.2.20030603110223.02883638@127.0.0.1> At 09:11 AM 6/3/2003, Peter Gutmann wrote: >"Lucky Green" writes: > >Given that SSL use is orders of magnitude higher than that of SSH, with no > >change in sight, primarily due to SSL's ease-of-use, I am a bit puzzled by > >your assertion that ssh, not SSL, is the "only really successful net crypto > >system". > >I think the assertion was that SSH is used in places where it matters, while >SSL is used where no-one really cares (or even knows) about it. Joe Sixpack >will trust any site with a padlock GIF on the page. Most techies won't access >a Unix box without SSH. Quantity != quality. I have my own opinion on what this assertion means. :-) I believe it intends to state that ssh is more successful because it is the only Internet crypto system which has captured a large share of its use base. This is probably true: I think the ratio of ssh to telnet is much higher than the ratio of https to http, pgp to unencrypted e-mail, or what have you. However, I think SSL has been much more successful in general than SSH, if only because it's actually used as a transport layer building block rather than as a component of an application protocol. SSL is used for more Internet protocols than HTTP: it's the standardized way to secure POP, IMAP, SMTP, etc. It's also used by many databases and other application protocols. In addition, a large number of proprietary protocols and custom systems use SSL for security: I know that Certicom's SSL Plus product (which I originally wrote) is (or was) used to secure everything from submitting your taxes with TurboTax to slot machine jackpot notification protocols, to the tune of hundreds of customers. I'm sure that when you add in RSA's customers, those of other companies, and people using OpenSSL/SSLeay, you'll find that SSL is much more broadly used than ssh. I'd guess that SSL is more broadly used, in a dollars-secured or data-secure metric, than any other Internet protocol. Most of these uses are not particularly visible to the consumer, or happen inside of enterprises. Of course, the big winners in the $-secured and data-secured categories are certainly systems inside of the financial industry and governmental systems. - Tim From adam at homeport.org Tue Jun 3 08:34:26 2003 From: adam at homeport.org (Adam Shostack) Date: Tue, 3 Jun 2003 11:34:26 -0400 Subject: The Streisand imagecriminal lives 2-3 parcels away from me In-Reply-To: References:

Message-ID: <20030603153426.GA8182@lightship.internal.homeport.org> On Tue, Jun 03, 2003 at 11:00:07AM -0400, Sunder wrote: | That's all nice and good, but why should it be on cypherpunks? Where's | the relevance to this list? Why is Ken, or his addres or helipad an | interest to the cypherpunks? Why is PG&E's monopolistic's actions against | him relevant to the topics of this list? | | What's next? The Cypherpunk Equirer? We can hope they return. http://www.haven.boston.ma.us/~benji/wheels.html http://cypherpunks.venona.com/date/1997/03/msg00102.html -- "It is seldom that liberty of any kind is lost all at once." -Hume From iang at systemics.com Tue Jun 3 08:38:50 2003 From: iang at systemics.com (Ian Grigg) Date: Tue, 03 Jun 2003 11:38:50 -0400 Subject: Maybe It's Snake Oil All the Way Down References: <000101c3298e$cf6edd30$6401a8c0@VAIO650> Message-ID: <3EDCC10A.4955CCB4@systemics.com> Lucky Green wrote: > > Ian Grigg wrote: > > Also, a lot of cryptosystems are put together > > by committees. SSH was originally put together > > by one guy. He did the lot. Allegedly, a fairly > > grotty protocol with a number of weakneses, but > > it was there and up and running. And SSH-2 is > > apparantly nice, elegant and easy to understand, > > now that it has been fixed up. > > ssh2 is in essence a re-invention of what SSL did without having to use > X.509 keys. This reinvention was, IMHO, largely the result of the > limitations of the ssh1 design. OK. Learning more every day :-) > > (SSH is the only really successful net crypto > > system, IMHO, in that it actually went into its > > market and made a mark. It's the only cryptosystem > > that is as easy to use as its non-crypto competitor, > > telnet. It's the only one where people switch and > > never return.) > > I trust that we can agree that the volume of traffic and number of > transactions protected by SSL are orders of magnitude higher than those > protected by SSH. As is the number of users of SSL. The overwhelming > majority of which wouldn't know ssh from telnet. Nor would they know > what to do at a shell prompt and therefore have no use for either ssh or > telnet. Indeed! Although I trust that we can also look at many different ways of measuring success. In order to *compare* success, like for like, we have to start with an understanding of the marketplace for each system, and assume that the marketplace for each application is its universe. I (arbitratrily) define the marketplace for SSL as browsing. (I.e., HTTP, as used between a browser and a webserver. The SSL protected part might be referred to as HTTPS. This of course ignores all the other users of the protocol.) There, we can show statistics that indicate that SSL has penetrated to something slightly less than 1% of servers. It would of course be interesting to see what the bandwidth figures are like, for example, but I wouldn't be surprised if they are also less than 1% (think about all those yahoo monsters that overflow your POTS). The fact that a user of SSL is neither aware nor capable of being protected by SSH is irrelevant, neither is a sysadmin concerned in his job with protecting his work with SSL. (Actually that's not true; there was an SSL terminal system for a while, as an adjunct to SSLeay, but that is a dead or dying protocol, rapidly replaced by SSH whenever the two entered competition. Which is a good thing, the SSL terminal was a nightmare to get going, due to its insistance on hand crafting certificates.). > Given that SSL use is orders of magnitude higher than that of SSH, with > no change in sight, primarily due to SSL's ease-of-use, I am a bit > puzzled by your assertion that ssh, not SSL, is the "only really > successful net crypto system". SSL's 1% penetration into the browsing market doesn't strike me as successful. If I was "selling SSL" as a business, I'd be looking at the other 99% and wondering why it's just sitting there, not being sold. As there are big expensive companies doing just that; then I guess they have tried. Have a look at the penetration reports on http://www.securityspace.com/ On the other hand, SSH, as a cryptosystem, as an application (think: replacement for telnet, not as competitor to the SSL protocol) penetrates its market very well. I have no more than anecdotal evidence for that, but any sysadmin knows that once they started using SSH, they would never go back to the alternate unless forced, kicking and screaming. It would be very interesting to find out what SSH v. telnet traffic looks like. That's what I mean by success. Within its market place, SSH rules. -- iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From bill.stewart at pobox.com Tue Jun 3 11:48:31 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 03 Jun 2003 11:48:31 -0700 Subject: The Streisand imagecriminal lives 2-3 parcels away from me In-Reply-To: References: Message-ID: <5.1.1.6.2.20030603114006.02e05e10@idiom.com> At 11:00 AM 06/03/2003 -0400, Sunder wrote: >That's all nice and good, but why should it be on cypherpunks? Where's >the relevance to this list? Why is Ken, or his addres or helipad an >interest to the cypherpunks? Why is PG&E's monopolistic's actions against >him relevant to the topics of this list? > >What's next? The Cypherpunk Equirer? Well sure - because not all the Black Helicopters flying over Tim's house have belonged to Feds/UN/etc. - one of them's probably been Ken's :-) I've also found Tim's comments on Pynchon living nearby interesting. >IMHO, neither he, nor the Streisand creature have any relevance here - >there perhaps was some relevance in terms of that lawsuit the bitch >started, but, who gives a shit who your neighbors are? I'd say issues of putting aerial photography on the internet and how that changes the status of previously "secret" information are pretty close to our core issues - they're not directly cryptography, but neither are the "guns, lots of guns" discussions. I don't know if Hugh ever pulled off the "export RSA by standing in a bar-code when the Russian 1-meter-resolution spy satellites fly over"... From frantz at pwpconsult.com Tue Jun 3 12:48:37 2003 From: frantz at pwpconsult.com (Bill Frantz) Date: Tue, 3 Jun 2003 12:48:37 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> References: <3EDB5A82.5B9C1073@systemics.com> Message-ID: At 7:42 AM -0700 6/3/03, John Kelsey wrote: >I keep wondering how hard it would be to build a cordless phone system on >top of 802.11b with some kind of decent encryption being used. I'd really >like to be able to move from a digital spread spectrum cordless phone >(which probably has a 16-bit key for the spreading sequence or some such >depressing thing) to a phone that can't be eavesdropped on without tapping >the wire. I've spent some time recently looking at Voice over IP (VoIP) implementations. My immediate reaction to reading the standards is that they a complete answer to a telephone company executive's wet dreams. Conferencing, Automatic call forwarding, Billing etc. etc., they're all covered. The result is a protocol that is beyond baroque and well into rococo. I think the various standards bodies are still trying to deal with issues in the protocols that weren't thought of from the start. Of course, once you have your call set up, you have to encrypt it. Most of the VoIP implementations use Real Time Streaming Protocol (RTSP, RFC2326), which requires two UDP ports through your firewall. Then you have to encrypt the RTSP traffic. I have seen reference to an encryption protocol specifically for RTSP, but a quick scan of STD1 didn't turn it up, so it is probably still a draft. I don't know anything about its security. The other choice is IPSec. IPSec seems happiest securing traffic between machines with permanent IP addresses. It is a nightmare to use with Network Address Translation. What would be really nice would be a VoIP system that used TCP instead of UDP. (I know that if TCP goes into error recovery, there is going to be major jitter in the voice. I know it will be hard to support conferencing. I know it will not gracefully bridge to the POTS network. Etc. I'm willing to put up with that to avoid the pain that comes with UDP.) Then I can just tunnel it through SSH, or hack it to use SSL/TLS. Oh well. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. frantz at pwpconsult.com | American way. | Los Gatos, CA 95032, USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From mv at cdc.gov Tue Jun 3 13:05:53 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 03 Jun 2003 13:05:53 -0700 Subject: [ChemBrin] Tracking NYC farts Message-ID: <3EDCFFA0.C8579C9@cdc.gov> [And in a few years, the sensors will be augmented with tobacco, pot, maybe programmable DNA-scurf detectors.] http://www.nydailynews.com/front/story/89128p-81072c.html Federal scientists will soon blanket the heart of midtown and the West Village with high-tech sensors designed to track biological, chemical and radiological agents in the event of a terrorist attack. The security project is a first step toward creating a vast network of sensors that can predict how the fallout from a weapon of mass destruction might spread through the city. "We would like to work out what areas would be dangerous and, more importantly, what areas would be safe," said Bruce Hicks, director of the Air Resources Laboratory of the National Oceanic and Atmospheric Administration. The research is considered crucial because mathematical and computer models that forecast the airborne paths of toxins were designed for rural areas, not cities. "Right now, the models that we have are not set up for dense urban areas with the canyons and the complexities that exist in New York," said Dr. Ralph James, director of the Energy, Environment and National Security unit at Brookhaven National Laboratory on Long Island. Five sensors already have been placed as part of the project, called the Urban Atmospheric Observatory. The instruments, attached to a federal building near Varick and W. Houston Sts., measure wind direction, velocity and turbulence. Scores of similar sensors, as well as radiation detectors, are expected to be placed this year around midtown and the West Village - considered potential terrorist targets. Tracing gases "Anywhere we can hang an instrument, we are going to try to get one out there," said Michael Reynolds, a research scientist at the Brookhaven labs, part of the Energy Department. This summer, federal scientists plan to release benign gases in Manhattan and use the sensors to track them. "That way, we can really get an idea of how well the models work," Reynolds said. A similar program, called DCNet, is underway in Washington, where 13 sensors have been placed near sensitive sites, including the White House. New York is seeking up to $10 million from the Homeland Security Department to expand its network. Reynolds said it would cost about $30 million to $40 million a year to fully implement the sensors in New York. From mv at cdc.gov Tue Jun 3 13:06:29 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 03 Jun 2003 13:06:29 -0700 Subject: Censorship, link prohibition Message-ID: <3EDCFFC5.F2CB0034@cdc.gov> (from politech, with additions) The New York Times article is here: http://www.nytimes.com/2003/06/02/national/02INTE.html Excerpt: >Judge Lewis ruled on May 6, before Mr. Max was notified of the suit and >without holding a hearing. She told Mr. Max that he could not use "Katy" >on his site. Nor could he use Ms. Johnson's last name, full name or the >words "Miss Vermont." >The judge also prohibited Mr. Max from "disclosing any stories, facts or >information, notwithstanding its truth, about any intimate or sexual acts >engaged in by" Ms. Johnson. That prohibition is not limited to his Web >site. Finally, Judge Lewis ordered Mr. Max to sever the virtual remains of >his relationship with Ms. Johnson. He is no longer allowed to link to her >Web site. >The page of Mr. Max's site that used to contain his rambling memoir now >has only a reference to the court order. The Max story is mirrored here: http://www.cs.cmu.edu/~dst/Katy-Johnson (The preamble here, authored by the mirrorer, is an excellent read. As he says: "Ms.Johnson has not thus far sued him for libel, only for revealing "embarassing private facts". Ms. Johnson is indisputably a public figure who holds herself out as a moral example, so the legal standard for proving either libel or invasion of privacy would be quite high.") ............. Katy Johnson Katy Johnson was Miss Vermont in 1999 and 2001. She has a relatively sucessful website (http://www.katyjohnson.com) promoting abstinence until marriage and general sexual purity. Tucker Max wrote a story about all of the nasty sexual things she did to him and posted it on his website (http://www.tuckermax.com). Johnson sued Max. As a result, Max is receiving the huge amount of publicity he desired. His picture was on the front page of the 7 May 2003 Chicago Sun-Times. Meanwhile, Johnson's image has been widely tarnished because of the publicity drawn by her suit. Gun. Foot. Bang! http://www.munsoned.com/people/list.cfm?person=125 There's a flashless site at http://www.pageantcity.com/signon.html where you can ask her a question. We have, viz. what she thinks Monica was talking about: I think people have not quite gotten their hands around the speed at which information can be disseminated online. -Monica Lewinsky, LATimes 9 may 01 From eb at comsec.com Tue Jun 3 13:25:50 2003 From: eb at comsec.com (Eric Blossom) Date: Tue, 3 Jun 2003 13:25:50 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> References: <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> Message-ID: <20030603202550.GB19610@comsec.com> On Tue, Jun 03, 2003 at 10:42:01AM -0400, John Kelsey wrote: > At 10:09 AM 6/2/03 -0400, Ian Grigg wrote: > ... > > (One doesn't hear much about > >crypto phones these days. Was this really a need?) Yes, I believe there is a need. In my view, there are two factors in the way of wide spread adoption: cost and ease of use. Having spent many years messing with these things, I've come to the conclusion that what I personally want is a cell phone that implements good end-to-end crypto. This way, I've always got my secure communication device with me, there's no "bag on the side", and it can be made almost completely transparent. > And for cellphones, I keep thinking we need a way to sell a secure > cellphone service that doesn't involve trying to make huge changes to the > infrastructure, ... Agreed. Given a suitably powerful enough Java or whatever equipped cell phone / pda and an API that provides access to a data pipe and the speaker and mic, you can do this without any cooperation from the folks in the middle. I think that this platform will be common within a couple of years. The Xscale / StrongARM platform certainly has enough mips to handle both the vocoding and the crypto. Also on the horizon are advances in software radio that will enable the creation of ad hoc self organizing networks with no centralized control. There is a diverse collection of people supporting this revolution in wireless communications. They range from technologists, to economists, lawyers, and policy wonks. For background on spectrum policy issues see http://www.reed.com/openspectrum, http://cyberlaw.stanford.edu/spectrum or http://www.law.nyu.edu/benklery Free software for building software radios can be found at the GNU Radio web site http://www.gnu.org/software/gnuradio Eric --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From eb at comsec.com Tue Jun 3 13:25:50 2003 From: eb at comsec.com (Eric Blossom) Date: Tue, 3 Jun 2003 13:25:50 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> Message-ID: On Tue, Jun 03, 2003 at 10:42:01AM -0400, John Kelsey wrote: > At 10:09 AM 6/2/03 -0400, Ian Grigg wrote: > ... > > (One doesn't hear much about > >crypto phones these days. Was this really a need?) Yes, I believe there is a need. In my view, there are two factors in the way of wide spread adoption: cost and ease of use. Having spent many years messing with these things, I've come to the conclusion that what I personally want is a cell phone that implements good end-to-end crypto. This way, I've always got my secure communication device with me, there's no "bag on the side", and it can be made almost completely transparent. > And for cellphones, I keep thinking we need a way to sell a secure > cellphone service that doesn't involve trying to make huge changes to the > infrastructure, ... Agreed. Given a suitably powerful enough Java or whatever equipped cell phone / pda and an API that provides access to a data pipe and the speaker and mic, you can do this without any cooperation from the folks in the middle. I think that this platform will be common within a couple of years. The Xscale / StrongARM platform certainly has enough mips to handle both the vocoding and the crypto. Also on the horizon are advances in software radio that will enable the creation of ad hoc self organizing networks with no centralized control. There is a diverse collection of people supporting this revolution in wireless communications. They range from technologists, to economists, lawyers, and policy wonks. For background on spectrum policy issues see http://www.reed.com/openspectrum, http://cyberlaw.stanford.edu/spectrum or http://www.law.nyu.edu/benklery Free software for building software radios can be found at the GNU Radio web site http://www.gnu.org/software/gnuradio Eric ----- End forwarded message ----- From timcmay at got.net Tue Jun 3 13:53:44 2003 From: timcmay at got.net (Tim May) Date: Tue, 3 Jun 2003 13:53:44 -0700 Subject: The Streisand imagecriminal lives 2-3 parcels away from me In-Reply-To: <5.1.1.6.2.20030603114006.02e05e10@idiom.com> Message-ID: <76DB94B0-9605-11D7-88B5-000A956B4C74@got.net> On Tuesday, June 3, 2003, at 11:48 AM, Bill Stewart wrote: > At 11:00 AM 06/03/2003 -0400, Sunder wrote: >> That's all nice and good, but why should it be on cypherpunks? >> Where's >> the relevance to this list? Why is Ken, or his addres or helipad an >> interest to the cypherpunks? Why is PG&E's monopolistic's actions >> against >> him relevant to the topics of this list? >> >> What's next? The Cypherpunk Equirer? > > Well sure - because not all the Black Helicopters flying over Tim's > house > have belonged to Feds/UN/etc. - one of them's probably been Ken's :-) > I've also found Tim's comments on Pynchon living nearby interesting. > >> IMHO, neither he, nor the Streisand creature have any relevance here - >> there perhaps was some relevance in terms of that lawsuit the bitch >> started, but, who gives a shit who your neighbors are? > > I'd say issues of putting aerial photography on the internet and > how that changes the status of previously "secret" information > are pretty close to our core issues - they're not directly > cryptography, > but neither are the "guns, lots of guns" discussions. And neither are the 15th or 23rd essentially duplicative discussions of PGP or Mondex or SSL or crypto exports very interesting or useful. I have no idea who pissed in Sunder's Wheaties, but he is of course free to skip any articles and concentrate on the ones that interest him. Volume on the list is now a fraction of what it once was...and yet still much repetitiousness dominates. Sunder could consider subscribing to a "Best of" list...wait, doesn't he _run_ one? Problem solved. I was not the one who brought up the Streisand sut...that was a posting by Major Variola on Friday. I thought it was pretty interesting that the aerial photographer is a neighbor of mine. This is, after all, not the same as listing neighbors who have not been mentioned...this is more akin to there being some talked-about crime case here and having John Young or Declan say "That guy is my neighbor across the way." Interesting to know where people live, with even less techno/privacy relevance (such as hearing that Gary Condit lived near where Declan lives). Added to the fact that I see his helicopters circling low over my property (which explains some of the close encounters of the chopper kind in recent years), and the privacy/Brinworld implications (mentioned by M. Variola), and the sheer coincidence that I had just returned from my first flying lesson, I felt the need to post. Also, about 50-60 people were at the meeting/party at my house last September, so they have some (perhaps slight) awareness of which hills and nearby areas I'm mentioning. Sunder should put me in his killfile for a while...I am doing that for his posts, for a while. By the way, the Adelman situation also has a few other interesting tidbits. The company Adelman and his partner formed was called "TGV." Located in Santa Cruz, the names suggested _speed_, as in the French train of the same name. Lore has it that the real origin was "Two Guys and a Vax. Adelman also founded Network Alchemy. TGV was sold at the peak of the Internet boom to Cisco and Network Alchemy was sold to Nokia. Adelman cleared at least a few hundred million dollars. --Tim May "He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you." -- Nietzsche From lynn at garlic.com Tue Jun 3 13:46:27 2003 From: lynn at garlic.com (Anne & Lynn Wheeler) Date: Tue, 03 Jun 2003 14:46:27 -0600 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <200306031304.h53D4dl25250@medusa01.cs.auckland.ac.nz> Message-ID: <4.2.2.20030603143759.00c5c280@mail.earthlink.net> On Tue, 2003-06-03 at 07:04, Peter Gutmann wrote: > That's a red herring. It happens to use X.509 as its preferred bit-bagging > format for public keys, but that's about it. People use self-signed certs, > certs from unknown CAs [0], etc etc, and you don't need certs at all if you > don't need them, I've just done an RFC draft that uses > shared secret keys for mutual authentication of client and server, with no > need for certificates of any kind, so the use of > certs, and in particular a hierarchical PKI, is merely an optional extra. > It's no more required in SSL than it is in SSHv2. the pk-init draft for kerberos allows public keys .... allowing both cert & cert-less implementation the scenario allows for public key registration in lieu of shared secret registration. the scenario is that r/o access, divulging, sniffing, etc doesn't result in compromise. in the token form .... http://www.garlic.com/~lynn/index.html#aadsstraw http://www.asuretee.com/ the key-pair is gen'ed in the chip and never leaves the chip. as part of 3-factor authentication * something you have * something you know * something you are the chip in the token purely provides "something you have" authentication ... and the digital signature done by the token is purely to prove that you have that particular token. It doesn't prove who you are, it just proves that you have a specific (extremely difficult to counterfeit) token as part of "something you have" authentication. if the token is augmented with a pin/password for its correct operation, then there can be 2-factor authentication. It doesn't involved shared-secrets since the pin/password is purely between the person and the hardware token. The business process validates that the token is of the type requiring PIN and/or biometric for correct operation. The ecdsa digital signature authentication protocol for kerberos, radius, x9.59 for all retail financial transactions, or ssh can be identical regardless of the integrity level. The ecdsa digital signature authentication protocol can be ubiquitous regardless of the authentication integrity level required. The business process to meet integrity requirements then can require sofware key-pair or hardware token key-pair, the level of integrity of the hardware token, and/or the operational characteristics of the hardware token (no-pin, pin, biometrics, etc) w/o changing the protocol. If the protocol is independent of the business process integrity issue then either the business and/or the end-user may be able to having personal choice about the level of integrity required. Furthermore, the person might even have personal choice whether they need a unique token per security environment, a single token for all security environment, and/or a small number of tokens selectively applied to different security environments the digital signature has nothing at all to do directly with the person, it is purely related to demonstrating the possession of the token (as part of something you have authentication) and possibly the integrity level of the token. The issue of the authentication protocol is getting the bits and bytes for transmission correct but doesn't normally say what it means ... i.e. secret, shared-secret, one factor authentication, two-factor authentication, something you have authentication, something you know authentication, etc. ... although frequently the protocol is envisioned to be a specific implementation of a specific kind of authentication and trust/integrity level. recent token discussions http://www.garlic.com/~lynn/2003i.html#1 Two-factor authentication with SSH? http://www.garlic.com/~lynn/2003i.html#2 Two-factor authentication with SSH? http://www.garlic.com/~lynn/2003i.html#35 electronic-ID and key-generation http://www.garlic.com/~lynn/2003i.html#36 electronic-ID and key-generation older token discussions http://www.garlic.com/~lynn/aadsm10.htm#bio6 biometrics http://www.garlic.com/~lynn/aadsm10.htm#keygen2 Welome to the Internet, here's your private key http://www.garlic.com/~lynn/aadsm11.htm#5 Meaning of Non-repudiation http://www.garlic.com/~lynn/aadsm12.htm#24 Interests of online banks and their users [was Re: Cryptogram: Palladium Only for DRM] http://www.garlic.com/~lynn/aadsm7.htm#rhose12 when a fraud is a sale, Re: Rubber hose attack http://www.garlic.com/~lynn/aepay10.htm#65 eBay Customers Targetted by Credit Card Scam http://www.garlic.com/~lynn/2000f.html#65 Cryptogram Newsletter is off the wall? http://www.garlic.com/~lynn/2001c.html#39 PKI and Non-repudiation practicalities http://www.garlic.com/~lynn/2001g.html#1 distributed authentication http://www.garlic.com/~lynn/2001g.html#11 FREE X.509 Certificates http://www.garlic.com/~lynn/2001j.html#52 Are client certificates really secure? http://www.garlic.com/~lynn/2001k.html#61 I-net banking security http://www.garlic.com/~lynn/2002c.html#7 Opinion on smartcard security requested http://www.garlic.com/~lynn/2002e.html#18 Opinion on smartcard security requested http://www.garlic.com/~lynn/2002e.html#36 Crypting with Fingerprints ? http://www.garlic.com/~lynn/2002h.html#41 Biometric authentication for intranet websites? http://www.garlic.com/~lynn/2002i.html#65 privileged IDs and non-privileged IDs http://www.garlic.com/~lynn/2002n.html#30 Help! Good protocol for national ID card? http://www.garlic.com/~lynn/2002o.html#57 Certificate Authority: Industry vs. Government -- Anne & Lynn Wheeler http://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From bill.stewart at pobox.com Tue Jun 3 15:01:51 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 03 Jun 2003 15:01:51 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDCC10A.4955CCB4@systemics.com> References: <000101c3298e$cf6edd30$6401a8c0@VAIO650> Message-ID: <5.1.1.6.2.20030603115519.02ebd0f0@idiom.com> At 11:38 AM 06/03/2003 -0400, Ian Grigg wrote: >I (arbitratrily) define the marketplace for SSL as browsing. ... >There, we can show statistics that indicate that SSL >has penetrated to something slightly less than 1% of servers. For transmitting credit card numbers on web forms, I'd be surprised if there were 1% of the servers that *don't* use SSL/TLS. Virtually all deployed browsers support SSL, except a few special-purpose versions. The web servers supporting almost all of the web support SSL if they have keys installed. While many of them haven't bothered paying money for certified keys or doing self-signed keys, I'd be surprised if it's really as low as 1%. What's your source for that figure? While only a small fraction of web pages, and a much smaller fraction of web bits transmitted, use SSL, that's appropriate, because most web pages are material the publisher wants the public to see, so eavesdropping isn't particularly part of the threat model, and even integrity protection is seldom a realistic worry. (By contrast, eavesdropping protection and integrity protection are critical to telnet-like applications, so SSH is a big win.) It's nice to have routine web traffic encrypted, so that non-routine traffic doesn't stand out, and so that traffic analysis is much harder, but there is a significant CPU hit from the public-key phase, which affects the number of pages per hour that can be served. Corporate intranet web traffic carried across the public internet sometimes uses SSL, but usually uses IPSEC because that also supports email. In addition to web browsing and email submission, there's an emerging market for SSL-based VPNs appliances. Neoteris is one of the pioneers, and Aventail and some others are players. The intention is that you can get "clientless" (browser-based) support for intranet web browsing and email, and lightweight client support for telnet, while only having to buy an overpriced server box. (And the box doesn't even need crypto accelerator help, because the public-key phase only gets used for login, while most sessions are long enough that this amortizes quickly.) From jamesd at echeque.com Tue Jun 3 15:04:54 2003 From: jamesd at echeque.com (James A. Donald) Date: Tue, 3 Jun 2003 15:04:54 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <200306031304.h53D4dl25250@medusa01.cs.auckland.ac.nz> Message-ID: <3EDCB916.14077.15D755CF@localhost> -- > That's a red herring. It happens to use X.509 as its > preferred bit-bagging format for public keys, but that's > about it. People use self-signed certs, certs from unknown > CAs [0], etc etc, and you don't need certs at all if you > don't need them, I've just done an > RFC draft that uses shared secret keys for mutual > authentication of client and server, with no need for > certificates of any kind, so the use > of certs, and in particular a hierarchical PKI, is merely an > optional extra. It's no more required in SSL than it is in > SSHv2. I never figured out how to use a certificate to authenticate a client to a web server, how to make a web form available to one client and not another. Where do I start? What I and everyone else does is use a shared secret, a password stored on the server, whereby the otherwise anonymous client gets authenticated, then gets an ephemeral cookie identifying him.. I cannot seem to find any how-tos or examples for anything better, whether for IIS or apache. As a result we each have a large number of shared secret passwords, whereby we each log into a large number of webservers. Was this what the people who created this protocol intended? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Y/QLPHyeZqXrSgYZI9nQsjsk7krbgSGfCZ0BLpOt 4gqWFWtV3GiEwWupSGyR895BQo0u2e4MmlgtpP/po From frantz at pwpconsult.com Tue Jun 3 15:15:16 2003 From: frantz at pwpconsult.com (Bill Frantz) Date: Tue, 3 Jun 2003 15:15:16 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <63421CA0-9609-11D7-A99C-000393754B1C@vangelderen.org> References: <000101c3298e$cf6edd30$6401a8c0@VAIO650> Message-ID: At 2:21 PM -0700 6/3/03, Jeroen C. van Gelderen wrote: >Perhaps that measure is too coarse grained. For instance, in the domain >of "security advisories" most emails are digitally signed with OpenPGP. >And in the domain of online credit card payments HTTPS has displaced >HTTP. I know of one system that takes credit cards over HTTPS, and then sends the credit card number, encrypted with GPG to a backend system for processing. It isn't perfect, but it's better than storing the credit card number on a database accessible to the web server. (I would feel a lot better if Amazon didn't remember my credit card number.) Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. frantz at pwpconsult.com | American way. | Los Gatos, CA 95032, USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From ekr at rtfm.com Tue Jun 3 15:27:12 2003 From: ekr at rtfm.com (Eric Rescorla) Date: 03 Jun 2003 15:27:12 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDCB916.14077.15D755CF@localhost> References: <3EDCB916.14077.15D755CF@localhost> Message-ID: "James A. Donald" writes: > > That's a red herring. It happens to use X.509 as its > > preferred bit-bagging format for public keys, but that's > > about it. People use self-signed certs, certs from unknown > > CAs [0], etc etc, and you don't need certs at all if you > > don't need them, I've just done an > > RFC draft that uses shared secret keys for mutual > > authentication of client and server, with no need for > > certificates of any kind, so the use > > of certs, and in particular a hierarchical PKI, is merely an > > optional extra. It's no more required in SSL than it is in > > SSHv2. > > I never figured out how to use a certificate to authenticate a > client to a web server, how to make a web form available to one > client and not another. Where do I start? > > What I and everyone else does is use a shared secret, a > password stored on the server, whereby the otherwise anonymous > client gets authenticated, then gets an ephemeral cookie > identifying him.. I cannot seem to find any how-tos or > examples for anything better, whether for IIS or apache. http://www.modssl.org/docs/2.8/ssl_howto.html#auth-simple -Ekr -- [Eric Rescorla ekr at rtfm.com] http://www.rtfm.com/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From eb at comsec.com Tue Jun 3 15:50:37 2003 From: eb at comsec.com (Eric Blossom) Date: Tue, 3 Jun 2003 15:50:37 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <5.2.0.9.0.20030603175734.045fa8b0@pop.ix.netcom.com> References: <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> <5.2.0.9.0.20030603175734.045fa8b0@pop.ix.netcom.com> Message-ID: <20030603225037.GB20254@comsec.com> On Tue, Jun 03, 2003 at 06:17:12PM -0400, John Kelsey wrote: > At 01:25 PM 6/3/03 -0700, Eric Blossom wrote: > ... > I agree end-to-end encryption is worthwhile if it's available, but even > when someone's calling my cellphone from a normal landline phone, I'd like > it if at least the over-the-air part of the call was encrypted. That's a > much bigger vulnerability than someone tapping the call at the base station > or at the phone company. GSM and CDMA phones come with the crypto enabled. The crypto's good enough to keep out your neighbor (unless he's one of us) but if you're that paranoid, you should opt for the end-to-end solution. The CDMA stuff (IS-95) is pretty broken: *linear* crypto function, takes 1 second worst case to gather data sufficient to solve 42 equations in 42 unknowns, but again, what's your threat model? Big brother and company are going to get you at the base station... At our house we've pretty much given up on wired phone lines. We use cell phones as our primary means of communication. Turns out that with the bundled roaming and long distance, it works out cheaper than what we used to pay for long distance service. There is that pesky location transponder problem though. > ...which will basically never be secured end-to-end if > this requires each of those people to buy a special new phone, or do some > tinkering with configuring secure phone software for their PDA. "Hmmm, > which key size do I need? Is 1024 bits long enough? Why do I have to move > the mouse around, again, anyway?" It doesn't have to be hard. No requirement for PKI. Just start with an unauthenticated 2k-bit Diffie-Hellman and be done with it. Eric --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From eb at comsec.com Tue Jun 3 15:50:37 2003 From: eb at comsec.com (Eric Blossom) Date: Tue, 3 Jun 2003 15:50:37 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <5.2.0.9.0.20030603175734.045fa8b0@pop.ix.netcom.com> Message-ID: On Tue, Jun 03, 2003 at 06:17:12PM -0400, John Kelsey wrote: > At 01:25 PM 6/3/03 -0700, Eric Blossom wrote: > ... > I agree end-to-end encryption is worthwhile if it's available, but even > when someone's calling my cellphone from a normal landline phone, I'd like > it if at least the over-the-air part of the call was encrypted. That's a > much bigger vulnerability than someone tapping the call at the base station > or at the phone company. GSM and CDMA phones come with the crypto enabled. The crypto's good enough to keep out your neighbor (unless he's one of us) but if you're that paranoid, you should opt for the end-to-end solution. The CDMA stuff (IS-95) is pretty broken: *linear* crypto function, takes 1 second worst case to gather data sufficient to solve 42 equations in 42 unknowns, but again, what's your threat model? Big brother and company are going to get you at the base station... At our house we've pretty much given up on wired phone lines. We use cell phones as our primary means of communication. Turns out that with the bundled roaming and long distance, it works out cheaper than what we used to pay for long distance service. There is that pesky location transponder problem though. > ...which will basically never be secured end-to-end if > this requires each of those people to buy a special new phone, or do some > tinkering with configuring secure phone software for their PDA. "Hmmm, > which key size do I need? Is 1024 bits long enough? Why do I have to move > the mouse around, again, anyway?" It doesn't have to be hard. No requirement for PKI. Just start with an unauthenticated 2k-bit Diffie-Hellman and be done with it. Eric ----- End forwarded message ----- From ericm at lne.com Tue Jun 3 17:07:01 2003 From: ericm at lne.com (Eric Murray) Date: Tue, 3 Jun 2003 17:07:01 -0700 Subject: [PaulLambert@AirgoNetworks.Com: Re: BIS Disk Full] Message-ID: <20030603170701.A8490@slack.lne.com> ----- Forwarded message from Paul Lambert ----- From ericm at lne.com Tue Jun 3 17:07:20 2003 From: ericm at lne.com (Eric Murray) Date: Tue, 3 Jun 2003 17:07:20 -0700 Subject: [eay@pobox.com: Re: Maybe It's Snake Oil All the Way Down] Message-ID: <20030603170720.B8490@slack.lne.com> ----- Forwarded message from Eric Young ----- From ericm at lne.com Tue Jun 3 17:07:37 2003 From: ericm at lne.com (Eric Murray) Date: Tue, 3 Jun 2003 17:07:37 -0700 Subject: [eb@comsec.com: Re: Maybe It's Snake Oil All the Way Down] Message-ID: <20030603170737.C8490@slack.lne.com> ----- Forwarded message from Eric Blossom ----- From ericm at lne.com Tue Jun 3 17:07:59 2003 From: ericm at lne.com (Eric Murray) Date: Tue, 3 Jun 2003 17:07:59 -0700 Subject: [eb@comsec.com: Re: Maybe It's Snake Oil All the Way Down] Message-ID: <20030603170759.D8490@slack.lne.com> ----- Forwarded message from Eric Blossom ----- From jeroen at vangelderen.org Tue Jun 3 14:21:49 2003 From: jeroen at vangelderen.org (Jeroen C. van Gelderen) Date: Tue, 3 Jun 2003 17:21:49 -0400 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <000101c3298e$cf6edd30$6401a8c0@VAIO650> Message-ID: <63421CA0-9609-11D7-A99C-000393754B1C@vangelderen.org> On Tuesday, Jun 3, 2003, at 01:13 US/Eastern, Lucky Green wrote: > Given that SSL use is orders of magnitude higher than that of SSH, with > no change in sight, primarily due to SSL's ease-of-use, I am a bit > puzzled by your assertion that ssh, not SSL, is the "only really > successful net crypto system". (I noticed that SSL and HTTPS are sometimes used interchangeably in this thread and sometimes not (i.e. STARTTLS). I'll concentrate on HTTPS in this mail. Note that HTTPS is slightly broader than just SSL: it also includes the browser interface.) Absolute numbers are one measure. Another would be to consider the ratio of HTTPS/HTTP and SSH/telnet. You could define a successful protocol by ability to displace its unprotected equivalent. I for one would consider that a more useful measure. I bet you find that HTTPS is non-existent according to this definition, completely disappearing in the noise. Interestingly (and IMHO correctly) enough OpenPGP fails this test too. Miserably. Perhaps that measure is too coarse grained. For instance, in the domain of "security advisories" most emails are digitally signed with OpenPGP. And in the domain of online credit card payments HTTPS has displaced HTTP. But HTTPS covers only those transactions for which users demand protection. Actually, that isn't quite correct. It is those transactions for which the users want to *feel* [2] protected. It is mindbogglingly easy to spoof an HTTPS site. Either with or without the impostor using a certificate. (Today, I can register http://www.e-g0ld.com/ and obtain a matching certificate for $100. All the user will see is a lock icon and he thinks he is safely on http://www.e-gold.com/.) A large part of the problem obviously is the browser's user interface. The other part mainly concerns the use of CA certificates. Self-signed certificates only compound the problem by teaching the user bad habits. ("Oh, if the browser asks a question, just click yes." Guess what: people will now always click "YES" on certificate related questions, whatever the question or warning is.) Penetration? Even privacy-sensitive sites like, say, http://www.cypherpunks.to/ do not utilize HTTPS by default. The possibility of HTTPS access isn't even mentioned on the homepage. No support for RFC 2817 and no transparent redirect either. You have to manually change http: to https: for it to work. Same for http://www.cryptorights.org/. When you manually go to the HTTPS version you will note that they use a self-signed certificate which: a) requires user interaction and a user knowing what she is doing; b) erodes the value of security questions (through teaching bad habits) c) doesn't cache the key so subsequent MITM attacks are not defended against. Another sensitive site? How about HTTPS access to Google ... ? SSH on the other hand succeeded in protecting network infrastructure nearly transparently. It virtually replaced telnet in places where it matters (and a whole lot where it doesn't). I don't have to change addresses or port numbers. Open-source UNIXes have it enabled by default. It completely redefined how X screens are remoted for the (small?) set of users that are interested in that. Of course its protocol isn't perfect and it certainly is vulnerable to the MITM on the first connection. But I bet it offers more real protection than HTTPS, as *presently* implemented, ever will. SSH is the closest thing to opportunistic encryption I know of. I guess this is qualified agreement with Ian's statement that SSH is the "only really successful net crypto system". I can only hope that people will adopt the displacement ratio as a measure of success and design their protocols (all the way up to the user interface) accordingly. Lifting and modifying a quote from Peter Gutmann's homepage: "I think a lot of purists would rather have cryptographic protocols be useless to anyone in any practical terms than to have it made simple enough to use, but potentially "flawed"." -- with apologies to Chris Zimman. -J [1] One exception would be the subset of mail roughly corresponding to security advisories. There OpenPGP signatures are the norm. [2] Airport "security" anyone? -- Jeroen C. van Gelderen - jeroen at vangelderen.org A single glass of beer was passed, from which I was the last one to sip - a ritual signifying that I was not to be poisoned. From timcmay at got.net Tue Jun 3 17:28:09 2003 From: timcmay at got.net (Tim May) Date: Tue, 3 Jun 2003 17:28:09 -0700 Subject: SIGINT planes vs. radioisotope mapping In-Reply-To: Message-ID: <6AD4526E-9623-11D7-88B5-000A956B4C74@got.net> On Tuesday, June 3, 2003, at 09:10 PM, David Wagner wrote: > Sampo Syreeni wrote: >> Rather it's the fact that the Big >> Brother doesn't have the necessary total funds, and so doesn't listen >> into >> a considerable proportion of calls as a whole. > > Yet. > > As far as we know. > > :-) > > I agree it's an economic issue, and law enforcement doesn't seem to > listen in on a considerable proportion of calls as a whole at the > moment. > But what happens to costs in the future? Remember, it takes 10 years > to get any change to the cellphone/telecommunications infrastructure > deployed, so it pays to think ahead. > > By the way, what's the story with those SIGINT planes supposedly > advertised as being able to fly over a city and capture communications > from the whole metropolitan area? John Young had a pointer on his web > site at one point. Do you suppose they might snarf up all the > cellphone > traffic they can find, en masse? What proportion of calls would that > be, > as a fraction of the whole? One wonders whether your confidence in the > security of cellphone traffic is well-founded. AWACS-type planes have long had the ability to act as "cell towers," so cell traffic is easily picked-up, if in fact they are doing this. Landline signals are vastly harder to pick up, and I doubt strongly that every minorly-radiating landline signal is being picked up. Perhaps for very, very targetted signals, but not cruising over general cities, it seems likely to me. I'm not sure of the context here, but in the past year there were some reports of planes circling over university campuses, and many were hypothesizing that SIGINT was being done on telephone and computer messages. This seemed unlikely to me. I concluded--and posted on Usenet about my thinking--that some campuses may have been targeted for low-level gamma ray surveys. Kind of a gamma ray version of Shipley's "war driving" maps. Possibly for construction of baseline maps of existing radioisotopes in university labs, hospitals, and private facilities. Then deviations from baseline maps could be identified and inspected in more detail with ground-based vans and black bag ops. > --Tim May "That the said Constitution shall never be construed to authorize Congress to infringe the just liberty of the press or the rights of conscience; or to prevent the people of the United States who are peaceable citizens from keeping their own arms." --Samuel Adams From lynn at garlic.com Tue Jun 3 16:29:44 2003 From: lynn at garlic.com (Anne & Lynn Wheeler) Date: Tue, 03 Jun 2003 17:29:44 -0600 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDCB916.14077.15D755CF@localhost> References: <200306031304.h53D4dl25250@medusa01.cs.auckland.ac.nz> Message-ID: <4.2.2.20030603170816.00c976a0@mail.earthlink.net> At 03:04 PM 6/3/2003 -0700, James A. Donald wrote: >I never figured out how to use a certificate to authenticate a >client to a web server, how to make a web form available to one >client and not another. Where do I start? > >What I and everyone else does is use a shared secret, a >password stored on the server, whereby the otherwise anonymous >client gets authenticated, then gets an ephemeral cookie >identifying him.. I cannot seem to find any how-tos or >examples for anything better, whether for IIS or apache. > >As a result we each have a large number of shared secret >passwords, whereby we each log into a large number of >webservers. Was this what the people who created this protocol >intended? The issue is where does the authentication material come from. Basically, certificates were solution targeted for offline email from the early '80s. you dail-up, connect, exchange email, hang-up. then you read. some random person that you never, ever dealt with before sends you something. they claim to be somebody .... the certificate is signed by somebody you trust .... is offered as proof that they are who they claimed to be. the other approach in the online world &/or with previous relations, is have a table of authentication material. the payment (debit/credit) card world went from non-electronic, offline to electronic and online (and skipped the step altogether that certificates represent ... the electornic and offline). note that even the certificate-based infrastructure are dependent on this method .... basically the certificate-enabled infrastructures have local table of "CA" public keys (i.e. those public keys that they've previously decided to trust) ... then certificates are validated with "CA" public keys and the current message/document is validate with public key from certificate. The primary difference between cert-based infrastructure and certless-based infrastructure is that the cert-based infrastructure there CAs have the database of all public keys and create these small R/O copies of their database records called certificates and spray them all over for use in offline environments. Then relying parties just have abbreviated CA-only public key tables and can't access the full tables maintained at the CAs. In the certless-based infrastructure the relying parties either maintain their own full tables of all public keys and/or have direct online access to the full tables. There is no need for these little R/O, static, stale, redundant and superfluous copies of somebody else offline database entry (called certificates) since there can be direct, online access to the original copy. generalized case can be hooking the web server to either radius or kerberos for handling the authentication process. both radius and kerberos support shared-secrets recorded in database as authentication. the radius example at http://www.asuretee.com/ shows example of radius recording public key in lieu of shared-secret and performing ecdsa digital signature authentication. pkinit for kerberos also allows for public key recorded in lieu of shared-secret and digital signature authentication. misc. radius public key authentication posts http://www.garlic.com/subpubkey.html#radius misc. kerberos public key authentication pots http://www.garlic.com/subpubkey.html#kerberos futher discussion specifically regarding static, stale, redundant, superfluous certificates. http://www.garlic.com/~lynn/subpubkey.html#rpo slightly related discussions regarding SSL merchant comfort certificates: http://www.garlic.com/~lynn/subpubkey.html#sslcerts -- Anne & Lynn Wheeler http://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From camera_lumina at hotmail.com Tue Jun 3 14:53:11 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 03 Jun 2003 17:53:11 -0400 Subject: The Streisand imagecriminal lives 2-3 parcels away from me Message-ID: >"I'd say issues of putting aerial photography on the internet and how that >changes the status of previously "secret" information are pretty close to >our core issues - they're not directly cryptography, but neither are the >"guns, lots of guns" discussions." What the hell...I see plenty of room for socializing-type talk, particularly if it's not inifintely removed from the concerns of the list. Actually, in this case there was a subtext that was also of interest. May put 2+2 together and used publically available, easy-to-access search tools and was able to figure out what a secretive neighbor was doing. Makes you wonder if the TLAs really need to do much covert snopping these days. -TD >From: Bill Stewart >To: cypherpunks at lne.com >Subject: Re: The Streisand imagecriminal lives 2-3 parcels away from me >Date: Tue, 03 Jun 2003 11:48:31 -0700 > >At 11:00 AM 06/03/2003 -0400, Sunder wrote: >>That's all nice and good, but why should it be on cypherpunks? Where's >>the relevance to this list? Why is Ken, or his addres or helipad an >>interest to the cypherpunks? Why is PG&E's monopolistic's actions against >>him relevant to the topics of this list? >> >>What's next? The Cypherpunk Equirer? > >Well sure - because not all the Black Helicopters flying over Tim's house >have belonged to Feds/UN/etc. - one of them's probably been Ken's :-) >I've also found Tim's comments on Pynchon living nearby interesting. > >>IMHO, neither he, nor the Streisand creature have any relevance here - >>there perhaps was some relevance in terms of that lawsuit the bitch >>started, but, who gives a shit who your neighbors are? > >I'd say issues of putting aerial photography on the internet and >how that changes the status of previously "secret" information >are pretty close to our core issues - they're not directly cryptography, >but neither are the "guns, lots of guns" discussions. > >I don't know if Hugh ever pulled off the "export RSA by standing in >a bar-code when the Russian 1-meter-resolution spy satellites fly over"... _________________________________________________________________ Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail From ravage at einstein.ssz.com Tue Jun 3 16:01:28 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Tue, 3 Jun 2003 18:01:28 -0500 (CDT) Subject: CNN.com - Man wins right to sue U.S. government over pot car - Jun. 2, 2003 (fwd) Message-ID: ;) http://www.cnn.com/2003/LAW/06/02/pot.lawsuit.reut/index.html -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From kelsey.j at ix.netcom.com Tue Jun 3 15:17:12 2003 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Tue, 03 Jun 2003 18:17:12 -0400 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <20030603202550.GB19610@comsec.com> References: <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> Message-ID: <5.2.0.9.0.20030603175734.045fa8b0@pop.ix.netcom.com> At 01:25 PM 6/3/03 -0700, Eric Blossom wrote: ... >Having spent many years messing with these things, I've come to the >conclusion that what I personally want is a cell phone that implements >good end-to-end crypto. This way, I've always got my secure >communication device with me, there's no "bag on the side", and it can >be made almost completely transparent. I agree end-to-end encryption is worthwhile if it's available, but even when someone's calling my cellphone from a normal landline phone, I'd like it if at least the over-the-air part of the call was encrypted. That's a much bigger vulnerability than someone tapping the call at the base station or at the phone company. Otherwise, encrypted phone calls with the secure cellphone start looking a lot like encrypted e-mail with PGP--I have PGP, so do a few other people, but most people I want to talk to don't have it installed, and so most of my calls remain in the clear. This includes phone calls to my doctor, mother, priest, shrink, sister, lawyer, best friend, wife, bank, accountant, etc., e.g., all the calls I probably really wanted secured, and which will basically never be secured end-to-end if this requires each of those people to buy a special new phone, or do some tinkering with configuring secure phone software for their PDA. "Hmmm, which key size do I need? Is 1024 bits long enough? Why do I have to move the mouse around, again, anyway?" For essentially all of these, just getting to where I can use a cordless or cell phone on these calls without feeling like I'm broadcasting my private conversations in the clear would be great. Securing the other end is even better, but I'd like to do the part I can do now, not when the world finally realizes that unencrypted wireless stuff is a gaping privacy hole. ... > > And for cellphones, I keep thinking we need a way to sell a secure > > cellphone service that doesn't involve trying to make huge changes to the > > infrastructure, ... > >Agreed. Given a suitably powerful enough Java or whatever equipped >cell phone / pda and an API that provides access to a data pipe and >the speaker and mic, you can do this without any cooperation from the >folks in the middle. I think that this platform will be common within >a couple of years. The Xscale / StrongARM platform certainly has >enough mips to handle both the vocoding and the crypto. Yep. I have this mental picture of downloading some software for my PDA/cellphone, and buying a $200 box for my home, and getting a secure cordless phone when I'm in range, and a secure cellphone when I'm not, maybe with a secure voicemail system thrown in for good measure. It seems like most of this is off-the-shelf technology (wireless networking, a box connected to two landlines, some minimal encryption and key management software, etc.). When you ask for a secure call, your cellphone calls the box in your house (over an encrypted link), and it makes the rest of the call. Similarly, when someone calls your secure phone line number, it rings at the box, and then gets forwarded over the encrypted link to your cellphone. If two boxes like this call each other, they do end-to-end encryption. But the over-the-air stuff always gets encrypted. It sure seems like this would be worth putting up with a little delay in the call setup. (But maybe there's some reason this won't work.) >Eric --John Kelsey, kelsey.j at ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 From timcmay at got.net Tue Jun 3 18:28:22 2003 From: timcmay at got.net (Tim May) Date: Tue, 3 Jun 2003 18:28:22 -0700 Subject: Waste (or is it W.A.S.T.E.?) author/releasor to resign from AOL/Time Warner Message-ID: The author/releasor of Waste/W.A.S.T.E. (All Rights Reserved--neither T. Pynchon nor T. May use this name anymore) is apparently leaving AOL/Time Warner, the company that purchased his company, Nullsoft. So I guess we won't have the Waste/W.A.S.T.E. proprietary crypto innards to kick around anymore. ObRay: "Why is this discussion here? We should be talking about SSH vs. SSL!!" --Tim May "That the said Constitution shall never be construed to authorize Congress to infringe the just liberty of the press or the rights of conscience; or to prevent the people of the United States who are peaceable citizens from keeping their own arms." --Samuel Adams From iang at systemics.com Tue Jun 3 15:42:59 2003 From: iang at systemics.com (Ian Grigg) Date: Tue, 03 Jun 2003 18:42:59 -0400 Subject: CDR: Re: Maybe It's Snake Oil All the Way Down References: <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> Message-ID: <3EDD2473.88546AF@systemics.com> Sampo Syreeni wrote: > >But anything that goes over the air, whether cellphone or cordless phone, > >ought to be properly encrypted, and it isn't now. > > Why? As I see it, this is fundamentally an economic question, not a > technical one. It's about the risk of somebody listening in, taking notice > and acting adversely to the talker's own interest, versus speaking what > one wants without having to take expensive precautions. Currently such > risks mostly materialize when one *truly* has something to hide, that is, > one talks about something criminal, there is reason to believe law > enforcement agencies might be listening and one talks in terms which will > reasonably lead to conviction in the right circumstances. Getting back to the world of users, there is a threat out there: idle listeners. For the famous and the vulnerable, there have been countless scandals whereby private conversations have been recorded and dumped on a shocked and titillated public. GSM stopped that one cold. It wasn't ever meant to be encrypted to stop LEOs listening in, and that never would have been an issue anyway, as taps are more conveniently put at the base station (assuming legal behaviour by LEOs). (And, we can pretty much assume that the encryption wouldn't be allowed any further than the basestation ... in fact, I'm given to understand that there is a reason that the microwave links were never encrypted ;-) What was a real issue was that people who had something to hide wouldn't use the phone. And, those people with something to hide, *wanted* to use the phone. It was actually economically sensible to give all those scandalising lovers secure phones so they could romance away the hours safely, because the charging was per-minute. The other issue was phone spoofing, which was a massive industry in Europe with the older analog devices. Again, the crypto in GSM phones killed that little loss leader. > >End-to-end encryption isn't nearly as important. > > Huh? Bare on-the-air encryption only proofs you against nosy neighbours > and the attendant probability of one of them giving you in for something > illegal. I'm guessing here that neither civil litigation nor Murdoch papers are much seen in Finland :-) -- iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From jeroen at vangelderen.org Tue Jun 3 16:47:27 2003 From: jeroen at vangelderen.org (Jeroen van Gelderen) Date: Tue, 3 Jun 2003 19:47:27 -0400 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: Message-ID: On Tuesday, Jun 3, 2003, at 18:15 US/Eastern, Bill Frantz wrote: > At 2:21 PM -0700 6/3/03, Jeroen C. van Gelderen wrote: >> Perhaps that measure is too coarse grained. For instance, in the >> domain >> of "security advisories" most emails are digitally signed with >> OpenPGP. >> And in the domain of online credit card payments HTTPS has displaced >> HTTP. > > I know of one system that takes credit cards over HTTPS, and then > sends the > credit card number, encrypted with GPG to a backend system for > processing. > It isn't perfect, but it's better than storing the credit card number > on a > database accessible to the web server. (I would feel a lot better if > Amazon didn't remember my credit card number.) I noticed this the other day whilst buying something at Amazon: allegedly, Amazon doesn't store your CC number in a network readable database: http://www.amazon.com/exec/obidos/tg/browse/-/518224/002-9740615-3944845 "To provide you with an additional layer of security, all credit card numbers provided to Amazon.com are stored on a computer that is not connected to the Internet. After you type or call it in, your complete credit card number is transferred to this secure machine across a proprietary one-way interface. This computer is not accessible by network or modem, and the number is not stored anywhere else." Now I'm not sure how they get to use the number during the billing process but hey... :) I don't know if I'd feel much better if Amazon didn't have my CC on file. The danger of a disgruntled sysadmin snarfing the numbers while they pass trough the system for one time use during a single billing cycle seems to real for me. -J -- Jeroen C. van Gelderen - jeroen at vangelderen.org War prosperity is like the prosperity that an earthquake or a plague brings. The earthquake means good business for construction workers, and cholera improves the business of physicians, pharmacists, and undertakers; but no one has for that reason yet sought to celebrate earthquakes and cholera as stimulators of the productive forces in the general interest. -- Ludwig von Mises From rsalz at datapower.com Tue Jun 3 16:49:34 2003 From: rsalz at datapower.com (Rich Salz) Date: Tue, 3 Jun 2003 19:49:34 -0400 (EDT) Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDCB916.14077.15D755CF@localhost> Message-ID: > I never figured out how to use a certificate to authenticate a > client to a web server, how to make a web form available to one > client and not another. Where do I start? You must not have looked very hard. :) I would start by taking Apache, openssl, and the mod_ssl package. For example, at http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6 we see the question "How can I authenticate clients based on certificates when I know all my clients?" and it's answer. Similar questions are also answered. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From jamesd at echeque.com Tue Jun 3 20:37:03 2003 From: jamesd at echeque.com (James A. Donald) Date: Tue, 3 Jun 2003 20:37:03 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDCB916.14077.15D755CF@localhost> References: <200306031304.h53D4dl25250@medusa01.cs.auckland.ac.nz> Message-ID: <3EDD06EF.2850.17076FA5@localhost> -- On 3 Jun 2003 at 15:04, James A. Donald wrote: > I never figured out how to use a certificate to authenticate > a client to a web server, how to make a web form available to > one client and not another. Where do I start? > > What I and everyone else does is use a shared secret, a > password stored on the server, whereby the otherwise > anonymous client gets authenticated, then gets an ephemeral > cookie identifying him.. I cannot seem to find any how-tos > or examples for anything better, whether for IIS or apache. > > As a result we each have a large number of shared secret > passwords, whereby we each log into a large number of > webservers. Was this what the people who created this > protocol intended? Or to say the same thing in different words -- why can't HTTPS be more like SSH? Why are we seeing a snow storm of scam mails trying to get us to login to e-g0ld.com? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG QtiFX0Q654gHh54NAMlLGE1FGDveixyzL0ZnAOVS 4hprBkT1zeYk/HdBOXiquwvz5vLUwF/21wW1Jf411 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From lynn at garlic.com Tue Jun 3 19:49:48 2003 From: lynn at garlic.com (Anne & Lynn Wheeler) Date: Tue, 03 Jun 2003 20:49:48 -0600 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDCB916.14077.15D755CF@localhost> References: <200306031304.h53D4dl25250@medusa01.cs.auckland.ac.nz> Message-ID: <4.2.2.20030603202629.00bad470@mail.earthlink.net> some generic reasons for hooking radius (or one of the AAA technologies) into your webserver for authentication are: 1) supports a variety of authentication mechanisms on an account by account basis. day one, none of the users actually need to see any difference (single administrative interface supporting all the client authentication options that might be in use). existing userid/password, challenge/response and in the referenced asuretee url, ecdsa digital signature. 2) single administrative interface for both client authentication options as well as all of their authorization and privilege options. 3) client database is accessable in real-time by the webserver, real-time updates can occur to both authentication information as well as authorization, permission and privilege information using single consistent administrative operation 4) there is no disconnect between client administration and static, stale, redundant and superfluous certificates that are a subset of a r/o administrative database entry. (RADIUS) Updates can take place in real time and immediately reflected. The certificate story (as mentioned previously, created for offline, disconnected environment) basically would do something like a) invalidate the old certificate, b) issue new CRLs, c) possibly update a OCSP LDAP, d) update the master database permissions entry for that client, e) generate a certificate that represents a subset of the master information, f) distribute it to the client and f) then have the client install the new certificate. This of course becomes unnecessary if the certificate doesn't actually contain any information and the webserver accesses the authorization and permissions from an online database. However, as has repeatedly been pointed out before, if the certificate doesn't contain any information and the webserver is accessing an online database for authorizations and permissions ... then the webserver can access the online database for the authentication material also. The certificate then is static, stale, redundant and superfluous and you are back to a single online, real-time comprehensive administrative facility (like radius) that supports client/account specifics for authentication, authorization, permissions, accounting, privileges, etc. -- Anne & Lynn Wheeler http://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm From daw at mozart.cs.berkeley.edu Tue Jun 3 14:10:00 2003 From: daw at mozart.cs.berkeley.edu (David Wagner) Date: 3 Jun 2003 21:10:00 GMT Subject: Maybe It's Snake Oil All the Way Down References: <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> Message-ID: Sampo Syreeni wrote: >Rather it's the fact that the Big >Brother doesn't have the necessary total funds, and so doesn't listen into >a considerable proportion of calls as a whole. Yet. As far as we know. :-) I agree it's an economic issue, and law enforcement doesn't seem to listen in on a considerable proportion of calls as a whole at the moment. But what happens to costs in the future? Remember, it takes 10 years to get any change to the cellphone/telecommunications infrastructure deployed, so it pays to think ahead. By the way, what's the story with those SIGINT planes supposedly advertised as being able to fly over a city and capture communications from the whole metropolitan area? John Young had a pointer on his web site at one point. Do you suppose they might snarf up all the cellphone traffic they can find, en masse? What proportion of calls would that be, as a fraction of the whole? One wonders whether your confidence in the security of cellphone traffic is well-founded. From camera_lumina at hotmail.com Tue Jun 3 18:13:27 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 03 Jun 2003 21:13:27 -0400 Subject: SIGINT planes vs. radioisotope mapping Message-ID: Tim May wrote... "Landline signals are vastly harder to pick up, and I doubt strongly that every minorly-radiating landline signal is being picked up." Of course, optical signals could never be remotely detected by air or even without an optical tap. I doubt even aerial optical cable readiates enough or in such a way as to be remotely detectable. However, the vast majority of "last mile" installations are still copper, and copper does radiate. But I can't see how that could be detected by air either. Even if there's enough radiation, it's going to get scattered and diffracted to hell and gone as it passes through the sheath, concrete, and then air. ANd of course, there's the bandwidth issue. In even a medium sized metro area the sheer number of landlines will be huge, and any businesses will be shipping out their traffic via T1 or fractional T1. Hence, one of those airplanes would practically need a small CO to demultiplex all that traffic (although even off-the-shelf silicon has come a LONG way from the 5ESS days, so the size factor will not be something to sneeze at). Nah. Any such AWAC-type recon 'surveys' must be seeking out targeted information somehow. Perhaps there's some kind of electronic 'red dye' that allow a specific set of users' calls to stand out? Is it possible that 'interesting' landlines are dropped-and-continued on to some narrowcasting point for air? This might be their way of getting around the TIRKS and provisioning issues related to moving those lines a long distance, and possibly through multiple carriers (but then again, that just might be what DISAs' recently announced GIG-BE network is supposed to solve!) -TD >From: Tim May >To: daw at mozart.cs.berkeley.edu (David Wagner) >CC: cypherpunks at lne.com >Subject: SIGINT planes vs. radioisotope mapping >Date: Tue, 3 Jun 2003 17:28:09 -0700 > >On Tuesday, June 3, 2003, at 09:10 PM, David Wagner wrote: > >>Sampo Syreeni wrote: >>>Rather it's the fact that the Big >>>Brother doesn't have the necessary total funds, and so doesn't listen >>>into >>>a considerable proportion of calls as a whole. >> >>Yet. >> >>As far as we know. >> >>:-) >> >>I agree it's an economic issue, and law enforcement doesn't seem to >>listen in on a considerable proportion of calls as a whole at the moment. >>But what happens to costs in the future? Remember, it takes 10 years >>to get any change to the cellphone/telecommunications infrastructure >>deployed, so it pays to think ahead. >> >>By the way, what's the story with those SIGINT planes supposedly >>advertised as being able to fly over a city and capture communications >>from the whole metropolitan area? John Young had a pointer on his web >>site at one point. Do you suppose they might snarf up all the cellphone >>traffic they can find, en masse? What proportion of calls would that be, >>as a fraction of the whole? One wonders whether your confidence in the >>security of cellphone traffic is well-founded. > >AWACS-type planes have long had the ability to act as "cell towers," so >cell traffic is easily picked-up, if in fact they are doing this. Landline >signals are vastly harder to pick up, and I doubt strongly that every >minorly-radiating landline signal is being picked up. > >Perhaps for very, very targetted signals, but not cruising over general >cities, it seems likely to me. > >I'm not sure of the context here, but in the past year there were some >reports of planes circling over university campuses, and many were >hypothesizing that SIGINT was being done on telephone and computer >messages. This seemed unlikely to me. > >I concluded--and posted on Usenet about my thinking--that some campuses may >have been targeted for low-level gamma ray surveys. Kind of a gamma ray >version of Shipley's "war driving" maps. Possibly for construction of >baseline maps of existing radioisotopes in university labs, hospitals, and >private facilities. Then deviations from baseline maps could be identified >and inspected in more detail with ground-based vans and black bag ops. > >> >--Tim May >"That the said Constitution shall never be construed to authorize Congress >to infringe the just liberty of the press or the rights of conscience; or >to prevent the people of the United States who are peaceable citizens from >keeping their own arms." --Samuel Adams _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail From camera_lumina at hotmail.com Tue Jun 3 18:20:10 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 03 Jun 2003 21:20:10 -0400 Subject: [ChemBrin] Tracking NYC farts Message-ID: "This summer, federal scientists plan to release benign gases in Manhattan and use the sensors to track them." Reminds me of the good ole days when they released viruses in the subway for a similar purpose. I'm guessing that in this case "benign" depends on your definition of benign. Want to scuttle a fed program? Broadcast this on the Villiage Voice boards and on as many gay sites as you can find. -TD >From: "Major Variola (ret)" >To: "cypherpunks at lne.com" >Subject: [ChemBrin] Tracking NYC farts >Date: Tue, 03 Jun 2003 13:05:53 -0700 > >[And in a few years, the sensors will be augmented with tobacco, pot, >maybe programmable >DNA-scurf detectors.] > >http://www.nydailynews.com/front/story/89128p-81072c.html >Federal scientists will soon blanket the heart of midtown and the West >Village with high-tech sensors designed to track biological, chemical >and radiological agents in the event of a terrorist attack. > > The security project is a first step toward creating a vast network of >sensors that can predict how the fallout from a weapon of mass >destruction might spread through the city. > > "We would like to work out what areas would be dangerous and, more >importantly, what areas would be safe," said Bruce Hicks, director of >the Air Resources Laboratory of the National Oceanic and Atmospheric >Administration. > > The research is considered crucial because mathematical and computer >models that forecast the airborne paths of toxins were designed for >rural areas, not cities. > > "Right now, the models that we have are not set up for dense urban >areas with the canyons and the complexities that exist in New York," >said Dr. Ralph James, director of the Energy, Environment and National >Security unit at Brookhaven National Laboratory on Long Island. > > Five sensors already have been placed as part of the project, called >the Urban Atmospheric Observatory. > > The instruments, attached to a federal building near Varick and W. >Houston Sts., measure wind direction, velocity and turbulence. > > Scores of similar sensors, as well as radiation detectors, are expected >to be placed this year around midtown and the West Village - considered >potential terrorist targets. > >Tracing gases > > "Anywhere we can hang an instrument, we are going to try to get one out >there," said Michael Reynolds, a research scientist at the Brookhaven >labs, part of the Energy Department. > > This summer, federal scientists plan to release benign gases in >Manhattan and use the sensors to track them. > > "That way, we can really get an idea of how well the models work," >Reynolds said. > > A similar program, called DCNet, is underway in Washington, where 13 >sensors have been placed near sensitive sites, including the White >House. > > New York is seeking up to $10 million from the Homeland Security >Department to expand its network. > > Reynolds said it would cost about $30 million to $40 million a year to >fully implement the sensors in New York. _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail From jya at pipeline.com Tue Jun 3 21:36:59 2003 From: jya at pipeline.com (John Young) Date: Tue, 03 Jun 2003 21:36:59 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: References: Message-ID: The White House Communications Agency is also working hard to secure presidential communications, with legacy systems needing ever-increasing maintenance and upgrades, the market continuing to outpace the big-ticket legacy clunker equipment, too expensive to chuck outright, yet having flaws begging for discovery, patches galore (most relying upon obscurity and secrecy), and the operators from the four military branches which run the system turning over regularly and each new wave needing special training to work the patchwork klutz, with retiring old salts who are the only ones who know how the hybrids work and whether they are truly secure, and not least, NSA doing it damndest to get new systems installed in all the prez's habitats and vehicles and layovers around the world, deploying crypto tools partly off the shelf, partly purpose-built at Ft Meade -- and the whole precarious mess subject to a 20-year-old pulling a thumb out of the dike and letting flow proof that the leader of the free world is up to what you'd expect despite the multi-million rig to hide the obvious. Rumor is that 98% of what is handled top secretly is trivial fluff, as with most mil comm, SIGINT, cellphone, microwave, fiber-optic, so that snake oil is apt protection. If all telecomm was shut down no more would change than pulling the plug on television. The other 2% is what the billions and billions is trying to find among the EM cataract of plaintext and speak smoke and whine -- by whoever may be plotting a world of pure bugfuck. But that could also be discovered by thoughtful analysis of any singular mania, whether religion, higher-ed, sport, stock market, politics, or mil-biz. Here's a recent account from "Army Communicator" of what's up at ever busier and harried and thumbplugging WHCA: http://cryptome.org/whca2003.pdg (680KB) WHCA itself is recruiting thumbs: http://www.disa.mil/whca From decoy at iki.fi Tue Jun 3 13:13:36 2003 From: decoy at iki.fi (Sampo Syreeni) Date: Tue, 3 Jun 2003 23:13:36 +0300 (EEST) Subject: CDR: Re: Maybe It's Snake Oil All the Way Down In-Reply-To: <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> References: <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> Message-ID: On 2003-06-03, John Kelsey uttered to iang at systemics.com and EKR: >I think phones that encrypt the landline part of the call are pretty >low-priority for most of us, since it costs something to eavesdrop on >these calls. I don't think the cost of listening into a single call is the primary issue, regardless of transmission technology. There are extra costs to tracking a mobile user, true, but from the standpoint of law enforcement agencies, these costs are rather minimal. (From the standpoint of a private eavesdropper the difference is much greater, since the subject is mobile and one cannot take advantage of the centralized points of failure of the mobile communications network.) Rather it's the fact that the Big Brother doesn't have the necessary total funds, and so doesn't listen into a considerable proportion of calls as a whole. The implication is, as the costs go down, it becomes possible to listen into more calls, and the fear goes up. Especially so when speech recognition and subsequent pattern analysis become computationally feasible at a wider scale. When this is the case, it should be expected that the use of crypto goes up. But right now, even people who "have something to hide" do not perceive cleartext communication to be a risk worth expending resources to thwart. >But anything that goes over the air, whether cellphone or cordless phone, >ought to be properly encrypted, and it isn't now. Why? As I see it, this is fundamentally an economic question, not a technical one. It's about the risk of somebody listening in, taking notice and acting adversely to the talker's own interest, versus speaking what one wants without having to take expensive precautions. Currently such risks mostly materialize when one *truly* has something to hide, that is, one talks about something criminal, there is reason to believe law enforcement agencies might be listening and one talks in terms which will reasonably lead to conviction in the right circumstances. The probability of that happening is surprisingly low, especially from the security professional's somewhat paranoid viewpoint. >This is a big vulnerability in a lot of places, and once you've built the >intercept and decrypting hardware, it's easy to eavesdrop on huge numbers >of people. True. But in average people will shortly notice the development, and prepare from there on. So far they haven't, and for a good reason -- such surveillance is far too uncommon and inconsequential to actually be noticed. Of course, if encrypted communications become dirt cheap and are properly spun in the media, people will take on -- negligible cost combined with a serious threat thwarted is a sure sell. This would be good, too, since the risks of insecure communication tend to be sizable and also materialize rarely -- those are precisely the circumstances in which people suffer from the worst errors of judgment. But at the present, I think the costs of real security seriously outweight the benefit, for most people. That might change as much as a result of what people themselves do/think, as as a result of what the Man, the Hacker or the technologically sophisticated Neighbour does. Until such a change, crypto is, sadly, a fringe thing. No matter how it's used. >You can imagine either rogue cops and spies doing this, or private >criminals. Or just your neighbour. I mean, it doesn't take a cop, or a spy, or even a an immoral person to listen in on you. All it takes is a little curiosity. There's plenty of that going around. >I keep wondering how hard it would be to build a cordless phone system on >top of 802.11b with some kind of decent encryption being used. >From what I can tell from my knowledge of the DSP and crypto circuits, a couple of months of full-time effort. In no case more than half a year at full steam. The question is, who has a) the time, and b) the energy? Few do. >I'd really like to be able to move from a digital spread spectrum >cordless phone (which probably has a 16-bit key for the spreading >sequence or some such depressing thing) to a phone that can't be >eavesdropped on without tapping the wire. If it's feasible to encrypt the phone-to-base station link, it's equally feasible to encrypt end-to-end. It's also cheap enough to do what PGP et al. do, that is, combine public key methods with symmetric ones to achieve both efficiency in in-band operation and convenience with key distribution. Thus, there's no need to distinguish E2E encryption from the rest, even in mobile, low-power equipment. If you need security, you might as well do it right. >And for cellphones, I keep thinking we need a way to sell a secure >cellphone service that doesn't involve trying to make huge changes to the >infrastructure, which probably means a call center that handles all >contact with the cellphone itself, always encrypted. Try GSM's data features. They have extra error correction, true, and so lower rates than the primary voice codec, but combined with the kinds of high end voice codecs as the GSM halfband one, you can fit perfectly usable speech within the data standard. After that, you don't even have to worry about modulation -- you can just send bits. Fitting strong crypto into that is ridiculously easy, and also relatively cheap. >End-to-end encryption isn't nearly as important. Huh? Bare on-the-air encryption only proofs you against nosy neighbours and the attendant probability of one of them giving you in for something illegal. Those probabilities are quite low, compared to what "someone with something to hide" would fear from law enforcement. E2E protects you against both the threats, at little, no, or negative extra cost -- if your chosen mobile standard permits access to a variant of the basic digital interface, you can design you own protocol, usually with no more than half the bitrate lost to FEC. Better voice codecs tend to be able to deal with that, as witnessed by GSM's half rate codec. Consequently E2E's a pure win compared to trusting your mobile provider. But it also needn't be more expensive. In fact it's likely that in digital incarnations of the mobile phone system, E2E's actually cheaper than the alternative protocol change, provided the standard permits access to some variant of the basic, digital interface. If you can send numbers, crypto is easy to add on, it's not too difficult to add a proper, low-rate voice codec, and so you have both intelligible voice and industrial strength security. -- Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111 student/math+cs/helsinki university, http://www.iki.fi/~decoy/front openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From dee3 at torque.pothole.com Tue Jun 3 20:25:26 2003 From: dee3 at torque.pothole.com (Donald Eastlake 3rd) Date: Tue, 3 Jun 2003 23:25:26 -0400 (EDT) Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> Message-ID: On Tue, 3 Jun 2003, John Kelsey wrote: > Date: Tue, 03 Jun 2003 10:42:01 -0400 > From: John Kelsey > Subject: Re: Maybe It's Snake Oil All the Way Down > > ... > > I keep wondering how hard it would be to build a cordless phone system on > top of 802.11b with some kind of decent encryption being used. I'd really > like to be able to move from a digital spread spectrum cordless phone > (which probably has a 16-bit key for the spreading sequence or some such > depressing thing) to a phone that can't be eavesdropped on without tapping > the wire. See http://www.silicon.com/news/148/1/3828.html?source=nh > ... > > --John Kelsey, kelsey.j at ix.netcom.com > PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 Thanks, Donald ====================================================================== Donald E. Eastlake 3rd dee3 at torque.pothole.com 155 Beaver Street +1-508-634-2066(h) +1-508-851-8280(w) Milford, MA 01757 USA Donald.Eastlake at motorola.com From iang at systemics.com Tue Jun 3 20:43:42 2003 From: iang at systemics.com (Ian Grigg) Date: Tue, 03 Jun 2003 23:43:42 -0400 Subject: Maybe It's Snake Oil All the Way Down References: <000101c3298e$cf6edd30$6401a8c0@VAIO650> <5.1.1.6.2.20030603115519.02ebd0f0@idiom.com> Message-ID: <3EDD6AEE.9F6EF6B8@systemics.com> Bill Stewart wrote: > > At 11:38 AM 06/03/2003 -0400, Ian Grigg wrote: > >I (arbitratrily) define the marketplace for SSL as browsing. > ... > >There, we can show statistics that indicate that SSL > >has penetrated to something slightly less than 1% of servers. > > For transmitting credit card numbers on web forms, > I'd be surprised if there were 1% of the servers that *don't* use SSL/TLS. I've seen it a lot. Not that I pay much attention, but I'd suspect it is less than 10%, but much more than 1%. Also, a lot of credit card numbers get delivered by email. These are all to small time merchants who have MOTO agreements without the net part, but take the CCs anyway. After all, a sale is a sale, and nobody ever heard of a credit card number being lost over the net... OK, I'm teased by this: how many sites use open unencrypted CC delivery? I went to google and searched on: " Virtually all deployed browsers support SSL, except a few > special-purpose versions. The web servers supporting > almost all of the web support SSL if they have keys installed. > While many of them haven't bothered paying money for certified keys > or doing self-signed keys, I'd be surprised if it's really > as low as 1%. What's your source for that figure? http://www.securityspace.com/s_survey/sdata/200305/index.html Total SSL servers 131,566. Now go to here: http://www.securityspace.com/s_survey/data/200305/domain.html Total webservers 10,432,910 (derived by 5280096 / 0.5061). That gives SSL penetration as 10,432,910 / 131,566 == 1.26% (Darn! I was wrong, it's slightly more than 1%, not less. I should be stoned and cursed!) > While only a small fraction of web pages, and a much smaller > fraction of web bits transmitted, use SSL, that's appropriate, > because most web pages are material the publisher wants the public to see, > so eavesdropping isn't particularly part of the threat model, > and even integrity protection is seldom a realistic worry. Hmmm... You might say that, but I would have said it was the other way around! There is - surprisingly - not much of a threat model for eavesdropping of credit cards (and - shockingly - even less of an MITM threat model). It's easier for a crook to break in and hack the DB, and pick up tens of thousands than to haunt the net looking for an elusive 16 digit number out of a browser page. But, there is a big personal cost with reputational information. Few people would want to see my credit card info, but I can think of lots that would be keen on seeing my adult browsing, my gaming addition, or my participation in my kleptomaniacal therapy group, not to mention anything embarrassing I might get up to! What I find curious is why all those open source people worked so hard to build in the crypto to protect credit cards, but didn't want to protect anything else. I can understand Netscape programmers - they wanted to sell secure servers for cash. But I don't understand why Apache and KDE and Mozilla deliver software tuned to protect credit cards. It would make sense if they were all paid to do this by the credit card companies ... but they aren't, are they? What's their incentive? > (By contrast, eavesdropping protection and integrity protection > are critical to telnet-like applications, so SSH is a big win.) > > It's nice to have routine web traffic encrypted, > so that non-routine traffic doesn't stand out, > and so that traffic analysis is much harder, > but there is a significant CPU hit from the public-key phase, > which affects the number of pages per hour that can be served. We run a dozen or more web servers here, and I can never tell the difference between the unprotected ones and the protected ones, so I'm not sure what to make of the argument that SSL should be reserved for "important credit card numbers". I think CPU has gotted so cheap that running out of CPU is a great sign of a successful business, no more. The last time I made a serious business decision based on CPU horsepower was back in 1989. We are almost at the point where raw PCs can do 1000 RSAs per second. Companies like Visa and Mastercard process in the order of 1000 - 10,000 transactions per second. Which means if they were using an efficient payment system - one or 2 RSAs per transaction - they could be now thinking about putting their entire crypto processing on one PC. Maybe it's only an issue if one is serving continuously... in which case, maybe one could either "use less crypto" like switch back to smaller keys - way more secure than no keys - or buy a faster box? -- iang From iang at systemics.com Tue Jun 3 20:48:12 2003 From: iang at systemics.com (Ian Grigg) Date: Tue, 03 Jun 2003 23:48:12 -0400 Subject: Maybe It's Snake Oil All the Way Down References: <6.0.0.9.2.20030603110223.02883638@127.0.0.1> Message-ID: <3EDD6BFC.1E99024B@systemics.com> Tim Dierks wrote: > > At 09:11 AM 6/3/2003, Peter Gutmann wrote: > >"Lucky Green" writes: > > >Given that SSL use is orders of magnitude higher than that of SSH, with no > > >change in sight, primarily due to SSL's ease-of-use, I am a bit puzzled by > > >your assertion that ssh, not SSL, is the "only really successful net crypto > > >system". > > > >I think the assertion was that SSH is used in places where it matters, while > >SSL is used where no-one really cares (or even knows) about it. Joe Sixpack > >will trust any site with a padlock GIF on the page. Most techies won't access > >a Unix box without SSH. Quantity != quality. > > I have my own opinion on what this assertion means. :-) I believe it > intends to state that ssh is more successful because it is the only > Internet crypto system which has captured a large share of its use base. > This is probably true: I think the ratio of ssh to telnet is much higher > than the ratio of https to http, pgp to unencrypted e-mail, or what have you. Certainly, in measureable terms, Tim's description is spot on. I agree with Peter's comments, but that's another issue indeed. > However, I think SSL has been much more successful in general than SSH, if > only because it's actually used as a transport layer building block rather > than as a component of an application protocol. SSL is used for more > Internet protocols than HTTP: it's the standardized way to secure POP, > IMAP, SMTP, etc. It's also used by many databases and other application > protocols. In addition, a large number of proprietary protocols and custom > systems use SSL for security: I know that Certicom's SSL Plus product > (which I originally wrote) is (or was) used to secure everything from > submitting your taxes with TurboTax to slot machine jackpot notification > protocols, to the tune of hundreds of customers. I'm sure that when you add > in RSA's customers, those of other companies, and people using > OpenSSL/SSLeay, you'll find that SSL is much more broadly used than ssh. Design wins! Yes, indeed, another way of measuring the success is to measure the design wins. Using this measure, SSL is indeed ahead. This probably also correlates with the wider support that SSL garners in the cryptography field. > I'd guess that SSL is more broadly used, in a dollars-secured or > data-secure metric, than any other Internet protocol. Most of these uses > are not particularly visible to the consumer, or happen inside of > enterprises. Of course, the big winners in the $-secured and data-secured > categories are certainly systems inside of the financial industry and > governmental systems. That would depend an awful lot on what was meant by "dollars-secured" and "data-secured" ? Sysadmins move some pretty hefty backups by SSH on a routine basis. -- iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From pgut001 at cs.auckland.ac.nz Tue Jun 3 06:04:39 2003 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Wed, 4 Jun 2003 01:04:39 +1200 Subject: Maybe It's Snake Oil All the Way Down Message-ID: <200306031304.h53D4dl25250@medusa01.cs.auckland.ac.nz> Ian Grigg writes: >It's also very much oriented to x.509 and similar certificate/PKI models, >which means it is difficult to use in web of trust (I know this because we >started on the path of adding web of trust and text signing features to x.509 >before going back to OpenPGP), financial and nymous applications whereby >trust is bootstrapped a different way. That's a red herring. It happens to use X.509 as its preferred bit-bagging format for public keys, but that's about it. People use self-signed certs, certs from unknown CAs [0], etc etc, and you don't need certs at all if you don't need them, I've just done an RFC draft that uses shared secret keys for mutual authentication of client and server, with no need for certificates of any kind, so the use of certs, and in particular a hierarchical PKI, is merely an optional extra. It's no more required in SSL than it is in SSHv2. >Has anyone read Ferguson and Schneier's _Practical Cryptography_ ? Does it >address this issue of how an outsider decides how to "make or buy"? I just >read the reviews on Amazon, they are ... entertaining! They spend a nontrivial portion of the book reinventing SSL/SSHv2. I guess they lean towards the roll-your-own side of the argument :-). I'm firmly in the opposite camp (see "Lessons Learned in Implementing and Deploying Crypto Software", links off my home page at http://www.cs.auckland.ac.nz/~pgut001/). I think that providing an abstract description of a fairly complex security protocol *in a book targeted at security novices* and then hoping that they manage to implement it correctly is asking for trouble. OTOH it's fun going through the thought processes involved in designing the protocol. I just wish they'd applied the process to SSL or SSHv2 instead, so that at the end of it they could tell the reader to go out and grab an implementation that someone else has got right for them. Peter. [0] The vendor of one widely-used MTA once told me that 90% of the certs they saw used in STARTTLS applications were non-big name CA-issued ones (self- signed, etc etc). From eay at pobox.com Tue Jun 3 08:05:24 2003 From: eay at pobox.com (Eric Young) Date: Wed, 04 Jun 2003 01:05:24 +1000 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDC9725.6588CFEA@systemics.com> References: <3EDB5A82.5B9C1073@systemics.com> <20030602092429.A13213@slack.lne.com> <3EDB9C13.AC1F7A9@systemics.com> <3EDC9725.6588CFEA@systemics.com> Message-ID: <3EDCB934.1070403@pobox.com> Ian Grigg wrote: >It's like the GSM story, whereby 8 years >down the track, Lucky Green cracked the >crypto by probing the SIMs to extract >the secret algorithm over a period of >many months (which algorithm then fell to >Ian Goldberg and Dave Wagner in a few hours). > >In that case, some GSM guy said that, it >was good because it worked for 8 years, >that shows the design was good, doesn't >it? > >And Lucky said, now you've got to replace >hundreds of millions of SIMs, that's got >to be a bad design, no? > > Well the point here is that the data encryption in GSM is not relevant to the people running the network. The authentication is secure, so there is no fraud, so they still get the money from network usage. Privacy was never really there since the traffic is not encrypted once it hit the base station, so the relevant government agencies can be kept happy. The encryption was only relevant to protect the consumers from each other. eric (hopefully remembering things correctly) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From eay at pobox.com Tue Jun 3 08:05:24 2003 From: eay at pobox.com (Eric Young) Date: Wed, 04 Jun 2003 01:05:24 +1000 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDC9725.6588CFEA@systemics.com> Message-ID: Ian Grigg wrote: >It's like the GSM story, whereby 8 years >down the track, Lucky Green cracked the >crypto by probing the SIMs to extract >the secret algorithm over a period of >many months (which algorithm then fell to >Ian Goldberg and Dave Wagner in a few hours). > >In that case, some GSM guy said that, it >was good because it worked for 8 years, >that shows the design was good, doesn't >it? > >And Lucky said, now you've got to replace >hundreds of millions of SIMs, that's got >to be a bad design, no? > > Well the point here is that the data encryption in GSM is not relevant to the people running the network. The authentication is secure, so there is no fraud, so they still get the money from network usage. Privacy was never really there since the traffic is not encrypted once it hit the base station, so the relevant government agencies can be kept happy. The encryption was only relevant to protect the consumers from each other. eric (hopefully remembering things correctly) ----- End forwarded message ----- From pgut001 at cs.auckland.ac.nz Tue Jun 3 06:11:51 2003 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Wed, 4 Jun 2003 01:11:51 +1200 Subject: Maybe It's Snake Oil All the Way Down Message-ID: <200306031311.h53DBpL25265@medusa01.cs.auckland.ac.nz> "Lucky Green" writes: >I trust that we can agree that the volume of traffic and number of >transactions protected by SSL are orders of magnitude higher than those >protected by SSH. As is the number of users of SSL. The overwhelming majority >of which wouldn't know ssh from telnet. Nor would they know what to do at a >shell prompt and therefore have no use for either ssh or telnet. Naah, that third sentence is wrong. It's: The overwhelming majority of [SSL users] wouldn't know SSL from HTTP with a padlock GIF in the corner. >Given that SSL use is orders of magnitude higher than that of SSH, with no >change in sight, primarily due to SSL's ease-of-use, I am a bit puzzled by >your assertion that ssh, not SSL, is the "only really successful net crypto >system". I think the assertion was that SSH is used in places where it matters, while SSL is used where no-one really cares (or even knows) about it. Joe Sixpack will trust any site with a padlock GIF on the page. Most techies won't access a Unix box without SSH. Quantity != quality. If you could wave a magic wand and make one of the two protocols vanish, I'd notice the loss of SSH immediately (I couldn't send this message for starters), but it would take days or weeks before I noticed the loss of SSL. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From mv at cdc.gov Wed Jun 4 02:31:48 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 04 Jun 2003 02:31:48 -0700 Subject: SIGINT planes vs. radioisotope mapping Message-ID: <3EDDBC84.D7CF456@cdc.gov> At 05:28 PM 6/3/03 -0700, Tim May wrote: > Possibly for construction >of baseline maps of existing radioisotopes in university labs, >hospitals, and private facilities. Then deviations from baseline maps >could be identified and inspected in more detail with ground-based vans >and black bag ops. Good call. I wonder if folks getting PET scans will have to kick back longer in the waiting areas lest they be snatched by delta teams... hopefully the .mils can distinguish Tc99 et al from other 'topes.. similarly with mobile industrial inspection rigs --except that they have the good stuff a RD gadget-maker would want. Maybe GPS + IFF beacons will be added to those. --- SAFETY RULES FOR US STRATEGIC BOMBERS 5.1. Don't use nuclear weapons to troubleshoot faults. http://cryptome.org/afi91-111.htm From ericm at lne.com Wed Jun 4 07:40:48 2003 From: ericm at lne.com (Eric Murray) Date: Wed, 4 Jun 2003 07:40:48 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <200306040432.h544WNQ03298@medusa01.cs.auckland.ac.nz>; from pgut001@cs.auckland.ac.nz on Wed, Jun 04, 2003 at 04:32:23PM +1200 References: <200306040432.h544WNQ03298@medusa01.cs.auckland.ac.nz> Message-ID: <20030604074048.A13661@slack.lne.com> On Wed, Jun 04, 2003 at 04:32:23PM +1200, Peter Gutmann wrote: > "James A. Donald" writes: > > >I never figured out how to use a certificate to authenticate a client to a > >web server, how to make a web form available to one client and not another. > >Where do I start? > > There's a two-level answer to this problem. At an abstract level, doing > client certs isn't hard, there are various HOWTOs around for Apache, Microsoft > have Technet/MSDN papers on it for IIS, etc etc. At a practical level, it's > almost never used because it's just Too Hard. That's not the SSL client-cert > part, it's the using-X.509 part. It's the I part of PKI that's hard. That the assumptions built into X.509 (i.e. a rigid certificate hierarchy) don't work everywhere just makes it harder. And the obstinance of the standards organizations involved don't help. Too often people see something like Peter's statement above and say "oh, it's that nasty ASN.1 in X.509 that is the problem, so we'll just do it in XML instead and then it'll work fine" which is simply not true. The formatting of the certificates is such a minor issue that it is lost in the noise of the real problems. And Peter publishes a fine tool for printing ASN.1, so the "human readable" argument is moot. Note that there isn't a real running global PKI using SPKI or PGP either. The largest problem with X.509 is that various market/political forces have allowed Verisign to dominate the cert market and charge way too much for them. There is software operable by non-cryptographers that will generate reasonable cert reqs (it's not standard Openssl) but individuals and corporations alike balk at paying $300-700 for each cert. (yes I know about the free "individual" certs, the failure of S/MIME is a topic for another rant). This is why lne.com's STARTTLS cert is self-signed. Verisign isn't getting any more of my money. Eric --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From ekr at rtfm.com Wed Jun 4 09:06:08 2003 From: ekr at rtfm.com (Eric Rescorla) Date: 04 Jun 2003 09:06:08 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDD06EF.2850.17076FA5@localhost> References: <200306031304.h53D4dl25250@medusa01.cs.auckland.ac.nz> <3EDD06EF.2850.17076FA5@localhost> Message-ID: "James A. Donald" writes: > -- > On 3 Jun 2003 at 15:04, James A. Donald wrote: > > I never figured out how to use a certificate to authenticate > > a client to a web server, how to make a web form available to > > one client and not another. Where do I start? > > > > What I and everyone else does is use a shared secret, a > > password stored on the server, whereby the otherwise > > anonymous client gets authenticated, then gets an ephemeral > > cookie identifying him.. I cannot seem to find any how-tos > > or examples for anything better, whether for IIS or apache. > > > > As a result we each have a large number of shared secret > > passwords, whereby we each log into a large number of > > webservers. Was this what the people who created this > > protocol intended? > > Or to say the same thing in different words -- why can't HTTPS > be more like SSH? Why are we seeing a snow storm of scam > mails trying to get us to login to e-g0ld.com? Because HTTPS is designed to let you talk to people you've never talked before, which is an inherently harder problem than allowing you to talk to people you have. -Ekr -- [Eric Rescorla ekr at rtfm.com] http://www.rtfm.com/ From DaveHowe at gmx.co.uk Wed Jun 4 01:08:56 2003 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Wed, 4 Jun 2003 09:08:56 +0100 Subject: Maybe It's Snake Oil All the Way Down References: <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> Message-ID: <000b01c32a70$8f43b9f0$c71121c2@exchange.sharpuk.co.uk> At 10:09 AM 6/2/03 -0400, Ian Grigg wrote: > (One doesn't hear much about > crypto phones these days. Was this really a need?) As a minor aside - most laptops can manage pgpfone using only onboard hardware these days, either using an integrated modem or (via infrared) a mobile phone..... --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From lgonze at panix.com Tue Jun 3 12:09:15 2003 From: lgonze at panix.com (lgonze at panix.com) Date: Wed, 4 Jun 2003 09:09:15 +1400 (GMT-14) Subject: web home for waste Message-ID: I've gotten a bunch of queries about WASTE, generally with a focus on user problems like how to get a connection or FAQ issues like how to build on OS X. To help people to help each other, as well as to foster discussion of technical issues related to WASTE, I have created a mailing list and web home at http://groups.yahoo.com/group/waste-discuss/. - Lucas --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From adam at homeport.org Wed Jun 4 06:52:02 2003 From: adam at homeport.org (Adam Shostack) Date: Wed, 4 Jun 2003 09:52:02 -0400 Subject: Why is there a solution, Declan? Message-ID: <20030604135201.GA24624@lightship.internal.homeport.org> Declan interviews Bruce Sterling, on news.com.com.com: http://news.com.com/2008-1082_3-1010864.html?tag=fd_nc_1 -- "It is seldom that liberty of any kind is lost all at once." -Hume From ptrei at rsasecurity.com Wed Jun 4 06:56:15 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Wed, 4 Jun 2003 09:56:15 -0400 Subject: SIGINT planes vs. radioisotope mapping Message-ID: > Major Variola (ret)[SMTP:mv at cdc.gov] > > > At 05:28 PM 6/3/03 -0700, Tim May wrote: > > Possibly for construction > >of baseline maps of existing radioisotopes in university labs, > >hospitals, and private facilities. Then deviations from baseline maps > >could be identified and inspected in more detail with ground-based vans > >and black bag ops. > > Good call. I wonder if folks getting PET scans will have to kick back > longer in the waiting areas lest they be snatched by delta teams... > hopefully the .mils can distinguish Tc99 et al from other 'topes.. > similarly with mobile industrial inspection rigs --except that they have > the good stuff a RD gadget-maker would want. Maybe GPS + IFF > beacons will be added to those. > It appears that they can't tell the medical isotopes from others.... -------------------- http://www.mindfully.org/Nucs/2002/Irradiated-Patient-Security4dec02.htm High Security Trips Up Some Irradiated Patients, Doctors Say AL BAKER / NY Times 4dec02 In one case last spring, a man being treated for an overactive thyroid gland was stopped by the authorities on two occasions while at a subway stop at Pennsylvania Station. In another case about a month ago, a woman who had undergone a diagnostic heart study was stopped while trying to drive out of Manhattan through a tunnel. In both cases, the people involved had been treated with radioactive materials. And in both cases, doctors said, they were stopped by law enforcement officers armed with radiation detectors used to track possible terrorists. Such reports are flowing into doctors' offices, physicians in the metropolitan region and elsewhere say. ----------------------- From rah at shipwright.com Wed Jun 4 07:06:57 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 4 Jun 2003 10:06:57 -0400 Subject: web home for waste Message-ID: --- begin forwarded text From lynn at garlic.com Wed Jun 4 09:12:04 2003 From: lynn at garlic.com (Anne & Lynn Wheeler) Date: Wed, 04 Jun 2003 10:12:04 -0600 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <008701c32a88$cde93f00$c71121c2@exchange.sharpuk.co.uk> References: <000101c3298e$cf6edd30$6401a8c0@VAIO650> Message-ID: <4.2.2.20030604094322.00d5ed90@mail.earthlink.net> At 12:02 PM 6/4/2003 +0100, Dave Howe wrote: >For that matter, our system here discards the CC after use (the pre-auth >step with the merchant bank agent gives us back a "fulfillment handle" that >can only be used to fulfill or cancel that individual transaction - but of >course Amazon *want* to keep your CC details so they can do their >fast-checkout patented thingy. the ground rules given the x9a10 working group for the x9.59 standard was to preserve the integrity of the financial infrastructure for all (credit, debit, stored-value, POS, internet, non-internet, aka ALL) electronic retail payments. it was one of the things that led us down the path of certless operation. We had previously done the work on the original payment gateway and had to perform various kinds of due diligence on all the major CA vendors .... which started to dawn on us that stale, static certificates were actually redundant and superfluous in the financial business process. http://www.garlic.com/~lynn/aadsm5.html#asrn2 http://www.garlic.com/~lynn/aadsm5.html#asrn3 sort of the clinker was starting to do operational and performance profile on any of the existing payment networks .... and it was evident that there was a huge mismatch between the existing payment transaction payload size and any of the commonly used certificates (even the drastically simplified replying-party-only certificates carrying only an account number and public key). Two major characteristics of X9.59 was that it would provide 1) end-to-end authentication (aka the consumers financial institution would be the one responsible for performing authentication) and 2) account numbers used in X9.59 transactions could not be used in unauthenticated transactions. Some of the '90s digitally signature oriented specifications had authentication occurring at the internet boundary and stripping off the certificate (avoiding the extreme certificate payload penalty in the payment network). The downside was that the party performing the authentication didn't necessarily have the consumer's interest in mind and Visa subsequently presented statistics at a ISO standards meeting on the number of transactions flowing through the network 1) with a flag claiming to have been digitally signature authenticated and 2) they could prove that no digital signature technology was ever involved. Evesdropping, sniffing or harvesting account numbers in the current infrastructure (at any point in the process, by insiders or outsiders, traditionally financial exploits have been 90 percent insiders) can result in fraudulent transactions. As a result, existing account numbers effectively become a form of shared-secret and need to be protected. With the X9.59 business rule requiring the account number to only be used in authenticated transactions, simple harvesting of a X9.59 account number doesn't result in fraud. Issuing financial institutions then can use existing business processes that support mapping of different account numbers to the same account. A discussion of the security proportional to risk with regard to credit card transactions: http://www.garlic.com/~lynn//2001h.html#61 Net banking, is it safe? The issue with the use of SSL for protecting credit card transactions isn't addressing all or even the major vulnerability to the infrastructure. Eliminating the account number as a form of shared secret addresses all of the vulnerabilities, not just the transaction-in-flight vulnerability addressed by SSL. As a byproduct of addressing all of the shared-secret related vulnerabilities, it also eliminates the need to use SSL for protecting the shared secret while being transmitted. Detailed report of its use in the NACHA debit network trials can be found at http://internetcouncil.nacha.org/News/news.html scroll down to "July 23, 2001: Digital Signatures Can Secure ATM Card Payments" More details of X9.59 standard: http://www.garlic.com/~lynn/index.html#x959 -- Anne & Lynn Wheeler http://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm From rsalz at datapower.com Wed Jun 4 07:21:46 2003 From: rsalz at datapower.com (Rich Salz) Date: Wed, 04 Jun 2003 10:21:46 -0400 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <200306040432.h544WNQ03298@medusa01.cs.auckland.ac.nz> References: <200306040432.h544WNQ03298@medusa01.cs.auckland.ac.nz> Message-ID: <3EDE007A.2050107@datapower.com> > The problems that this creates are demonstrated by what happens when > technically skilled users are required to work with certificates. If you haven't already seen it, I highly recommend Don Davis's "compliance defects" paper (and slides!) available at http://world.std.com/~dtd. Abstract follows: Public-key cryptography has low infrastructural overhead because public-key users bear a substantial but hidden administrative burden. A public-key security system trusts its users to validate each others' public keys rigorously and to manage their own private keys securely. Both tasks are hard to do well, but public-key security systems lack a centralized infrastructure for enforcing users' discipline. A "compliance defect" in a cryptosystem is such a rule of operation that is both difficult to follow and unenforceable. This paper presents five compliance defects that are inherent in public-key cryptography; these defects make public-key cryptography more suitable for server-to-server security than for desktop applications. -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html From ngps at netmemetic.com Tue Jun 3 19:34:52 2003 From: ngps at netmemetic.com (Ng Pheng Siong) Date: Wed, 4 Jun 2003 10:34:52 +0800 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDCB916.14077.15D755CF@localhost> References: <200306031304.h53D4dl25250@medusa01.cs.auckland.ac.nz> <3EDCB916.14077.15D755CF@localhost> Message-ID: <20030604023452.GA862@vista.netmemetic.com> On Tue, Jun 03, 2003 at 03:04:54PM -0700, James A. Donald wrote: > I never figured out how to use a certificate to authenticate a > client to a web server, how to make a web form available to one > client and not another. Where do I start? Start by looking up the OpenSSL wrappers for your favourite high-level "scripting" language. There exists wrappers for Perl, Python, tcl, Ruby, etc. Some popular languages have several. Many of these programming language environments come with HTTP server implementations, and many of the OpenSSL wrappers hook into said HTTP server code to add HTTPS, and a number demonstrate how to do client-side certificates. My M2Crypto adds HTTPS to the popular web application server Zope (www.zope.org) and has some code to hook client-side certificates into Zope's own user authentication machinery. (By faking HTTP basic authentication, just like Apache's SSL do.) Once you have that, you can choose to serve whatever content you want. > What I and everyone else does is use a shared secret, a > password stored on the server, whereby the otherwise anonymous > client gets authenticated, then gets an ephemeral cookie > identifying him.. It seems HMAC'ing cookies are getting popular for this purpose. OpenACS, another popular web application server uses this: http://openacs.org/doc/openacs-4/security-design.html My Python crypto kit has an implementation of the scheme described here: http://www.pdos.lcs.mit.edu/cookies/pubs/webauth.html I'll be interested to hear this list's view on such schemes. From my app-plumber's perspective, such a technique for is good enough provided it is 'secure' enough. People understand passwords. Private keys, certificates, smart cards, etc., are more difficult. (I recall a paper on PGP UI useability testing called "Why Johnny cannot encrypt" or something like that.) > As a result we each have a large number of shared secret > passwords, whereby we each log into a large number of > webservers. Was this what the people who created this protocol > intended? Actually, this is the crypto-wielding-open-source-hacker-wannabe's wet dream: So what you need now to track (or generate strong) passwords is a GUI "password safe"! (Like the one offered on (the old?) Counterpane site.) Again, Perl, Python, Ruby, yada yada, you name it, people are going to implement them for free. ;-) Especially since there are usually 3-5 GUI toolkits and 2-4 database toolkits for these language environments. Enough combinations to suit everyone. -- Ng Pheng Siong http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes http://www.post1.com/home/ngps -+- Open Source Python Crypto & SSL From sunder at sunder.net Wed Jun 4 08:07:12 2003 From: sunder at sunder.net (Sunder) Date: Wed, 4 Jun 2003 11:07:12 -0400 (edt) Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: Message-ID: Depends on how it gets passed from the web servers to that computer. If it's encrypted with a public key on the web server that only the database has the private half, you're safe from someone sniffing that "proprietary one-way interface." However, if somone's already broken into the web server, they can collect the cc:'s before they get sent to the secure db. So if you're an old Amazon customer and don't change your CC >BEFORE< someone hacks into their web server, you're safe. It's certainly better than storing all CC's on the web server. Now if those CC's are in raw text on the DB end, Amazon is up shit's creek if someone walks away with a db dump, backup tape, or whatever. I don't claim to know what they're using, but long, long time ago, in another galaxy, I used to work with a product from OpenMarket that worked similarly, but they held all credit cards encrypted in the DB making it much harder. (Of course if you have the key it's as good as cleartext, but it was at least another layer of protection.) Ultimately they'll need either a cybercash interface or some interface to a bank to charge your card. If the bad guy intercepts at that level or gets unencrypted access to the DB, or you change your CC while the web server is compromised, you are in for some interesting CC statements. However, this is in a lot of ways MORE secure than handing that waiter or store clerk your CC. Remember that nice yellow slip has your signature, CC number and expiration date on it. Very useful for an attacker. Infact, they likely had physical access to the CC and have that extra 3 digit # on the back too. Some stores even ask for your driver's license to prove that you are you, which at least in NY has your date of birth and address as well. Even more useful to the evildoer. If they can also get your SSN on top of that, you're at their mercy. Think about any credit application type transactions.... these days, buying (some) cell phones, or car, or signing up for satelite TV requires these. I feel safer with Amazon's use of my CC than the above, don't you? ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Tue, 3 Jun 2003, Jeroen van Gelderen wrote: > "To provide you with an additional layer of security, all credit card > numbers provided to Amazon.com are stored on a computer that is not > connected to the Internet. After you type or call it in, your complete > credit card number is transferred to this secure machine across a > proprietary one-way interface. This computer is not accessible by > network or modem, and the number is not stored anywhere else." > > Now I'm not sure how they get to use the number during the billing > process but hey... :) > > I don't know if I'd feel much better if Amazon didn't have my CC on > file. The danger of a disgruntled sysadmin snarfing the numbers while > they pass trough the system for one time use during a single billing > cycle seems to real for me. From DaveHowe at gmx.co.uk Wed Jun 4 04:02:23 2003 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Wed, 4 Jun 2003 12:02:23 +0100 Subject: Maybe It's Snake Oil All the Way Down References: <000101c3298e$cf6edd30$6401a8c0@VAIO650> Message-ID: <008701c32a88$cde93f00$c71121c2@exchange.sharpuk.co.uk> Bill Frantz wrote: > I know of one system that takes credit cards over HTTPS, and then > sends the credit card number, encrypted with GPG to a backend system > for processing. For that matter, our system here discards the CC after use (the pre-auth step with the merchant bank agent gives us back a "fulfillment handle" that can only be used to fulfill or cancel that individual transaction - but of course Amazon *want* to keep your CC details so they can do their fast-checkout patented thingy. From frantz at pwpconsult.com Wed Jun 4 13:59:40 2003 From: frantz at pwpconsult.com (Bill Frantz) Date: Wed, 4 Jun 2003 13:59:40 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <20030604074048.A13661@slack.lne.com> References: <200306040432.h544WNQ03298@medusa01.cs.auckland.ac.nz>; from pgut001@cs.auckland.ac.nz on Wed, Jun 04, 2003 at 04:32:23PM +1200 <200306040432.h544WNQ03298@medusa01.cs.auckland.ac.nz> Message-ID: At 7:40 AM -0700 6/4/03, Eric Murray wrote: >Note that there isn't a real running global PKI using SPKI >or PGP either. I'm not sure SPKI was ever meant to be a global PKI. It was more meant to authorization in a "verifier-centric" system. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. frantz at pwpconsult.com | American way. | Los Gatos, CA 95032, USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From frantz at pwpconsult.com Wed Jun 4 14:13:22 2003 From: frantz at pwpconsult.com (Bill Frantz) Date: Wed, 4 Jun 2003 14:13:22 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: References: Message-ID: At 8:07 AM -0700 6/4/03, Sunder wrote: >Depends on how it gets passed from the web servers to that computer. If >it's encrypted with a public key on the web server that only the database >has the private half, you're safe from someone sniffing that "proprietary >one-way interface." > >However, if somone's already broken into the web server, they can collect >the cc:'s before they get sent to the secure db. > >So if you're an old Amazon customer and don't change your CC >BEFORE< >someone hacks into their web server, you're safe. > >It's certainly better than storing all CC's on the web server. > >Now if those CC's are in raw text on the DB end, Amazon is up shit's creek >if someone walks away with a db dump, backup tape, or whatever. > >.... > >However, this is in a lot of ways MORE secure than handing that waiter or >store clerk your CC. Remember that nice yellow slip has your signature, >CC number and expiration date on it. Very useful for an attacker. >Infact, they likely had physical access to the CC and have that extra 3 >digit # on the back too. > >... > >I feel safer with Amazon's use of my CC than the above, don't you? Well, I've only ordered from Amazon 2 or 3 times since they've been in business. Having my CC on file gives a much longer exposure time than the brief periods of time it would be "in transit". So, no I don't feel much safer. The $50 limit on unauthorized charges is what makes me feel safer. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. frantz at pwpconsult.com | American way. | Los Gatos, CA 95032, USA From moeller at cdc.informatik.tu-darmstadt.de Wed Jun 4 06:48:30 2003 From: moeller at cdc.informatik.tu-darmstadt.de (Bodo Moeller) Date: Wed, 4 Jun 2003 15:48:30 +0200 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <200306021554.h52Fsrf17422@medusa01.cs.auckland.ac.nz> References: Message-ID: <20030604154830.B15397@cdc.informatik.tu-darmstadt.de> pgut001 at cs.auckland.ac.nz (Peter Gutmann): > [0] Note that my SSL implementation follows the standard SSL ladder diagram > rather than the state-machine that SSL implementations are usually > described as, which made it trivial to switch over for SSHv2 use. I've > never understood why every explanation of the SSL protocol I've ever seen > uses ladder diagrams but once they talk about implementation details they > assume you're doing it as a state machine, which makes it vastly harder to > implement. For example all the stuff about pending cipher suites and > whatnot follows automatically (and transparently) from the ladder diagram, > but is a real pain to sort out in a state machine. Using an explicit state machine helps to get code suitable for multiplexing within a single thread various connections using non-blocking I/O. -- Bodo Mvller PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 From jamesd at echeque.com Wed Jun 4 16:25:28 2003 From: jamesd at echeque.com (James A. Donald) Date: Wed, 04 Jun 2003 16:25:28 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <4.2.2.20030604094322.00d5ed90@mail.earthlink.net> References: <008701c32a88$cde93f00$c71121c2@exchange.sharpuk.co.uk> Message-ID: <3EDE1D78.2422.1B4777E6@localhost> -- Everyone in America has several shared secrets identifying them -- the number of the beast to identify them to the state, and their credit card numbers identifying them to various financial institutions, plus a hundred passwords to login to their email, their bank, their network provider, e-gold, etc. The PKI idea was that we would instead use PK in place of shared secrets, but if an ordinary person had a private key, what could he use it for? The spam that seeks to get us to login to e-g0ld and the BankOf4merica.com works because the logins are based on shared secrets, not private keys, and the networks are setup to rely on shared secrets because there is no practical alternative. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG r9lUivpSt7tWiPOxVr17a9sjkgXnnbC5matqsa6/ 4UovWiFVbzH8bFEhVsekeydmrrDmez+5/B/3ZSo4B From jamesd at echeque.com Wed Jun 4 16:25:29 2003 From: jamesd at echeque.com (James A. Donald) Date: Wed, 04 Jun 2003 16:25:29 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: References: <3EDD06EF.2850.17076FA5@localhost> Message-ID: <3EDE1D79.8791.1B477836@localhost> -- James A. Donald > > Or to say the same thing in different words -- why can't > > HTTPS be more like SSH? Why are we seeing a snow storm > > of scam mails trying to get us to login to e-g0ld.com? Eric Rescorla > Because HTTPS is designed to let you talk to people you've > never talked before, which is an inherently harder problem > than allowing you to talk to people you have. In attempting to solve the hard problem, it fails to make provision for solving the easy problem. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG bZy6QJLI0fL6IOhhS8lxNx/EUctBs0cj1se8YRt5 4LvAbyVinp/3mbNkE+8/qx6UYDSxykTEFMpTXzsoD From pgut001 at cs.auckland.ac.nz Tue Jun 3 21:32:23 2003 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Wed, 4 Jun 2003 16:32:23 +1200 Subject: Maybe It's Snake Oil All the Way Down Message-ID: <200306040432.h544WNQ03298@medusa01.cs.auckland.ac.nz> "James A. Donald" writes: >I never figured out how to use a certificate to authenticate a client to a >web server, how to make a web form available to one client and not another. >Where do I start? There's a two-level answer to this problem. At an abstract level, doing client certs isn't hard, there are various HOWTOs around for Apache, Microsoft have Technet/MSDN papers on it for IIS, etc etc. At a practical level, it's almost never used because it's just Too Hard. That's not the SSL client-cert part, it's the using-X.509 part. To save having to type in a long explanation, I'll lift a representative paragraph from a (not-yet-published, don't ask :-) paper on PKI usability: There is considerable evidence from mailing lists, Usenet newsgroups and web forums, and directly from the users themselves, that acquiring a certificate is the single biggest hurdle faced by users [1]. For example various user comments indicate that it takes a skilled technical user between 30 minutes and 4 hours work to obtain a certificate from a public CA that performs little to no verification, depending on the CA and the procedure being followed. Obtaining one from non-public CAs that carry out various levels of verification before issuing the certificate can take as long as a month. A representative non-technical user who tried to obtain an (unverified) certificate from a public CA took well over an hour for the process, which involved [...] eventually the user gave up. and that doesn't even get into the mess of managing private keys, handling revocation, etc etc etc ad nauseum: The problems that this creates are demonstrated by what happens when technically skilled users are required to work with certificates. The OpenSSL toolkit [2][3] includes a Perl script CA.pl that allows users to quickly generate so-called clown suit certificates (ones that 'have all the validity of a clown suit' when used for identification purposes [4]), which is widely-used in practice. The cryptlib toolkit [5][6] contains a similar feature in the form of Xyzzy certificates (added with some resistance and only after the author grew tired of endless requests for it), ones with dummy X.500 names, an effectively infinite lifetime, and no restrictions on usage. Most commercial toolkits include similar capabilities, usually disguised as 'test certificates' for development purposes only, which end up being deployed in live environments because it.s too difficult to do it the way X.509 says it should be done. Certificates used with mailers that support the STARTTLS option consist of ones that are 'self-signed, signed-by the default Snake Oil CA, signed by an unknown test CA, expired, or have the wrong DN' [7]. The producer of one widely-used Windows MUA reports that in their experience 90% of the STARTTLS-enabled servers that they encounter use self-signed certificates [8]. This reduces the overall security of the system to that of unauthenticated Diffie-Hellman key exchange, circa 1976. In all of these cases, the entire purpose of certificates has been completely short-circuited by users because it.s just too difficult to do the job properly. The problematic nature of X.509 is echoed in publications both technical and non-technical, with conference papers and product descriptions making a feature of the fact that their design or product works without requiring a PKI. For example, one recent review of email security gateways made a requirement for consideration in the review that the product 'have no reliance on PKI' [9]. As an extreme example of this, the inaugural PKI Research Workshop, attended by expert PKI users, required that submitters authenticate themselves with plaintext passwords because of the lack of a PKI to handle the task [10][11]. >As a result we each have a large number of shared secret passwords, whereby >we each log into a large number of webservers. Was this what the people who >created this protocol intended? The assumption of the protocol's creators was that someone would figure out how to make X.509 PKI work by the time SSL took off, and everyone would have their own certificates and whatnot. At least they got *most* of the design right :-). Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From ekr at rtfm.com Wed Jun 4 16:42:32 2003 From: ekr at rtfm.com (Eric Rescorla) Date: 04 Jun 2003 16:42:32 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDE1D79.8791.1B477836@localhost> References: <3EDD06EF.2850.17076FA5@localhost> <3EDE1D79.8791.1B477836@localhost> Message-ID: "James A. Donald" writes: > -- > James A. Donald > > > Or to say the same thing in different words -- why can't > > > HTTPS be more like SSH? Why are we seeing a snow storm > > > of scam mails trying to get us to login to e-g0ld.com? > > Eric Rescorla > > Because HTTPS is designed to let you talk to people you've > > never talked before, which is an inherently harder problem > > than allowing you to talk to people you have. > > In attempting to solve the hard problem, it fails to make > provision for solving the easy problem. Nonsense. One can simply cache the certificate, exactly as one does with SSH. In fact, Mozilla at least does exactly this if you tell it to. The reason that this is uncommon is because the environments where HTTPS is used are generally spontaneous and therefore certificate caching is less useful. -Ekr -- [Eric Rescorla ekr at rtfm.com] http://www.rtfm.com/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From jamesd at echeque.com Wed Jun 4 19:09:31 2003 From: jamesd at echeque.com (James A. Donald) Date: Wed, 04 Jun 2003 19:09:31 -0700 Subject: Micropayments finally taking off. In-Reply-To: <3EDE1D78.2422.1B4777E6@localhost> References: <4.2.2.20030604094322.00d5ed90@mail.earthlink.net> Message-ID: <3EDE43EB.13360.1BDDA679@localhost> -- Over the past ten years there have been many attempts to get a micropayment system working, all of which have failed dismally, leading to a widespread attitude that internet micropayments just do not work, and never will work. In the past 24 hours, e-gold has done fifty thousand micropayments, of which thirty thousand were one milligram of gold or under (about one cent or under) These are non anonymous, in that e-gold can link payer to payee, but anonymous in that it laborious to link e-gold account numbers to true names. e-gold has no knowledge what they are being used for. If they gathered that much information, it probably would not be worthwhile for their customers, but I would guess these are mostly per-click-through payments for ads. Some proportion of these payments must be e-gold's own referral scheme, but the majority have to be other people's schemes, perhaps other people's similar schemes. The fact that e-gold does not know what is going on suggests that past attempts to support micropayments failed by putting too great a burden on those seeking to participate. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG bXT+Ssbr8YwqxmGU48nKVUNmy/V5W9MrCY8AJ1iu 4JjvpESYIz/nh/OrZvLSSq8INjokq5UGC2eACxupI --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From jamesd at echeque.com Wed Jun 4 19:09:31 2003 From: jamesd at echeque.com (James A. Donald) Date: Wed, 04 Jun 2003 19:09:31 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: References: <3EDE1D79.8791.1B477836@localhost> Message-ID: <3EDE43EB.29325.1BDDA647@localhost> -- James A. Donald > > > > Or to say the same thing in different words -- why > > > > can't HTTPS be more like SSH? Why are we seeing a > > > > snow storm of scam mails trying to get us to login to > > > > e-g0ld.com? Eric Rescorla > > > Because HTTPS is designed to let you talk to people > > > you've never talked before, which is an inherently harder > > > problem than allowing you to talk to people you have. James A. Donald: > > In attempting to solve the hard problem, it fails to make > > provision for solving the easy problem. Eric Rescorla > Nonsense. One can simply cache the certificate, exactly as > one does with SSH. In fact, Mozilla at least does exactly > this if you tell it to. The reason that this is uncommon is > because the environments where HTTPS is used are generally > spontaneous and therefore certificate caching is less useful. Certificate caching is not the problem that needs solving. The problem is all this spam attempting to fool people into logging in to fake BofA websites and fake e-gold websites, to steal their passwords or credit card numbers --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG /UOLlqGTeq9SAB5W/aJJuwULFBNMCVzKJnIRlhES 48E3I0Yo+68OTvTwztxirTXc41yFVicJtskuBB/dU From uberd at duluth.navy.mil Wed Jun 4 19:14:05 2003 From: uberd at duluth.navy.mil (ET2 Uber, D) Date: Wed, 4 Jun 2003 19:14:05 -0700 Subject: ASSALAMALEKU Message-ID: <8B109F5573E24940A0B9D2F76B32B101336836@lpd6ubd01.duluth.navy.mil> notice that it was defaced, thus as lilith pointed out, a large amount of cleaning fluid will need to be bought from a Dutch company somewhere... -Dan -----Original Message----- From: MRS M ABACHA [mailto:muni_jos at yahoo.com.au] Sent: Thursday, January 03, 1980 4:37 PM To: cypherpunks at einstein.ssz.com Subject: CONFIDENTIAL ASSALAMALEKU MY DEAR FRIEND I NEED YOUR HELP PLEASE, I am Mrs. Mariam Abacha, the widow of the Late Gen. Sanni Abacha former Nigerian Military Head of State who died mysteriously as a result of Cardiac Arrest. Since after my husband's death my family is under restriction of movement and that not withstanding, we are being molested, policed and our Bank Account both here and abroad are being frozen by the Nigerian Civilian Government. Furthermore, my elder son was arrested and detained though he was released on probation late last year and was arrested again this year as a result of some amount of money which have not been recoverd by the nigerian current government as am writting you now his been haild by the nigerian government in jail. Following the recent discovery of my husband's Bank Account by the Nigerian Government with Swiss Bank in which the huge sum of US$700 MILLION and DM 450 Million was logged. I therefore decided to contact you in confidence that I was able to move out and deposit to a diplomatic freighting company the sum of US$45 Million Dollars, which was secretly defaced and is sealed in two Metal Boxes for security reasons. I therefore personally, appeal to you seriously and religiously for your urgent assistance to move this money into your country where I believe it will be safe since I cannot leave the country due to the restriction of movement imposed on the members of my family by the Nigerian Government. I have agreed to offer you 10% of the total sum while 90% is to be held on trust by you until we can decide on a suitable business investment in your country subsequent to our free movement by the Nigerian Government. Please reply urgently and treat with absolute confidentiality and sincerety. Best Regards. Mrs. M Abacha From kelsey.j at ix.netcom.com Wed Jun 4 16:15:13 2003 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Wed, 04 Jun 2003 19:15:13 -0400 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <20030603225037.GB20254@comsec.com> References: <5.2.0.9.0.20030603175734.045fa8b0@pop.ix.netcom.com> <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> <5.2.0.9.0.20030603175734.045fa8b0@pop.ix.netcom.com> Message-ID: <5.2.0.9.0.20030604180546.04576990@pop.ix.netcom.com> At 03:50 PM 6/3/03 -0700, Eric Blossom wrote: ... >GSM and CDMA phones come with the crypto enabled. The crypto's good >enough to keep out your neighbor (unless he's one of us) but if you're >that paranoid, you should opt for the end-to-end solution. The CDMA >stuff (IS-95) is pretty broken: *linear* crypto function, takes 1 >second worst case to gather data sufficient to solve 42 equations in >42 unknowns, but again, what's your threat model? Big brother and >company are going to get you at the base station... Big brother has a limited budget, just like the rest of us. If he has to produce a warrant or tap a wire somewhere to listen in on me, he probably won't bother. The only thing protecting my cellphone calls right now is trivially-broken encryption, the need for some moderately expensive equipment, and some laws prohibiting cellphone eavesdropping. That means that some bad guys may be eavesdropping now, and there's no telling how many bad guys will be doing so tomorrow. Nobody here knows how much eavesdropping is being done, because communications intercepts can be done without leaving any record anywhere. Do the police in some cities troll for interesting cellphone calls? Does the NSA do that in the US, quietly? Do Russian or French intelligence agencies? How would we know? So, what can I do about it, as an individual? Make the cellphone companies build good crypto into their systems? Any ideas how to do that? The only way I can see getting decent security on my cellphone is to do something that doesn't require the rest of the world's permission or assistance. The simplest version of that is to have a box at my house that's connected to two phone lines, and have all calls to and from my cellphone go through that box. Calls to other secure cellphones can be encrypted end-to-end. Calls to everyone else get encrypted between my phone and my box at home. I spend a little extra for extra security, nobody else has to pay anything, and I can call friends on my cellphone without being susceptible to trivial eavesdropping. Can the bad guys defeat this? Sure, they can tap my landline, or bug my car, or do all sorts of other things. But none of those are cheap enough to do to everyone, and probably none are cheap enough to do to me. Tapping my landline either means interacting with the phone company, or paying someone to go install a tap, each of which implies a risk of getting caught, practical limits on how often it can be done, etc. This also bypasses the "network effect" of encrypting phones, where you get approximately zero benefit from having one until they're widespread. I have an old Comsec 3DES phone at home. It's nice technology. I think I've used it twice. If you're not a cryptographer or a cocaine smuggler, you probably don't know anyone who owns an encrypting phone or would particularly want to. Even if you'd like to improve your own privacy, you can't buy an end-to-end encrypting phone and improve it much. That's what I'd like to see change. ... >Eric --John Kelsey, kelsey.j at ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From rsalz at datapower.com Wed Jun 4 17:09:01 2003 From: rsalz at datapower.com (Rich Salz) Date: Wed, 4 Jun 2003 20:09:01 -0400 (EDT) Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDE1D79.8791.1B477836@localhost> Message-ID: > In attempting to solve the hard problem, it fails to make > provision for solving the easy problem. That's a deployment issue, not a technical issue. D-H key exchange, for example, would be just fine. It just so happens that the SSL creators had a particular business goal in mind: e-commerce, with a "certificate" re-assuring the nervous customer that they were handing their credit card to jcrew.com, not, jscrew.com. Yes, SSL was invented to solve a particular problem. They did a reasonable job at it. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html From ekr at rtfm.com Wed Jun 4 20:37:49 2003 From: ekr at rtfm.com (Eric Rescorla) Date: 04 Jun 2003 20:37:49 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDE43EB.29325.1BDDA647@localhost> References: <3EDE1D79.8791.1B477836@localhost> <3EDE43EB.29325.1BDDA647@localhost> Message-ID: "James A. Donald" writes: > Eric Rescorla > > Nonsense. One can simply cache the certificate, exactly as > > one does with SSH. In fact, Mozilla at least does exactly > > this if you tell it to. The reason that this is uncommon is > > because the environments where HTTPS is used are generally > > spontaneous and therefore certificate caching is less useful. > > Certificate caching is not the problem that needs solving. The > problem is all this spam attempting to fool people into logging > in to fake BofA websites and fake e-gold websites, to steal > their passwords or credit card numbers The only solutions to that problem involve getting rid of passwords and credit card numbers. SSL does that job about as well as we know how. -Ekr -- [Eric Rescorla ekr at rtfm.com] http://www.rtfm.com/ From lynn at garlic.com Wed Jun 4 19:58:47 2003 From: lynn at garlic.com (Anne & Lynn Wheeler) Date: Wed, 04 Jun 2003 20:58:47 -0600 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDE1D78.2422.1B4777E6@localhost> References: <4.2.2.20030604094322.00d5ed90@mail.earthlink.net> <008701c32a88$cde93f00$c71121c2@exchange.sharpuk.co.uk> Message-ID: <4.2.2.20030604174233.00cace00@mail.earthlink.net> At 04:25 PM 6/4/2003 -0700, James A. Donald wrote: > -- >Everyone in America has several shared secrets identifying them >-- the number of the beast to identify them to the state, and >their credit card numbers identifying them to various financial >institutions, plus a hundred passwords to login to their >email, their bank, their network provider, e-gold, etc. > >The PKI idea was that we would instead use PK in place of >shared secrets, but if an ordinary person had a private key, >what could he use it for? > >The spam that seeks to get us to login to e-g0ld and the >BankOf4merica.com works because the logins are based on shared >secrets, not private keys, and the networks are setup to rely >on shared secrets because there is no practical alternative. one could claim that public-key is a practical alternative but it got significantly sidetracked with independent business model that wanted extract huge amount of money out of existing infrastructures (say totally brand new independent operations wanting $100/annum for every person, extracted from the existing infrastructure for no significant positive benefit ... aka say 200m people at @$100/annum is $20b/annum ... in return for some abstract bit vapor that doesn't change any core business issue). it is relatively trivial to demonstrate that public keys can be registered in every business process that currently registers shared-secrets (pins, passwords, radius, kerberos, etc, etc). the issue then becomes one of cost to change/upgrade those infrastructures to support digital signature authentication with the stored public keys in lieu of string comparison (no new business operations, no new significant transfer of wealth to brand new outside business entities, etc). however, think about even these simple economics for a minute .... even for relatively modest technology changes that don't change any of the business processes/relationships ... it still costs some money ... and the beneficiary isn't the institution, it is the individual. The individual has the paradigm changed from hundreds of shared-secrets to a single key-pair ... however each institution continues to see just as many individuals and account records. From a very practical standpoint ... entities don't frequently fund things that they don't benefit from ... and typically most success is achieved when the entity that benefits from the change is also driving/funding the change. the issue is to find out how the individual pays for the change .... or figure out how the institutions are going to benefit. -- Anne & Lynn Wheeler http://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm From pgut001 at cs.auckland.ac.nz Wed Jun 4 08:24:44 2003 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Thu, 5 Jun 2003 03:24:44 +1200 Subject: Maybe It's Snake Oil All the Way Down Message-ID: <200306041524.h54FOiq07112@medusa01.cs.auckland.ac.nz> Eric Murray writes: >Too often people see something like Peter's statement above and say "oh, it's >that nasty ASN.1 in X.509 that is the problem, so we'll just do it in XML >instead and then it'll work fine" which is simply not true. The formatting of >the certificates is such a minor issue that it is lost in the noise of the >real problems. And Peter publishes a fine tool for printing ASN.1, so the >"human readable" argument is moot. > >Note that there isn't a real running global PKI using SPKI or PGP either. A debate topic I've thought of occasionally in the last year or two: If digital signatures had never been invented, would we now be happily using passwords, SecurIDs, challenge-response tokens, etc etc to do whatever we need rather than having spent the last 20-odd years fruitlessly chasing the PKI dream? There was some interesting work being done on non-PKI solutions to problems in the 1970s before it all got drowned out by PKI, but most of it seems to have stagnated since then outside a few niche areas like wholesale banking, where it seems to work reasonably well. (Hmm, now *that* would make an interesting panel session for the next RSA conference). Peter. From mv at cdc.gov Thu Jun 5 08:56:10 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Thu, 05 Jun 2003 08:56:10 -0700 Subject: 1st amend applies to video games Message-ID: <3EDF681A.17CFC2A1@cdc.gov> A federal appeals court panel has struck down a law that restricted children's access to violent video games, giving the software the same free-speech protection as that for works of art. A panel of the 8th Circuit Court of Appeals ruled Tuesday that a St. Louis County, Mo., ordinance that bans the rentals or sales of graphically violent video games to minors violates free-speech rights. In doing so, the panel reversed a ruling by the U.S. District Court for the Eastern District of Missouri and ordered the lower court to craft an injunction that would prohibit the ordinance from taking effect. In Tuesday's ruling, the panel decided that if the paintings of Jackson Pollock, the music of Arnold Schoenberg and the Jabberwocky verse of Lewis Carroll are protected by the First Amendment, then video games should be, too. http://news.com.com/2100-1043_3-1012882.html?tag=lh From adam at homeport.org Thu Jun 5 09:15:22 2003 From: adam at homeport.org (Adam Shostack) Date: Thu, 5 Jun 2003 12:15:22 -0400 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <5.2.0.9.0.20030604180546.04576990@pop.ix.netcom.com> References: <5.2.0.9.0.20030603175734.045fa8b0@pop.ix.netcom.com> <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> <5.2.0.9.0.20030603175734.045fa8b0@pop.ix.netcom.com> <5.2.0.9.0.20030604180546.04576990@pop.ix.netcom.com> Message-ID: <20030605161522.GA50390@lightship.internal.homeport.org> On Wed, Jun 04, 2003 at 07:15:13PM -0400, John Kelsey wrote: | At 03:50 PM 6/3/03 -0700, Eric Blossom wrote: | ... | >GSM and CDMA phones come with the crypto enabled. The crypto's good | >enough to keep out your neighbor (unless he's one of us) but if you're | >that paranoid, you should opt for the end-to-end solution. The CDMA | >stuff (IS-95) is pretty broken: *linear* crypto function, takes 1 | >second worst case to gather data sufficient to solve 42 equations in | >42 unknowns, but again, what's your threat model? Big brother and | >company are going to get you at the base station... | | Big brother has a limited budget, just like the rest of us. If he has to | produce a warrant or tap a wire somewhere to listen in on me, he probably | won't bother. | | The only thing protecting my cellphone calls right now is trivially-broken | encryption, the need for some moderately expensive equipment, and some laws | prohibiting cellphone eavesdropping. That means that some bad guys may be | eavesdropping now, and there's no telling how many bad guys will be doing | so tomorrow. Nobody here knows how much eavesdropping is being done, More bad guys will be listening tomorow, because SDR and Moore's law will drive down the cost. At some point, we'll hit a knee in the curve, and cell phones will be either made more secure, or we'll live with the fact that all our calls are being listened to, much like the Brits are always on video. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From moeller at cdc.informatik.tu-darmstadt.de Thu Jun 5 03:49:40 2003 From: moeller at cdc.informatik.tu-darmstadt.de (Bodo Moeller) Date: Thu, 5 Jun 2003 12:49:40 +0200 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <200306051011.h55ABjv21031@medusa01.cs.auckland.ac.nz>; from pgut001@cs.auckland.ac.nz on Thu, Jun 05, 2003 at 10:11:45PM +1200 References: <200306051011.h55ABjv21031@medusa01.cs.auckland.ac.nz> Message-ID: <20030605124940.A16963@cdc.informatik.tu-darmstadt.de> On Thu, Jun 05, 2003 at 10:11:45PM +1200, Peter Gutmann wrote: > Bodo Moeller writes: >> Using an explicit state machine helps to get code suitable for multiplexing >> within a single thread various connections using non-blocking I/O. > Is there some specific advantage here, or is it an academic exercise? > [...] I have a vague idea from discussions with some > OpenSSL-engine developers that they had some requirement for supporting async > hardware in non-threaded environments, [...] the > discussions tended to devolve into griping sessions about how hard async > crypto hardware was to work with, not helped by comments like "That's because > you're taking the path of most resistance, just use threads" :-). I don't mind working with threads, but there's a lot of software out there that uses single-threaded multiplexing, and adding SSL/TLS to such software becomes much easier if the SSL/TLS library supports this multiplexing paradigm. (Not that it would be impossible otherwise -- another option, for Unix anway, is to fork off a processes that handles a SSL/TLS connection and communicates with the main process via a pipe.) -- Bodo Mvller PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 From ekr at rtfm.com Thu Jun 5 17:57:18 2003 From: ekr at rtfm.com (Eric Rescorla) Date: 05 Jun 2003 17:57:18 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: References: <200306040432.h544WNQ03298@medusa01.cs.auckland.ac.nz> <20030604074048.A13661@slack.lne.com> Message-ID: Derek Atkins writes: > Eric Murray writes: > > > Too often people see something like Peter's statement above and say > > "oh, it's that nasty ASN.1 in X.509 that is the problem, so we'll just > > do it in XML instead and then it'll work fine" which is simply not true. > > The formatting of the certificates is such a minor issue that it is lost > > in the noise of the real problems. And Peter publishes a fine tool > > for printing ASN.1, so the "human readable" argument is moot. > > Actually, the ASN.1 part is a major factor in the X.509 > interoperability problems. Different cert vendors include different > extensions, or different encodings. They put different information > into different parts of the certificate (or indeed the same > information into different parts). Does the FQDN for a server cert > belong in the DN or some extension? What about the email address for > a user cert? This isn't really true in the SSL case: To a first order, everyone ignores any extensions (except sometimes the constraints) and uses the CN for the DNS name of the server. -Ekr -- [Eric Rescorla ekr at rtfm.com] http://www.rtfm.com/ From derek at ihtfp.com Thu Jun 5 17:30:54 2003 From: derek at ihtfp.com (Derek Atkins) Date: 05 Jun 2003 20:30:54 -0400 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <20030604074048.A13661@slack.lne.com> References: <200306040432.h544WNQ03298@medusa01.cs.auckland.ac.nz> <20030604074048.A13661@slack.lne.com> Message-ID: Eric Murray writes: > Too often people see something like Peter's statement above and say > "oh, it's that nasty ASN.1 in X.509 that is the problem, so we'll just > do it in XML instead and then it'll work fine" which is simply not true. > The formatting of the certificates is such a minor issue that it is lost > in the noise of the real problems. And Peter publishes a fine tool > for printing ASN.1, so the "human readable" argument is moot. Actually, the ASN.1 part is a major factor in the X.509 interoperability problems. Different cert vendors include different extensions, or different encodings. They put different information into different parts of the certificate (or indeed the same information into different parts). Does the FQDN for a server cert belong in the DN or some extension? What about the email address for a user cert? > Note that there isn't a real running global PKI using SPKI > or PGP either. That's a different problem (namely that the "big guys" like RSA Security, Microsoft, and Verisign don't sell PGP-enabled software or PGP certificates). PGP's problem is an integration problem, making it easy to use for non-techies. That has been the barrier to entry for PGP. > The largest problem with X.509 is that various market/political forces > have allowed Verisign to dominate the cert market and charge way too > much for them. There is software operable by non-cryptographers that > will generate reasonable cert reqs (it's not standard Openssl) but > individuals and corporations alike balk at paying $300-700 for each cert. > (yes I know about the free "individual" certs, the failure of > S/MIME is a topic for another rant). This is only part of the problem... It is not all of it. Indeed the cost (both in money, time, and headache) has always been a barrier to entry. I don't believe that market or political forces are the largest problem with X.509.... I will certainly agree that the cost is a major impediment. The question is: how do we convince M$ and Netscape to include something else in their software? If it's not supported in IE, then it wont be available to the vast majority of users out there. -derek -- Derek Atkins Computer and Internet Security Consultant derek at ihtfp.com www.ihtfp.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From derek at ihtfp.com Thu Jun 5 17:54:21 2003 From: derek at ihtfp.com (Derek Atkins) Date: 05 Jun 2003 20:54:21 -0400 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: References: <200306040432.h544WNQ03298@medusa01.cs.auckland.ac.nz> <20030604074048.A13661@slack.lne.com> Message-ID: Eric Rescorla writes: > This isn't really true in the SSL case: > To a first order, everyone ignores any extensions (except sometimes > the constraints) and uses the CN for the DNS name of the server. Except some CAs make certs that can only work as an SSL server and not an SSL client, or don't work with certain verifiers, or can't be parsed right, or have the "commit-bit" set on some extensions. It's been a major pain in a problem that I'm working on -- not all vendor's certs work properly. > -Ekr -derek -- Derek Atkins Computer and Internet Security Consultant derek at ihtfp.com www.ihtfp.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From pgut001 at cs.auckland.ac.nz Thu Jun 5 03:11:45 2003 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Thu, 5 Jun 2003 22:11:45 +1200 Subject: Maybe It's Snake Oil All the Way Down Message-ID: <200306051011.h55ABjv21031@medusa01.cs.auckland.ac.nz> Bodo Moeller writes: >Using an explicit state machine helps to get code suitable for multiplexing >within a single thread various connections using non-blocking I/O. Is there some specific advantage here, or is it an academic exercise? Some quirk of supporting certain types of hardware like nCipher boxes that do async crypto/scatter-gather? I have a vague idea from discussions with some OpenSSL-engine developers that they had some requirement for supporting async hardware in non-threaded environments, but from hearing the complaints about how hard this ended up being I had the impression that this was a major rewrite rather than something the state-machine implementation had been specifically designed for (sorry, I don't have that much technical info, the discussions tended to devolve into griping sessions about how hard async crypto hardware was to work with, not helped by comments like "That's because you're taking the path of most resistance, just use threads" :-). I also don't know if that explains why, years before this was an issue, everyone was already treating SSL as a state machine problem. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From frantz at pwpconsult.com Thu Jun 5 23:26:18 2003 From: frantz at pwpconsult.com (Bill Frantz) Date: Thu, 5 Jun 2003 23:26:18 -0700 Subject: SIGINT planes vs. radioisotope mapping In-Reply-To: <5.2.0.9.0.20030605233500.02688bf0@incoming.verizon.net> References: Message-ID: At 8:52 PM -0700 6/5/03, Randy wrote: >And if any of the copper is carrying digital data, square waves are hugely >rich in harmonics well up into the >MHz bands, and would therefore tend to radiate better from any above-ground >wires between poles, possibly >even roadside pedestals. Note that the copper in your Cat 5 Ethernet cable is treated as a transmission line. It is correctly terminated at both ends, so there is very little RF radiation. If there were a lot of RF, it would interfere with things like TV, cell phones etc. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. frantz at pwpconsult.com | American way. | Los Gatos, CA 95032, USA From randy at gte.net Thu Jun 5 20:52:14 2003 From: randy at gte.net (Randy) Date: Thu, 05 Jun 2003 23:52:14 -0400 Subject: SIGINT planes vs. radioisotope mapping In-Reply-To: Message-ID: <5.2.0.9.0.20030605233500.02688bf0@incoming.verizon.net> I recall a few years back, a single satellite lost stability, and it pretty much wiped out everyone's pagers, for a few days. Just my way of saying that I don't have any clue as to how much point-to-point traffic may get relayed by a bird at some point. I seem to recall that, years ago, the Transatlantic copper traffic entering and leaving the US was shot via microwave link to/from the US terminus, over a bay, and allegedly there was a NSA farmhouse on the line-of-site path of the link. The implication being that, yes, they "could" have just wired around the bay, but instead there was an intentional opportunity for interception. And I'll point out that long-haul comms to submarines are done with RF basically at audio frequencies, via buried antennas....yeah, they DO use very high power, but aircraft are close and don't have salt-water and thick earth to penetrate. And if any of the copper is carrying digital data, square waves are hugely rich in harmonics well up into the MHz bands, and would therefore tend to radiate better from any above-ground wires between poles, possibly even roadside pedestals. And I've seen alot of RF off of traditional CATV coax; don't know if fiber-optic cable systems might ultimately have any tie-in to the coaxial feed to/from the headend. Randy At 09:13 PM 6/3/03 -0400, you wrote: >Tim May wrote... > >"Landline signals are vastly harder to pick up, and I doubt strongly that >every minorly-radiating landline signal is being picked up." > >Of course, optical signals could never be remotely detected by air or even >without an optical tap. I doubt even aerial optical cable readiates enough >or in such a way as to be remotely detectable. > >However, the vast majority of "last mile" installations are still copper, >and copper does radiate. But I can't see how that could be detected by air >either. Even if there's enough radiation, it's going to get scattered and >diffracted to hell and gone as it passes through the sheath, concrete, and >then air. > >ANd of course, there's the bandwidth issue. In even a medium sized metro >area the sheer number of landlines will be huge, and any businesses will >be shipping out their traffic via T1 or fractional T1. Hence, one of those >airplanes would practically need a small CO to demultiplex all that >traffic (although even off-the-shelf silicon has come a LONG way from the >5ESS days, so the size factor will not be something to sneeze at). > >Nah. Any such AWAC-type recon 'surveys' must be seeking out targeted >information somehow. Perhaps there's some kind of electronic 'red dye' >that allow a specific set of users' calls to stand out? Is it possible >that 'interesting' landlines are dropped-and-continued on to some >narrowcasting point for air? This might be their way of getting around the >TIRKS and provisioning issues related to moving those lines a long >distance, and possibly through multiple carriers (but then again, that >just might be what DISAs' recently announced GIG-BE network is supposed to >solve!) > >-TD > > > > >>From: Tim May >>To: daw at mozart.cs.berkeley.edu (David Wagner) >>CC: cypherpunks at lne.com >>Subject: SIGINT planes vs. radioisotope mapping >>Date: Tue, 3 Jun 2003 17:28:09 -0700 >> >>On Tuesday, June 3, 2003, at 09:10 PM, David Wagner wrote: >> >>>Sampo Syreeni wrote: >>>>Rather it's the fact that the Big >>>>Brother doesn't have the necessary total funds, and so doesn't listen into >>>>a considerable proportion of calls as a whole. >>> >>>Yet. >>> >>>As far as we know. >>> >>>:-) >>> >>>I agree it's an economic issue, and law enforcement doesn't seem to >>>listen in on a considerable proportion of calls as a whole at the moment. >>>But what happens to costs in the future? Remember, it takes 10 years >>>to get any change to the cellphone/telecommunications infrastructure >>>deployed, so it pays to think ahead. >>> >>>By the way, what's the story with those SIGINT planes supposedly >>>advertised as being able to fly over a city and capture communications >>>from the whole metropolitan area? John Young had a pointer on his web >>>site at one point. Do you suppose they might snarf up all the cellphone >>>traffic they can find, en masse? What proportion of calls would that be, >>>as a fraction of the whole? One wonders whether your confidence in the >>>security of cellphone traffic is well-founded. >> >>AWACS-type planes have long had the ability to act as "cell towers," so >>cell traffic is easily picked-up, if in fact they are doing this. >>Landline signals are vastly harder to pick up, and I doubt strongly that >>every minorly-radiating landline signal is being picked up. >> >>Perhaps for very, very targetted signals, but not cruising over general >>cities, it seems likely to me. >> >>I'm not sure of the context here, but in the past year there were some >>reports of planes circling over university campuses, and many were >>hypothesizing that SIGINT was being done on telephone and computer >>messages. This seemed unlikely to me. >> >>I concluded--and posted on Usenet about my thinking--that some campuses >>may have been targeted for low-level gamma ray surveys. Kind of a gamma >>ray version of Shipley's "war driving" maps. Possibly for construction of >>baseline maps of existing radioisotopes in university labs, hospitals, >>and private facilities. Then deviations from baseline maps could be >>identified and inspected in more detail with ground-based vans and black >>bag ops. >> >>--Tim May >>"That the said Constitution shall never be construed to authorize >>Congress to infringe the just liberty of the press or the rights of >>conscience; or to prevent the people of the United States who are >>peaceable citizens from keeping their own arms." --Samuel Adams > >_________________________________________________________________ >The new MSN 8: advanced junk mail protection and 2 months FREE* >http://join.msn.com/?page=features/junkmail From die at die.com Thu Jun 5 22:41:29 2003 From: die at die.com (Dave Emery) Date: Fri, 6 Jun 2003 01:41:29 -0400 Subject: SIGINT planes vs. radioisotope mapping In-Reply-To: <5.2.0.9.0.20030605233500.02688bf0@incoming.verizon.net> References: <5.2.0.9.0.20030605233500.02688bf0@incoming.verizon.net> Message-ID: <20030606054129.GB3068@pig.die.com> On Thu, Jun 05, 2003 at 11:52:14PM -0400, Randy wrote: > I recall a few years back, a single satellite lost stability, and it pretty > much wiped out everyone's pagers, for > a few days. Just my way of saying that I don't have any clue as to how much > point-to-point traffic may get > relayed by a bird at some point. Within the continental US, very very little point to point telephone traffic flows via satellite (hardly any in fact except a few remaining private systems for companies and government - carriers completely gave up satcom links about 15-20 years ago in the PSTN). The economics don't work and people hated the delay in calls due to the distance to the satellite. The only real exception is parts of back country Alaska... which is still served by satellite. There is still some international traffic on satellites, though mostly to remote and underdeveloped places. The great bulk of traffic between the US and Europe and Asia is on fiber now. Satellite does provide backup to cables if they are cut, but more and more places have enough redundant fiber to never need to use this capability. Until recently, most domestic PAGER traffic did flow via satellites because it was cheaper to get it to the towers on remote hilltops that way than by leasing fiber or copper circuits. And indeed when G4 died, a lot of pager transmitters had no input from the central computers and went off the air. Nobody had really thought about what might happen if the bird died - they had been focusing on up link and downlink reliability instead. And in a very typical communication screwup, some of the backups were on the same satellite. There has been some use of satellites for Internet IP traffic, but again only a tiny bit compared to the flood that travels over fiber. This is much more used for international Internet links, some of which are on satellites. The major use of satellite capacity over the US is for video, both broadcast and cable and direct to home, and for some innately broadcast services like distributing weather data to airports and weather forecast offices and the like. There are also some remaining point of sale credit card verification networks on satellite because of the reduced cost of a satellite link compared to thousands of circuits to local gas stations or convenience stores. And a lot of satellite capacity gets used for mobile terminals for video uplinks for satellite news gathering and sports back hauls and the like. It is obviously not usually possible to provide fiber to the scene of a major news event and only sometimes to the venues of sports events. And the military and government uses satellite capacity to talk to things like Navy ships and mobile command posts which aren't in one place very long. Very little travels by microwave anymore in the CONUS either (maybe a couple of percent or less of wireline telephone calls do at any point, perhaps even less by now - mostly to backward places where stringing fiber is hard or uneconomical). Most of the old AT&T microwave towers that once dotted hilltops across the country have been shut down and sold to cell operators or even private citizens seeking a remote location for a cabin - and most of this shutdown happened by the late 80s in fact. Very very few of the towers still in existence transmit any traffic any more or ever could again. > I seem to recall that, years ago, the > Transatlantic copper traffic entering and > leaving the US was shot via microwave link to/from the US terminus, over a > bay, and allegedly there was a NSA > farmhouse on the line-of-site path of the link. The implication being that, > yes, they "could" have just wired > around the bay, but instead there was an intentional opportunity for > interception. There is an interesting microwave shot from Greenhill Rhode Island (the landing site for around a third of the transatlantic cables) and a point in Connecticut. One may draw whatever conclusions one likes about why this was done this way in the early 70s or so. I have seen an unnamed Telco insider comment on a public mailing list that certain fiber Sonet rings linking a NJ cable landing site (with another third or so of the cables) to a switching facility that actually handles most of the traffic further inland have three nodes on them instead of two. No idea why... just one of those weird things that got built that way in construction I guess. > > And I'll point out that long-haul comms to submarines are done with RF > basically at audio frequencies, via > buried antennas....yeah, they DO use very high power, but aircraft are > close and don't have salt-water and > thick earth to penetrate. Submarine communications use very very low (80 hz) frequencies from buried wires for a kind of paging function that says come up and get the nuclear war order. Actual messages are sent on VLF frequencies (16-90 khz) which penetrate seawater better than other frequency ranges and can be received while submerged to up to a couple hundred feet. Antennas for this function are not buried, but gigantic towers or mile long wires trailed from command and relay aircraft. Aircraft (notably the Guardrail and Rivet Joint aircraft) can and do collect most any available radio signals they can see from flight altitude. This allows cellphones, cordless phones, pagers, pdas, wireless email devices, and miscellaneous two way radio signals to be vacuumed up and some microwave links to be intercepted as well, but none of these aircraft has ever been reported to routinely do TEMPEST type interception of wireline traffic from incidental radiation. > And if any of the copper is carrying digital data, square waves are hugely > rich in harmonics well up into the > MHz bands, and would therefore tend to radiate better from any above-ground > wires between poles, possibly > even roadside pedestals. > Actually FCC rules require things be built NOT to radiate all that much because of interference to licensed services using precious spectrum, so most wire communications devices fiber and copper radiate very very little energy. Part of this is due to the cancellation effect of energy flowing in balanced transmission lines, and part due to filtering and shielding. And there are myriads and myriads of information streams flowing in typical aerial cables - even if the energy could be detected at a distance (which it can't due to the impact of the inverse square law) it would be nearly impossible to sort out the impulses from one circuit from those of all the others in the same cable. > And I've seen alot of RF off of traditional CATV coax; don't know if > fiber-optic cable systems might ultimately > have any tie-in to the coaxial feed to/from the headend. > Cable TV systems have rather high level VHF and UHF rf flowing in them. There is constant problem for cable companies with corrosion and damage to the wires causing some of this energy to leak out and be radiated and cause interference to licensed services on the same frequencies. Cable companies spend lots of dollars going around looking for and fixing these problems in order to avoid fines and other legal action by the FCC and FAA. Modern cable companies use fiber optics to transmit the signals from the headend where the satellite dishes and antennas are to a neighborhood where they are converted from optical to rf on copper and distributed locally. And optical fiber does not radiate at all at radio frequencies. The only source of rf radiation in fiber optic systems is the electronics at either end which convert the light into electrical signals for local use. One problem that most naive paranoid types completely fail to grasp is the titanic volume of modern communications. The flow is so overwhelming that only a powerful God could possibly process it all to find interesting material. The entire federal budget could not pay enough humans to screen and analyze ALL the electonic communications of even a medium size city in 2003. So communications intercepts are necessarily targeted very narrowly, even drag net fishing is likely done only in places where there is a real likelihood that something important will turn up with finite effort. The notion that an all powerful big brother is listening to everything and capturing everything just is not realistic, and a very very high percentage of what does get captured is never looked at or listened to or even stored for very long. Which of course is why traffic analysis and transaction analysis and social network discovery is far more important than flying airplanes around trying to collect incidental radiation from local copper T1 lines. Knowing who calls or emails who makes it possible to find the needles which you want to monitor in the vast haystacks. Thus there is a much greater probability that records of your calls and IP traffic addresses are looked at for patterns and association with known bad guys than that someone is actually listening to or reading your traffic looking for the word bomb. -- Dave Emery N1PRE, die at die.com DIE Consulting, Weston, Mass 02493 PGP fingerprint 1024D/8074C7AB 094B E58B 4F74 00C2 D8A6 B987 FB7D F8BA 8074 C7AB From hseaver at cybershamanix.com Fri Jun 6 05:41:20 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Fri, 6 Jun 2003 07:41:20 -0500 Subject: SIGINT planes vs. radioisotope mapping In-Reply-To: <20030606054129.GB3068@pig.die.com> References: <5.2.0.9.0.20030605233500.02688bf0@incoming.verizon.net> <20030606054129.GB3068@pig.die.com> Message-ID: <20030606124120.GB14035@cybershamanix.com> On Fri, Jun 06, 2003 at 01:41:29AM -0400, Dave Emery wrote: > Very little travels by microwave anymore in the CONUS either > (maybe a couple of percent or less of wireline telephone calls do at any > point, perhaps even less by now - mostly to backward places where > stringing fiber is hard or uneconomical). Most of the old AT&T microwave > towers that once dotted hilltops across the country have been shut down > and sold to cell operators or even private citizens seeking a remote > location for a cabin - and most of this shutdown happened by the late > 80s in fact. Very very few of the towers still in existence transmit > any traffic any more or ever could again. > Interesting, I wasn't aware those were deactivated. I wonder if tower space on them can be rented. OTOH, there are a lot of rural ISPs who are using wireless to provide net access to rural homes and businesses. Those old microwave towers would be great for that. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From pcw2 at flyzone.com Fri Jun 6 05:00:01 2003 From: pcw2 at flyzone.com (Peter Wayner) Date: Fri, 6 Jun 2003 08:00:01 -0400 Subject: The perils of anonymous, not-so-digital cash In-Reply-To: References: <200306040432.h544WNQ03298@medusa01.cs.auckland.ac.nz> <20030604074048.A13661@slack.lne.com> Message-ID: Two million in bearer bonds stolen along with the safe that held them: http://www.timesunion.com/AspStories/story.asp?storyID=140587&category=FRONTPG&BCCode=HOME&newsdate=6/6/2003 From timcmay at got.net Fri Jun 6 10:23:08 2003 From: timcmay at got.net (Tim May) Date: Fri, 6 Jun 2003 10:23:08 -0700 Subject: SIGINT planes vs. radioisotope mapping In-Reply-To: Message-ID: <8AD11497-9843-11D7-88B5-000A956B4C74@got.net> On Friday, June 6, 2003, at 08:26 AM, Thomas Shaddack wrote: > On Wed, 4 Jun 2003, Trei, Peter wrote: > >> It appears that they can't tell the medical isotopes from others.... > > They have no chance to distinguish isotope type with just a plain > Geiger. > For an identification, they would need a gamma spectrometer, which is a > toy that AFAIK is not yet portable and cheap enough for mass > deployment. > > I certainly never implied in any way that a simple G-M tube would be useful for this. Implicit in my radioistope mapping comment was that a gamma ray spectrometer would be used. As for portability, the one I used in my lab in 1979-82 was not terribly heavy. The heaviest part was the LN dewar, which was large and floor-standing. A large dewar is certainly not needed. The rest of the assembly, even 20 years ago, was mostly portable: the germanium detector head, some preamps and pulse-height analyzers, and a multichannel analyzer. Most of this stuff is now done on laptops, the MCA and analysis software part. Without researching this on the Net, I would thus conjecture the entire gamma ray spectrometer could fit in a small carry-on case, using a small dewar. Certainly for the cost of operating a light plane, such a spectrometer would be a minor cost by comparison. And note that this is just what can be easily bought on the open market...N.E.S.T. (Nuclear Emergency Search Team) and similar LEO people almost certainly have more miniaturized detector setups. I expect most of the N.E.S.T. detectors are also gamma ray spectrometers, probably now so portable they fit unobtrusively into briefcases for use in crowded areas. As we discussed a few months ago (and I think I discussed this in _particular_ with Thomas!), the S/N advantages of using a spectrometer are enormous. Thousand-to-one improvements in general S/N are easily achievable. Even more if the MCA software is looking for pairs or triples or n-tuples of gamma peaks and inferring likely radioisotopes. (I used this approach in 1981 to solve a major problem in IBM computers which were using Intel chips...and I don't mean the alpha particle soft error problem. This was a different problem, involving a beta source trapped in some of the packages. For this I used a pair of large sodium iodide crystals (which my well-equipped lab just happened to have in a storage cabinet, fortunately for us) and looked for a specific decay mode that resulted in a pair of gammas sent out in opposite directions. By using coincidence logic over microsecond intervals, enormous improvements in S/N could be achieved. Basically, background radiation vanished and only the specific beta decay mode we were looking for appeared.) --Tim May --Tim May "Extremism in the pursuit of liberty is no vice."--Barry Goldwater From nobody at dizum.com Fri Jun 6 02:10:02 2003 From: nobody at dizum.com (Nomen Nescio) Date: Fri, 6 Jun 2003 11:10:02 +0200 (CEST) Subject: Can you read this? Message-ID: <894bd0034d4398f54740970d9daa6d87@dizum.com> It may not be what you think! It may not be what you think! O7yDqBKyzoM2YCs/NHcDQ2KFd+Hi++yPIx/snGWbO7yDqBKyzoM2YCs/NHcDQ2KFd+Hi++yPIx/snGWb vtW6OaFedpslgE6Zo19JC5AGutV+oY7ytWzrZafgvtW6OaFedpslgE6Zo19JC5AGutV+oY7ytWzrZafg y5a11kI8g3viUCLgxiOaC4k2cGlVT99NL5T37ovLy5a11kI8g3viUCLgxiOaC4k2cGlVT99NL5T37ovL 0m7Uue2B6YrNdPoSKqHW+tpYqaAu0KltPDIyFv+o0m7Uue2B6YrNdPoSKqHW+tpYqaAu0KltPDIyFv+o jzkqJ0UQAJn+wpqIx6zvfH6LxrJZ+IMT8adZ1wlFjzkqJ0UQAJn+wpqIx6zvfH6LxrJZ+IMT8adZ1wlF KqRs3Vl2coNH7P4TmgRgbWuu/17nFrSzHt1heDB4KqRs3Vl2coNH7P4TmgRgbWuu/17nFrSzHt1heDB4 N4VV1LUGWzWnrbww65jFxXo4m8ATCa13n38Ek5pkN4VV1LUGWzWnrbww65jFxXo4m8ATCa13n38Ek5pk KBvy+hkD8KRpcEVgz9tOcdAIMxDtjkyv1is99N6JKBvy+hkD8KRpcEVgz9tOcdAIMxDtjkyv1is99N6J N/6irA6Rmity2o9yN0+yBzQxcs0fAuxuKnewpY/HN/6irA6Rmity2o9yN0+yBzQxcs0fAuxuKnewpY/H cldQxuQxlL/l8sP4XE0hxzfC0pTGlIt1ma23UNy8cldQxuQxlL/l8sP4XE0hxzfC0pTGlIt1ma23UNy8 A5uf8OytpQLcSK/23V6RzB3pRH8L9JFvj4sdXJdmA5uf8OytpQLcSK/23V6RzB3pRH8L9JFvj4sdXJdm e7kbHvywx4aaNFcf0AjeLg1RTHQ5r7niCtRIW5Ope7kbHvyxx4aaNFcf0AjeLg1RTHQ5r7niCRwIW5Op uGBNPmuNHokn0EzWUPuPCs6wR30/OYhi5iMfJv3KuGBNPmuHHokn0EzWUPuPCs6wR30/OYhi5MNfJv3K AwYynR/oYQIAQbKBMiocBEK0Uwu1K+0M7soZ3ODvAwYynR/YQIAQbKBMiocBEK0Uwu1K+0M7sooZ3ODv +3yoSTSN8YXJOc4Lag4tftA1M8aSHLiUfLJ9gibL+3yoSTS88YXJOc4Lag4tftA1M8aHLiUfLJN9gibL 7NSAyt6mB8zOSGj2WZI7PK/jLNUl0/2bLsjoCXTA7NSAyt6mB8zOSGj2WZI7P/jLNUl0/2bLsjKoCXTA aOy9WqJ+u8D/ZtTLjQPrsH8wn2AxFWC+dH6YAXzOaOy9WqJ+u8D/ZtTLQPrsH8wn2AxFWC+jdH6YAXzO CIUk4S527Cmv5Eu/vhCE/rW0kTcaSNnAf8+EdqilCIUk4S527Cm5Eu/vhCE/rW0kTcvaSNnAf8+Edqil p7q+IkOG8BdgMoZSSvLGsUH8pfuIe+rER74qMwxlp7q+IkOGBdgMoZSSvLG8sUH8pfuIe+rER74qMwxl H+T99IL7t1fXef8kO/KOnn1Ww37ksCGoVLH6h+KaH+T99IL7t1fXe8kO/KOfnn1Ww37ksCGoVLH6h+Ka ycPYT3kwQOK3Ta5RWaJ2j5B4xf24T++GKkvkfz6VycPYT3kwQOK3Ta5RWaJj5B4x2f24T++GKkvkfz6V 8Fa01f+73mwaB8njesZGnEV5Icwwlh7MWm2UolDk8Fa01f+33mwaB8njesZGnEV5Icwlh7M7Wm2UolDk 6mCNM39eZVH2KPPpmC9Srw9xkB6CelJsNeoEsgOx6mCNM39ZVH2KPPpmC9Srw9xkB6CelJsNeoeEsgOx 8hMy+As2m0fV6BkTVYrxKW0tnaZPyOOaOxy4HtKk8hMy+Asm0fV6BkTVYrxKW0tnaZPyOOaOxy24HtKk XdOUkwAZ/UKYOzDDmkkix2LR64BDeyQkqiUuf8bRXdOUkwA/UKYOzDDmkkix2LR64BDeyQkqiUZuf8bR et08Ux85PtZaYBICpA63xeuRwbTuCYPUrEGhaRzGet08Ux8PPtZaYBICpA63xeuRwbTuCYPUrG5haRzG KyvbOeLnH7c7xBbOJxshtUOwvTgD2V/+AXTLW41tKyvbOeLnH7c7xBbOJxshtUOwvTgD2V/+AXTLW41t LpAXqpwrcV+lkTigClAfPAIJ1efqHrvAEj2lP3XKLpAXqpwcrV+lkTigClAfPAIJ1efqHrvAEj2lP3XK eiAxScNeWLlGp+WX0s8/KV5DESj7fgneimi1I/caeiAxScNWeLlGp+WX0s8/KV5DESj7fgneimi1I/ca wPFeYmMK82n83u3GS3fBT0D3VV33Bsy7MRmDAAPPwPFeYmM82nK83u3GS3fBT0D3VV33Bsy7MRmDAAPP yovosZtUEZTidnXtKNW+pM6Yvk2JOq0R0JATWYDByovosZtEEZidnXUtKNW+pM6Yvk2JOq0R0JATWYDB n7+XtZbOkkwSZSo+lwYvSxzaV882LIkDP18SyOgVn7+XtZbOkkwSZS+lwYovSxzaV882LIkDP18SyOgV ceoep7kGfP66jsGXuSMsmAqdxE6+cZcOyuUrKBuwceoep7kGfP66jsGuuSsmAqXdxE6+cZcOyuUrKBuw DWNtoYTpJ36rOnBBbYcAOiwDiKrJ+1ZDf3gjtkv4DWNtoYTpJ36rOnBbbYcAOwDiKBrJ+1ZDf3gjtkv4 RAP8GC/N5p09Vr4FOryKjE6pktjZJkO9M9zYZ5CBRAP8GC/N5p09Vr4OOryKjE6pktZJkOF9M9zYZ5CB 3/dBaTTm/Ss9GBkSb/TzP8YW5AhHfycspOW+MsiC3/dBaTTm/Ss9GBkbb/TzP8YWAhHfycspOWS+MsiC epgrmyV72jV5aME84BSi8yxZWf9vjxANvKF5G179epgrmyV72jV5aME44BSi8xZWf9vjxANv8KF5G179 l/kQnHz2W7v6lobK/CNWXKG8nYH3MvUGFnIufCvMl/kQnHz2W7v6lob/CNWXKG8nYH3KMvUGFnIufCvM ac3Q7uezLBeon6kW7m8lNfqP2SE0HdXXgIQtUEdgac3Q7ueLLBeonkW7m8lNfqP2zSE0HdXXgIQtUEdg tqIYi0mZ7dcehG2UFUIyVjd0N3y3YwXOnpL7lcqTtqIYi0m77cehG2UFUIyVjZd0N3y3YwXOnpL7lcqT a5Fd0/5qmk1nuOzKRjEMCtUnzU/aI7K+2WZkYjKya5Fd0/5mk1nuOzKRjqEMCtUnzU/aI7K+2WZkYjKy gx/elWSN4FGsTFYFqaUka80JE5nh6+Iyemg3fBB+gx/elWS4FGsTFNYFqaUka80JE5nh6+Iyemg3fBB+ Xu8Ft5a25w5ikz0zYE40zRsOXNxR1XwWvwQctpJdXu8Ft5a5w25ikz0zYE40zRsOXNxR1XwWvwQctpJd uExqFq5mqnK/78Rm5QKHeCqx+FBCE8bzEGGLrnPsuExqFq5qmnK/78Rm5QKHeCqx+FBCE8bzEGGLrnPs jBH/c82tqnNYsPbnDXmmBpjbB28ictubCUo0Uw1xjBH/c82tqnNYsPbnDmmBpjbBX28ictubCUo0Uw1x aNi3fl4unaIZaafYZc39XGG974piuXJKeopozhY9aNi3fl4unaIZafYZc39XGG974piuaXJKeopozhY9 h2LyLDBX6tDCA3O471uzcGhZgsCroEfwOhXHYqLsh2LyLDBX6tDA3O471uzcGhZgsCroEfCwOhXHYqLs JpTfPogsBazHxtSObj/eg8PFkr9OQEexY3hQrHwYJpTfPogsBzHxtSObjj/eg8PFk9OQEexYa3hQrHwY QMQe9FMj2FDC/aww/7Y2/NbNJgk7txQY0SuW31UqQMQe9FM2FDC//aww/7Y2/NbNJgk7txY0SjuW31Uq Wg+kVfmkr7iFXvZ8JLowglRPbrL3I7HxKRCJps0bWg+kVfmr7iiFXvZ8JLowglRPbrL3I7HxRCkJps0b gPbiIc9Lz0uStmthw7709WqJ193E63RIhdEefGZkgPbiIc9z00uStmthw7709WqJ193E63RIhELefGZk x1sLRJSNaVaREB0Ys5YGT+qf/rA4q3AqPqZR9oHmx1sLRJSaaVaREB0Ys5YGT+qf/rA4q3AqPZNR9oHm CigpxkYJQvmOtAU8dM9quVuVTLL5OJ/Pr1+lBAfqCigpxkYQQvmOtAU8dM9qVVuVTLL5OJ/Pr+JlBAfq vw36nS4USwUipS+9HFCVG3GxmgCb9qzFuVe8Plxuvw36nS4SwUUipS+9HFCV33GxmgCb9qzuVUe8Plxu 08hcn/DfUJK5ET/qVlzdpT3XtsiH5bxSBMxBlBDe08hcn/DfJK5ET/qVlzdpTT3XtsiH5xSBMxUBlBDe L07HWjXpiaAzmy4MVOvECEWHZEcI048Ss6GhYWv1L07HWjXpiazmy4MVOvECEEWHZEcI08Ss6GAhYWv1 jhfEWd3MhVqu5+cj2wc+bH9IjbJVF+7T0rvhb9PQjhfEWd3MhVqu5cj2wc+bH+9IjbJVF+7T0rvhb9PQ Zta7VyaiuFG33DbgxVambrOUn38+61NYywr9w+T1Zta7VyauuFG33DbgxVambrOUn38+61NYyri9w+T1 XVqC0BRJwUbolBplGF+QGZvB+sDJ0DlxLm5kCM1FXVqC0BRwwUbolBplGF+QGZvB+sDJ0DlxL5JkCM1F PwBU11dPTXXIG/4JJ3I3tj6777GpQGq2b75uEyG9PwBU11dTXXIG/4JJ3I3tj6777GpQGq2b75PuEyG9 F/Y3i8zOV5eUfUWvcOqvX3CrYnkM3uMSG4SDM09RF/Y3i8zV5eUfUWvcOqvX3CrYnkM3uMSG4SODM09R 40KtkaD5DpsCWDiMCju/xhv7NImysvrWJ41Vw34m40KtkaDDDpsCWDiMCju/xhv7NImysvrWJ15Vw34m /EwHsOIXlfPCMx2BdtT21KpKK4sKUdtmwVWX7XLx/EwHsOIllfPCMx2BdtT21KpKK4sKUdtmwWXX7XLx LAzwSM9qs/JpqH0QwpJGAtwdElDoJa/4wZjPBuKALAzwSM9qs/JpqH0QwJGAtwdEplDoJa/4wZjPBuKA 0yy3qiaEgDhKW/4RvyR/2EPIo83sK+pPekKwsMki0yy3qiaEgDhKW4RvyR/2EPIo83sK/+pPekKwsMki b3z8QkPNcpjqQoS0elZKUC9GlfE61CuOkFn/u/Tnb3z8QkPNcpjQoS0elZKUC9GlfE61CuqOkFn/u/Tn 3WW3tQFMugJjZ/6JiTK/PUkwocWsSzqqpRvmp4L63WW3tQFMuJjZ/6JiTTK/PUkwoWsSzqqpgRvmp4L6 bVL70PW4j52mNlspLw+VRlQXKBgHHfxA6Tky/gL1bVL70PWj52mNNlspLw+VRlQXKBgHHfA6T4ky/gL1 1n5IXIfO/K+QW+Q87nr/sME6ktqPOfH9IEB4ZxVg1n5IXIf/K++QW+Q87nr/sME6ktqPOfH9EBO4ZxVg zlHvj6j3XDjjPd0A3hGBGjiJ8wBQUPqaPK+cYr8rzlHvj6jXDDjjPd0A3hGBGjiJ8wBQUPqaP+3cYr8r gh3iad4iE8+LA6Oebjrnb3wEJkBHC3TntXmrN5l9gh3iad4EE8+LA6Oebjrnb3wEJkBHC3TntmirN5l9 wmZtSGQrXmgamuGGSFL+RrlGE8TNIF0MaCFD/VhFwmZtSGQXXmgamuGGSFL+RrlGE8TNIF0MaFrD/VhF 7/RLb82URMAt+mLpPdGE/MS3dkpylB0JiDhLxJvB7/RLb82UMMAt+mLpPdGE/MS3dkpylB0iDRhLxJvB guGhMhq/CxXkuSKpVbQN4W3nGyP1YiRqI95BPla1guGhMhq/CxkkuSKpVbQN4W3nGyP1YRqI95XBPla1 qOZiLe4YMMxwZRV0xUMtFZI/d7auJHSwQ8AKe3/tqOZiLe4YMMxwRVV0xUMtFZI/d7auJSwQ8AZKe3/t NS1CkFOJSi3Kmdkvi44NZ8ewVzV6VAwXcaMD/AjLNS1CkFOJSi3Kmdkvi44NZ8ewVzV6VAwXcaMD/AjL P/G06WznBAw0xwedBz/2A5Ib/MYgl6jrYWM4e49XP/G06WznBAw0xwedBz/2A5Ib/MYgl6jrYWM4e49X 9fR9pWyV6JAgPKBrZdpWnx2QRD2wllj5pEzcPgX09fR9pWyV6JAgPKBrZdpWnx2QRD2wllj5pEzcPgX0 BQVR8QW/soOxK0rklcM9QPtzliRiUkhKQxQbMKilBQVR8QW/soOxK0rklcM9QPtzliRiUkhKQxQbMKil 1Vnb/gawH18Vrb85XoWISvNoEM6ANpAy9szrmhn21Vnb/gawH18Vrb85XoWISvNoEM6ANpAy9szrmhn2 Sq9SbTXftniwtfha1a1S/AwwX0bLlLu2jBSATO7ISq9SbTXftniwtfha1a1S/AwwX0bLlLu2jBSATO7I FJZTxVuRCfmRXyHnRYb80iwe6ICNta6dyNhmpc6aFJZTxVuRCfmRXyHnRYb80iwe6ICNta6dyNhmpc6a TqATR2GorrxSMvJv/9KYG9MDVvKM3Hn/fn0dMMuDTqATR2GorrxSMvJv/9KYG9MDVvKM3Hn/fn0dMMuD VYZ7GaA8DGCnqJhDKZ/wJvDrZNPLHlJnkLcQ/mC8VYZ7GaA8DGCnqJhDKZ/wJvDrZNPLHlJnkLcQ/mC8 goGjGxa1+UbH8eo9whj3ovpsAD3C4DOrt6M690HYgoGjGxa1+UbH8eo9whj3ovpsAD3C4DOrt6M690HY t5ODxCBrKBq7jnt0PbRikW8wLgj/jWOjH+fc+bVCt5ODxCBrKBq7jnt0PbRikW8wLgj/jWOjH+fc+bVC From jblake at eskimo.com Fri Jun 6 13:14:02 2003 From: jblake at eskimo.com (jonathon) Date: Fri, 6 Jun 2003 13:14:02 -0700 (PDT) Subject: SIGINT planes vs. radioisotope mapping In-Reply-To: Message-ID: On Fri, 6 Jun 2003, Tyler Durden wrote: ]>Hum. I think I'm convincing myself that an AWAC might actually be able to What about the plane taht boing makes, that is similar to AWAC, but has short stubby wings in the front? [ I have no idea what it is called, there are two at Boeing field, with us air force colors. ] xan jonathon From camera_lumina at hotmail.com Fri Jun 6 10:17:19 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 06 Jun 2003 13:17:19 -0400 Subject: SIGINT planes vs. radioisotope mapping Message-ID: Good post. Dave Emery wrote... >So communications intercepts are >necessarily targeted very narrowly, even drag net fishing is likely done >only in places where there is a real likelihood that something important >will turn up with finite effort. I'm wondering if some of those lod satellite links or other technologies might not actually be used precisely for dumping a "dragnet" over to HQ for sifting. In face, didn't the government buy the old Iridium network? What probably happens is that the government sends some commands into the PSTN (via that "emergency" channel) that drop-and-continue a TINY, carefully-selected fraction of a cities' traffic (probably pre-sifted using super-duper SAS analysis and whotnot), and then wirelessly transmits those calls to a series of sifters, the first several of which are probably computer-based, the last batch of which are human (probably a lot like a credit card operation). However, it IS interesting to think about just what might fit into an AWAC or whatever these days, given 0.13 micron (or better...who knows?) ASICs. A single shelf of Cisco 15454 gear can pretty much do whatever you want to an OC-48, though you need more shelves in order to provide the COAX terminals for the DS1s encased therein. Then again, in an AWAC they would have to send that OC-48 directly to some dedicated hardware to begin the winnowing process: looking for un provisioned lines, determining which lines have data, which voice, determinig which data is to/from ISPs,...etc...and then some SAS analysis to whittle it down to a small huntable set. Possibly an AWAC could handle several OC-48s provided there was some useful "hunting" criteria. Hum. I think I'm convincing myself that an AWAC might actually be able to perform some interesting telecom reconaissance, depending on the application, but I'm fairly certain one of the functions is NOT to try to surreptitiously scan for radiation. Interesting traffic is almost certainly sent over to an uplink from somewhere in the ground. -TD >From: Dave Emery >To: Randy >CC: cypherpunks at minder.net >Subject: Re: SIGINT planes vs. radioisotope mapping >Date: Fri, 6 Jun 2003 01:41:29 -0400 > >On Thu, Jun 05, 2003 at 11:52:14PM -0400, Randy wrote: > > I recall a few years back, a single satellite lost stability, and it >pretty > > much wiped out everyone's pagers, for > > a few days. Just my way of saying that I don't have any clue as to how >much > > point-to-point traffic may get > > relayed by a bird at some point. > > Within the continental US, very very little point to point >telephone traffic flows via satellite (hardly any in fact except a few >remaining private systems for companies and government - carriers >completely gave up satcom links about 15-20 years ago in the PSTN). The >economics don't work and people hated the delay in calls due to the >distance to the satellite. The only real exception is parts of >back country Alaska... which is still served by satellite. > > There is still some international traffic on satellites, though >mostly to remote and underdeveloped places. The great bulk of traffic >between the US and Europe and Asia is on fiber now. Satellite does >provide backup to cables if they are cut, but more and more places >have enough redundant fiber to never need to use this capability. > > Until recently, most domestic PAGER traffic did flow via >satellites because it was cheaper to get it to the towers on remote >hilltops that way than by leasing fiber or copper circuits. And indeed >when G4 died, a lot of pager transmitters had no input from the central >computers and went off the air. Nobody had really thought about what >might happen if the bird died - they had been focusing on up link and >downlink reliability instead. And in a very typical communication >screwup, some of the backups were on the same satellite. > > There has been some use of satellites for Internet IP traffic, >but again only a tiny bit compared to the flood that travels over fiber. >This is much more used for international Internet links, some of which >are on satellites. > > The major use of satellite capacity over the US is for video, >both broadcast and cable and direct to home, and for some innately >broadcast services like distributing weather data to airports and >weather forecast offices and the like. There are also some remaining >point of sale credit card verification networks on satellite because >of the reduced cost of a satellite link compared to thousands of circuits >to local gas stations or convenience stores. > > And a lot of satellite capacity gets used for mobile terminals >for video uplinks for satellite news gathering and sports back hauls and >the like. It is obviously not usually possible to provide fiber to the >scene of a major news event and only sometimes to the venues of sports >events. And the military and government uses satellite capacity to >talk to things like Navy ships and mobile command posts which aren't >in one place very long. > > Very little travels by microwave anymore in the CONUS either >(maybe a couple of percent or less of wireline telephone calls do at any >point, perhaps even less by now - mostly to backward places where >stringing fiber is hard or uneconomical). Most of the old AT&T microwave >towers that once dotted hilltops across the country have been shut down >and sold to cell operators or even private citizens seeking a remote >location for a cabin - and most of this shutdown happened by the late >80s in fact. Very very few of the towers still in existence transmit >any traffic any more or ever could again. > > > > I seem to recall that, years ago, the > > Transatlantic copper traffic entering and > > leaving the US was shot via microwave link to/from the US terminus, over >a > > bay, and allegedly there was a NSA > > farmhouse on the line-of-site path of the link. The implication being >that, > > yes, they "could" have just wired > > around the bay, but instead there was an intentional opportunity for > > interception. > > There is an interesting microwave shot from Greenhill Rhode >Island (the landing site for around a third of the transatlantic cables) >and a point in Connecticut. One may draw whatever conclusions one >likes about why this was done this way in the early 70s or so. > > I have seen an unnamed Telco insider comment on a public mailing >list that certain fiber Sonet rings linking a NJ cable landing site >(with another third or so of the cables) to a switching facility that >actually handles most of the traffic further inland have three nodes >on them instead of two. No idea why... just one of those weird things >that got built that way in construction I guess. > > > > > And I'll point out that long-haul comms to submarines are done with RF > > basically at audio frequencies, via > > buried antennas....yeah, they DO use very high power, but aircraft are > > close and don't have salt-water and > > thick earth to penetrate. > > Submarine communications use very very low (80 hz) frequencies >from buried wires for a kind of paging function that says come up and >get the nuclear war order. Actual messages are sent on VLF frequencies >(16-90 khz) which penetrate seawater better than other frequency ranges >and can be received while submerged to up to a couple hundred feet. >Antennas for this function are not buried, but gigantic towers or mile >long wires trailed from command and relay aircraft. > > Aircraft (notably the Guardrail and Rivet Joint aircraft) can >and do collect most any available radio signals they can see from flight >altitude. This allows cellphones, cordless phones, pagers, pdas, >wireless email devices, and miscellaneous two way radio signals to be >vacuumed up and some microwave links to be intercepted as well, but >none of these aircraft has ever been reported to routinely do TEMPEST >type interception of wireline traffic from incidental radiation. > > > > And if any of the copper is carrying digital data, square waves are >hugely > > rich in harmonics well up into the > > MHz bands, and would therefore tend to radiate better from any >above-ground > > wires between poles, possibly > > even roadside pedestals. > > > Actually FCC rules require things be built NOT to radiate all >that much because of interference to licensed services using precious >spectrum, so most wire communications devices fiber and copper radiate >very very little energy. Part of this is due to the cancellation effect >of energy flowing in balanced transmission lines, and part due to >filtering and shielding. > > And there are myriads and myriads of information streams flowing >in typical aerial cables - even if the energy could be detected at a >distance (which it can't due to the impact of the inverse square law) it >would be nearly impossible to sort out the impulses from one circuit >from those of all the others in the same cable. > > > > And I've seen alot of RF off of traditional CATV coax; don't know if > > fiber-optic cable systems might ultimately > > have any tie-in to the coaxial feed to/from the headend. > > > Cable TV systems have rather high level VHF and UHF rf flowing >in them. There is constant problem for cable companies with corrosion >and damage to the wires causing some of this energy to leak out and be >radiated and cause interference to licensed services on the same >frequencies. Cable companies spend lots of dollars going around looking >for and fixing these problems in order to avoid fines and other legal >action by the FCC and FAA. > > Modern cable companies use fiber optics to transmit the signals >from the headend where the satellite dishes and antennas are to a >neighborhood where they are converted from optical to rf on copper and >distributed locally. > > And optical fiber does not radiate at all at radio frequencies. >The only source of rf radiation in fiber optic systems is the >electronics at either end which convert the light into electrical >signals for local use. > > One problem that most naive paranoid types completely fail to >grasp is the titanic volume of modern communications. The flow is so >overwhelming that only a powerful God could possibly process it all to >find interesting material. The entire federal budget could not pay >enough humans to screen and analyze ALL the electonic communications of >even a medium size city in 2003. So communications intercepts are >necessarily targeted very narrowly, even drag net fishing is likely done >only in places where there is a real likelihood that something important >will turn up with finite effort. > > The notion that an all powerful big brother is listening to >everything and capturing everything just is not realistic, and a very >very high percentage of what does get captured is never looked at or >listened to or even stored for very long. > > Which of course is why traffic analysis and transaction analysis >and social network discovery is far more important than flying airplanes >around trying to collect incidental radiation from local copper T1 >lines. Knowing who calls or emails who makes it possible to find the >needles which you want to monitor in the vast haystacks. Thus there is >a much greater probability that records of your calls and IP traffic >addresses are looked at for patterns and association with known bad guys >than that someone is actually listening to or reading your traffic >looking for the word bomb. > > >-- > Dave Emery N1PRE, die at die.com DIE Consulting, Weston, Mass 02493 >PGP fingerprint 1024D/8074C7AB 094B E58B 4F74 00C2 D8A6 B987 FB7D F8BA 8074 >C7AB _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus From lynn at garlic.com Fri Jun 6 12:34:41 2003 From: lynn at garlic.com (Anne & Lynn Wheeler) Date: Fri, 06 Jun 2003 13:34:41 -0600 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: References: <3EDE1D79.8791.1B477836@localhost> <3EDD06EF.2850.17076FA5@localhost> <3EDE1D79.8791.1B477836@localhost> Message-ID: <4.2.2.20030606130542.034dc680@mail.earthlink.net> At 04:42 PM 6/4/2003 -0700, Eric Rescorla wrote: >Nonsense. One can simply cache the certificate, exactly as >one does with SSH. In fact, Mozilla at least does exactly >this if you tell it to. The reason that this is uncommon >is because the environments where HTTPS is used >are generally spontaneous and therefore certificate caching >is less useful. there are actually two scenarios .... one is to pre-cache it (so that its transmission never actually has to happen) and the other is to compress it to zero bytes. detailed discussion of certificate pre-caching and certificate zero byte compression: http://www.garlic.com/~lynn/ansiepay.htm#aadsnwi2 the typical use for HTTPS for e-commerce is to hide the account number on its way to the financial institution. for the most part the merchant is primarily interested in the response from the consumer's financial institution on whether or not the merchant gets paid. If it weren't for the associated business processes, the merchant could get by with never knowing anything at all about the consumer (the merchant just passes the account number on ... and gets back what they are really interested in .... the notification from the bank that they will get paid). So a HTTPS type solution is that the consumer pre-caches their bank's certificate (when they establish a bank account). .... and they transmit the account number "hidden" using the bank's public key. This happens to pass thru the merchants processing .... but for purposes of the authorization, the merchant never really has to see it. The protocol would require minor issues of replay attacks .... and be able to be done in a single round trip .... w/o all the SSL protocol chatter. Actually, is isn't so much pre-caching their bank's certificate .... as loading their bank's public key into a table .... analogous to the way CA public keys are loading into tables (aka using out-of-band processing .... the convention that they may be self-signed and encoded in a certificate format is an anomoly of available software and in no way implies a PKI). The primary purpose of HTTPS hasn't been to have a secure channel with the merchant, the primary purpose of the HTTPS is to try and hide the consumer's account number as it makes its way to the consumer's financial institution. The other solution is the X9.59 standard (preserve the integrity of the financial infrastructure for all electronic retail payments, not just internet, not just POS, not just credit, ALL; credit, debit, stored value, etc) that creates authenticated transactions and account numbers that can only be used in authenticated transaction. The consumer's public key is registered in their bank account (out of band process, again no PKI). X9.59 transactions are signed and transmitted. Since the account number can only be used in authenticated transactions .... it changes from needing encryption to hide the value as part of a shared-secret paradigm to purely a paradigm that supports integrity and authentication. As in the above, scenario, the merchant passes the value thru on its way to the consumer's financial institution; and is focused on getting the approved/disapproved answer back about whether they will be paid. As in the bank HTTPS scenario where the bank's pubilc key is pre-cached at the consumer, the pre-caching of the consumer's public key is pre-cached at the bank .... involves no PKI business processes (although their may be some similarities that the transport of the public key involves encoding in a certificate defined format). misc. x9.59 refs: http://www.garlic.com/~lynn/index.html#x959 Both pre-caching solutions are between the business entities that are directly involved; the consumer and the consumer's financial institution based on having an established business relationship. The invention of PKI was primarily to address the issue of an event between two parties that had no prior business relationship and possibly weren't going to have any future business relationship and that they would conclude their business relying on some mutual trust in the integrity of a 3rd party w/o actually having to resort to an online environment. The e-commerce scenario is that there is real-time, online transaction with the trusted 3rd party (the consumer's financial institution) involving prior business relationship. This negates the basic original assumptions about the environment that PKIs are targeted at addressing. -- Anne & Lynn Wheeler http://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From ekr at rtfm.com Fri Jun 6 14:16:34 2003 From: ekr at rtfm.com (Eric Rescorla) Date: 06 Jun 2003 14:16:34 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <200306051011.h55ABjv21031@medusa01.cs.auckland.ac.nz> References: <200306051011.h55ABjv21031@medusa01.cs.auckland.ac.nz> Message-ID: pgut001 at cs.auckland.ac.nz (Peter Gutmann) writes: > Bodo Moeller writes: > > >Using an explicit state machine helps to get code suitable for multiplexing > >within a single thread various connections using non-blocking I/O. > > Is there some specific advantage here, or is it an academic exercise? Some > quirk of supporting certain types of hardware like nCipher boxes that do async > crypto/scatter-gather? I've had to do this on environments where threads weren't a viable option. See, for instance, my paper from USENIX Security 2002. -Ekr -- [Eric Rescorla ekr at rtfm.com] http://www.rtfm.com/ From mv at cdc.gov Fri Jun 6 14:27:36 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 06 Jun 2003 14:27:36 -0700 Subject: SIGINT planes vs. radioisotope mapping Message-ID: <3EE10748.64CB3473@cdc.gov> t 10:23 AM 6/6/03 -0700, Tim May wrote: >I certainly never implied in any way that a simple G-M tube would be >useful for this. Implicit in my radioistope mapping comment was that a >gamma ray spectrometer would be used. > >And note that this is just what can be easily bought on the open >market...N.E.S.T. (Nuclear Emergency Search Team) and similar LEO >people almost certainly have more miniaturized detector setups. Indeed, there is a group of GeigerCounterEnthusiasts on Yahoo whose members have/make this kind of thing. You use scintillation plastic & photomultiplier tubes; you can get these on eBay. Sometimes they mount their detectors in cars and find that some sections of roads are hotter than background, or a hot railroad car. >For this I used a pair of large sodium >iodide crystals which also show up on eBay >mode that resulted in a pair of gammas sent out in opposite directions. Also the principle behind PET scans. Mr. positron meets Ms. electron, and bang, two little Gammas carry the momentum away... GM tubes use avalanche to amplify; the scintillators, NaI, semiconductor junctions measure analogue energy, so you get an energy spectrum. Add a few comparators and a logic gate and you get a channel. ... Pierre Curie didn't die from radiation poisoning, he was hit by a horse drawn cart From iang at systemics.com Fri Jun 6 11:30:04 2003 From: iang at systemics.com (Ian Grigg) Date: Fri, 06 Jun 2003 14:30:04 -0400 Subject: Maybe It's Snake Oil All the Way Down References: <5.2.0.9.0.20030603175734.045fa8b0@pop.ix.netcom.com> <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> <5.2.0.9.0.20030603175734.045fa8b0@pop.ix.netcom.com> <5.2.0.9.0.20030604180546.04576990@pop.ix.netcom.com> Message-ID: <3EE0DDAC.20912752@systemics.com> John Kelsey wrote: > So, what can I do about it, as an individual? Make the cellphone companies > build good crypto into their systems? Any ideas how to do that? Nope. Cellphone companies are big slow moving targets. They get their franchise from the government. If the NSA wants weak crypto, they do weak crypto. There is literally no point in hoping the cell phone company - or any large franchise holder - will help you in your fight against big brother. OTOH, what you can do is argue for reasonable crypto. (Similar to GSM's. That is hard to attack, there is AFAIR no 'trival' attack, you have to get access to the SIM or you have to probe the phone with another phone over a period of hours. I.e., the attacker leaves tracks, and he does so in a way that will move him on to another mode of tapping, such as purchasing a straight listening device.) Now, it seems that the US standards didn't get even that. There's definately a case for arguing for better crypto in the US. And, market forces and all that, one would think that this would happen in due course. But arguing for strong crypto end-to-end - save your breath. John Kelsey (paraphrased): > The only way I can see getting decent security [in any application] is to do > something that doesn't require the rest of the world's permission or > assistance. (I edited the above to broaden the assert!) Opportunistic crypto - that which uses the tools immediately available and delivers crypto that is the best available right now - is the only crypto that will work for *you* the user in any application. Anything that defers security off to some external party has a result of slowing or killing the application, or delivering less or no security than if you'd gone ahead in the first place. This isn't saying anything new. It's the Internet, after all. On the Internet, one doesn't ask for permission to participate. That's no accident, it's a core reason for its arisal. Any protocol that has a step of "now ask for permission" is, IMHO, breaking one of the major principles of the Internet. > ... I > have an old Comsec 3DES phone at home. It's nice technology. I think I've > used it twice. If you're not a cryptographer or a cocaine smuggler, you > probably don't know anyone who owns an encrypting phone or would > particularly want to. Even if you'd like to improve your own privacy, you > can't buy an end-to-end encrypting phone and improve it much. That's what > I'd like to see change. I guess there's no reason why you couldn't load up speakfreely on a custom Unix box with a flashed OS, put in the USB headset, and sell it as an end to end encrypting phone. The software's all free, a cheap machine is $300 at Walmart, some enterprising crypto guy could ship out a network appliance for $500. (Or, put it in a PDA that's got the right hooks?) Half the price of your old Comsec, wasn't it selling for $1000? -- iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From bob.cat at snet.net Fri Jun 6 11:47:34 2003 From: bob.cat at snet.net (BobCat) Date: Fri, 6 Jun 2003 14:47:34 -0400 Subject: SIGINT planes vs. radioisotope mapping References: <8AD11497-9843-11D7-88B5-000A956B4C74@got.net> Message-ID: <005a01c32c5c$1bf60ff0$7eeafc40@Leopard> From: "Tim May" > I certainly never implied in any way that a simple G-M tube would be > useful for this. Implicit in my radioistope mapping comment was that a > gamma ray spectrometer would be used. > The rest of the assembly, even 20 years ago, was mostly portable: the > germanium detector head, some preamps and pulse-height analyzers, and a > multichannel analyzer. Most of this stuff is now done on laptops, the > MCA and analysis software part. Without researching this on the Net, I > would thus conjecture the entire gamma ray spectrometer could fit in a > small carry-on case, using a small dewar. http://www.giscogeo.com/pages/radgf260.html DIMENSIONS AND WEIGHT: 27x13x18 cm, 2.8 kg There's a bunch more http://www.alltheweb.com/search?cat=web&cs=utf-8&type=phrase&q=portable%20gamma%20ray%20spectrometer%20 From tim at dierks.org Fri Jun 6 12:04:49 2003 From: tim at dierks.org (Tim Dierks) Date: Fri, 06 Jun 2003 15:04:49 -0400 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EDE43EB.29325.1BDDA647@localhost> References: <3EDE1D79.8791.1B477836@localhost> Message-ID: <6.0.0.9.2.20030606145813.04ac4850@127.0.0.1> At 10:09 PM 6/4/2003, James A. Donald wrote: >Eric Rescorla > > Nonsense. One can simply cache the certificate, exactly as > > one does with SSH. In fact, Mozilla at least does exactly > > this if you tell it to. The reason that this is uncommon is > > because the environments where HTTPS is used are generally > > spontaneous and therefore certificate caching is less useful. > >Certificate caching is not the problem that needs solving. The >problem is all this spam attempting to fool people into logging >in to fake BofA websites and fake e-gold websites, to steal >their passwords or credit card numbers I don't think this problem is easier to solve (or at least I sure don't know how to solve it). It seems to me that you could tell a user every time they go to a new site that it's a new site, and hope that users would recognize that e-g0ld.com shouldn't be "new", since they've been there before. However, people go to a large enough number of sites that they'd be seeing the "new" alert all the time, which leads me to believe that it wouldn't be taken seriously. Fundamentally, making sure that people's perception of the identity of a web site matches the true identity of the web site has a technical component that is, at most, a small fraction of the problem and solution. Most of it is the social question of what it means for the identity to match and the UI problem of determining the user's intent (hard one, that), and/or allowing the user to easily and reliably match their intent against the "reality" of the true "identity". Any problem that has as a component the fact that the glyphs for "lower-case L" and "one" look pretty similar isn't going to be easy to solve technologically. - Tim From jamesd at echeque.com Fri Jun 6 16:24:44 2003 From: jamesd at echeque.com (James A. Donald) Date: Fri, 6 Jun 2003 16:24:44 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <4.2.2.20030604174233.00cace00@mail.earthlink.net> References: <3EDE1D78.2422.1B4777E6@localhost> Message-ID: <3EE0C04C.32242.2594192F@localhost> -- On 4 Jun 2003 at 20:58, Anne & Lynn Wheeler wrote: > it is relatively trivial to demonstrate that public keys can > be registered in every business process that currently > registers shared- secrets (pins, passwords, radius, kerberos, > etc, etc) I don't think so. Suppose the e-gold, to prevent this sea of spam trying to get people to login to fake e-gold sites, wanted people to use public keys instead of shared secrets, making your secret key the instrument that controls the account instead of your shared password. They could not do this using the standard IE webbrowser. They would have to get users to download a custom client, or at least, like hushmail, a custom control inside IE. HTTPS assumes that the certificate shall be blessed by the administrator out of band, and has no mechanism for using a private key to establish that a user is simply the same user as last time. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG q1a1Whb1YeRws7qoDm6h15qfDstFHciUyP2I4fte 42lCFXf0IqXfh5Mz2mFtznxv6N40EuqpKvQJhLBgS From jamesd at echeque.com Fri Jun 6 17:24:55 2003 From: jamesd at echeque.com (James A. Donald) Date: Fri, 06 Jun 2003 17:24:55 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <6.0.0.9.2.20030606145813.04ac4850@127.0.0.1> References: <3EDE43EB.29325.1BDDA647@localhost> Message-ID: <3EE0CE67.32442.25CB3263@localhost> -- James A. Donald: > > Certificate caching is not the problem that needs solving. > > The problem is all this spam attempting to fool people into > > logging in to fake BofA websites and fake e-gold websites, > > to steal their passwords or credit card numbers On 6 Jun 2003 at 15:04, Tim Dierks wrote: > I don't think this problem is easier to solve (or at least I > sure don't know how to solve it). It is a hard problem with many well known solutions, none of which have to my knowledge been implemented in HTTPS. For example one can use SPEKE, in which case setting up the account involves sharing (or issuing) a password, but logging in to the account does not require one to reveal the password to the site where one is logging in. In this case the fake website would gain no useful information by luring the user to login to it. The most HTTPS like solution would be to generate a keyfile containing a self signed private key on one's computer, and whenever one hit the website, it would do the HTTPS handshake to log you in to that website's account for the public key corresponding to your private key, however HTTPS does not seem to directly support this model. In this case the bogus web site could log you in, but this would not leak any information that would enable the operators of the bogus web site to login to the real web site. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG /JhekrYM+sQCMQKXhiWzhB3RnOv6PZROgxYwprXj 4LHJfuGlcn7fO4tcfo20/t0cdEy/HyK++XiBVvMFy --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From shaddack at ns.arachne.cz Fri Jun 6 08:26:03 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 6 Jun 2003 17:26:03 +0200 (CEST) Subject: SIGINT planes vs. radioisotope mapping In-Reply-To: Message-ID: On Wed, 4 Jun 2003, Trei, Peter wrote: > It appears that they can't tell the medical isotopes from others.... They have no chance to distinguish isotope type with just a plain Geiger. For an identification, they would need a gamma spectrometer, which is a toy that AFAIK is not yet portable and cheap enough for mass deployment. From lynn at garlic.com Fri Jun 6 16:45:35 2003 From: lynn at garlic.com (Anne & Lynn Wheeler) Date: Fri, 06 Jun 2003 17:45:35 -0600 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EE0C04C.32242.2594192F@localhost> References: <4.2.2.20030604174233.00cace00@mail.earthlink.net> <3EDE1D78.2422.1B4777E6@localhost> Message-ID: <4.2.2.20030606173139.03505100@mail.earthlink.net> At 04:24 PM 6/6/2003 -0700, James A. Donald wrote: >I don't think so. ??? public key registered in place of shared-secret? NACHA debit trials using digitally signed transactions did it with both software keys as well as hardware tokens. http://internetcouncil.nacha.org/News/news.html in the above scroll down to July 23, 2001 ... has pointer to detailed report? X9.59 straight forward establishes it as standard .... with some activity moving on to ISO http://www.garlic.com/~lynn/index.html#x959 pk-init draft for kerberos specifies that public key can be registered in place of shared secret. following has demo of it with radius with public keys registered in place of shared-secret. http://www.asuretee.com/ the radius implementation has been done be a number of people. in all of these cases, there is change in the business process and/or business relationship .... doesn't introduce totally unrelated parties to the business activities. the is digital signing on the senders side (actually a subset of existing PKI technology) and digital signature verification on the receivers side (again a subset of existing PKI technology). To the extent that there is impact on existing business process ... it is like in the case of introducing x9.59 authentication for credit transactions that have relatively little authentication currently .... and as a result would eliminate major portion of the existing credit card transaction related fraud. The big issue isn't the availability of the technology ... although there is a slight nit in the asuretee case being FIPS186-2, ecdsa .... and having support in CAPI and related infrastructures. It not working (easily) is like when my wife and I were doing the original payment gateway .... with this little client/server startup in menlo park (later moved to mountain view and have since been bought by AOL) and people saying that SSL didn't exist ... misc ref from the past http://www.garlic.com/~lynn/aadsm5.htm#asrn2 http://www.garlic.com/~lynn/aadsm5.htm#asrn3 -- Anne & Lynn Wheeler http://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From iang at systemics.com Fri Jun 6 15:08:34 2003 From: iang at systemics.com (Ian Grigg) Date: Fri, 06 Jun 2003 18:08:34 -0400 Subject: Maybe It's Snake Oil All the Way Down References: <200306040432.h544WNQ03298@medusa01.cs.auckland.ac.nz> <20030604074048.A13661@slack.lne.com> Message-ID: <3EE110E2.F2DA76AB@systemics.com> Derik asks the pertinant question: > The question is: how do we convince M$ and Netscape to include something > else in their software? If it's not supported in IE, then it wont be > available to the vast majority of users out there. My view, again, IMHO: ignore Microsoft. Concentrate on the open source solutions: KDE, Mozilla, Apache. These groups will always lead in security, because they are not twisted by institutional conflicts; they can examine historical security model from the point of view of interested professionals, rather than commercial actors trying to preserve this or that revenue stream. The trick is to understand whether HTTPS as it currently is can be improved. If it can, then those above guys can do it. Once the improvements are shown to work, Microsoft will follow along. They are a follower company, not an innovator, and they need to see it work in practice before doing anything. As Derik suggests, the vast majority of users will have to wait. Along those lines, there's one piece of excellent news: Eric Rescorla wrote: > One can simply cache the certificate, exactly as > one does with SSH. In fact, Mozilla at least does exactly > this if you tell it to. That's fantastic! I never knew that. How does one set that option on Mozilla? (I'm using 5.0 / 1.3.1.) -- iang From hseaver at cybershamanix.com Fri Jun 6 16:44:54 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Fri, 6 Jun 2003 18:44:54 -0500 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EE110E2.F2DA76AB@systemics.com> References: <200306040432.h544WNQ03298@medusa01.cs.auckland.ac.nz> <20030604074048.A13661@slack.lne.com> <3EE110E2.F2DA76AB@systemics.com> Message-ID: <20030606234454.GA14383@cybershamanix.com> On Fri, Jun 06, 2003 at 06:08:34PM -0400, Ian Grigg wrote: > Derik asks the pertinant question: > > The question is: how do we convince M$ and Netscape to include something > > else in their software? If it's not supported in IE, then it wont be > > available to the vast majority of users out there. > > My view, again, IMHO: ignore Microsoft. Concentrate > on the open source solutions: KDE, Mozilla, Apache. Mozilla already has a pretty neat interface to gnupg, called Enigmail. See http://enigmail.mozdev.org/ -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From jal at jal.org Fri Jun 6 19:08:57 2003 From: jal at jal.org (Jamie Lawrence) Date: Fri, 6 Jun 2003 21:08:57 -0500 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EE0C04C.32242.2594192F@localhost> References: <3EDE1D78.2422.1B4777E6@localhost> <3EE0C04C.32242.2594192F@localhost> Message-ID: <20030607020857.GA18513@jal.clueinc.net> On Fri, 06 Jun 2003, James A. Donald wrote: > Suppose the e-gold, to prevent this sea of spam trying to get > people to login to fake e-gold sites, wanted people to use > public keys instead of shared secrets, making your secret key > the instrument that controls the account instead of your shared > password. Why does e-gold have any interest in what people do on other sites? > HTTPS assumes that the certificate shall be blessed by the > administrator out of band, and has no mechanism for using a > private key to establish that a user is simply the same user as > last time. Yes. There's a virtue there. Knowing a secure channel exists is frequently more important than who is on the other line. For example, What's my favorite brand of lighter? You live in a Bob's cold, dark cave, where you hate life. Insert water dripping and scabs until you're amused. You have the chance to contact, and maybe move to, Alice's bright, warm cave. Sounds good to you. How to authenticate the offer? Replay various notions of various fiction writers, here. The problem is interesting. Solved, but interesting. Very few folks have reason to help you authenticate them. Deal. Even if people don't understand what https (and ssl) do, they still serve a purpose. Even if it isn't the one you wanted solved. And if there were a problem worth solving, would it be unsolved? I'll refrain from asking how many people use digsigs, and what that solves. Only because that's rude. None of this solves life for average banking customers, but I think "this" is something that "they" are willing to ignore. Most people seem to trust one another. What do you do? -j -- Jamie Lawrence jal at jal.org "The sign that points to Boston doesn't have to go there." - Max Scheler From daw at mozart.cs.berkeley.edu Fri Jun 6 17:52:27 2003 From: daw at mozart.cs.berkeley.edu (David Wagner) Date: 7 Jun 2003 00:52:27 GMT Subject: Maybe It's Snake Oil All the Way Down References: <5.2.0.9.0.20030603175734.045fa8b0@pop.ix.netcom.com> <5.2.0.9.0.20030603175734.045fa8b0@pop.ix.netcom.com> <5.2.0.9.0.20030604180546.04576990@pop.ix.netcom.com> <3EE0DDAC.20912752@systemics.com> Message-ID: Ian Grigg wrote: >(Similar to GSM's. That is hard to attack, >there is AFAIR no 'trival' attack, [...] Just wait a little while. By the way, one can already buy fake base stations that mount man-in-the-middle attacks on GSM as a way to eavesdrop on GSM calls. It's off the shelf, but it costs ridiculous amounts of money. >Now, it seems that the US standards didn't get >even that. Right. The major barrier is the need for a digital scanner (which indeed is a major barrier against certain threat models, but not a barrier for other threat models). >And, market forces >and all that, one would think that this would >happen in due course. I'm less optimistic. Market forces being what they are, one would expect that one would quickly get cellphones that are *claimed* and *perceived* to be more secure, regardless of their true merits or demerits. Oh wait, that already happened. From davidson at net1.net Sat Jun 7 02:03:02 2003 From: davidson at net1.net (Jim Davidson) Date: Sat, 7 Jun 2003 04:03:02 -0500 Subject: Micropayments and the incentive program at e-gold In-Reply-To: Message-ID: Dear Friends, James A. Donald points out that tens of thousands of micropayments are being made on the e-gold system every day. If we assert that less than a tenth of a gram of gold is a micropayment, then the web page http://www.e-gold.com/stats.html gives us some information. Spend size quantity value involved 0 mg - 1 mg 6959 (Total: 5.60 g) 1 mg - 10 mg 4854 (Total: 23.73 g) 10 mg - 100 mg 21825 (Total: 1.04 kg) A question arises, where do these events come from? Mr. Donald offers the thought that the spends involve the e-gold incentive program, but thinks some other activities such as per-click micropayments for banner ads might be involved. He writes, "Some proportion of these payments must be e-gold's own referral scheme." JP May offers the thought that the HYIP or "neoteric gaming" or, in my view, Ponzi scheme activity may be the major factor. Let's talk a bit about those events. Every time a spend takes place at e-gold.com, there are several activities which report through. First, an account holder authorizes a spend of metal (we'll stick with gold in this example) from his account to another account. Second, e-gold.com records a "payment receive fee" against the account of the person receiving the payment in the amount of 1% of the amount spent, capped at 50 cents. Third, e-gold.com captures half of this receive fee and divides the other half between two other accounts: the account which sponsored the spender and the account which sponsored the receiver. However, I don't believe that payment receive fees, spender-sponsor incentive fees, or receiver-sponsor incentive fees can be involved in *any* of these micropayments. Why not? If that were true, then every user initiated spend event would generate two or three automatic spend events on the e-gold system. A user-initiated spend would generate two auto-spends in the form of incentive fees to the sponsors of the spender and the receiver. It would generate those two plus a payment receive fee spend to the e-gold account. However, that would only represent the situation if the number of e-gold spends were always evenly divisible by three or four. Since the number of spends I see right now is 72470, and that number isn't evenly divisible by three nor by four, I think the incentive program cannot be involved in the "spends" figure. Help me out here, Jay Wherley or Jim Ray, if you would, since you guys at e-gold know the whole story. I think "spends" is user-initiated events, and that *none* of the incentive payments are counted as spends. That makes sense, since if the incentive payments were "spends" on the e-gold system, they would incur payment receive fees, and generate further incentive fees, in a rather recursive fashion - an infinite loop. What's more, they would show up in "payments received" in the account history, whereas they show up only in the "incentive fees" history. And, the number of spends, if incentive fees are counted, would have to be invariably a number evenly divisible by three, which is not the case in the instance cited here. So, it is just a total non-starter. The e-gold incentive program is not a part of the "spends" figure on the stats.html page at e-gold.com. Next we have to ask whether micropayments arise as a part of the Ponzi activities. That may be true, since we can suppose that Ponzi operators would want to provide incentive payments to these jerks who violate the e-gold user agreement and keep sending spam around. If there were not incentive fees paid to spammers, there would be no reason for the spammers to spam, QED. Thus, I suppose that if a Ponzi scheme takes in, say, $25, it pays out to the referrer some fee like $1 or twenty-five cents. I'd have to be a lot more interested in Ponzis to do the research on this matter. Based on the fact that spams which promote Ponzis are sent out, even though the account holder risks losing his account if the spam is reported to abuse at e-gold.com (see the account user agreement), then there must be some sort of incentive payment involved. As the spams are a form of advertising, and as there are probably opt-in lists for Ponzis and web sites describing various Ponzis, I do agree with Mr. Donald that "these are mostly ... payments for ads" though I suspect they are on a commission-only basis rather than on a per-click-through basis in most instances. Finally, we have the question of "anonymity." Mr. Donald says, "These are non anonymous, in that e-gold can link payer to payee, but anonymous in that it laborious to link e-gold account numbers to true names." I agree with the first half of this comma splice sentence. These payments are not anonymous. The payer knows whose account is being paid, and the payee knows where the payment came from. Since the e-gold.com system records an account history, and since those records are kept in one of the most litigious jurisdictions on Earth (the USA), any prosecutor or defense attorney or other party equipped with a court order can get account histories. There is no privacy to the system, certainly not in comparison to a wholly offshore-hosted system like GoldMoney.com or 1MDC. However, there is the e-gold.com registration process, which allows anyone with a working e-mail address to get set up with an e-gold account. Thus, accounts may be pseudonymous, or opened with a pseudonym. They might even be opened with fake IDs or the like, depending on what sort of due diligence gets imposed by e-gold.com. Nevertheless, pseudonyms can be penetrated. Not easily, as Mr. Donald points out, but with some effort, I think. That's especially true where some exchange provider converts one of the e-gold account holder's gold to some other form of funds. The payment to the exchanger is in the e-gold account history. Most exchangers have web sites where there locations can be found, and all can be located by anyone offering to buy gold from an exchanger because some coordinates for a wire or a money order are going to be forthcoming. Then it is only a matter of a court order to get that exchanger's record of where the payment was sent. Even if that is only an intermediary account, further record searches can be undertaken to track the pseudonym back to some individual. Of course, if the account holder uses an exchanger in a different jurisdiction, or runs several accounts in series so that there is an e-gold > exchanger > bank > e-gold > exchanger > bank series before the recipient gets his funds, the problem can be made more difficult, especially if the exchangers and banks in the series are in different countries. Finally, I suspect that a large percentage, perhaps 20% of all spends involve an exchange provider. Given that the total inventory of e-gold turns over in less than a week, I think a lot of account holders are replenishing their accounts with gold from exchangers. Some exchangers may be paying incentive fees, too. Regards, Jim http://www.ezez.com/ From anonymous at remailer.metacolo.com Fri Jun 6 23:06:29 2003 From: anonymous at remailer.metacolo.com (Anonymous Sender) Date: Sat, 7 Jun 2003 06:06:29 +0000 (UTC) Subject: Maybe It's Snake Oil All the Way Down Message-ID: <096f579cc569b417609782e2a26e7a64@remailer.metacolo.com> James A. Donald writes: > Suppose the e-gold, to prevent this sea of spam trying to get > people to login to fake e-gold sites, wanted people to use > public keys instead of shared secrets, making your secret key > the instrument that controls the account instead of your shared > password. > > They could not do this using the standard IE webbrowser. They > would have to get users to download a custom client, or at > least, like hushmail, a custom control inside IE. Why do you say that? You were already given pointers to how they could configure their web servers to use certificate based client authentication. These techniques work with standard browsers. I have used Netscape to access corporate-internal sites which required me to have a client certificate. > HTTPS assumes that the certificate shall be blessed by the > administrator out of band, and has no mechanism for using a > private key to establish that a user is simply the same user as > last time. HTTPS is just HTTP over SSL/TLS. It says nothing about the trust model for the certificates; it merely specifies how each side can deliver its cert(s) to the other side. Deciding which ones to trust is out of scope for TLS or HTTPS. E-Gold could set things up to allow its customers to authenticate with certs issued by Verisign, or with considerably more work it could even issue certs itself that could be used for customer authentication. Why doesn't it do so? Well, it's a lot of work, and it would have some disadvantages - for one thing, customers would have difficulty accessing their accounts from multiple sites, like at home and at work. Further, it would require customers to use some features of their browser that most of them have never seen, which is going to be difficult and error-prone for most users. From jrw at e-gold.com Sat Jun 7 06:19:33 2003 From: jrw at e-gold.com (Jay W.) Date: Sat Jun 7, 2003 06:19:33 US/Central Subject: [dgc.chat] Micropayments and the incentive program at Message-ID: e-gold Reply-To: > I realize you have explained this at least 10 times, every time it > comes up every few months, but I alwasy forget and like hearing it > over and over :-) then hopefully this post is a paroxysm of joy for you JP! ;) : the deduction of the e-gold spend fee is not included in velocity numbers. the distribution of any incentive payments per http://www.e-gold.com/unsecure/incentive.htm is not included in velocity numbers. the *only* thing counting as a "spend" in "e-metal spends" is an e-metal spend (aka payment) from one account to another initiated by a user doing one of: a) manually signing into his account and performing a "Spend" b) checking out at a merchant using e-gold SCI c) using phone access to make a spend d) using a program and the e-gold Automation Interface to make a spend those velocity numbers are totals for the amounts users are spending to other users. they do not include any other thing like fees, storage charges, or incentive payments. http://stats.e-gold.com possibly the most informative, accurate and timely economic statistics on earth - possibly the universe!! ;) subscribe: send blank email to dgcchat-join at lists.goldmoney.com unsubscribe: send blank email to dgcchat-leave at lists.goldmoney.com digest: send an email to dgcchat-request at lists.goldmoney.com with "set yourname at yourdomain.com digest=on" in the message body --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From davidson at net1.net Sat Jun 7 04:40:31 2003 From: davidson at net1.net (Jim Davidson) Date: Sat, 7 Jun 2003 06:40:31 -0500 Subject: [dgc.chat] Micropayments and the incentive program at e-gold In-Reply-To: Message-ID: Dear James, Jay Wherley is the head tech guy at e-gold.com so wwe can rely on his views below. The incentive payments and the payment receive fee are not counted as "spends" for the statistics on the e-gold.com/stats.html page. One correspondent suggested to me that there may be one or more "spread spectrum" accounts. The way such an account would work is that a 'bot would create 10,000 e-gold accounts. Other software for bulk payments would be used to spend one ten thousandth of each payment from each of these accounts to the intended recipient. Why do so? Doing so would diversify the risk of any one account being closed, make the process of tracking the account history data much harder for prosecutors and others with court orders, and generally enhance privacy to some extent. Of course, this idea was indicated as a chimera, something that has been discussed but no one knows if anyone has ever implemented it. Meanwhile, I suggest a few games of poker at http://8715605.thegoldcasino.com I hope this message has been helpful. Jay's detailed response below. Regards, Jim http://www.ezez.com/ From discord-nobody at erisiandiscord.de Sat Jun 7 02:05:50 2003 From: discord-nobody at erisiandiscord.de (Anonymous) Date: Sat, 7 Jun 2003 11:04:50 +0159 (CEST) Subject: PGP8 paranoia ? Message-ID: <0d11199429b0e2b56c586c9900e2777b@erisiandiscord.de> PGP 8 on XP declares all public (encrypting) keys created by 2.6.2 in 1998 or earlier to have "revoked user ID" and will not encrypt with them. 1999 keys work. A bug or strong keys ? From jamesd at echeque.com Sat Jun 7 12:43:39 2003 From: jamesd at echeque.com (James A. Donald) Date: Sat, 7 Jun 2003 12:43:39 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <096f579cc569b417609782e2a26e7a64@remailer.metacolo.com> Message-ID: <3EE1DDFB.12030.29F00BC5@localhost> -- James A. Donald: > > Suppose the e-gold, to prevent this sea of spam trying to > > get people to login to fake e-gold sites, wanted people to > > use public keys instead of shared secrets, making your > > secret key the instrument that controls the account instead > > of your shared password. > > > > They could not do this using the standard IE webbrowser. > > They would have to get users to download a custom client, > > or at least, like hushmail, a custom control inside IE. Anonymous > Why do you say that? You were already given pointers to how > they could configure their web servers to use certificate > based client authentication. That is a solution to a completely different problem. Using that method the administrator would have to set up each client, which is impractically expensive and inconvenient unless administrator and customer meet personally and their computers are in the same office. The point is that the customer should be able to set himself up, as he does on e-gold, hotmail, hushmail, etc, and that if subsequently he is fooled into logging on to a fake site this should do no harm. James A. Donald: > > HTTPS assumes that the certificate shall be blessed by the > > administrator out of band, and has no mechanism for using a > > private key to establish that a user is simply the same > > user as last time. Anonymous > HTTPS is just HTTP over SSL/TLS. It says nothing about the > trust model for the certificates; it merely specifies how > each side can deliver its cert(s) to the other side. Deciding > which ones to trust is out of scope for TLS or HTTPS. You cannot use https to implement the trust model that hotmail and everyone else uses. In that sense it does say something about the trust model. It assumes they are subject to hierarchical validation, which e-gold passwords and hotmail passwords are not. hotmail passwords merely show it is the same guy logging in. You cannot use https to do this. It is designed to show it is the guy blessed by the administrator logging in. > E-Gold could set things up to allow its customers to > authenticate with certs issued by Verisign, or with > considerably more work it could even issue certs itself that > could be used for customer authentication. Why doesn't it do > so? Because that is not the trust model they or hotmail want to implement. They don't want true names, and they do not want, and cannot afford, the very great overheads associated with true names. To implement the desired trust model, the client browser would need to generate the private key during account creation. E-gold would then record the corresponding public key. You cannot do that with existing client software. They do not want to turn their business model upside down to support verisign's profit model. The problem is to implement the existing model in a way that protects against the man in the middle attack represented by this storm of fake sites. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG OPeQMye27fygWs3rNrP88mXXiOYU+xcVrAyLlBjO 4+rppNlgtCDm9YfF1Wiqe//vrDa3kdlXpzatLpbhm --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From jamesd at echeque.com Sat Jun 7 12:43:39 2003 From: jamesd at echeque.com (James A. Donald) Date: Sat, 7 Jun 2003 12:43:39 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <4.2.2.20030606173139.03505100@mail.earthlink.net> References: <3EE0C04C.32242.2594192F@localhost> Message-ID: <3EE1DDFB.1093.29F00C33@localhost> -- On 6 Jun 2003 at 17:45, Anne & Lynn Wheeler wrote: > ??? public key registered in place of shared-secret? > > NACHA debit trials using digitally signed transactions did it > with both software keys as well as hardware tokens. > http://internetcouncil.nacha.org/News/news.html in the above > scroll down to July 23, 2001 ... has pointer to detailed > report? > > X9.59 straight forward establishes it as standard .... with > some activity moving on to ISO > http://www.garlic.com/~lynn/index.html#x959 > > pk-init draft for kerberos specifies that public key can be > registered in place of shared secret. > > following has demo of it with radius with public keys > registered in place of shared-secret. > http://www.asuretee.com/ the radius implementation has been > done be a number of people. > > in all of these cases, there is change in the business > process and/or business relationship Precisely. I am talking about direct substitution that should be almost invisible to both parties, using private keys exactly as passwords are used, except that the fake site trick fails. In fact one can do a direct substitution that is almost invisible to both parties, but it requires custom software on both client and server. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG EWYCMfM1ZE4FqHNgG8Xxq4Raoo0u92HCJxUTm9d6 4UkMVch4UVf7oFF6jEx+Nj5WJffMhrKnlz65qZyH1 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From jamesd at echeque.com Sat Jun 7 13:50:19 2003 From: jamesd at echeque.com (James A. Donald) Date: Sat, 7 Jun 2003 13:50:19 -0700 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <005f01c32d1f$70897ac0$01c8a8c0@DaveHowe> Message-ID: <3EE1ED9B.11220.2A2D16C6@localhost> -- On 7 Jun 2003 at 19:05, Dave Howe wrote: > issuing certs to someone is trivial from both a server and a > user endpoint - the user just gets a "click here to request > your key" and hits ok on a few dialog boxes; the server > simply hosts some pretty off-the-shelf cgi. >[...] > its surprisingly reliable and easy - particuarly if your end > users are just using the MS keystore, which requires them to > do no more than double-click the pkcs file and hit "next" a > few times. This sounds more like what I was looking for. Probably someone has already pointed out the url to this, but if they did, I when I looked at it I was snowed under by verisign oriented shit, which assumes a large budget and ample administrator time for face to face contact with certified people, a very small number of clients, some hours of work by each client, a manual, user training, etc, and failed to grasp it. Could you point me somewhere that illustates server issued certs, certification with zero administrator overhead and small end user overhead? Also, I have many times heard that public key operations were surprisingly easy, and have been key administrator for several companies, and have unfailingly found that I was the only person capable of doing these operations at that company. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG v6gZFuZoUgyGH55ME+JoilJSfw5LrufrbWWB454U 4FhiB65yyXwp1RgeJrLADfEYBoqz0YAch8fJ0Fisp --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From measl at mfn.org Sat Jun 7 16:23:10 2003 From: measl at mfn.org (J.A. Terranson) Date: Sat, 7 Jun 2003 18:23:10 -0500 (CDT) Subject: [OT] Re: Hitchens: The Cult of ID In-Reply-To: Message-ID: Good Evening, From roughly 1985 to ~1997, I was a resident of Missouri (USA). Now, Missouri may well be a poster child for backwater living, but they had an unusual thing to recommend them: they understood that a "Driver's License" was somthing you got to prove you knew how to drive a car, rather than something you got to drink beer and vote. Presumable due to this revelation, Missouri did not actually *require* either a photo or a social security number for the issuance of a driver's license. Anyone who had objection to the social security number was given a different encoded "license number", and anyone who objected to the photo had a red box in the corner with the words "PHOTO NOT REQUIRED" emblazoned across it - you needed only to fill out the form which described the basis of your objection(s). Even better was the State of New York, up until ~1983: no photo on any license. Just a piece of paper (no plastic at all) that said you knew enough to drive. Proving that the license belonged to *you*, and not someone else, required actual *ID*! It's time we get back to the reality standard on these... -- Yours, J.A. Terranson sysadmin at mfn.org From pgut001 at cs.auckland.ac.nz Fri Jun 6 23:42:06 2003 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Sat, 7 Jun 2003 18:42:06 +1200 Subject: Maybe It's Snake Oil All the Way Down Message-ID: <200306070642.h576g6905737@medusa01.cs.auckland.ac.nz> Derek Atkins writes: >Actually, the ASN.1 part is a major factor in the X.509 interoperability >problems. Different cert vendors include different extensions, or different >encodings. They put different information into different parts of the >certificate (or indeed the same information into different parts). Does the >FQDN for a server cert belong in the DN or some extension? What about the >email address for a user cert? That doesn't really have anything to do with ASN.1 though. You can make just as big a mess with XML (actually even bigger, in my experience), or EDIFACT, or whatever. The problem isn't the bit-bagging format, it's that it's accumulated such a mass of cruft that no two people can agree on what to put in there. Whether the resulting mess is wrapped in ASN.1 or XML or EDIFACT or plastic pooper scooper bags doesn't really make any difference. Peter. From DaveHowe at gmx.co.uk Sat Jun 7 11:05:53 2003 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Sat, 7 Jun 2003 19:05:53 +0100 Subject: Maybe It's Snake Oil All the Way Down References: <096f579cc569b417609782e2a26e7a64@remailer.metacolo.com> Message-ID: <005f01c32d1f$70897ac0$01c8a8c0@DaveHowe> Anonymous Sender wrote: > James A. Donald writes: > E-Gold could set things up to allow its customers to authenticate with > certs issued by Verisign, or with considerably more work it could even > issue certs itself that could be used for customer authentication. > Why doesn't it do so? Well, it's a lot of work, Nope. issuing certs to someone is trivial from both a server and a user endpoint - the user just gets a "click here to request your key" and hits ok on a few dialog boxes; the server simply hosts some pretty off-the-shelf cgi. > and it would have > some disadvantages - for one thing, customers would have difficulty > accessing their accounts from multiple sites, like at home and at > work. Not so much that as have a much bigger security issue. Maintaining keys securely would then become a task for the client, and while keeping a written password secret is something most people can handle the concept of, keeping a block of computer data safe from random trojans while exporting it to be transported between machines is much, much harder. Of course, you *could* generate the key entirely locally on the server, protecting it with a HTTPS download, and protect it with the enduser's password (not sure how secure the PKCS password is - if it isn't, then use some self-decoding-exe like the 7z one) but that still wouldn't force the end user to do more than hit "import" and have it stored insecurely on their client machine. > Further, > it would require customers to use some features of their browser that > most of them have never seen, which is going to be difficult and > error-prone for most users. its surprisingly reliable and easy - particuarly if your end users are just using the MS keystore, which requires them to do no more than double-click the pkcs file and hit "next" a few times. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From hirsch at fjhirsch.com Sat Jun 7 16:48:12 2003 From: hirsch at fjhirsch.com (Frederick Hirsch) Date: Sat, 07 Jun 2003 19:48:12 -0400 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: References: Message-ID: <3EE279BC.30401@fjhirsch.com> Rich Salz wrote: > Perhaps a few "best practices" papers are in order. They might help > the secure (distributed) computing field a great deal. > /r$ > -- The new book, Practical Cryptography, by Niels Ferguson and Bruce Schneier is useful. regards, Frederick --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From measl at mfn.org Sat Jun 7 19:18:58 2003 From: measl at mfn.org (J.A. Terranson) Date: Sat, 7 Jun 2003 21:18:58 -0500 (CDT) Subject: Signs from God In-Reply-To: <200306080040.h580eUI11985@einstein.ssz.com> Message-ID: On Sun, 8 Jun 2003, The Messiah comes wrote: [lots of pesudo-religous bullshit elided] > Everyone who doesn't call Mankind into Paradise has got at least the same > much Guilt and Dirt at putting like Adolf Hitler an will be punished just > as hard. That means Hell forever:Final Solution (Endloesung) Hmmm.. I get to invoke Godwin on the very first email he sends... > Signed The Apostle Abraham cradle of mankind >From reconstituted DNA no doubt. > Abraham3 at directbox.com -- Yours, J.A. Terranson sysadmin at mfn.org From t.c.jones at att.net Sat Jun 7 16:47:16 2003 From: t.c.jones at att.net (t.c.jones at att.net) Date: Sat, 07 Jun 2003 23:47:16 +0000 Subject: Maybe It's Snake Oil All the Way Down Message-ID: <20030607234718.24564182FE2@red.metdow.com> my site has one. ca0.net ..tom > -- > On 7 Jun 2003 at 19:05, Dave Howe wrote: > > issuing certs to someone is trivial from both a server and a > > user endpoint - the user just gets a "click here to request > > your key" and hits ok on a few dialog boxes; the server > > simply hosts some pretty off-the-shelf cgi. > >[...] > > its surprisingly reliable and easy - particuarly if your end > > users are just using the MS keystore, which requires them to > > do no more than double-click the pkcs file and hit "next" a > > few times. > > This sounds more like what I was looking for. > > Probably someone has already pointed out the url to this, but > if they did, I when I looked at it I was snowed under by > verisign oriented shit, which assumes a large budget and ample > administrator time for face to face contact with certified > people, a very small number of clients, some hours of work by > each client, a manual, user training, etc, and failed to grasp > it. > > Could you point me somewhere that illustates server issued > certs, certification with zero administrator overhead and small > end user overhead? > > Also, I have many times heard that public key operations were > surprisingly easy, and have been key administrator for several > companies, and have unfailingly found that I was the only > person capable of doing these operations at that company. > > --digsig > James A. Donald > 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG > v6gZFuZoUgyGH55ME+JoilJSfw5LrufrbWWB454U > 4FhiB65yyXwp1RgeJrLADfEYBoqz0YAch8fJ0Fisp > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From t.c.jones at att.net Sat Jun 7 16:47:16 2003 From: t.c.jones at att.net (t.c.jones at att.net) Date: Sat, 07 Jun 2003 23:47:16 +0000 Subject: Maybe It's Snake Oil All the Way Down Message-ID: <200306072347.h57NlIfY007582@gw.lne.com> my site has one. ca0.net ..tom > -- > On 7 Jun 2003 at 19:05, Dave Howe wrote: > > issuing certs to someone is trivial from both a server and a > > user endpoint - the user just gets a "click here to request > > your key" and hits ok on a few dialog boxes; the server > > simply hosts some pretty off-the-shelf cgi. > >[...] > > its surprisingly reliable and easy - particuarly if your end > > users are just using the MS keystore, which requires them to > > do no more than double-click the pkcs file and hit "next" a > > few times. > > This sounds more like what I was looking for. > > Probably someone has already pointed out the url to this, but > if they did, I when I looked at it I was snowed under by > verisign oriented shit, which assumes a large budget and ample > administrator time for face to face contact with certified > people, a very small number of clients, some hours of work by > each client, a manual, user training, etc, and failed to grasp > it. > > Could you point me somewhere that illustates server issued > certs, certification with zero administrator overhead and small > end user overhead? > > Also, I have many times heard that public key operations were > surprisingly easy, and have been key administrator for several > companies, and have unfailingly found that I was the only > person capable of doing these operations at that company. > > --digsig > James A. Donald > 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG > v6gZFuZoUgyGH55ME+JoilJSfw5LrufrbWWB454U > 4FhiB65yyXwp1RgeJrLADfEYBoqz0YAch8fJ0Fisp > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From DaveHowe at gmx.co.uk Sat Jun 7 17:04:37 2003 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Sun, 8 Jun 2003 01:04:37 +0100 Subject: Maybe It's Snake Oil All the Way Down References: <3EE1ED9B.11220.2A2D16C6@localhost> Message-ID: <001901c32d58$089bb520$01c8a8c0@DaveHowe> James A. Donald wrote: > Could you point me somewhere that illustates server issued > certs, certification with zero administrator overhead and small > end user overhead? Been a while since I played with it, but IIRC OpenCA (www.openca.org) is a full implimentation of a CA, in perl cgi, with no admin intervention required. Obviously, that involves browser-based key generation. If you want server-based key generation, then take a look at http://symlabs.com/Net_SSLeay/smime.html If you are iis/asp rather than perl, then there are activex components that will give you access to x509 certificates - EBCrypt is probably the easiest, but there is a activex wrapper for cryptlib too, iirc. From ravage at einstein.ssz.com Sun Jun 8 06:24:51 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sun, 8 Jun 2003 08:24:51 -0500 (CDT) Subject: FindLaw's Writ - Dean: Missing Weapons Of Mass Destruction (fwd) Message-ID: http://writ.news.findlaw.com/dean/20030606.html -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From jhh at cs.kun.nl Sun Jun 8 00:33:01 2003 From: jhh at cs.kun.nl (Jaap-Henk Hoepman) Date: Sun, 08 Jun 2003 09:33:01 +0200 Subject: Maybe It's Snake Oil All the Way Down In-Reply-To: <3EE0DDAC.20912752@systemics.com> (Ian Grigg's message of "Fri, 06 Jun 2003 14:30:04 -0400") References: <5.2.0.9.0.20030603175734.045fa8b0@pop.ix.netcom.com> <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> <5.2.0.9.0.20030603103241.0455a6a0@pop.ix.netcom.com> <5.2.0.9.0.20030603175734.045fa8b0@pop.ix.netcom.com> <5.2.0.9.0.20030604180546.04576990@pop.ix.netcom.com> <3EE0DDAC.20912752@systemics.com> Message-ID: <87brx9kor6.fsf@smtp.xs4all.nl> I thought the 3G (UMTS) cellphones at least were going to use reasonably good crypto; don't know about the overall security architecture though. Jaap-Henk On Fri, 06 Jun 2003 14:30:04 -0400 Ian Grigg writes: > John Kelsey wrote: > >> So, what can I do about it, as an individual? Make the cellphone companies >> build good crypto into their systems? Any ideas how to do that? > > Nope. Cellphone companies are big slow moving > targets. They get their franchise from the > government. If the NSA wants weak crypto, they > do weak crypto. -- Jaap-Henk Hoepman | I've got sunshine in my pockets Dept. of Computer Science | Brought it back to spray the day University of Nijmegen | Gry "Rocket" (w) www.cs.kun.nl/~jhh | (m) jhh at cs.kun.nl (t) +31 24 36 52710/531532 | (f) +31 24 3653137 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From jamesd at echeque.com Sun Jun 8 11:55:20 2003 From: jamesd at echeque.com (James A. Donald) Date: Sun, 8 Jun 2003 11:55:20 -0700 Subject: An attack on paypal Message-ID: <3EE32428.1173.13AC2C1@localhost> Attached is a spam mail that constitutes an attack on paypal similar in effect and method to man in the middle. The bottom line is that https just is not working. Its broken. The fact that people keep using shared secrets is a symptom of https not working. The flaw in https is that you cannot operate the business and trust model using https that you can with shared secrets. -------------- Enclosure number 1 ---------------- Received: from bgp480791bgs.summit01.nj.comcast.net [68.37.160.58] by dpmail07.doteasy.com (SMTPD32-7.13) id A3506CD006A; Sat, 07 Jun 2003 19:45:36 -0700 Date: Sun, 08 Jun 2003 02:50:24 +0000 From: Confirm Subject: Important Information Regarding Your PayPal Account To: Jamesd References: <4FG6E0K8HJHJ2DL9 at echeque.com> In-Reply-To: <4FG6E0K8HJHJ2DL9 at echeque.com> Message-ID: <62K3JH9LKLB0I8GK at paypal.com> MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit X-RCPT-TO: Status: U X-PMFLAGS: 34079360 0 1 P4EDB0.CNM PayPal

Dear PayPal Customer

This e-mail is the notification of recent innovations taken by PayPal to detect inactive customers and non-functioning mailboxes.

The inactive customers are subject to restriction and removal in the next 3 months.

Please confirm your email address and Credit or Check Card information using the form below:

Information transmitted using 128bit SSL encryption.

Thanks for using PayPal!

This PayPal notification was sent to this email address because you are a Web Accept user and chose to receive the PayPal Periodical newsletter and Product Updates. To modify your notification preferences, go to https://www.paypal.com/PREFS-NOTI and log in to your account. Changes may take several days to be reflected in our mailings. Replies to this email will not be processed.

Copyright� 2003 PayPal Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners.

--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From schear at attbi.com Sun Jun 8 12:49:50 2003 From: schear at attbi.com (Steve Schear) Date: Sun, 08 Jun 2003 12:49:50 -0700 Subject: CIA spies shun computers Message-ID: <5.2.1.1.0.20030608124254.0412da60@mail.attbi.com> Old technology dominates at the CIA In the movies, spies and intelligence agents are the ones with the cool gadgets and state-of-the-art equipment, but their real life counterparts are far behind. http://news.bbc.co.uk/2/hi/technology/2965620.stm "A Jobless Recovery is like a Breadless Sandwich." -- Steve Schear From jamesd at echeque.com Sun Jun 8 13:43:05 2003 From: jamesd at echeque.com (James A. Donald) Date: Sun, 8 Jun 2003 13:43:05 -0700 Subject: The real problem that https has conspicuously failed to fix Message-ID: <001401c32dfe$90cccd70$6401a8c0@amd1900> I keep posting "you cannot do this using https", and people keep = replying "yes you can" No you cannot, cause if you could, paypal, e-gold, e-bay, and the rest = would not be suffering from the problem illustrated by scam mails such = as the following (When you hit the submit button, guess what happens) =20 =20 =20 Dear PayPal Customer=20 This e-mail is the notification of recent innovations taken by = PayPal to detect inactive customers and non-functioning mailboxes. The inactive customers are subject to restriction and removal in = the next 3 months. Please confirm your email address and Credit or Check Card = information using the form below: =20 Email Address: =20 Password: =20 First Name: =20 Last Name: =20 ZIP: =20 Credit or Check Card #: =20 Expiration Date: Month 01 02 03 04 05 06 07 08 09 10 11 12 / Year 2003 = 2004 2005 2006 2007 2008 2009 2010 2011 2012 =20 ATM PIN: =20 =20 Information transmitted using 128bit SSL encryption.=20 =20 =20 Thanks for using PayPal!=20 =20 =20 This PayPal notification was sent to this email address because = you are a Web Accept user and chose to receive the PayPal Periodical = newsletter and Product Updates. To modify your notification preferences, = go to https://www.paypal.com/PREFS-NOTI and log in to your account. = Changes may take several days to be reflected in our mailings. Replies = to this email will not be processed. =20 Copyright=A9 2003 PayPal Inc. All rights reserved. Designated = trademarks and brands are the property of their respective owners. =20 [demime 0.97c removed an attachment of type image/gif which had a name of paypal_logo.gif] [demime 0.97c removed an attachment of type image/gif which had a name of pixel.gif] [demime 0.97c removed an attachment of type image/gif which had a name of dot_row_long.gif] From mv at cdc.gov Sun Jun 8 14:49:07 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Sun, 08 Jun 2003 14:49:07 -0700 Subject: You bought it, Who controls it? [TR Article] Message-ID: <3EE3AF53.C29AA930@cdc.gov> article by Edward Tenner, Technology review, June 2003 p61-64 Also an article on "deceipt detector" p67-69 about using IR reflectivity of your frontal lobes to detect deceipt. Sort of a polygraph on steroids. (sorry, only cites, not URLs this time) From camera_lumina at hotmail.com Sun Jun 8 14:33:25 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 08 Jun 2003 17:33:25 -0400 Subject: SIGINT planes vs. schizophrenic mapping Message-ID: Oh, I forgot their might be some other purpose for AWAC-type mapping of an urban area. Although it's not too well known, McDonalds and other fast-food franchises actually have state-monitored radio-frequency 'beacons'. These beacons transmit at a special frequency that the brains of schizophrenics are very sensitive to, and that draws schizophrenics like flies. And if you've seen an inner-city McDonalds full of homeless and assorted schizos, its either because their transmitter has drifted out of spec, or they've deliberated boosted it up to increase sales. So one purpose of those AWACs is obviously to map the fields of such transmitters. And its not the licensed ones they're worried about...imagine some 'terrorist' or other troublemaker getting one of those things and then cranking it up near some big political meeting, like G4 or whatever. (It's apparently happened on several occasions...apparently Woodstock was actually a pre-cmmmercial military test of the thing.) Anyone know the frequency of that device? I think it it's the megahertz region, but don't quote me. -TD _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus From juicy at melontraffickers.com Sun Jun 8 18:00:51 2003 From: juicy at melontraffickers.com (A.Melon) Date: Sun, 8 Jun 2003 18:00:51 -0700 (PDT) Subject: Razor Message-ID: <0210dfd3a668bc0f8de997edac54cf92@melontraffickers.com> I don't care about The Rat's postings like some of my anonymous associates, but someone's razor reporting is inaccurate. Some spam from this list has been revoked at razor so it drops down below 30% confidence, when it shouldn't be revoked at all [1]. Inversely, some legitimate postings are getting reported to razor when they should not be [2]. If you auto-report stuff to razor, please be extra-careful with this list. [1] <20030608161030.83223.qmail at web42003.mail.yahoo.com> [2] From tim at dierks.org Sun Jun 8 15:03:29 2003 From: tim at dierks.org (Tim Dierks) Date: Sun, 08 Jun 2003 18:03:29 -0400 Subject: An attack on paypal In-Reply-To: <3EE32428.1173.13AC2C1@localhost> Message-ID: <6.0.0.9.2.20030608174846.04cf35e8@127.0.0.1> At 02:55 PM 6/8/2003, James A. Donald wrote: >Attached is a spam mail that constitutes an attack on paypal similar >in effect and method to man in the middle. > >The bottom line is that https just is not working. Its broken. > >The fact that people keep using shared secrets is a symptom of https >not working. > >The flaw in https is that you cannot operate the business and trust >model using https that you can with shared secrets. I don't think it's https that's broken, since https wasn't intended to solve the customer authentication / authorization problem (you could try to use SSL's client certificates for that, but no one ever intended client certificate authentication to be a generalized transaction problem). When I responded to this before, I thought you were talking about the server auth problem, not the password problem. I continue to feel that the server authentication problem is a very hard problem to solve, since there's few hints to the browser as to what the user's intent is. The password problem does need to be solved, but complaining that HTTPS or SSL doesn't solve it isn't any more relevant than complaining that it's not solved by HTML, HTTP, and/or browser or server implementations, since any and all of these are needed in producing a new solution which can function with real businesses and real users. Let's face it, passwords are so deeply ingrained into people's lives that nothing which is more complex in any way than passwords is going to have broad acceptance, and any consumer-driven company is going to consider "easy" to be more important that "secure". Right now, my best idea for solving this problem is to: - Standardize an HTML input method for

which does an SPEKE (or similar) mutual authentication. - Get browser makers to design better ways to communicate to users that UI elements can be trusted. For example, a proposal I saw recently which would have the OS decorate the borders of "trusted" windows with facts or images that an attacker wouldn't be able to predict: the name of your dog, or whatever. (Sorry, can't locate a link right now, but I'd appreciate one.) - Combine the two to allow sites to provide a user-trustable UI to enter a password which cannot be sucked down. - Evangelize to users that this is better and that they should be suspicious of any situation where they used such interface once, but now it's gone. I agree that the overall architecture is broken; the problem is that it's broken in more ways than can just be fixed with any change to TLS/SSL or HTTPS. - Tim From lynn at garlic.com Sun Jun 8 17:12:34 2003 From: lynn at garlic.com (Anne & Lynn Wheeler) Date: Sun, 08 Jun 2003 18:12:34 -0600 Subject: An attack on paypal In-Reply-To: <009201c32e0f$66d925c0$01c8a8c0@DaveHowe> References: <3EE32428.1173.13AC2C1@localhost> Message-ID: <4.2.2.20030608173129.00a99bb0@mail.earthlink.net> At 11:43 PM 6/8/2003 +0100, Dave Howe wrote: >HTTPS works just fine. >The problem is - people are broken. >At the very least, verisign should say "ok so '..go1d..' is a valid server >address, but doesn't it look suspiously similar to this '..gold..' site over >here?" for https://pseudo-gold-site/ - but really, if users are going to >fill in random webforms sent by email, they aren't going to be safe under >any circumstances; the thing could send by unsecured http to any site on the >planet, then redirect to the real gold site for a generic "transaction >completed" or even "failed" screen >A world where a random paypal hack like this one doesn't work is the same as >the world where there is no point sending out a Nigerian as you will never >make a penny on it - and yet, Nigerian is still profitable for the con >artists. in a world where there are repeated human mistakes/failures .... at some point it is recognized that people aren't perfect and the design is changed to accommodate peoples foibles. in some respects that is what helmets, seat belts, and air bags have been about. in the past systems have designed long, complicated passwords that are hard to remember and must be changed every month. that almost worked when i person had to deal with a single shared-secret. when it became a fact of life that a person might have tens of such different interfaces it became impossible. It wasn't the fault of any specific institution, it was a failure of humans being able to deal with large numbers of extremely complex, frequently changing passwords. Because of known human foibles, it might be a good idea to start shifting from an infrastructure with large numbers of shared-secrets to a non-shared-secret paradigm. at a recent cybersecurity conference, somebody made the statement that (of the current outsider, internet exploits, approximately 1/3rd are buffer overflows, 1/3rd are network traffic containing virus that infects a machine because of automatic scripting, and 1/3 are social engineering (convince somebody to divulge information). As far as I know, evesdropping on network traffic doesn't even show as a blip on the radar screen. In the following thread on a financial authentication white paper: http://www.garlic.com/~lynn/aepay11.htm#53 Authentication white paper http://www.garlic.com/~lynn/aepay11.htm#54 FINREAD was. Authentication white paper http://www.garlic.com/~lynn/aepay11.htm#55 FINREAD ... and as an aside http://www.garlic.com/~lynn/aepay11.htm#56 FINREAD was. Authentication white paper there is point made that X9.59 standard doesn't directly address the Privacy aspect of security (i.e. no encryption or hiding of data). However, the point is made that it changes the paradigm so that the financial account number no longer represents a shared-secret and that it can be supported with two-factor authentication i.e. "something you have" token and "something you know" PIN. The "something you know" PIN is used to enable the token, but is not a shared secret. Furthermore, strong authentication can be justification for eliminating the need for name or other identification information in the transaction. However, if X9.59 strong authentication is used with two-factor authentication and no identification information is necessary .... then it would make people more suspicious if privacy information was requested. Also, since privacy information is no longer sufficient for performing a fraudulent transaction, it might mitigate that kind of social engineering attack. The types of social engineering attacks then become convincing people to insert their hardware token and do really questionable things or mailing somebody their existing hardware token along with the valid pin (possibly as part of an exchange for replacement). The cost/benefit ratio does start to change since there is now much more work on the crooks part for the same or less gain. One could also claim that such activities are just part of child-proofing the environment (even for adults). On the other hand, it could be taken as analogous to designing systems to handle observed failure modes (even when the failures are human and not hardware or software). Misc. identify theft and credit card fraud reference: http://www.consumer.gov/idtheft/cases.htm http://www.usdoj.gov/criminal/fraud/idtheft.html http://www.garlic.com/~lynn/aadsm14.htm#22 Identity Theft Losses Expect to hit $2 trillion http://www.garlic.com/~lynn/subpubkey.html#fraud Slightly related in recent thread that brought up buffer overflow exploits http://www.garlic.com/~lynn/2003j.html#4 A Dark Day and the report that multics hasn't ever had a buffer overflow exploit http://www.garlic.com/~lynn/2002l.html#42 Thirty Years Later: Lessons from the Multics Security Evaluation http://www.garlic.com/~lynn/2002l.html#44 Thirty Years Later: Lessons from the Multics Security Evaluation somebody (else) commented (in the thread) that anybody that currently (still) writes code resulting in buffer overflow exploit maybe should be thrown in jail. -- Anne & Lynn Wheeler http://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm From cpunk at lne.com Sun Jun 8 20:00:01 2003 From: cpunk at lne.com (cpunk at lne.com) Date: Sun, 8 Jun 2003 20:00:01 -0700 Subject: Cypherpunks List Info Message-ID: <200306090300.h593019x014949@gw.lne.com> Cypherpunks Mailing List Information Last updated: Sep 12, 2002 This message is also available at http://www.lne.com/cpunk Instructions on unsubscribing from the list can be found below. 0. Introduction The Cypherpunks mailing list is a mailing list for discussing cryptography and its effect on society. It is not a moderated list (but see exceptions below) and the list operators are not responsible for the list content. Cypherpunks is a distributed mailing list. A subscriber can subscribe to one node of the list and thereby participate on the full list. Each node (called a "Cypherpunks Distributed Remailer", although they are not related to anonymous remailers) exchanges messages with the other nodes in addition to sending messages to its subscribers. A message posted to one node will be received by the list subscribers on the other nodes, and vice-versa. 1. Filtering The various CDRs follow different policies on filtering spam and to a lesser extent on modifying messages that go to/from their subscribers. Filtering is done, on nodes that do it, to reduce the huge amount of spam that the cypherpunks list is subjected to. There are three basic flavors of filtering CDRs: "raw", which send all messages to their subscribers. "cooked" CDRs try to eliminate the spam on that's on the regular list by automatically sending only messages that are from cypherpunks list subscribers (on any CDR) or people who are replying to list messages. Finally there are moderated lists, where a human moderator decides which messages from the raw list to pass on to subscribers. 2. Message Modification Message modification policy indicates what modifications, if any, beyond what is needed to operate the CDR are done (most CDRs add a tracking X-loop header on mail posted to their subscribers to prevent mail loops). Message modification usually happens on mail going in or out to each CDR's subscribers. CDRs should not modify mail that they pass from one CDR to the next, but some of them do, and others undo those modifications. 3. Privacy Privacy policy indicates if the list will allow anyone ("open"), or only list members, or no one ("private") , to retrieve the subscribers list. Note that if you post, being on a "private" list doesn't mean much, since your address is now out there. It's really only useful for keeping spammers from harvesting addresses from the list software. Digest mode indicates that the CDR supports digest mode, which is where the posts are batched up into a few large emails. Nodes that support only digest mode are noted. 4. Anonymous posting Cypherpunks encourages anonymous posting. You can use an anonymous remailer: http://www.andrebacard.com/remail.html http://anon.efga.org/Remailers http://www.gilc.org/speech/anonymous/remailer.html or you can send posts to the list via cpunks_anon at einstein.ssz.com and your mail's headers will be stripped before posting. Note that this doesn't provide complete anonymity since the receiving site will still have log file entries showing the source of the mail (or you have to trust that they delete them). You also will be 'sharing' a reputation with the other entities that post through this alias, and some of them are spammers, so some subscribers will have this alias filtered. 5. Unsubscribing Unsubscribing from the cypherpunks list: Since the list is run from a number of different CDRs, you have to figure out which CDR you are subscribed to. If you don't remember and can't figure it out from the mail headers (hint: the top Received: line should tell you), the easiest way to unsubscribe is to send unsubscribe messages to all the CDRs listed below. How to figure out which CDR you are subscribed to: Get your mail client to show all the headers (Microsoft calls this "internet headers"). Look for the Sender or X-loop headers. The Sender will say something like "Sender: owner-cypherpunks at lne.com". The X-loop line will say something like "X-Loop: cypherpunks at lne.com". Both of these inticate that you are subscribed to the lne.com CDR. If you were subscribed to the algebra CDR, they would have algebra.com in them. Once you have figured out which CDR you're subscribed to, look in the table below to find that CDRs unsubscribe instructions. 6. Lunatics, spammers and nut-cases "I'm subscribed to a filtering CDR yet I still see lots of junk postings". At this writing there are a few sociopaths on the cypherpunks list who are abusing the lists openness by dumping reams of propaganda on the list. The distinction between a spammer and a subscriber is nearly always very clear, but the dictinction between a subscriber who is abusing the list by posting reams of propaganda and a subscriber who is making lots of controversial posts is not clear. Therefore, we tolerate the crap. Subscribers with a low crap tolerance should check out mail filters. Procmail is a good one, although it works on Unix and Unix-like systems only. Eudora also has a capacity for filtering mail, as do many other mail readers. An example procmail recipie is below, you will of course want to make your own decisions on which (ab)users to filter. # mailing lists: # filter all cypherpunks mail into its own cypherspool folder, discarding # mail from loons. All CDRs set their From: line to 'owner-cypherpunks'. # /dev/null is unix for the trash can. :0 * ^From.*owner-cypherpunks at .* { :0: * (^From:.*ravage at ssz\.com.*|\ ^From:.*jchoate at dev.tivoli.com.*|\ ^From:.*mattd at useoz.com|\ ^From:.*proffr11 at bigpond.com|\ ^From:.*jei at cc.hut.fi) /dev/null :0: cypherspool } 7. List of current CDRs All commands are sent in the body of mail unless otherwise noted. --------------------------------------------------------------------------- Algebra: Operator: Subscription: "subscribe cypherpunks" to majordomo at algebra.com Unsubscription: "unsubscribe cypherpunks" to majordomo at algebra.com Help: "help cypherpunks" to majordomo at algebra.com Posting address: cypherpunks at algebra.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- CCC: Operator: drt at un.bewaff.net Subscription: "subscribe [password of your choice]" to cypherpunks-request at koeln.ccc.de Unsubscription: "unsubscribe " to cypherpunks-request at koeln.ccc.de Help: "help" to to cypherpunks-request at koeln.ccc.de Web site: http://koeln.ccc.de/mailman/listinfo/cypherpunks Posting address: cypherpunks at koeln.ccc.de Filtering policy: This specific node drops messages bigger than 32k and every message with more than 17 recipients or just a line containing "subscribe" or "unsubscribe" in the subject. Digest mode: this node is digest-only NNTP: news://koeln.ccc.de/cbone.ml.cypherpunks Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Infonex: Subscription: "subscribe cypherpunks" to majordomo at infonex.com Unsubscription: "unsubscribe cypherpunks" to majordomo at infonex.com Help: "help cypherpunks" to majordomo at infonex.com Posting address: cypherpunks at infonex.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Lne: Subscription: "subscribe cypherpunks" to majordomo at lne.com Unsubscription: "unsubscribe cypherpunks" to majordomo at lne.com Help: "help cypherpunks" to majordomo at lne.com Posting address: cypherpunks at lne.com Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to lne CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. messages are demimed (MIME attachments removed) when posted through lne or received by lne CDR subscribers 2. leading "CDR:" in subject line removed 3. "Reply-to:" removed Privacy policy: private Info: http://www.lne.com/cpunk; "info cypherpunks" to majordomo at lne.com Archive: http://archives.abditum.com/cypherpunks/index.html (thanks to Steve Furlong and Len Sassaman) --------------------------------------------------------------------------- Minder: Subscription: "subscribe cypherpunks" to majordomo at minder.net Unsubscription: "unsubscribe cypherpunks" to majordomo at minder.net Help: "help" to majordomo at minder.net Posting address: cypherpunks at minder.net Filtering policy: raw Message Modification policy: no modification Privacy policy: private Info: send mail to cypherpunks-info at minder.net --------------------------------------------------------------------------- Openpgp: [openpgp seems to have dropped off the end of the world-- it doesn't return anything from sending help queries. Ericm, 8/7/01] Subscription: "subscribe cypherpunks" to listproc at openpgp.net Unsubscription: "unsubscribe cypherpunks" to listproc at openpgp.net Help: "help" to listproc at openpgp.net Posting address: cypherpunks at openpgp.net Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Ssz: Subscription: "subscribe cypherpunks" to majordomo at ssz.com Unsubscription: "unsubscribe cypherpunks" to majordomo at ssz.com Help: "help cypherpunks" to majordomo at ssz.com Posting address: cypherpunks at ssz.com Filtering policy: raw Message Modification policy: Subject line prepended with "CDR:" Reply-to cypherpunks at ssz.com added. Privacy policy: open Info: http://www.ssz.com/cdr/ --------------------------------------------------------------------------- Sunder: Subscription: "subscribe" to sunder at sunder.net Unsubscription: "unsubscribe" to sunder at sunder.net Help: "help" to sunder at sunder.net Posting address: sunder at sunder.net Filtering policy: moderated Message Modification policy: ??? Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- Pro-ns: Subscription: "subscribe cypherpunks" to majordomo at pro-ns.net Unsubscription: "unsubscribe cypherpunks" to majordomo at pro-ns.net Help: "help cypherpunks" to majordomo at pro-ns.net Posting address: cypherpunks at pro-ns.net Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to local CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. leading "CDR:" in subject line removed 2. "Reply-to:" removed Privacy policy: private Info: http://www.pro-ns.net/cpunk From lynn at garlic.com Sun Jun 8 19:00:40 2003 From: lynn at garlic.com (Anne & Lynn Wheeler) Date: Sun, 08 Jun 2003 20:00:40 -0600 Subject: An attack on paypal In-Reply-To: <007301c32e23$cdddbce0$01c8a8c0@DaveHowe> References: <3EE32428.1173.13AC2C1@localhost> <4.2.2.20030608173129.00a99bb0@mail.earthlink.net> Message-ID: <4.2.2.20030608193518.00b28ae0@mail.earthlink.net> At 02:09 AM 6/9/2003 +0100, Dave Howe wrote: >The problem is here, we are blaming the protective device for not being able >to protect against the deliberate use of an attack that bypasses, not >challenges it - by exploiting the gullibility or tendency to take the path >of least resistance of the user. >The real weakness in HTTPS is the tendency of certificates signed by Big >Name CAs to be automagically trusted - even if you have never visited that >site before. yes, you can fix this almost immediately by untrusting the >root certificate - but then you have to manually verify each and every site >at least once, and possibly every time if you don't mark the cert as >"trusted" for future reference. that is why we coined the term merchant "comfort" certificates some time ago. my wife and I having done early work for payment gateway with small client/server startup in menlo park ... that had this thing called SSL/HTTPS ... and then having to perform due diligence on the major issuers of certificates .... we recognized 1) vulnerabilities in the certificate process and 2) information hiding of transaction in flight only addressed a very small portion of the vulnerabilities and exploits. lots of past discussions related to our use of merchant comfort certificates from the past: http://www.garlic.com/~lynn/subpubkey.html#ssl we concluded that a real issue is that way too much of the infrastructure is based on shared-secrets and there was no realistic way of providing blanket protection to all the exposures and vulnerabilities of such shared-secret infrastructures. somewhat related discussion in the security proportional to risk posting: http://www.garlic.com/~lynn/2001h.html#61 so rather than trying to create a very thick blanket of encryption covering the whole planet .... a synergistic approach was attempting to provide alternatives to as much of the shared-secret paradigm as possible. As in the referenced post: http://www.garlic.com/~lynn/aepay11.htm#53 authentication white paper strong encryption of identification and privacy (and shared-secret) information is good ... but not having identification, privacy and shared-secret information is even better. there are all sorts of ways of obtaining shared-secret information (and/or privacy and identification information prelude to identity theft) .... including various kinds of social engineering. as previously mentioned requirement for X9.59 standard was to preserve the integrity of the financial infrastructure for ALL electronic retail payments. As per previous notes, X9.59 with strong authentication eliminates the account number as a shared-secret as well as eliminating requirements for name, address, zip-code, etc as part of any credit card authentication process (strong encryption of vulnerable information is good, not having the information at all is even better). ALL in addition to referring to things like credit cards, debit cards, atm transactions, stored-value transaction, over the internet, at point-of-sale, face-to-face, automated machines, etc .... also refers to ACH transactions. ACH information allows for unauthenticated push or pull transactions. Social engineering requesting bank account information so somebody can push tens of millions into your account also allows for them to generate a pull transaction removing all the money from your account. Part of the above posting on the authentication white paper .... makes references to securing ACH transactions: http://www.asuretee.com/company/releases/030513_hagenuk.shtm -- Anne & Lynn Wheeler http://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm From ericm at lne.com Sun Jun 8 20:05:50 2003 From: ericm at lne.com (Eric Murray) Date: Sun, 8 Jun 2003 20:05:50 -0700 Subject: Razor In-Reply-To: <0210dfd3a668bc0f8de997edac54cf92@melontraffickers.com>; from juicy@melontraffickers.com on Sun, Jun 08, 2003 at 06:00:51PM -0700 References: <0210dfd3a668bc0f8de997edac54cf92@melontraffickers.com> Message-ID: <20030608200550.A14929@slack.lne.com> On Sun, Jun 08, 2003 at 06:00:51PM -0700, A.Melon wrote: > I don't care about The Rat's postings like some of > my anonymous associates, but someone's razor > reporting is inaccurate. Some spam from this list > has been revoked at razor so it drops down below > 30% confidence, when it shouldn't be revoked at > all [1]. Inversely, some legitimate postings are > getting reported to razor when they should not be > [2]. > > If you auto-report stuff to razor, please be > extra-careful with this list. By pointing out this attack you have guaranteed that our resident cypherpunks attackers will be reporting lots of legit posts to razor. I'd suggest not using razor to filter cpunks mail. While we're talking about spam filtering, please do not reject cpunks mail that your filters id as spam. Dump it in /dev/null instead. Sending reject messages to mailing lists is rude. In another bit of list administrivia, it appears that both aol and rr are not accepting mail this weekend. (their servers accept connections but never send HELO or EHLO). I hear that aol's incoming mail is hosed, I don't know what rr's problem is. Eric From ravage at einstein.ssz.com Sun Jun 8 18:55:58 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sun, 8 Jun 2003 20:55:58 -0500 (CDT) Subject: Slashdot | New AIM Offering "end to end" Encryption (fwd) Message-ID: http://slashdot.org/articles/03/06/08/1547215.shtml?tid=120&tid=126&tid=187&tid=93 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Sun Jun 8 18:56:55 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Sun, 8 Jun 2003 20:56:55 -0500 (CDT) Subject: Slashdot | Bruce Sterling On Total Information Awareness (fwd) Message-ID: http://yro.slashdot.org/yro/03/06/08/2242250.shtml?tid=158&tid=99 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From smb at research.att.com Sun Jun 8 18:39:12 2003 From: smb at research.att.com (Steven M. Bellovin) Date: Sun, 08 Jun 2003 21:39:12 -0400 Subject: An attack on paypal Message-ID: <20030609013912.CCA717B4D@berkshire.research.att.com> In message <4.2.2.20030608173129.00a99bb0 at mail.earthlink.net>, Anne & Lynn Whee ler writes: > >at a recent cybersecurity conference, somebody made the statement that (of >the current outsider, internet exploits, approximately 1/3rd are buffer >overflows, 1/3rd are network traffic containing virus that infects a >machine because of automatic scripting, and 1/3 are social engineering >(convince somebody to divulge information). As far as I know, evesdropping >on network traffic doesn't even show as a blip on the radar screen. One could argue that that's because of https... More seriously, eavesdropping on passwords was a *very* big problem starting in late 1993. Part of the problem was that ISPs then didn't know better than to put NOC workstations on their backbone LANs; when those were compromised, the attackers had wonderfully-placed eavesdropping stations. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book) From roy at rant-central.com Sun Jun 8 21:38:03 2003 From: roy at rant-central.com (Roy M.Silvernail) Date: Sun, 8 Jun 2003 23:38:03 -0500 Subject: The real problem that https has conspicuously failed to fix In-Reply-To: <20030608231147.GA9890@piper.madduck.net> References: <001401c32dfe$90cccd70$6401a8c0@amd1900> <20030608231147.GA9890@piper.madduck.net> Message-ID: <20030609043804.3ACCF111C3@rant-central.com> On Sunday 08 June 2003 06:11 pm, martin f krafft wrote: > also sprach James A. Donald [2003.06.08.2243 +0200]: > > (When you hit the submit button, guess what happens) > > How many people actually read dialog boxes before hitting Yes or OK? It's slightly more subtle. The action tag of a form submission isn't usually visible to the user like links are. In the scam copy I received, all the links save one pointed to legitimate PayPal documents. Only the Message-ID: <009201c32e0f$66d925c0$01c8a8c0@DaveHowe> James A. Donald wrote: > Attached is a spam mail that constitutes an attack on paypal similar > in effect and method to man in the middle. > > The bottom line is that https just is not working. Its broken. HTTPS works just fine. The problem is - people are broken. At the very least, verisign should say "ok so '..go1d..' is a valid server address, but doesn't it look suspiously similar to this '..gold..' site over here?" for https://pseudo-gold-site/ - but really, if users are going to fill in random webforms sent by email, they aren't going to be safe under any circumstances; the thing could send by unsecured http to any site on the planet, then redirect to the real gold site for a generic "transaction completed" or even "failed" screen A world where a random paypal hack like this one doesn't work is the same as the world where there is no point sending out a Nigerian as you will never make a penny on it - and yet, Nigerian is still profitable for the con artists. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From madduck at madduck.net Sun Jun 8 16:11:47 2003 From: madduck at madduck.net (martin f krafft) Date: Mon, 9 Jun 2003 01:11:47 +0200 Subject: The real problem that https has conspicuously failed to fix In-Reply-To: <001401c32dfe$90cccd70$6401a8c0@amd1900> References: <001401c32dfe$90cccd70$6401a8c0@amd1900> Message-ID: <20030608231147.GA9890@piper.madduck.net> also sprach James A. Donald [2003.06.08.2243 +0200]: > (When you hit the submit button, guess what happens) How many people actually read dialog boxes before hitting Yes or OK? I know you do, and most of us, but who's the majority? -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net at madduck keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html get my key here: http://madduck.net/me/gpg/publickey "my experience is that as soon as people are old enough to know better, they don't know anything at all." -- oscar wilde -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From DaveHowe at gmx.co.uk Sun Jun 8 18:09:30 2003 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Mon, 9 Jun 2003 02:09:30 +0100 Subject: An attack on paypal References: <3EE32428.1173.13AC2C1@localhost> <4.2.2.20030608173129.00a99bb0@mail.earthlink.net> Message-ID: <007301c32e23$cdddbce0$01c8a8c0@DaveHowe> > in a world where there are repeated human mistakes/failures .... > at some point it is recognized that people aren't perfect and the design > is changed to accommodate peoples foibles. in some respects that is what > helmets, seat belts, and air bags have been about. The problem is here, we are blaming the protective device for not being able to protect against the deliberate use of an attack that bypasses, not challenges it - by exploiting the gullibility or tendency to take the path of least resistance of the user. The real weakness in HTTPS is the tendency of certificates signed by Big Name CAs to be automagically trusted - even if you have never visited that site before. yes, you can fix this almost immediately by untrusting the root certificate - but then you have to manually verify each and every site at least once, and possibly every time if you don't mark the cert as "trusted" for future reference. To blame HTTPS for an attack where the user fills in a web form received via html-rendering email (no https involved at all) is more than a little unfair though. > in the past systems have designed long, complicated passwords that are > hard to remember and must be changed every month. that almost worked when > a person had to deal with a single shared-secret. > when it became a fact of life that a person might have tens of such > different interfaces it became impossible. It wasn't the fault of any > specific institution, it was a failure of humans being able to deal with > large numbers of extremely complex, frequently changing passwords. > Because of known human foibles, it might be a good idea to start shifting > from an infrastructure with large numbers of shared-secrets to a > non-shared-secret paradigm. I am not aware of one (not that that means much, given I am a novice in this field) Even PKI relies on something close to a shared secret - a *trustworthy* copy of the public key, matching a secret copy of the private key. In x509, this trustworthyness is established by an Ultimately Trusted CA; in pgp, by the Web Of Trust, in a chain leading back to your own key; in SSH, by your placing of the public key into your home dir manually (using some other form of authentication to presumably gain access) in each of these cases, the private key will almost invariably be protected by a passphrase; at best, you can have a single passphrase (or even single private key) to cover all bases.. but that just makes that secret all the more valuable. > at a recent cybersecurity conference, somebody made the statement that (of > the current outsider, internet exploits, approximately 1/3rd are buffer > overflows, 1/3rd are network traffic containing virus that infects a > machine because of automatic scripting, and 1/3 are social engineering > (convince somebody to divulge information). As far as I know, evesdropping > on network traffic doesn't even show as a blip on the radar screen. That is pretty much because defence occupies the position of the interior - attackers will almost invariably attack weak points, not strong ones. It is easy to log and calculate how many attacks happen on weak points, but impossible to calculate how many attacks *would* have happened had the system not been in place to protect against such attacks, so the attackers moved onto easier targets. It makes little sense to try and break one https connection (even at 40 bit) if by breaking into the server you get that information, hundreds of others (until discovered) and possibly thousands of others inadvisedly stored unprotected in a database. > The types of social engineering attacks then become convincing people to > insert their hardware token and do really questionable things or mailing > somebody their existing hardware token along with the valid pin (possibly > as part of an exchange for replacement). The cost/benefit ratio does start > to change since there is now much more work on the crooks part for the > same or less gain. One could also claim that such activities are just part > of child-proofing the environment (even for adults). On the other hand, it > could be taken as analogous to designing systems to handle observed > failure modes (even when the failures are human and not hardware or > software). Misc. identify theft and credit card fraud reference: Which again matches well to the Nigerian analogy. Everyone *knows* that handing over your bank details is a Bad Thing - yet they still do it. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From hseaver at cybershamanix.com Mon Jun 9 04:16:18 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Mon, 9 Jun 2003 06:16:18 -0500 Subject: [OT] Re: Hitchens: The Cult of ID In-Reply-To: References:

Message-ID: <20030609111618.GA21664@cybershamanix.com> I remember my drivers license from WI was just a piece of paper, black with white printing, no photo at least up to '74 (when we moved to MN) but can't recall if MN had photo then or not. Not sure when WI changed, but they had the photo when we moved back in '88. On Sat, Jun 07, 2003 at 06:23:10PM -0500, J.A. Terranson wrote: > Good Evening, > From roughly 1985 to ~1997, I was a resident of Missouri (USA). Now, > Missouri may well be a poster child for backwater living, but they had an > unusual thing to recommend them: they understood that a "Driver's > License" was somthing you got to prove you knew how to drive a car, rather > than something you got to drink beer and vote. Presumable due to this > revelation, Missouri did not actually *require* either a photo or a social > security number for the issuance of a driver's license. > > Anyone who had objection to the social security number was given a > different encoded "license number", and anyone who objected to the photo had > a red box in the corner with the words "PHOTO NOT REQUIRED" emblazoned across > it - you needed only to fill out the form which described the basis of your > objection(s). > > Even better was the State of New York, up until ~1983: no photo on > any license. Just a piece of paper (no plastic at all) that said you knew > enough to drive. Proving that the license belonged to *you*, and not someone > else, required actual *ID*! > > It's time we get back to the reality standard on these... > > -- > Yours, > J.A. Terranson > sysadmin at mfn.org -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From bob.cat at snet.net Mon Jun 9 06:18:17 2003 From: bob.cat at snet.net (BobCat) Date: Mon, 9 Jun 2003 09:18:17 -0400 Subject: [OT] Re: Hitchens: The Cult of ID References: Message-ID: <001d01c32e89$9b82e570$a7eafc40@Leopard> From: "J.A. Terranson" > Anyone who had objection to the social security number was given a > different encoded "license number", and anyone who objected to the photo had > a red box in the corner with the words "PHOTO NOT REQUIRED" emblazoned across > it - you needed only to fill out the form which described the basis of your > objection(s). You can wear a head covering for religious reasons in some states. Are there any religions that forbid ugly driver's license photos? You cannot, however, refuse to give your SSN anymore. This is because people have sex in cars, I think. I can't see any other connection. "States must inform individuals that the disclosure is mandatory, that it is based on section 466(a)(13) of the Social Security Act [42 U.S.C. 666(a)(13)], and that it will be used under the State's child support enforcement program to locate individuals for purposes of establishing paternity and establishing, modifying, and enforcing support obligations...." http://www.acf.dhhs.gov/programs/cse/pol/dcl-00-38.htm From mv at cdc.gov Mon Jun 9 09:48:45 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Mon, 09 Jun 2003 09:48:45 -0700 Subject: unregistered shell Message-ID: <3EE4BA6D.4E72C5D3@cdc.gov> June 6, 2003 | WASHINGTON -- A man was arrested outside the Capitol Friday for carrying unregistered ammunition in his car, a police spokeswoman said. Capitol Police spokeswoman Jessica Gissubel said police stopped the car as it was traveling on Constitution Avenue on the north side of the Capitol because it had a gasoline container strapped to its roof. The man, who was not identified, voluntarily handed over the ammunition, described as a shotgun shell. It is illegal to carry unregistered ammunition in the District of Columbia. http://www.salon.com/news/wire/2003/06/06/capitol/ They can't find WMD, but they can find a dude with a shell in his truck. From adam.lydick at verizon.net Mon Jun 9 11:02:15 2003 From: adam.lydick at verizon.net (Adam Lydick) Date: 09 Jun 2003 11:02:15 -0700 Subject: An attack on paypal --> secure UI for browsers In-Reply-To: <29fb8c384fa72cbe9f6bbb0ca30c918a@dizum.com> References: <29fb8c384fa72cbe9f6bbb0ca30c918a@dizum.com> Message-ID: <1055181733.11904.44.camel@lorien> Take this with a grain of salt. I'm no expert. However: I'd guess that no applications (besides the secure nexus) would have access to your "list of doggie names", just the ability to display it. The list just indicates that you are seeing a window from one of your partitioned and verified applications. I would also assume the window would get decorated with the name of the trusted application (not just your secret list). Thus you only need a single secret list to handle all of your "authorized" applications. -AdamL On Mon, 2003-06-09 at 22:00, Nomen Nescio wrote: > I don't see how this is going to work. The concept seems to assume > that there is a distinction between "trusted" and "untrusted" programs. > But in the NGSCB architecture, Nexus Computing Agents (NCAs) can be > written by anyone. If you've loaded a Trojan application onto your > machine, it can create an NCA, which would presumably be eligible to > put up a "trusted" window. > > So either you have to configure a different list of doggie names for > every NCA (one for your banking program, one for Media Player, one for > each online game you play, etc.), or else each NCA gets access to your > Secret Master List of Doggie Names. The first possibility is unmanageable > and the second means that the trustedness of the window is meaningless. > > So what good is this? What problem does it solve? -- Adam Lydick From sws at cs.dartmouth.edu Mon Jun 9 09:29:42 2003 From: sws at cs.dartmouth.edu (Sean Smith) Date: Mon, 09 Jun 2003 12:29:42 -0400 Subject: An attack on paypal --> secure UI for browsers In-Reply-To: Your message of "Mon, 09 Jun 2003 13:54:16 +0200." <5.1.1.6.0.20030609135004.026d5dd8@mailhost.cs.biu.ac.il> Message-ID: <200306091629.h59GTg632612@chipotle.cs.dartmouth.edu> >Yuan, Ye and Smith, Trusted Path for Browsers, 11th Usenix security symp, >2002. Minor nit: just Ye and Smith. (Yuan had helped with some of the spoofing) Advertisement: we also built this into Mozilla, for Linux and Windows. http://www.cs.dartmouth.edu/~pkilab/demos/countermeasures/ --Sean -- Sean W. Smith, Ph.D. sws at cs.dartmouth.edu http://www.cs.dartmouth.edu/~sws/ (has ssl link to pgp key) Department of Computer Science, Dartmouth College, Hanover NH USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From amir at herzberg.name Mon Jun 9 04:54:16 2003 From: amir at herzberg.name (Amir Herzberg) Date: Mon, 09 Jun 2003 13:54:16 +0200 Subject: An attack on paypal --> secure UI for browsers In-Reply-To: <6.0.0.9.2.20030608174846.04cf35e8@127.0.0.1> References: <3EE32428.1173.13AC2C1@localhost> Message-ID: <5.1.1.6.0.20030609135004.026d5dd8@mailhost.cs.biu.ac.il> At 18:03 08/06/2003 -0400, Tim Dierks wrote: > - Get browser makers to design better ways to communicate to users that > UI elements can be trusted. For example, a proposal I saw recently which > would have the OS decorate the borders of "trusted" windows with facts or > images that an attacker wouldn't be able to predict: the name of your > dog, or whatever. (Sorry, can't locate a link right now, but I'd > appreciate one.) Here are two... Yuan, Ye and Smith, Trusted Path for Browsers, 11th Usenix security symp, 2002. Ka Ping Yee, User Interface Design for Secure System, ICICS, LNCS 2513, 2002. This issue is also covered somewhat by my article in CACM (May 2002). Best, Amir Herzberg http://amir.herzberg.name > - Combine the two to allow sites to provide a user-trustable UI to enter > a password which cannot be sucked down. > - Evangelize to users that this is better and that they should be > suspicious of any situation where they used such interface once, but now > it's gone. > >I agree that the overall architecture is broken; the problem is that it's >broken in more ways than can just be fixed with any change to TLS/SSL or HTTPS. > > - Tim > > > >--------------------------------------------------------------------- >The Cryptography Mailing List >Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com -------------------------------------------------------------------------------------------------------------------------------- Amir Herzberg http://amir.herzberg.name --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From mv at cdc.gov Mon Jun 9 19:42:21 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 09 Jun 2003 19:42:21 -0700 Subject: [Brinworld] Neighbor's surveillance camera? Message-ID: <3EE5458D.4050300@cdc.gov> Authorities said they were considering the possibility that a second person might have been involved in the abduction, based on video from a neighbor's surveillance camera. http://www.cnn.com/2003/US/West/06/09/california.abduction/index.html From measl at mfn.org Mon Jun 9 19:08:13 2003 From: measl at mfn.org (J.A. Terranson) Date: Mon, 9 Jun 2003 21:08:13 -0500 (CDT) Subject: unregistered shell In-Reply-To: <3EE4BA6D.4E72C5D3@cdc.gov> Message-ID: On Mon, 9 Jun 2003, Major Variola (ret.) wrote: > http://www.salon.com/news/wire/2003/06/06/capitol/ > > They can't find WMD, but they can find a dude with a shell in his truck. That's because the guy with the shotgun shell *exists*. -- Yours, J.A. Terranson sysadmin at mfn.org From bill.stewart at pobox.com Tue Jun 10 00:29:22 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 10 Jun 2003 00:29:22 -0700 Subject: unregistered shell In-Reply-To: <3EE4BA6D.4E72C5D3@cdc.gov> Message-ID: <5.1.1.6.2.20030610002345.02dde5d0@idiom.com> At 09:48 AM 06/09/2003 -0700, Major Variola (ret.) wrote: >Capitol Police spokeswoman Jessica Gissubel said police stopped the car >as it was traveling on Constitution Avenue on the north side of >the Capitol because it had a gasoline container strapped to its roof. >The man, who was not identified, voluntarily >handed over the ammunition, described as a shotgun shell. >It is illegal to carry unregistered ammunition in the District of Columbia. Normally I would make some cynical remark about the appropriateness of Constitution Avenue as a venue for violating the second amendment, but this sounds like a case of Darwin catching up with the guy in a way that only eliminates *him* from the gene pool rather than taking out innocent bystanders when the gas can falls off his car roof.... He's clearly from the clue-deprived side of the street about a variety of issues. From nobody at dizum.com Mon Jun 9 22:00:08 2003 From: nobody at dizum.com (Nomen Nescio) Date: Tue, 10 Jun 2003 07:00:08 +0200 (CEST) Subject: An attack on paypal --> secure UI for browsers Message-ID: <29fb8c384fa72cbe9f6bbb0ca30c918a@dizum.com> Tim Dierks wrote: > - Get browser makers to design better ways to communicate to users that > UI elements can be trusted. For example, a proposal I saw recently which > would have the OS decorate the borders of "trusted" windows with facts or > images that an attacker wouldn't be able to predict: the name of your > dog, or whatever. (Sorry, can't locate a link right now, but I'd > appreciate one.) It was none other than Microsoft's NGSCB, nee Palladium. See http://news.com.com/2100-1012_3-1000584.html?tag=fd_top: NEW ORLEANS--Microsoft is trying to make security obvious. The software giant plans to visually alter document or application windows that contain private information that's secured through Microsoft's Next-Generation Secure Computing Base (NGSCB), formerly known as Palladium. Secure windows will look different than regular, unsecured windows in order to remind users that they are looking at confidential material, Peter Biddle, product unit manager for Microsoft, said Thursday at the Windows Hardware Engineering Conference (WinHEC) here. ... The border of a secured page may contain information--such as the names of all the dogs that someone has ever owned--to make the data instantly recognizable as sound to the individual owner, as well as difficult to replicate. A hacker can create a spoof page with dogs' names running along the border but, in all likelihood, not one reading "Buffy, Skip and Jack Daniels--and in that order," Biddle said. ... Information on secured windows will vanish if another window is placed on top of it or shifted to the background. Erasing the information will prevent certain types of attacks and remind people that they're dealing with confidential material, Biddle said. When the secure window returns to the top of the stack, the information will reappear, he said. I don't see how this is going to work. The concept seems to assume that there is a distinction between "trusted" and "untrusted" programs. But in the NGSCB architecture, Nexus Computing Agents (NCAs) can be written by anyone. If you've loaded a Trojan application onto your machine, it can create an NCA, which would presumably be eligible to put up a "trusted" window. So either you have to configure a different list of doggie names for every NCA (one for your banking program, one for Media Player, one for each online game you play, etc.), or else each NCA gets access to your Secret Master List of Doggie Names. The first possibility is unmanageable and the second means that the trustedness of the window is meaningless. So what good is this? What problem does it solve? --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From mv at cdc.gov Tue Jun 10 09:02:04 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 10 Jun 2003 09:02:04 -0700 Subject: unregistered shell Message-ID: <3EE600FC.35D58724@cdc.gov> At 12:29 AM 6/10/03 -0700, Bill Stewart wrote: >At 09:48 AM 06/09/2003 -0700, Major Variola (ret.) wrote: >>the Capitol because it had a gasoline container strapped to its roof. >but this sounds like a case of Darwin catching up with the guy >in a way that only eliminates *him* from the gene pool >rather than taking out innocent bystanders when the >gas can falls off his car roof.... Depends on how sturdily he attached it. Jeeps (et al) have spots for gas cans in the rear exterior of the car. Driving with a tank of gas in the passenger compartment isn't a good thing. Also RVs typically have a few gallons of propane on an exterior tank. And welding trucks.. But the real point is that ammo has to be registered. Amazing. I found an old, live cartridge in the desert last weekend, tossed it in the car. What if I lived near DC instead of SoCal? --- "Did you really think that we want those laws to be observed? . . . We want them broken. You'd better get it straight that it's not a bunch of boy scouts that you're up against - and then you'll know that this is not the age for beautiful gestures. We're after power and we mean it. . . . . There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. Who wants a nation of law-abiding citizens? What's there in that for anyone? But just pass the kind of laws that can neither be observed nor enforced nor objectively interpreted - and you create a nation of lawbreakers - and then you cash in on the guilt. Now that's the system, . . . that's the game, and once you understand it, you'll be much easier to deal with." From Atlas Shrugged, by Ayn Rand. From lynn at garlic.com Tue Jun 10 08:19:19 2003 From: lynn at garlic.com (Anne & Lynn Wheeler) Date: Tue, 10 Jun 2003 09:19:19 -0600 Subject: virus attack on banks (was attack on paypal) In-Reply-To: <4.2.2.20030608173129.00a99bb0@mail.earthlink.net> References: <009201c32e0f$66d925c0$01c8a8c0@DaveHowe> <3EE32428.1173.13AC2C1@localhost> Message-ID: <4.2.2.20030610091512.00c60ed0@mail.earthlink.net> At 06:12 PM 6/8/2003 -0600, Anne & Lynn Wheeler wrote: >at a recent cybersecurity conference, somebody made the statement that (of >the current outsider, internet exploits, approximately 1/3rd are buffer >overflows, 1/3rd are network traffic containing virus that infects a >machine because of automatic scripting, and 1/3 are social engineering >(convince somebody to divulge information). As far as I know, evesdropping >on network traffic doesn't even show as a blip on the radar screen. virus attempting to harvest ("shared-secret", single-factor) passwords at financial institutions http//www.smh.com.au/articles/2003/06/10/1055010959747.html and somewhat related: http://www.garlic.com/~lynn/aepay11.htm#53 authentication white paper -- Anne & Lynn Wheeler http://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From rsalz at datapower.com Tue Jun 10 06:42:57 2003 From: rsalz at datapower.com (Rich Salz) Date: Tue, 10 Jun 2003 09:42:57 -0400 (EDT) Subject: An attack on paypal --> secure UI for browsers In-Reply-To: <29fb8c384fa72cbe9f6bbb0ca30c918a@dizum.com> Message-ID: > For example, a proposal I saw recently which > would have the OS decorate the borders of "trusted" windows with facts or > images that an attacker wouldn't be able to predict: the name of your > dog, or whatever. But if the system is rooted, then the attacker merely has to find the "today's secret word" entry in the registry and do the same thing. Unless Windows is planning on getting real kernel-level kinds of protection. > It was none other than Microsoft's NGSCB, nee Palladium. See > http://news.com.com/2100-1012_3-1000584.html?tag=fd_top: See previous sentence. :) /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html From sunder at sunder.net Tue Jun 10 07:22:32 2003 From: sunder at sunder.net (Sunder) Date: Tue, 10 Jun 2003 10:22:32 -0400 (edt) Subject: An attack on paypal --> secure UI for browsers In-Reply-To: <29fb8c384fa72cbe9f6bbb0ca30c918a@dizum.com> Message-ID: It's simple. It solves the problem that Microsoft Salesmen have. In order to sell shit, you have to make it look like gold. Cee Eee Ohs have heard it said that Microsoft software is insecure crap. Now the Microsoft Salesmen can do fancy demos with pretty colors and slick Operators Are standing By, Act Now, *New*, Don't Delay, Improved, Secure, Bells Whistles and Coolness demos and sign the suckers up. Just like the wonderful ads that peppered NYC when Ex-Pee came out saying "Reliable, and Secure." ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Tue, 10 Jun 2003, Nomen Nescio wrote: > I don't see how this is going to work. The concept seems to assume > that there is a distinction between "trusted" and "untrusted" programs. > But in the NGSCB architecture, Nexus Computing Agents (NCAs) can be > written by anyone. If you've loaded a Trojan application onto your > machine, it can create an NCA, which would presumably be eligible to > put up a "trusted" window. > > So either you have to configure a different list of doggie names for > every NCA (one for your banking program, one for Media Player, one for > each online game you play, etc.), or else each NCA gets access to your > Secret Master List of Doggie Names. The first possibility is unmanageable > and the second means that the trustedness of the window is meaningless. > > So what good is this? What problem does it solve? From sunder at sunder.net Tue Jun 10 07:28:12 2003 From: sunder at sunder.net (Sunder) Date: Tue, 10 Jun 2003 10:28:12 -0400 (edt) Subject: An attack on paypal --> secure UI for browsers In-Reply-To: Message-ID: Yes, >NOW< if you can load yourself into kernel space, you can do anything and everything - Thou Art God to quote Heinlein. This is true of every OS. Except if you add that nice little TCPA bugger which can verify the kernel image you're running is the right and approved one. Q.E.D. Look at the XBox hacks for ideas as to why it's not a trival issue, but even so, one James Bond like buffer overflow in something everyone will have marked as trusted (say IE 8.0, or a specially crafted Word 2005 macro), and the 3v1l h4x0r party is back on and you iz ownz0red once more. It's not enough to fear Microsoft, you must learn to love it. Give us 2 minutes of hate for Linux now brother! ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Tue, 10 Jun 2003, Rich Salz wrote: > But if the system is rooted, then the attacker merely has to find the > "today's secret word" entry in the registry and do the same thing. > Unless Windows is planning on getting real kernel-level kinds of protection. > > > It was none other than Microsoft's NGSCB, nee Palladium. See > > http://news.com.com/2100-1012_3-1000584.html?tag=fd_top: > > See previous sentence. :) From timcmay at got.net Tue Jun 10 11:51:54 2003 From: timcmay at got.net (Tim May) Date: Tue, 10 Jun 2003 11:51:54 -0700 Subject: unregistered shell In-Reply-To: Message-ID: <9AA79D88-9B74-11D7-B5E8-000A956B4C74@got.net> On Tuesday, June 10, 2003, at 09:49 AM, Trei, Peter wrote: >> Major Variola (ret)[SMTP:mv at cdc.gov] >> >> At 12:29 AM 6/10/03 -0700, Bill Stewart wrote: >>> At 09:48 AM 06/09/2003 -0700, Major Variola (ret.) wrote: >>>> the Capitol because it had a gasoline container strapped to its >>>> roof. >> >> But the real point is that ammo has to be registered. Amazing. >> I found an old, live cartridge in the desert last weekend, tossed it >> in >> the car. What if I lived near DC instead of SoCal? >> > Actually, ammunition is not registered as such, but in DC you > are only allowed to possess ammunition suitable for one of your > DC-registered firearms. This applies even to spent cartridge > cases. > > If this guy didn't own a DC-registered shotgun of the same > gauge as the shell found, then he's in violation. The car > had California plates, so it seems plausible that he was > a non-resident. > I believe it was the McClure-Volkmer Amendment (or somesuch spelling) of some years back that clarified the laws regarding interstate transport of firearms. Instead of having to know the details of every single state one might be driving through on a trip, one was exempted from the local firearms laws while the guns were locked up in a trunk or suitable lockable container. This was hailed at the time as a major step towards stopping one state from busting those from North Carolina, say, when they passed through Maryland on their way to a hunting trip in Maine. The reasonable interpretation of McClure-Volkmer would have protected someone while in their vehicle, and probably while at a motel in some state, but would not have protected those staying for more than what a simple trip would take. I'm not surprised to hear that some jurisdictions think they can exempt themselves, especially for such trivial paper violations as having a shotgun shell. Mexico is like this, too. Gringos have spent time in Mexican jails because they neglected to thoroughly inspect every square inch of their vehicles, and the shakedownistas found a .22 cartridge under the floor mats. (The intent was probably to collect $100 mordita.) All this while drug operations run more or less without interruption and as they are equipped with fully-automatic HKs and FALs, the Army-issue rifles. So they bust a tourist for having a .22 cartridge while MP-5s and Uzis abound. Typical government.) As for Bill's point about a gas can strapped to the roof, this is a common way of carrying extra fuel, and is generally legal if the can is DOT approved (the red ones). LandCruisers and suchlike are often seen this way. As noted, safer than carrying them inside. Of course, normal rights and liberties are dispensed with when mere suspicion of planning to use the gas is involved. I'll bet this all gets kicked, unless an Arab was in the vehicle. --Tim May From ptrei at rsasecurity.com Tue Jun 10 09:49:12 2003 From: ptrei at rsasecurity.com (Trei, Peter) Date: Tue, 10 Jun 2003 12:49:12 -0400 Subject: unregistered shell Message-ID: > Major Variola (ret)[SMTP:mv at cdc.gov] > > At 12:29 AM 6/10/03 -0700, Bill Stewart wrote: > >At 09:48 AM 06/09/2003 -0700, Major Variola (ret.) wrote: > >>the Capitol because it had a gasoline container strapped to its roof. > > But the real point is that ammo has to be registered. Amazing. > I found an old, live cartridge in the desert last weekend, tossed it in > the car. What if I lived near DC instead of SoCal? > Actually, ammunition is not registered as such, but in DC you are only allowed to possess ammunition suitable for one of your DC-registered firearms. This applies even to spent cartridge cases. If this guy didn't own a DC-registered shotgun of the same gauge as the shell found, then he's in violation. The car had California plates, so it seems plausible that he was a non-resident. Peter Trei From pgut001 at cs.auckland.ac.nz Mon Jun 9 19:21:57 2003 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Tue, 10 Jun 2003 14:21:57 +1200 Subject: An attack on paypal --> secure UI for browsers Message-ID: <200306100221.h5A2Lvn02156@medusa01.cs.auckland.ac.nz> Amir Herzberg writes: >Ka Ping Yee, User Interface Design for Secure System, ICICS, LNCS 2513, 2002. Ka-Ping Yee has a web page at http://zesty.ca/sid/ and a lot of interesting things to say about secure HCI (and HCI in general), e.g. a characterisation of safe systems vs. general-purpose systems: In order for Alice to use her computer usefully, she has to be able to instruct programs to do things for her. In order for those programs to carry out tasks, she has to trust those programs with some authority. So every useful operation involves making the system a little bit less safe. In order to keep the system from becoming unboundedly unsafe, Alice must also be able to make her system more safe. A system in an ultimately safe state is one that can't do anything other than what was planned ahead of time. General-purpose computing is useful to Alice only because she can make unpredictable inputs into the system, asking it to do new things. Peter. From jamesd at echeque.com Tue Jun 10 15:31:41 2003 From: jamesd at echeque.com (James A. Donald) Date: Tue, 10 Jun 2003 15:31:41 -0700 Subject: An attack on paypal In-Reply-To: <007301c32e23$cdddbce0$01c8a8c0@DaveHowe> Message-ID: <3EE5F9DD.15532.696EBE8@localhost> -- On 9 Jun 2003 at 2:09, Dave Howe wrote: > The problem is here, we are blaming the protective device for > not being able to protect against the deliberate use of an > attack that bypasses, not challenges it - by exploiting the > gullibility or tendency to take the path of least resistance > of the user. The real weakness in HTTPS is the tendency of > certificates signed by Big Name CAs to be automagically > trusted - even if you have never visited that site before. > yes, you can fix this almost immediately by untrusting the > root certificate - but then you have to manually verify each > and every site at least once, and possibly every time if you > don't mark the cert as "trusted" for future reference. To > blame HTTPS for an attack where the user fills in a web form > received via html-rendering email (no https involved at all) > is more than a little unfair though. How many attacks have there been based on automatic trust of verisign's feckless ID checking? Not many, possibly none. That is not the weak point, not the point where the attacks occur. If the browser was set to accept self signed certificates by default, it would make little difference to security. A wide variety of ways of getting big name certificates that one should not have, have been discovered. Attackers never showed much interest. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG uJuAm4Xwyo4xTn0ozjBmW2ZqpI8Z3ru25WDmB7iw 43PXj2QDpBfcahqs2aOleapJYsqtA6S36+hOdVkpR --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From jamesd at echeque.com Tue Jun 10 15:31:41 2003 From: jamesd at echeque.com (James A. Donald) Date: Tue, 10 Jun 2003 15:31:41 -0700 Subject: An attack on paypal In-Reply-To: <4.2.2.20030608193518.00b28ae0@mail.earthlink.net> References: <007301c32e23$cdddbce0$01c8a8c0@DaveHowe> Message-ID: <3EE5F9DD.10939.696EC1A@localhost> -- On 8 Jun 2003 at 20:00, Anne & Lynn Wheeler wrote: > that is why we coined the term merchant "comfort" > certificates some time ago. my wife and I having done early > work for payment gateway with small client/server startup in > menlo park ... that had this thing called SSL/HTTPS ... and > then having to perform due diligence on the major issuers of > certificates .... we recognized 1) vulnerabilities in the > certificate process and 2) information hiding of transaction > in flight only addressed a very small portion of the > vulnerabilities and exploits. https is like a strong fortress wall that only goes half way around the fortress. The most expensive and inconvenient part of https, getting certificates from verisign, is fairly useless. The useful part of https is that it has stopped password sniffing from networks, but the PKI part, where the server, but not the client, is supposedly authenticated, does not do much good. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 9ZQw+0/xh1y28CkGulSQSVxewfy71qzXGHI8KJbN 4osBv1veq07jaMVh2zVetZVKqIRfQjiwJaKu99GqM From frantz at pwpconsult.com Tue Jun 10 15:39:38 2003 From: frantz at pwpconsult.com (Bill Frantz) Date: Tue, 10 Jun 2003 15:39:38 -0700 Subject: An attack on paypal In-Reply-To: <4.2.2.20030608173129.00a99bb0@mail.earthlink.net> References: <009201c32e0f$66d925c0$01c8a8c0@DaveHowe> <3EE32428.1173.13AC2C1@localhost> Message-ID: At 5:12 PM -0700 6/8/03, Anne & Lynn Wheeler wrote: >somebody (else) commented (in the thread) that anybody that currently >(still) writes code resulting in buffer overflow exploit maybe should be >thrown in jail. A nice essay, partially on the need to include technological protections against human error, included the above paragraph. IMHO, the problem is that the C language is just too error prone to be used for most software. In "Thirty Years Later: Lessons from the Multics Security Evaluation", Paul A. Karger and Roger R. Schell credit the use of PL/I for the lack of buffer overruns in Multics. However, in the Unix/Linux/PC/Mac world, a successor language has not yet appeared. YMMV - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. frantz at pwpconsult.com | American way. | Los Gatos, CA 95032, USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From ashwood at msn.com Tue Jun 10 19:20:27 2003 From: ashwood at msn.com (Joseph Ashwood) Date: Tue, 10 Jun 2003 19:20:27 -0700 Subject: An attack on paypal --> secure UI for browsers References: <557dd8f2519377887312df07a5dd0977@rebleep> Message-ID: <018301c32fc1$719cf050$6601a8c0@JOSEPHAS> ----- Original Message ----- From: "Anonymous" Subject: Re: An attack on paypal --> secure UI for browsers > In short, if Palladium comes with the ability to download site-specific > DLLs that can act as NCAs Ok what flavor of crack are you smoking? Because I can tell from here that's some strong stuff. Downloading random DLLs that are given complete access to private information is one of the worst concepts that anyone has ever come up with, even if they are signed by a "trusted" source. Just look at the horrifically long list of issues with ActiveX, even with WindowsXP (which hasn't been around that long) you're already looking at more than half a dozen, and IIRC win95 had about 50. This has less to do with "windows is bad" than with "secure programming is hard." Arbitrarily trusting anyone to write a secure program simply doesn't work, especially when it's something sophisticated. Now for the much more fundamental issue of your statement. Palladium will never "download site-specific" anything. Palladium is a hardware technology, not a web browser. I will refrain from saying Paladium is a bad idea, simply because I see some potentially very lucrative (for me) options for it's use. Joe From morlockelloi at yahoo.com Tue Jun 10 19:29:55 2003 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Tue, 10 Jun 2003 19:29:55 -0700 (PDT) Subject: An attack on paypal --> secure UI for browsers In-Reply-To: <557dd8f2519377887312df07a5dd0977@rebleep> Message-ID: <20030611022955.44312.qmail@web40608.mail.yahoo.com> > The solution to this is Palladium (NGSCB). > > You'd want each ecommerce site to download a Nexus Computing Agent into > the client. This should be no more difficult than downloading an Active-X > control or some other DLL. The NCA has a manifest file associated with it No shit? This is moronic. But then it reflects the impaired cognitive abilities of corpdrones in mintel. I pay for the "computer", and then all these corporations start downloading shit to my "computer" in order to make it safe for me to use it, right ? I am lay person and need to trust these people, as I am clueless about stuff they download. But their web page says it's good. This all happens *after* I buy the computer. So, to recap, I pay several $K for the "computer" and then have to customize it so that it becomes "safe". The computer, as malladium authenticates the computer. Why do I want $3,000 authentication token ? No, mintel making money is not the right answer. Try again. ===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com From rebleep at bleep.dynip.com Tue Jun 10 18:36:10 2003 From: rebleep at bleep.dynip.com (Anonymous) Date: Tue, 10 Jun 2003 21:36:10 -0400 Subject: An attack on paypal --> secure UI for browsers Message-ID: <557dd8f2519377887312df07a5dd0977@rebleep> The problem to be solved is this. Spoofed sites can acquire user credentials, especially passwords, and then use those to impersonate the user on the real sites. With paypal and e-gold, this allows stealing real money. Using client certificates to authenticate would solve this, because even if the user got fooled and authenticated to the spoofed site, the attacker wouldn't learn the client cert secret key and so would not be able to masquerade as the user. The problem (among others) is that this allows a virus to steal the client cert. If it is protected by a password, the malware must hang around long enough for the user to unlock the cert (perhaps because the malware sent a spoofed email calling for the user to visit the site, even the real site!). It can then read the user's keystrokes and acquire the password. Now it has the cert and password and can impersonate the user at will. The solution to this is Palladium (NGSCB). You'd want each ecommerce site to download a Nexus Computing Agent into the client. This should be no more difficult than downloading an Active-X control or some other DLL. The NCA has a manifest file associated with it that contains the ecommerce site's signing key. This allows the NCA to be effectively locked to that key. The user's site-specific client certificate would be sealed to this NCA. That means that no other NCA could get access to the client cert for that site, nor could any legacy software. All this is protected by the Palladium hardware and software. If a password is used for further security, to unlock the client cert (in addition to the NCA-specific encryption), it can use a secure channel to the NCA so that no keystroke loggers can steal the password. (However, as mentioned in a previous mail, this may not stop rogue NCA's from fooling the user by pretending to be the ecommerce site's NCA and picking up the password. It's not clear that adding a password really increases security. Fortunately the NCA security itself is already vastly stronger than anything available on a PC today.) In short, if Palladium comes with the ability to download site-specific DLLs that can act as NCAs, it should allow for solving the spoofed-site problem once and for all. When you login to paypal or e-gold, you would authenticate yourself using a cert that only those sites could see. This can be done in the framework of standard SSL, but would require a Palladium-aware browser. From pgut001 at cs.auckland.ac.nz Tue Jun 10 06:16:06 2003 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Wed, 11 Jun 2003 01:16:06 +1200 Subject: An attack on paypal --> secure UI for browsers Message-ID: <200306101316.h5ADG6504237@medusa01.cs.auckland.ac.nz> Nomen Nescio writes: >I don't see how this is going to work. The concept seems to assume that >there is a distinction between "trusted" and "untrusted" programs. But in the >NGSCB architecture, Nexus Computing Agents (NCAs) can be written by anyone. >If you've loaded a Trojan application onto your machine, it can create an NCA, >which would presumably be eligible to put up a "trusted" window. > >So either you have to configure a different list of doggie names for every >NCA (one for your banking program, one for Media Player, one for each online >game you play, etc.), or else each NCA gets access to your Secret Master List >of Doggie Names. The first possibility is unmanageable and the second means >that the trustedness of the window is meaningless. Maybe MS will implement something like the secure attention key in the old VAX A1 VMM (Ctrl-Alt-Del already serves this purpose for logins) which gives you a guaranteed non-spoofed interface to the kernel (see for example "A Retrospective on the VAX VMM Security Kernel" by Karger et al for more information on this). They certainly have the VMS knowhow :-). Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From nobody at dizum.com Tue Jun 10 18:30:10 2003 From: nobody at dizum.com (Nomen Nescio) Date: Wed, 11 Jun 2003 03:30:10 +0200 (CEST) Subject: An attack on paypal --> secure UI for browsers Message-ID: Adam Lydick writes: > I'd guess that no applications (besides the secure nexus) would > have access to your "list of doggie names", just the ability to display > it. The list just indicates that you are seeing a window from one of > your partitioned and verified applications. I would also assume the > window would get decorated with the name of the trusted application (not > just your secret list). Thus you only need a single secret list to > handle all of your "authorized" applications. That makes sense. However it puts the burden onto the user to closely inspect his window frames in order to make sure that he is talking to the program (or NCA in Palladium) that he thinks he is talking to. It also introduces the problem of program-name spoofing; you might be given a dialog to enter your password for Paypa1 or E-Go1d. If users were that careful, we wouldn't have these kinds of problems in the first place. From nobody at cryptofortress.com Wed Jun 11 02:46:28 2003 From: nobody at cryptofortress.com (Anonymous) Date: Wed, 11 Jun 2003 04:46:28 -0500 (CDT) Subject: An attack on paypal --> secure UI for browsers Message-ID: Joseph Ashwood writes: > Ok what flavor of crack are you smoking? Because I can tell from here that's > some strong stuff. Downloading random DLLs that are given complete access to > private information is one of the worst concepts that anyone has ever come > up with, even if they are signed by a "trusted" source. Just look at the > horrifically long list of issues with ActiveX, even with WindowsXP (which > hasn't been around that long) you're already looking at more than half a > dozen, and IIRC win95 had about 50. This has less to do with "windows is > bad" than with "secure programming is hard." Arbitrarily trusting anyone to > write a secure program simply doesn't work, especially when it's something > sophisticated. You clearly know virtually nothing about Palladium. NCAs do not have "complete access to private information". Quite the opposite. Rather, NCAs have the power to protect private information such that no other software on the machine can access it. They do so by using the Palladium software and hardware to encrypt the private data. The encryption is done in such a way that it is "sealed" to the particular NCA, and no other software is allowed to use the Palladium crypto hardware to decrypt it. In the proposed usage, an NCA associated with an ecommerce site would seal the data which is used by the user to authenticate to the remote site. The authentication data doesn't actually have to be a certificate with associated key, but that would be one possibility. Only NCAs signed by that ecommerce site's key would be able to unseal and access the user's authentication credentials. This prevents rogue software from stealing them and impersonating the user. > Now for the much more fundamental issue of your statement. Palladium will > never "download site-specific" anything. Palladium is a hardware technology, > not a web browser. If you read the entire message it was clearly referring to a Palladium-enabled web browser. And Palladium is more than a hardware technology; it includes hardware and software components. > I will refrain from saying Paladium is a bad idea, simply because I see some > potentially very lucrative (for me) options for it's use. Fine, at least you admit you're a whore. But you'll probably do even better if you learn how it actually works. Seriously, have you read any of the documents linked from http://www.microsoft.com/resources/ngscb/? From ekr at rtfm.com Wed Jun 11 09:51:12 2003 From: ekr at rtfm.com (Eric Rescorla) Date: 11 Jun 2003 09:51:12 -0700 Subject: An attack on paypal In-Reply-To: References: Message-ID: Sunder writes: > The worst trouble I've had with https is that you have no way to use host > header names to differentiate between sites that require different SSL > certificates. > > i.e. www.foo.com www.bar.com www.baz.com can't all live on the same IP and > have individual ssl certs for https. :( This is because the cert is > exchanged before the http 1.1 layer can say "I want www.bar.com" > > So you need to waste IP's for this. Since the browser standards are > already in place, it's unlikely to be to find a workaround. i.e. be able > to switch to a different virtual host after you've established the ssl > session. :( This is being fixed. See draft-ietf-tls-extensions-06.txt -Ekr -- [Eric Rescorla ekr at rtfm.com] http://www.rtfm.com/ From Vincent.Penquerch at artworks.co.uk Wed Jun 11 02:27:32 2003 From: Vincent.Penquerch at artworks.co.uk (Vincent Penquerc'h) Date: Wed, 11 Jun 2003 10:27:32 +0100 Subject: An attack on paypal Message-ID: > the lack of buffer overruns in Multics. However, in the > Unix/Linux/PC/Mac > world, a successor language has not yet appeared. Work on the existing C/C++ language will have a better chance of actually being used earlier. Not that it removes the problem entirely, but it should catches a lot of easy stack smashing bugs. http://gcc.gnu.org/projects/bp/main.html -- Vincent Penquerc'h --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From sunder at sunder.net Wed Jun 11 07:56:21 2003 From: sunder at sunder.net (Sunder) Date: Wed, 11 Jun 2003 10:56:21 -0400 (edt) Subject: An attack on paypal In-Reply-To: <3EE5F9DD.10939.696EC1A@localhost> Message-ID: The worst trouble I've had with https is that you have no way to use host header names to differentiate between sites that require different SSL certificates. i.e. www.foo.com www.bar.com www.baz.com can't all live on the same IP and have individual ssl certs for https. :( This is because the cert is exchanged before the http 1.1 layer can say "I want www.bar.com" So you need to waste IP's for this. Since the browser standards are already in place, it's unlikely to be to find a workaround. i.e. be able to switch to a different virtual host after you've established the ssl session. :( Personally I find thawte certs to be much cheaper than verisign and they work just as well. In any case, anyone is free to do the same thing AlterNIC did - become your own free CA. You'll just have to convince everyone else to add your CA's cert into their browser. You might be able to get the Mozilla guys to do this, good luck with the beast of Redmond though. Either way, having a pop-up isn't that big deal so long as you're sure of the site you're connecting to. In either case, we wouldn't need to worry about paying Verisign or anyone else if we had properly secured DNS. Then you could trust those pop-up self-signed SSL cert warnings. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Tue, 10 Jun 2003, James A. Donald wrote: > The most expensive and inconvenient part of https, getting > certificates from verisign, is fairly useless. > > The useful part of https is that it has stopped password > sniffing from networks, but the PKI part, where the server, but > not the client, is supposedly authenticated, does not do much > good. From mv at cdc.gov Wed Jun 11 11:01:56 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 11 Jun 2003 11:01:56 -0700 Subject: An attack on paypal Message-ID: <3EE76E93.ACAE0DF3@cdc.gov> At 03:39 PM 6/10/03 -0700, Bill Frantz wrote: >At 5:12 PM -0700 6/8/03, Anne & Lynn Wheeler wrote: >>somebody (else) commented (in the thread) that anybody that currently >>(still) writes code resulting in buffer overflow exploit maybe should be >>thrown in jail. Not a very friendly bug-submission mechanism :-) >IMHO, the problem is that the C language is just too error prone to be used >for most software. In "Thirty Years Later: Lessons from the Multics >Security Evaluation", Paul A. Karger and Roger R. Schell > credit the use of PL/I for >the lack of buffer overruns in Multics. However, in the Unix/Linux/PC/Mac >world, a successor language has not yet appeared. What about Java? Apart from implementation bugs, its secure by design. --- "and then you go to jail" is a bad error-handler for a protocol. From sunder at sunder.net Wed Jun 11 08:07:20 2003 From: sunder at sunder.net (Sunder) Date: Wed, 11 Jun 2003 11:07:20 -0400 (edt) Subject: An attack on paypal In-Reply-To: Message-ID: The problem with these stop crackers and hackers by law is that it allows software developers to get away with leaving huge gaping security holes unfixed. Anecodatal evidence: The classic well known Robin Hood and Friar Tuck "hack". These days, the bug wouldn't get fixed and the guys reporting it would wind up in jail because they "convinced" the OS authors to fix the bug. IMHO, not the right way to go at all. from http://ftp.arl.mil/ftp/unix-wizards/V16%23017 scroll down a bit more than half way down the page (also available from most other GNU sources) Back in the mid-1970s, several of the system support staff at Motorola discovered a relatively simple way to crack system security on the Xerox CP-V timesharing system. Through a simple programming strategy, it was possible for a user program to trick the system into running a portion of the program in `master mode' (supervisor state), in which memory protection does not apply. The program could then poke a large value into its `privilege level' byte (normally write-protected) and could then proceed to bypass all levels of security within the file-management system, patch the system monitor, and do numerous other interesting things. In short, the barn door was wide open. Motorola quite properly reported this problem to Xerox via an official `level 1 SIDR' (a bug report with an intended urgency of `needs to be fixed yesterday'). Because the text of each SIDR was entered into a database that could be viewed by quite a number of people, Motorola followed the approved procedure: they simply reported the problem as `Security SIDR', and attached all of the necessary documentation, ways-to-reproduce, etc. The CP-V people at Xerox sat on their thumbs; they either didn't realize the severity of the problem, or didn't assign the necessary operating-system-staff resources to develop and distribute an official patch. Months passed. The Motorola guys pestered their Xerox field-support rep, to no avail. Finally they decided to take direct action, to demonstrate to Xerox management just how easily the system could be cracked and just how thoroughly the security safeguards could be subverted. They dug around in the operating-system listings and devised a thoroughly devilish set of patches. These patches were then incorporated into a pair of programs called `Robin Hood' and `Friar Tuck'. Robin Hood and Friar Tuck were designed to run as `ghost jobs' (daemons, in UNIX terminology); they would use the existing loophole to subvert system security, install the necessary patches, and then keep an eye on one another's statuses in order to keep the system operator (in effect, the superuser) from aborting them. One fine day, the system operator on the main CP-V software development system in El Segundo was surprised by a number of unusual phenomena. These included the following: * Tape drives would rewind and dismount their tapes in the middle of a job. * Disk drives would seek back and forth so rapidly that they would attempt to walk across the floor (see {walking drives}). * The card-punch output device would occasionally start up of itself and punch a {lace card}. These would usually jam in the punch. * The console would print snide and insulting messages from Robin Hood to Friar Tuck, or vice versa. * The Xerox card reader had two output stackers; it could be instructed to stack into A, stack into B, or stack into A (unless a card was unreadable, in which case the bad card was placed into stacker B). One of the patches installed by the ghosts added some code to the card-reader driver... after reading a card, it would flip over to the opposite stacker. As a result, card decks would divide themselves in half when they were read, leaving the operator to recollate them manually. Naturally, the operator called in the operating-system developers. They found the bandit ghost jobs running, and X'ed them... and were once again surprised. When Robin Hood was X'ed, the following sequence of events took place: !X id1 id1: Friar Tuck... I am under attack! Pray save me! id1: Off (aborted) id2: Fear not, friend Robin! I shall rout the Sheriff of Nottingham's men! id1: Thank you, my good fellow! Each ghost-job would detect the fact that the other had been killed, and would start a new copy of the recently slain program within a few milliseconds. The only way to kill both ghosts was to kill them simultaneously (very difficult) or to deliberately crash the system. Finally, the system programmers did the latter --- only to find that the bandits appeared once again when the system rebooted! It turned out that these two programs had patched the boot-time OS image (the kernel file, in UNIX terms) and had added themselves to the list of programs that were to be started at boot time. The Robin Hood and Friar Tuck ghosts were finally eradicated when the system staff rebooted the system from a clean boot-tape and reinstalled the monitor. Not long thereafter, Xerox released a patch for this problem. It is alleged that Xerox filed a complaint with Motorola's management about the merry-prankster actions of the two employees in question. It is not recorded that any serious disciplinary action was taken against either of them. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Tue, 10 Jun 2003, Bill Frantz wrote: > At 5:12 PM -0700 6/8/03, Anne & Lynn Wheeler wrote: > >somebody (else) commented (in the thread) that anybody that currently > >(still) writes code resulting in buffer overflow exploit maybe should be > >thrown in jail. > > A nice essay, partially on the need to include technological protections > against human error, included the above paragraph. > > IMHO, the problem is that the C language is just too error prone to be used > for most software. In "Thirty Years Later: Lessons from the Multics > Security Evaluation", Paul A. Karger and Roger R. Schell > credit the use of PL/I for > the lack of buffer overruns in Multics. However, in the Unix/Linux/PC/Mac > world, a successor language has not yet appeared. From jya at pipeline.com Wed Jun 11 11:09:12 2003 From: jya at pipeline.com (John Young) Date: Wed, 11 Jun 2003 11:09:12 -0700 Subject: Secrets of Computer Espionage: Tactics and Countermeasures Message-ID: New book by cpunk Joel McNamara who runs the Tempest website: http://www.eskimo.com/~joel/tempest.html http://www.wiley.com/legacy/compbooks/mcnamara/ Secrets of Computer Espionage: Tactics and Countermeasures by Joel McNamara Covers electronic and wireless eavesdropping, computer surveillance, intelligence gathering, password cracking, keylogging, data duplication, black bag computer spy jobs, reconnaissance, risk assessment, legal issues, and advanced spying techniques used by the government. Author shares easily-implemented countermeasures against spying to detect and defeat eavesdroppers and other hostile individuals. Addresses legal issues, including the U.S. Patriot Act, legal spying in the workplace, and computer fraud crimes. ISBN 0-7645-3710-5 384 Pages June 2003 Links: http://www.wiley.com/legacy/compbooks/mcnamara/links.html From ashwood at msn.com Wed Jun 11 11:52:38 2003 From: ashwood at msn.com (Joseph Ashwood) Date: Wed, 11 Jun 2003 11:52:38 -0700 Subject: An attack on paypal --> secure UI for browsers References: Message-ID: <00c001c3304c$796d7490$6601a8c0@JOSEPHAS> ----- Original Message ----- From: "Anonymous" Subject: Re: An attack on paypal --> secure UI for browsers > You clearly know virtually nothing about Palladium. Actually, properly designed Palladium would be little more than a smart card welded to the motherboard. As currently designed it is a complete second system that is allowed to take over the main processor. It has a few aspects of what it should be, but not many. It does include the various aspects of the smart card, but it also makes room for those aspects to take over the main system, properly designed this would not be an option, of course properly designed it could also be a permanently attached $1 smart card that internally hangs off the USB controller instead of a mammoth undertaking. I still stand by, "Arbitrarily trusting anyone to write a secure program simply doesn't work" regardless of how many times MS says "trust us" any substantially educated person should as well be prepared to either trust a preponderance of evidence, or perform their own examination, neither of these options is available. The information available does not cover the technical information, in fact their "Technical FAQ" about it actually has the following: "Q: Does this technology require an online connection to be used? A: No. " That is just sooooo enlightening, and is about as far from a useful answer as possible. > NCAs do not have > "complete access to private information". Quite the opposite. Rather, > NCAs have the power to protect private information such that no other > software on the machine can access it. They do so by using the Palladium > software and hardware to encrypt the private data. The encryption is > done in such a way that it is "sealed" to the particular NCA, and no other > software is allowed to use the Palladium crypto hardware to decrypt it. This applies only under the condition that the software in Palladium is perfectly secure. Again I point to the issues with ActiveX, where a wide variety of hoels have been found, I point to the newest MS operating system which has it even been out a month yet? and already has a security patch available, in spite of their "secure by default" process. Again I don't believe this is because MS is inherently bad, it is because writing secure programs is extremely difficult, MS just has the most feature bloat so they have the most problems. If the Palladium software is actually secure (unlikely), then there is the issue of how the (foolishly trusted) NCAs are determined to be the same, this is an easy problem to solve if no one ever added features, but a hard one to solve where the program evolves, once MS shows the solution for this, I will point to the same information and show you a security hole. > In the proposed usage, an NCA associated with an ecommerce site would seal > the data which is used by the user to authenticate to the remote site. After running unattended on your computer, a brilliant idea, hasn't anyone learned? > The authentication data doesn't actually have to be a certificate with > associated key, but that would be one possibility. Only NCAs signed by > that ecommerce site's key would be able to unseal and access the user's > authentication credentials. This prevents rogue software from stealing > them and impersonating the user. Not in the slightest, a single compromise of a single ecommerce site (remember they're "trusted") will remove all this pretend security. Let's use a particularly popular example on here right now www.e-go1d.com, they could easily apply to be an ecommerce site, they collect money, they offer a service, clearly they are an ecommerce site. Are you really gullible enough to believe that they won't do everything in their power to exploit the data transfer problem above, as well as any other holes in Palladium? I should hope not. > Seriously, have you read any > of the documents linked from http://www.microsoft.com/resources/ngscb/? Yes I have, in fact at this point I think it is safe to say that you have not, or you didn't understand the implications of the small amount of information it actually contains. Joe From lynn at garlic.com Wed Jun 11 11:42:50 2003 From: lynn at garlic.com (Anne & Lynn Wheeler) Date: Wed, 11 Jun 2003 12:42:50 -0600 Subject: An attack on paypal In-Reply-To: References: <3EE5F9DD.10939.696EC1A@localhost> Message-ID: <4.2.2.20030611123835.00ba6ee0@mail.earthlink.net> At 10:56 AM 6/11/2003 -0400, Sunder wrote: >In either case, we wouldn't need to worry about paying Verisign or anyone >else if we had properly secured DNS. Then you could trust those pop-up >self-signed SSL cert warnings. actually, if you had a properly secured DNS .... then you could trust DNS to distribute public keys bound to a domain name in the same way they distribute ip-addresses bound to a domain name. the certificates serve two purposes: 1) is the server that we think we are talking to really the server we are talking to and 2) key-exchange for establishing an encrypted channel. a properly secured DNS would allow information distributed by DNS to be trusted .... including a server's public key .... and given the public key .... it would be possible to do the rest of the SSL operation (w/o requiring certificates) which is establishing an agreed upon session secret key. -- Anne & Lynn Wheeler http://www.garlic.com/~lynn/ Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From jsd at monmouth.com Wed Jun 11 09:53:25 2003 From: jsd at monmouth.com (John S. Denker) Date: Wed, 11 Jun 2003 12:53:25 -0400 Subject: https for virtual hosts (was: attack on paypal) In-Reply-To: References: Message-ID: <3EE75E85.4010708@monmouth.com> On 06/11/2003 10:56 AM, Sunder wrote: > > www.foo.com www.bar.com www.baz.com can't all live on the same IP and > have individual ssl certs for https. :( This is because the cert is > exchanged before the http 1.1 layer can say "I want www.bar.com" > > So you need to waste IP's for this. Since the browser standards are > already in place, it's unlikely to be to find a workaround. A reasonable workaround might be something like: http://www.ietf.org/rfc/rfc3056.txt ... to allow isolated IPv6 domains or hosts, attached to an IPv4 network which has no native IPv6 support, to communicate with other such IPv6 domains or hosts with minimal manual configuration, before they can obtain natuve IPv6 connectivity. It incidentally provides an interim globally unique IPv6 address prefix to any site with at least one globally unique IPv4 address, even if combined with an IPv4 Network Address Translator (NAT). --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From crawdad at fnal.gov Wed Jun 11 12:13:25 2003 From: crawdad at fnal.gov (Matt Crawford) Date: Wed, 11 Jun 2003 14:13:25 -0500 Subject: An attack on paypal In-Reply-To: Your message of Wed, 11 Jun 2003 10:56:21 EDT. Message-ID: <200306111913.h5BJDPV1004648@gungnir.fnal.gov> > The worst trouble I've had with https is that you have no way to use host > header names to differentiate between sites that require different SSL > certificates. True as written, but Netscrape ind Internet Exploder each have a hack for honoring the same cert for multiple server names. Opera seems to honor at least one of the two hacks, and a cert can incorporate both at once. /C=US/ST=Illinois/L=Batavia/O=Fermilab/OU=Services /CN=(alpha|bravo|charlie).fnal.gov/CN=alpha.fnal.gov /CN=bravo.fnal.gov/CN=charlie.fnal.gov > So you need to waste IP's for this. Waste? Heck no, that's what they're for! From DaveHowe at gmx.co.uk Wed Jun 11 07:00:07 2003 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Wed, 11 Jun 2003 15:00:07 +0100 Subject: An attack on paypal References: <3EE5F9DD.15532.696EBE8@localhost> Message-ID: <000401c33023$80e18dc0$c71121c2@exchange.sharpuk.co.uk> James A. Donald wrote: > How many attacks have there been based on automatic trust of > verisign's feckless ID checking? Not many, possibly none. I imagine if there exists a https://www.go1d.com/ site for purposes of fraud, it won't be using a self-signed cert. Of course it is possible that the attackers are using http:// instead, but more people are likely to notice that. > That is not the weak point, not the point where the attacks > occur. If the browser was set to accept self signed > certificates by default, it would make little difference to > security. I don't think any currently can be - but regardless, an attacker wishing to run a fraudulent https site must have a certificate acceptable to the majority of browsers without changing settings - That currently is the big name CAs and nobody else. From cypherpunks at salvagingelectrons.com Wed Jun 11 12:24:17 2003 From: cypherpunks at salvagingelectrons.com (Tim Meehan) Date: Wed, 11 Jun 2003 15:24:17 -0400 Subject: Passport to Brinworld: Canadian Passport office digitizing all photos for UN database Message-ID: <1d0fev8cluunih9tu4ebfk99p3vbpcsqfn@4ax.com> http://cnews.canoe.ca/CNEWS/Canada/2003/06/11/108882.html Your ID going digital By TOM GODFREY - Toronto Sun The passport office has begun digitizing the photographs of millions of Canadians whose mugshots may end up in a United Nations-sanctioned global facial recognition database. The move is to meet standards set by the UN's International Civil Aviation Organization (ICAO), which requires a tiny computer chip with a person's picture and basic information be input into every passport from its 188 member states. ICAO officials last week ruled facial recognition technology will be the method used to identify travellers, who will have their photos downloaded into the database of a foreign country every time their passport is scanned at a border. The UN body said the global database can be used to nab or monitor terrorists, fugitives and others sought by police. All passports will be chipped Jacques Perron, of the Canadian Passport Office, said about four million Canadians have had their photos digitized since the program began two years ago. "At some point every Canadian passport will have a chip inside," Perron said. "There is nothing to prevent nations from collecting data and putting them on a database." He said no date has been set for when the chip will be inside Canadian passports, but officials are using facial recognition to screen people applying for passports to curb fraud. ICAO spokesman Denis Chagnon said facial recognition will increase air security and speed up the flow of passengers. "If police are trying to find someone their face can be flagged on a database," Chagnon said. "Anyone who holds a passport will become part of a global database." From smb at research.att.com Wed Jun 11 13:06:55 2003 From: smb at research.att.com (Steven M. Bellovin) Date: Wed, 11 Jun 2003 16:06:55 -0400 Subject: An attack on paypal Message-ID: <20030611200655.538B67B4D@berkshire.research.att.com> In message <200306111913.h5BJDPV1004648 at gungnir.fnal.gov>, "Matt Crawford" writ es: >> The worst trouble I've had with https is that you have no way to use host >> header names to differentiate between sites that require different SSL >> certificates. > >True as written, but Netscrape ind Internet Exploder each have a hack >for honoring the same cert for multiple server names. Opera seems to >honor at least one of the two hacks, and a cert can incorporate both >at once. > > /C=US/ST=Illinois/L=Batavia/O=Fermilab/OU=Services > /CN=(alpha|bravo|charlie).fnal.gov/CN=alpha.fnal.gov > /CN=bravo.fnal.gov/CN=charlie.fnal.gov You can also use *.fnal.gov --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From jis at MIT.EDU Wed Jun 11 13:10:21 2003 From: jis at MIT.EDU (Jeffrey I. Schiller) Date: Wed, 11 Jun 2003 16:10:21 -0400 Subject: The real problem that https has conspicuously failed to fix References: <001401c32dfe$90cccd70$6401a8c0@amd1900> <20030608231147.GA9890@piper.madduck.net> <20030609043804.3ACCF111C3@rant-central.com> Message-ID: <3EE78CAD.8030909@mit.edu> Folks, this isn't an https (or even http) problem. It is a tough user interface issue. Note: The form posting goes to www.pos2life.biz, which doesn't remotely look like paypal.com! To make matters worse, there are plenty of businesses that send you leg imitate email that comes from a "random" looking place. Just today I received one from MIT's Alumni Association, but the actual source was something like m0.email-foobar.com (or something). Obviously the Alumni Association outsources the sending of the mail to some third party company. So even if we came up with some fancy was of saying "This form doesn't post to the same place this page came from [never mind that the original of an e-mail form is ill defined]" won't help. I also received this scam mail. There were only two hints of badness (besides the obvious request for personal info that paypal shouldn't need) one was the form posting and the other was the "Received-by" line which my mail system put on the message which showed its original at a suspicious place (I believe in Japan, but I may have remembered wrong, it didn't look right at the time). This is a social problem. Technical measures can help, but won't solve it, I am afraid. -Jeff Roy M.Silvernail wrote: > On Sunday 08 June 2003 06:11 pm, martin f krafft wrote: > >>also sprach James A. Donald [2003.06.08.2243 +0200]: >> >>>(When you hit the submit button, guess what happens) >> >>How many people actually read dialog boxes before hitting Yes or OK? > > > It's slightly more subtle. The action tag of a form submission isn't usually > visible to the user like links are. In the scam copy I received, all the > links save one pointed to legitimate PayPal documents. Only the action= gave it away, and you have to view source to see that. > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 252 bytes Desc: not available URL: From frantz at pwpconsult.com Wed Jun 11 19:14:21 2003 From: frantz at pwpconsult.com (Bill Frantz) Date: Wed, 11 Jun 2003 19:14:21 -0700 Subject: An attack on paypal In-Reply-To: <3EE76E93.ACAE0DF3@cdc.gov> Message-ID: At 11:01 AM -0700 6/11/03, Major Variola (ret) wrote: >At 03:39 PM 6/10/03 -0700, Bill Frantz wrote: >>IMHO, the problem is that the C language is just too error prone to be >used >>for most software. In "Thirty Years Later: Lessons from the Multics >>Security Evaluation", Paul A. Karger and Roger R. Schell >> credit the use of PL/I >for >>the lack of buffer overruns in Multics. However, in the >Unix/Linux/PC/Mac >>world, a successor language has not yet appeared. > >What about Java? Apart from implementation bugs, its secure by design. Java is certainly an improvement for buffer overruns. (The last estimate I heard was that 1/3 of the penetrations were due to buffer overruns.) Java is still semi-intrepreted, so it is probably too slow for some applications. However Java is being used for server-side scripting with web servers, where the safety of the language is a definite advantage. Of course, when you cover one hole, people move on to others. Server-side Java is succeptable to SQL injection attacks for example. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. frantz at pwpconsult.com | American way. | Los Gatos, CA 95032, USA From ravage at einstein.ssz.com Wed Jun 11 20:21:09 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 11 Jun 2003 22:21:09 -0500 (CDT) Subject: Slashdot | FTC Wants Secret Spam Investigation Powers (fwd) Message-ID: http://yro.slashdot.org/article.pl?sid=03/06/11/222206 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From ravage at einstein.ssz.com Wed Jun 11 20:21:35 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 11 Jun 2003 22:21:35 -0500 (CDT) Subject: Online NewsHour: Forum -- Copyright Conundrum (fwd) Message-ID: http://www.pbs.org/newshour/forum/june03/copyright.html -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From cryptomjs at eudoramail.com Thu Jun 12 02:36:25 2003 From: cryptomjs at eudoramail.com (Mark Saarelainen) Date: Thu, 12 Jun 2003 02:36:25 -0700 Subject: Please post this on the USENET : alt.politics.org.ciaforme .... somebody tries t Message-ID: They stopped my USENET communication after I had told that my thesis on the business consolidation of a foreign corporation in the North America was 100 % correct. I had told in 1991 that the consolidation of Ahlstrom Machinery, Inc. (AMI) was a failure and unsuccessful. During the 1990s many Ahsltrom Machinery's businesses were sold and the remaining parts were or are to be sold to Andritz from Graz, Austria in 2003. I had told them the truth in 1991 and I was punished by the executive management of AMI and people spread bad stories about me and my thesis in 1991 although it was graded as very good by one Professor. The Business Development Director of Ahsltrom Machinery, Inc. even forced me to change my thesis tosome extent by threatening to prevent me from graduating as the Masters of Science in Industrial Engineering and Management in April/May, 1991. His name is Markku Perkola. Itwas just my academic work.They had even told to my so called birthmother that my thesis was! no t good, although it was graded as very good and as it is now concluded I was 100 % correct and right. So my thesis was right and these people of Ahsltrom Machinery and many people of Varkaus, Finland, just wanted to hurt me and destroyed my careerat my age of 24 (12 years ago), when I had told them the truth about the failing business operations of Ahsltrom Machinery in the North America in 1991. So as the conclusion I was punished by people of Finland after I had told them the truth,which was my job in the first place. I was hired to write my thesis on their business consolidation and I told the truth. As we know now today Ahlstrom Machinery does not exist any longer. Markku J. Saarelainen Varkaus, Finland ---- 5/31/2003 Andritz acquires 50% of Ahlstrom Machinery Group - extension to 100% possible Increase of sales by 50% to 1,000 million Euros Graz (Austria) based Andritz AG initially buys 50 per cent of the Finnish Ahlstrom Machinery Group. The acquisition became effective as of May 31, 2000, after obtaining the required permissions under anti-trust laws. Ahlstrom Machinery Group's future company name will be Andritz- Ahlstrom Corporation. Both Andritz and the Seller have options whose exercise would make Andritz the sole owner of Ahlstrom Machinery Group. Need a new email address that people can remember Check out the new EudoraMail at http://www.eudoramail.com From Mark Thu Jun 12 02:37:02 2003 From: Mark (Mark) Date: Thu, 12 Jun 2003 02:37:02 -0700 Subject: Please post this on the USENET : alt.politics.org.ciaforme .... somebody tries t Message-ID: They stopped my USENET communication after I had told that my thesis on the business consolidation of a foreign corporation in the North America was 100 % correct. I had told in 1991 that the consolidation of Ahlstrom Machinery, Inc. (AMI) was a failure and unsuccessful. During the 1990s many Ahsltrom Machinery's businesses were sold and the remaining parts were or are to be sold to Andritz from Graz, Austria in 2003. I had told them the truth in 1991 and I was punished by the executive management of AMI and people spread bad stories about me and my thesis in 1991 although it was graded as very good by one Professor. The Business Development Director of Ahsltrom Machinery, Inc. even forced me to change my thesis tosome extent by threatening to prevent me from graduating as the Masters of Science in Industrial Engineering and Management in April/May, 1991. His name is Markku Perkola. Itwas just my academic work.They had even told to my so called birthmother that my thesis was! no t good, although it was graded as very good and as it is now concluded I was 100 % correct and right. So my thesis was right and these people of Ahsltrom Machinery and many people of Varkaus, Finland, just wanted to hurt me and destroyed my careerat my age of 24 (12 years ago), when I had told them the truth about the failing business operations of Ahsltrom Machinery in the North America in 1991. So as the conclusion I was punished by people of Finland after I had told them the truth,which was my job in the first place. I was hired to write my thesis on their business consolidation and I told the truth. As we know now today Ahlstrom Machinery does not exist any longer. Markku J. Saarelainen Varkaus, Finland ---- 5/31/2003 Andritz acquires 50% of Ahlstrom Machinery Group - extension to 100% possible Increase of sales by 50% to 1,000 million Euros Graz (Austria) based Andritz AG initially buys 50 per cent of the Finnish Ahlstrom Machinery Group. The acquisition became effective as of May 31, 2000, after obtaining the required permissions under anti-trust laws. Ahlstrom Machinery Group's future company name will be Andritz- Ahlstrom Corporation. Both Andritz and the Seller have options whose exercise would make Andritz the sole owner of Ahlstrom Machinery Group. Need a new email address that people can remember Check out the new EudoraMail at http://www.eudoramail.com ------------------------------- END TRANSMISSION ------------------------------- From cryptomjs at eudoramail.com Thu Jun 12 02:37:02 2003 From: cryptomjs at eudoramail.com (Mark Saarelainen) Date: Thu, 12 Jun 2003 02:37:02 -0700 Subject: Please post this on the USENET : alt.politics.org.ciaforme .... somebody tries t Message-ID: They stopped my USENET communication after I had told that my thesis on the business consolidation of a foreign corporation in the North America was 100 % correct. I had told in 1991 that the consolidation of Ahlstrom Machinery, Inc. (AMI) was a failure and unsuccessful. During the 1990s many Ahsltrom Machinery's businesses were sold and the remaining parts were or are to be sold to Andritz from Graz, Austria in 2003. I had told them the truth in 1991 and I was punished by the executive management of AMI and people spread bad stories about me and my thesis in 1991 although it was graded as very good by one Professor. The Business Development Director of Ahsltrom Machinery, Inc. even forced me to change my thesis tosome extent by threatening to prevent me from graduating as the Masters of Science in Industrial Engineering and Management in April/May, 1991. His name is Markku Perkola. Itwas just my academic work.They had even told to my so called birthmother that my thesis was! no t good, although it was graded as very good and as it is now concluded I was 100 % correct and right. So my thesis was right and these people of Ahsltrom Machinery and many people of Varkaus, Finland, just wanted to hurt me and destroyed my careerat my age of 24 (12 years ago), when I had told them the truth about the failing business operations of Ahsltrom Machinery in the North America in 1991. So as the conclusion I was punished by people of Finland after I had told them the truth,which was my job in the first place. I was hired to write my thesis on their business consolidation and I told the truth. As we know now today Ahlstrom Machinery does not exist any longer. Markku J. Saarelainen Varkaus, Finland ---- 5/31/2003 Andritz acquires 50% of Ahlstrom Machinery Group - extension to 100% possible Increase of sales by 50% to 1,000 million Euros Graz (Austria) based Andritz AG initially buys 50 per cent of the Finnish Ahlstrom Machinery Group. The acquisition became effective as of May 31, 2000, after obtaining the required permissions under anti-trust laws. Ahlstrom Machinery Group's future company name will be Andritz- Ahlstrom Corporation. Both Andritz and the Seller have options whose exercise would make Andritz the sole owner of Ahlstrom Machinery Group. Need a new email address that people can remember Check out the new EudoraMail at http://www.eudoramail.com From crawdad at fnal.gov Thu Jun 12 06:54:29 2003 From: crawdad at fnal.gov (Matt Crawford) Date: Thu, 12 Jun 2003 08:54:29 -0500 Subject: An attack on paypal In-Reply-To: Your message of Wed, 11 Jun 2003 16:06:55 EDT. <20030611200655.538B67B4D@berkshire.research.att.com> Message-ID: <200306121354.h5CDsTV1009721@gungnir.fnal.gov> > You can also use *.fnal.gov Yes, we know, but our in-house CA operator (me) won't issue such a certificate. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From crawdad at fnal.gov Thu Jun 12 07:30:17 2003 From: crawdad at fnal.gov (Matt Crawford) Date: Thu, 12 Jun 2003 09:30:17 -0500 Subject: An attack on paypal In-Reply-To: Your message of Thu, 12 Jun 2003 16:35:11 +1200. <200306120435.h5C4ZB428720@medusa01.cs.auckland.ac.nz> Message-ID: <200306121430.h5CEUHV1011905@gungnir.fnal.gov> > "Matt Crawford" writes: > >... Netscrape ind Internet Exploder each have a hack for > >honoring the same cert for multiple server names. Opera seems to honor at > >least one of the two hacks, and a cert can incorporate both at once. > > > > /C=US/ST=Illinois/L=Batavia/O=Fermilab/OU=Services > > /CN=(alpha|bravo|charlie).fnal.gov/CN=alpha.fnal.gov > > /CN=bravo.fnal.gov/CN=charlie.fnal.gov > > Just to clarify this, so you need a multivalued CN, with one containing the > expression "(a|b|c)" and the remaining containing each of "a", "b", and "c"? > Is it multiple AVAs in an RDN, or multiple RDNs? (Either of these could be > hard to generate with a lot of software, which can't handle multiple AVAs in > an RDN or multiple same-type RDNs). Which hack is for MSIE and which is for > Netscape? Each CN is in a single-element RDN as usual. Netscape honors only the first CN in the SubjectDN, but will treat it as a restricted regex (shell-like * wildcard, alternation and grouping). IE checks the server name against each CN's individually. This was mainly determined by experimentation. I think we did find a limit on how long that first regex could be, but I don't remember what it was. Longer than my example, but short enough that some of our bigger virtual-hosting servers were inconvenienced by it. Openssl has no qualms about multiple same-type components. You just have to use the somewhat documented 0.commonName = ... 1.commonName = ... 2.commonName = ... in the configuration file. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From mv at cdc.gov Thu Jun 12 09:42:49 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Thu, 12 Jun 2003 09:42:49 -0700 Subject: Busted for hijacking web site (social engr) Message-ID: <3EE8AD88.6AFC0CD7@cdc.gov> Man Is Accused of Hijacking Web Site [*] He allegedly diverted Al Jazeera viewers to a bogus home page at the height of the war. By David Rosenzweig, Times Staff Writer A California man has been charged by federal authorities with hijacking Al Jazeera's Internet Web site during the Iraqi war and diverting viewers to a bogus home page that displayed an American flag and the message, "Let freedom ring." John William Racine II, a 24-year-old Web site designer from Norco, has agreed to plead guilty to wire fraud and unlawful interception of an electronic communication, a spokesman for the U.S. attorney's office said Wednesday . Impersonating an employee of the Arab television network's Web site, Racine allegedly tricked an Internet service provider into changing a password that enabled him to commandeer the Al Jazeera site, according to a criminal complaint. Racine was accused of intercepting about 300 e-mail messages intended for Al Jazeera before the takeover was discovered during the height of the war in March. Al Jazeera, the popular Arab satellite television channel based in Qatar, has been the target of some criticism in the United States because of its airing of videotaped pronouncements from fugitive Al Qaeda leaders Al Jazeera is backed by the government of Qatar but is widely perceived as editorially independent, experts said. Racine could not be reached for comment Wednesday. http://www.latimes.com/news/local/la-me-jazeera12jun12,1,4525407.story?coll=la-headlines-california From sunder at sunder.net Thu Jun 12 07:58:58 2003 From: sunder at sunder.net (Sunder) Date: Thu, 12 Jun 2003 10:58:58 -0400 (edt) Subject: sic transit blix Message-ID: http://www.newsday.com/news/nationworld/world/ny-woblix123329266jun12,0,3668966.story?coll=ny-worldnews-headlines June 12, 2003 London - Chief United Nations weapons inspector Hans Blix, in an interview published yesterday, accused U.S. officials of mounting a smear campaign against him. "But toward the end, the [Bush] administration leaned on us." and more of the same here: http://www.newsday.com/news/nationworld/world/ny-woblix12q3329323jun12,0,2015635.story?coll=ny-worldnews-headlines Not that any of this is in any way unexpected. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ From kelsey.j at ix.netcom.com Thu Jun 12 09:19:52 2003 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Thu, 12 Jun 2003 12:19:52 -0400 Subject: sic transit blix In-Reply-To: Message-ID: <5.2.0.9.0.20030612121817.0460d090@pop.ix.netcom.com> At 10:58 AM 6/12/03 -0400, Sunder wrote: ... We were shocked--*shocked*--to discover that lying was being used in diplomacy. Oh, the horror! --John Kelsey, kelsey.j at ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 From pgut001 at cs.auckland.ac.nz Wed Jun 11 21:35:11 2003 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Thu, 12 Jun 2003 16:35:11 +1200 Subject: An attack on paypal Message-ID: <200306120435.h5C4ZB428720@medusa01.cs.auckland.ac.nz> "Matt Crawford" writes: >True as written, but Netscrape ind Internet Exploder each have a hack for >honoring the same cert for multiple server names. Opera seems to honor at >least one of the two hacks, and a cert can incorporate both at once. > > /C=US/ST=Illinois/L=Batavia/O=Fermilab/OU=Services > /CN=(alpha|bravo|charlie).fnal.gov/CN=alpha.fnal.gov > /CN=bravo.fnal.gov/CN=charlie.fnal.gov Just to clarify this, so you need a multivalued CN, with one containing the expression "(a|b|c)" and the remaining containing each of "a", "b", and "c"? Is it multiple AVAs in an RDN, or multiple RDNs? (Either of these could be hard to generate with a lot of software, which can't handle multiple AVAs in an RDN or multiple same-type RDNs). Which hack is for MSIE and which is for Netscape? Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From nospam at vguild.com Thu Jun 12 18:03:33 2003 From: nospam at vguild.com (Adam Selene) Date: Thu, 12 Jun 2003 19:03:33 -0600 Subject: An attack on paypal References: <200306120435.h5C4ZB428720@medusa01.cs.auckland.ac.nz> Message-ID: <001601c33147$9d75adc0$82070b0a@phantomserver.com> > IE checks the server name against each CN's individually. I found that by experimentation too. I have VBScript sample on how to generate such a CSR request for IIS using the CryptoAPI. Furthermore, IE does not care if the CNs have different domains. e.g. /CN=www.domain.com/CN=www.domain.net/CN=www.domain.org -or even- /CN=www.domain.com/CN=www.cypherpunks.com/CN=www.microsoft.com You can self-sign such a cert with OpenSSL just fine. Whether you can get a real CA to sign such a thing is another matter. Adam --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From nunya at spamstopper.com Thu Jun 12 20:31:47 2003 From: nunya at spamstopper.com (Mark Lybrand) Date: Fri, 13 Jun 2003 03:31:47 GMT Subject: Historical Evidence or Possibility of Steganography in Music Message-ID: I was wondering if anyone here might guide me to any reference material regarding the possibility or actual occurrence of information having been steganographically hidden in musical scores. If this is the wrong NG to post this to, please correct me. TIA Mark ------------------------------ From nobody at remailer.privacy.at Thu Jun 12 18:46:29 2003 From: nobody at remailer.privacy.at (Anonymous) Date: Fri, 13 Jun 2003 03:46:29 +0200 (CEST) Subject: SADISTIC WORLD Z.O.G. CONSPIRACY AT WORK IN VARKAUS, FINLAND!! In-Reply-To: Message-ID: ------------------------------ BEGIN TRANSMISSION ------------------------------ From nobody at dizum.com Thu Jun 12 19:11:13 2003 From: nobody at dizum.com (Nomen Nescio) Date: Fri, 13 Jun 2003 04:11:13 +0200 (CEST) Subject: An attack on paypal --> secure UI for browsers Message-ID: <06f23f75a0aaa6f5f3a09c2c6917e3c8@dizum.com> Joe Ashwood writes: > From: "Anonymous" > > You clearly know virtually nothing about Palladium. > I still stand by, "Arbitrarily trusting anyone to write a secure program > simply doesn't work" regardless of how many times MS says "trust us" any > substantially educated person should as well be prepared to either trust a > preponderance of evidence, or perform their own examination, neither of > these options is available. Apparently you neglected to read http://www.microsoft.com/resources/ngscb/NGSCB_Overview.mspx, where Microsoft says (as they have repeated many times) "Customers and partners need reliable ways to ensure the quality of technology that addresses the critical needs met by NGSCB. That's why Microsoft will make available for public review the source code of the core piece of enabling software in NGSCB, called the 'nexus,' so it can be evaluated and validated by third parties for both security and privacy considerations." Therefore some educated person (obviously not you, at least not yet) will in fact be able to perform their own examination of the trusted part of the OS, since it will have its source code published for exactly this sort of review. > The information available does not cover the > technical information, in fact their "Technical FAQ" about it actually has > the following: > > "Q: Does this technology require an online connection to be used? > > A: No. " > > That is just sooooo enlightening, and is about as far from a useful answer > as possible. Very few of the Technical FAQ answers are so brief. In this case, it is a stupid question and deserves a trivial answer. The only reason it is in there is because of the lies spread by Lucky Green and Ross Anderson, all about how Palladium will connect to a central server and refuse to let you work with your own documents, or delete files that Microsoft or the U.S. Government don't like. > > NCAs do not have > > "complete access to private information". Quite the opposite. Rather, > > NCAs have the power to protect private information such that no other > > software on the machine can access it. They do so by using the Palladium > > software and hardware to encrypt the private data. The encryption is > > done in such a way that it is "sealed" to the particular NCA, and no other > > software is allowed to use the Palladium crypto hardware to decrypt it. > > This applies only under the condition that the software in Palladium is > perfectly secure. Again I point to the issues with ActiveX, where a wide > variety of hoels have been found, I point to the newest MS operating system > which has it even been out a month yet? and already has a security patch > available, in spite of their "secure by default" process. Again I don't > believe this is because MS is inherently bad, it is because writing secure > programs is extremely difficult, MS just has the most feature bloat so they > have the most problems. Microsoft's legacy software is all extremely complex. Palladium is taking a different approach, aiming at simplicity and transparency. The Nexus, which is the micro-kernel for the trusted components (NCAs), will be published for review. Its tasks are relatively few and well defined, nothing like the massive Windows OS. That is what Microsoft has gained by architecting Palladium as they did, with the new "trusted" CPU mode, which allows side-by-side operating systems to run. On the left hand side (LHS) we find the legacy Windows OS and applications. On the right hand side (RHS) we find the Nexus acting as the OS, and the NCAs acting as the applications. The brilliance of Palladium is that the LHS can't touch the RHS, because of hardware protection. At one stroke, the new trusted mode is insulated from bugs in the Windows OS, device drivers and applications. It in effect allows the designers to start with a clean piece of paper and produce a simple micro-kernel (the Nexus) whose only job is to service the NCAs. This is a manageable task and, in conjunction with public review, there is good reason to hope and expect that the Nexus will be secure. If so then NCAs will indeed run in a mode where they are protected from other software components (including other NCAs). > If the Palladium software is actually secure > (unlikely), then there is the issue of how the (foolishly trusted) NCAs are > determined to be the same, this is an easy problem to solve if no one ever > added features, but a hard one to solve where the program evolves, once MS > shows the solution for this, I will point to the same information and show > you a security hole. Read the documents! Actually you claim you already read them, but obviously you are lying or you would know that this question has been answered. I wrote a long posting about this last month explaining how it worked. The mechanism is called a Manifest and is described in section 9 of http://www.microsoft.com/resources/ngscb/documents/ngscb_tcb.doc. You can either use a hash of the NCA (which would not allow the NCA to be updated) or you can use a signing key, where NCAs signed by the same key would effectively share the same identity. The Manifest can also limit which other components are used by the NCA. It's a very flexible system. As far as the NCAs being "foolishly trusted", all they are trusted to do is to run without being molested. That's not exactly giving them the keys to the kingdom. And see above for the reasons why it is reasonable to believe that they can in fact be trusted to run with this degree of security. > > In the proposed usage, an NCA associated with an ecommerce site would seal > > the data which is used by the user to authenticate to the remote site. > > After running unattended on your computer, a brilliant > idea, hasn't anyone learned? > > > The authentication data doesn't actually have to be a certificate with > > associated key, but that would be one possibility. Only NCAs signed by > > that ecommerce site's key would be able to unseal and access the user's > > authentication credentials. This prevents rogue software from stealing > > them and impersonating the user. > > Not in the slightest, a single compromise of a single ecommerce site > (remember they're "trusted") will remove all this pretend security. Let's > use a particularly popular example on here right now www.e-go1d.com, they > could easily apply to be an ecommerce site, they collect money, they offer a > service, clearly they are an ecommerce site. Are you really gullible enough > to believe that they won't do everything in their power to exploit the data > transfer problem above, as well as any other holes in Palladium? I should > hope not. In my proposal, each ecommerce site would have its own unique NCA with its own unique identity. As anyone who has studied NGSCB (except you) knows, NCAs are protected from each other as well as from the rest of the system. Therefore rogue or compromised sites would not be able to touch the information that was being held for other sites. e-go1d.com would not be able to get at the information associated with e-gold.com. Your proposed attack does not work. > > Seriously, have you read any > > of the documents linked from http://www.microsoft.com/resources/ngscb/? > > Yes I have, in fact at this point I think it is safe to say that you have > not, or you didn't understand the implications of the small amount of > information it actually contains. Your comments above make it clear that you are not at all acquainted with the material in those documents. If you're going to pretend to be a security expert (remember when you advocated ECB mode for the XML encryption effort?!!), you could do worse than spending a few hours studying these documents closely. It's very likely that NGSCB will be a central technology for security in the next two to ten years or even longer. This is undoubtedly an area where security consulting could be lucrative. Sadly, even "experts" of your caliber can probably be very successful in this area. But you'll have to do your homework. From eresrch at eskimo.com Fri Jun 13 06:16:02 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Fri, 13 Jun 2003 06:16:02 -0700 (PDT) Subject: An attack on paypal --> secure UI for browsers In-Reply-To: <06f23f75a0aaa6f5f3a09c2c6917e3c8@dizum.com> Message-ID: On Fri, 13 Jun 2003, Nomen Nescio wrote: > Apparently you neglected to read > http://www.microsoft.com/resources/ngscb/NGSCB_Overview.mspx, where > Microsoft says (as they have repeated many times) "Customers and partners > need reliable ways to ensure the quality of technology that addresses > the critical needs met by NGSCB. That's why Microsoft will make available > for public review the source code of the core piece of enabling software > in NGSCB, called the 'nexus,' so it can be evaluated and validated by > third parties for both security and privacy considerations." So why isn't it open for review *before* it's finalized? Might it give too many people an idea of what's really wrong with it? > Therefore some educated person (obviously not you, at least not yet) > will in fact be able to perform their own examination of the trusted part > of the OS, since it will have its source code published for exactly this > sort of review. Let's see it now. Not after it's finisihed. > Microsoft's legacy software is all extremely complex. Palladium is > taking a different approach, aiming at simplicity and transparency. I want the drugs you are on dude. You have a very rosy picture, and it seems all your inputs have been hijacked by supreme chemicals! > The Nexus, which is the micro-kernel for the trusted components (NCAs), > will be published for review. Its tasks are relatively few and well > defined, nothing like the massive Windows OS. That is what Microsoft has > gained by architecting Palladium as they did, with the new "trusted" > CPU mode, which allows side-by-side operating systems to run. On the > left hand side (LHS) we find the legacy Windows OS and applications. > On the right hand side (RHS) we find the Nexus acting as the OS, and > the NCAs acting as the applications. And in the mean time the user can't control their own computer. > The brilliance of Palladium is that the LHS can't touch the RHS, > because of hardware protection. At one stroke, the new trusted mode is > insulated from bugs in the Windows OS, device drivers and applications. > It in effect allows the designers to start with a clean piece of paper > and produce a simple micro-kernel (the Nexus) whose only job is to > service the NCAs. This is a manageable task and, in conjunction with > public review, there is good reason to hope and expect that the Nexus > will be secure. If so then NCAs will indeed run in a mode where they > are protected from other software components (including other NCAs). Very nice drug induced rant. Too bad reality doesn't work that way. Who owns the hardware? The user or the RIAA? True hardware protection means the user is protected from Microsoft, not the other way around. > Your comments above make it clear that you are not at all acquainted > with the material in those documents. If you're going to pretend to > be a security expert (remember when you advocated ECB mode for the XML > encryption effort?!!), you could do worse than spending a few hours > studying these documents closely. It's very likely that NGSCB will > be a central technology for security in the next two to ten years or > even longer. This is undoubtedly an area where security consulting > could be lucrative. Sadly, even "experts" of your caliber can probably > be very successful in this area. But you'll have to do your homework. Palladium changed to NGSCB and will morph to something else and something after that. It won't ever fly because the user can't control their own machine. Trust is a two way street. Until Microsoft learns to trust their customers, nobody will trust Microsoft. What we do in person we can do on a computer. We can con each other in person, so we'll be able to con each other with computers. That's how reality works, and no hardware or laws is going to change that. Instead of trying to wave a magic wand while everyone is on lsd, it'd be better if Microsoft and the RIAA came out with their own hardware for the specific purpose of DRM sales. Everyone would know who owns the hardware because they'd just rent it instead of buying it. IBM is already on the right track for this. Microsoft has yet to get it. Patience, persistence, truth, Dr. mike From dontmail at address.co.uk.invalid Thu Jun 12 23:26:02 2003 From: dontmail at address.co.uk.invalid (Richard Heathfield) Date: Fri, 13 Jun 2003 06:26:02 +0000 (UTC) Subject: Historical Evidence or Possibility of Steganography in Music Message-ID: Mark Lybrand wrote: > I was wondering if anyone here might guide me to any reference material > regarding the possibility or actual occurrence of information having been > steganographically hidden in musical scores. Sorry, I don't have any formal references for you about hiding information in music. Nevertheless, I know it's happened, because I have done it myself, in the mid-1980s. Not only that, but it survived a cryptanalytic attack from somebody who was 99% sure that the music contained a message but was unable to work out how that message was encoded. Some time in the 1990s, I read in good old Readers' Digest of a war-time incident in which musical notation was used for encryption; this nearly got a man killed when he was asked by the Germans to play the music. He was able to shrug off the cacophony as "this modern music", and got away with it. How true this account is, I don't know. I don't know why they didn't do what I did, which is to insert musical padding into the score to maintain some semblance of melody. It's an expensive method of steganography, though, since you really do have to compose your own tunes. The problem with saving time by using existing scores is that their composition (if you will forgive the term) is public knowledge, and so a comparison with the original will reveal the significant differences. The only way around this is to prevent such a comparison, and the only certain way to do that is to compose your own tunes. You might be able to automate the padding, if your computer is soulful enough. :-) -- Richard Heathfield : binary at eton.powernet.co.uk "Usenet is a strange place." - Dennis M Ritchie, 29 July 1999. C FAQ: http://www.eskimo.com/~scs/C-faq/top.html K&R answers, C books, etc: http://users.powernet.co.uk/eton From shaddack at ns.arachne.cz Fri Jun 13 00:27:20 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 13 Jun 2003 09:27:20 +0200 (CEST) Subject: Steganography and musical scores? Message-ID: See also something about computer-generated music: http://brainop.media.mit.edu/online/net-music/net-instrument/Thesis.html ---------- Forwarded message ---------- Date: Fri, 13 Jun 2003 03:13:00 EDT Subject: Cryptography-Digest Digest #978 From: Digestifier To: Cryptography-Digest at senator-bedfellow.mit.edu From adam.lydick at verizon.net Fri Jun 13 09:50:13 2003 From: adam.lydick at verizon.net (Adam Lydick) Date: 13 Jun 2003 09:50:13 -0700 Subject: An attack on paypal --> secure UI for browsers In-Reply-To: References: Message-ID: <1055523011.16502.29.camel@lorien> The faq (see attached) claims that "anyone can write a nexus" and that "users control which nexus(s) run". I certainly didn't see anything that suggests that anyone can force you to run arbitrary code, regardless of who has signed it. I also find it absurd to worry about what code Microsoft is running on your system. If you are running their operating system, you are already running arbitrary code from them. If you install a security or functional patch, you are running arbitrary code from them. How would this be different? My only real concern is that once this becomes widespread, having the correct "nexus" + DRM software installed will be the only way to get play digital media. I have a feeling I won't be playing any of that content from the MythTv box in my living room... AdamL -- http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/NGSCB.asp Q: What is the "nexus" component of NGSCB? A: The nexus is a new Windows OS component that will be introduced as part of NGSCB. The nexus, what we used to refer to as a "nub" or "trusted operating root," is essentially the kernel of an isolated software stack that runs alongside the existing software stack. The nexus provides a limited set of APIs and services for applications, including sealed storage and attestation functions. Think of nexus-aware applications as residing in the user mode space of the parallel execution environment and the nexus as residing in the kernel mode space. Anyone can write a nexus for use with nexus-aware systems. The user always has the ultimate authority over what nexuses are allowed to run. Only one nexus at a time will be able to run on a machine. Q: What is the privacy model associated with NGSCB? A: The user is always in control of whether or not nexus-aware technology is enabled on his or her PC and what nexuses have access to specific functions. The technology being developed as part of NGSCB provides a fine-grained access control model that allows users to specify (by hash) whether an individual nexus has the right to invoke a specific security operation. In addition, SSC functions that reveal potentially machine-identifying information, such as the RSA public key, can only be performed once per SSC reset (and the SSC cannot be reset from software; you have to power-cycle the PC). -- Adam Lydick From camera_lumina at hotmail.com Fri Jun 13 08:00:22 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 13 Jun 2003 11:00:22 -0400 Subject: SADISTIC WORLD Z.O.G. CONSPIRACY AT WORK IN VARKAUS, FINLAND!! Message-ID: "So as the conclusion I was punished by people of Finland after I had told them the truth,which was my job in the first place. I was hired to write my thesis on their business consolidation and I told the truth. As we know now today Ahlstrom Machinery does not exist any longer." Well, one things for sure. This guy ain't from the US. He actually seems suprised that some corporate bigwigs shut him down for putting roadblocks on their deal. Next he'll be writing in with the big revelation that, even though the company went down the crapper as a result of the deal, the deal-makers made out personally like bandits. Welcome to Capitalism, m'friend. -TD >From: Anonymous >To: mail2news at anon.lcs.mit.edu, mail2news at dizum.com >CC: cypherpunks at minder.net >Subject: SADISTIC WORLD Z.O.G. CONSPIRACY AT WORK IN VARKAUS, FINLAND!! >Date: Fri, 13 Jun 2003 03:46:29 +0200 (CEST) > >------------------------------ BEGIN TRANSMISSION >------------------------------ > >From: Mark Saarelainen [cryptomjs at eudoramail.com] >Date: Thu, 12 Jun 2003 02:37:02 -0700 >To: cypherpunks at einstein.ssz.com >Subject: Please post this on the USENET : alt.politics.org.ciaforme .... >somebody tries t > >They stopped my USENET communication after I had told that my thesis on the >business consolidation of a foreign corporation in the North America was >100 % correct. I had told in 1991 that the consolidation of Ahlstrom >Machinery, Inc. (AMI) was a failure and unsuccessful. During the 1990s many >Ahsltrom Machinery's businesses were sold and the remaining parts were or >are to be sold to Andritz from Graz, Austria in 2003. I had told them the >truth in 1991 and I was punished by the executive management of AMI and >people spread bad stories about me and my thesis in 1991 although it was >graded as very good by one Professor. The Business Development Director of >Ahsltrom Machinery, Inc. even forced me to change my thesis tosome extent >by threatening to prevent me from graduating as the Masters of Science in >Industrial Engineering and Management in April/May, 1991. His name is >Markku Perkola. Itwas just my academic work.They had even told to my so >called birthmother that my thesis was! > no >t good, although it was graded as very good and as it is now concluded I >was 100 % correct and right. So my thesis was right and these people of >Ahsltrom Machinery and many people of Varkaus, Finland, just wanted to hurt >me and destroyed my careerat my age of 24 (12 years ago), when I had told >them the truth about the failing business operations of Ahsltrom Machinery >in the North America in 1991. > >So as the conclusion I was punished by people of Finland after I had told >them the truth,which was my job in the first place. I was hired to write my >thesis on their business consolidation and I told the truth. As we know now >today Ahlstrom Machinery does not exist any longer. > >Markku J. Saarelainen >Varkaus, Finland > >---- > >5/31/2003 > > Andritz acquires 50% of Ahlstrom Machinery Group - extension to >100% possible >Increase of sales by 50% to 1,000 million Euros > >Graz (Austria) based Andritz AG initially buys 50 per cent of the Finnish > >Ahlstrom Machinery Group. The acquisition became effective as of May >31, 2000, after obtaining the required permissions under anti-trust >laws. Ahlstrom Machinery Group's future company name will be Andritz- >Ahlstrom Corporation. Both Andritz and the Seller have options whose >exercise would make Andritz the sole owner of Ahlstrom Machinery >Group. > > > >Need a new email address that people can remember >Check out the new EudoraMail at >http://www.eudoramail.com > >------------------------------- END TRANSMISSION >------------------------------- _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus From camera_lumina at hotmail.com Fri Jun 13 08:05:52 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 13 Jun 2003 11:05:52 -0400 Subject: Steganography and musical scores? Message-ID: Well, of course there's the famous B-A-C-H that Bach encoded towards the end of Art of the Fugue, written right before he died. (H in Germany is the same as our B, I think, and B in Germany is our B-flat, but don't quote me, it may be the other way around.) There're tons of others in the history of Western music. I'd bet there's a book or two on the subject somewhere. -TD >From: Thomas Shaddack >To: cypherpunks >Subject: Steganography and musical scores? >Date: Fri, 13 Jun 2003 09:27:20 +0200 (CEST) > >See also something about computer-generated music: >http://brainop.media.mit.edu/online/net-music/net-instrument/Thesis.html > > > >---------- Forwarded message ---------- >Date: Fri, 13 Jun 2003 03:13:00 EDT >Subject: Cryptography-Digest Digest #978 >From: Digestifier >To: Cryptography-Digest at senator-bedfellow.mit.edu > > > >Subject: Historical Evidence or Possibility of Steganography in Music >From: Mark Lybrand >Date: Fri, 13 Jun 2003 03:31:47 GMT > >I was wondering if anyone here might guide me to any reference material >regarding the possibility or actual occurrence of information having been >steganographically hidden in musical scores. > >If this is the wrong NG to post this to, please correct me. > >TIA > >Mark > >------------------------------ > >From: Richard Heathfield >Subject: Re: Historical Evidence or Possibility of Steganography in Music >Date: Fri, 13 Jun 2003 06:26:02 +0000 (UTC) > >Mark Lybrand wrote: > > > I was wondering if anyone here might guide me to any reference material > > regarding the possibility or actual occurrence of information having >been > > steganographically hidden in musical scores. > >Sorry, I don't have any formal references for you about hiding information >in music. Nevertheless, I know it's happened, because I have done it >myself, in the mid-1980s. Not only that, but it survived a cryptanalytic >attack from somebody who was 99% sure that the music contained a message >but was unable to work out how that message was encoded. > >Some time in the 1990s, I read in good old Readers' Digest of a war-time >incident in which musical notation was used for encryption; this nearly got >a man killed when he was asked by the Germans to play the music. He was >able to shrug off the cacophony as "this modern music", and got away with >it. How true this account is, I don't know. > >I don't know why they didn't do what I did, which is to insert musical >padding into the score to maintain some semblance of melody. > >It's an expensive method of steganography, though, since you really do have >to compose your own tunes. The problem with saving time by using existing >scores is that their composition (if you will forgive the term) is public >knowledge, and so a comparison with the original will reveal the >significant differences. The only way around this is to prevent such a >comparison, and the only certain way to do that is to compose your own >tunes. > >You might be able to automate the padding, if your computer is soulful >enough. :-) > >-- >Richard Heathfield : binary at eton.powernet.co.uk >"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999. >C FAQ: http://www.eskimo.com/~scs/C-faq/top.html >K&R answers, C books, etc: http://users.powernet.co.uk/eton _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail From eresrch at eskimo.com Fri Jun 13 11:17:42 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Fri, 13 Jun 2003 11:17:42 -0700 (PDT) Subject: Spread Spectrum Image Steganography Patent In-Reply-To: Message-ID: On Fri, 13 Jun 2003, John Young wrote: > The US Army today announced the availability of licensing > of its patent for "Spread Spectrum Image Steganography:" > > http://cryptome.org/usa-patent.htm (with copy of the patent) Thanks, interesting. I think anyone with access to the original picture would detect something is there, but the nice thing is that they wouldn't know how to decode the message. It still depends on not messing up too many bits, which is similar to "obvious" methods, but I like the use of erf() to estimate the message. Patience, persistence, truth, Dr. mike From pcw2 at flyzone.com Fri Jun 13 08:44:00 2003 From: pcw2 at flyzone.com (Peter Wayner) Date: Fri, 13 Jun 2003 11:44:00 -0400 Subject: Steganography and musical scores? In-Reply-To: References: Message-ID: At 9:27 AM +0200 6/13/03, Thomas Shaddack wrote: >See also something about computer-generated music: >http://brainop.media.mit.edu/online/net-music/net-instrument/Thesis.html > I'm told someone is trying to encode information by ordering the musical notes played in a chord with a Midi synthesizer. It's possible to hide information in the order of a set using a technique like this: http://www.wayner.org/books/discrypt2/sorted.php -Peter From mv at cdc.gov Fri Jun 13 12:18:55 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 13 Jun 2003 12:18:55 -0700 Subject: Steganography and musical scores? Message-ID: <3EEA239F.CD2BABC8@cdc.gov> (resent) At 11:44 AM 6/13/03 -0400, Peter Wayner wrote: >At 9:27 AM +0200 6/13/03, Thomas Shaddack wrote: >>See also something about computer-generated music: >>http://brainop.media.mit.edu/online/net-music/net-instrument/Thesis.html >> > > >I'm told someone is trying to encode information by ordering the >musical notes played in a chord with a Midi synthesizer. It's >possible to hide information in the order of a set using a technique >like this: > >http://www.wayner.org/books/discrypt2/sorted.php That's cute --there's no acoustic difference. There are also methods which produce nearly imperceptible differences --you can adjust the millisecond-scale timings, or the dynamics. Since these will vary with each performer's rendition anyway, they're fairly stealthy. From jya at pipeline.com Fri Jun 13 12:26:44 2003 From: jya at pipeline.com (John Young) Date: Fri, 13 Jun 2003 12:26:44 -0700 Subject: Spread Spectrum Image Steganography Patent Message-ID: The US Army today announced the availability of licensing of its patent for "Spread Spectrum Image Steganography:" http://cryptome.org/usa-patent.htm (with copy of the patent) Patent Abstract The Spread Spectrum Image Steganography (SSIS) of the present invention is a data hiding/secret communication steganographic system which uses digital imagery as a cover signal. SSIS provides the ability to hide a significant quantity of information bits within digital images while avoiding detection by an observer. The message is recovered with low error probability due the use of error control coding. SSIS payload is, at a minimum, an order of magnitude greater than of existing watermarking methods. Furthermore, the original image is not needed to extract the hidden information. The proposed recipient need only possess a key in order to reveal the secret message. The very existence of the hidden information is virtually undetectable by human or computer analysis. Finally, SSIS provides resiliency to transmission noise, like that found in a wireless environment and low levels of compression. Patent No.: 6,557,103 Granted: April 29, 2003 Inventors: Boncelet, Jr.; Charles G. (Newark, DE); Marvel; Lisa M. (Churchville, MD); Retter; Charles T. (Belcamp, MD) Assignee: The United States of America as represented by the Secretary of the Army (Washington, DC) From camera_lumina at hotmail.com Fri Jun 13 11:53:22 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 13 Jun 2003 14:53:22 -0400 Subject: Israel's WMDs on MSNBC.COM Message-ID: Hey...just found out about msnbc.com's hidden page on WMDs, including bio, nuke, and chemical. Any way to push such a thing into a google cache? http://www.msnbc.com/news/wld/graphics/strategic_israel_dw.htm -TD _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail From bill at scannell.org Fri Jun 13 13:25:40 2003 From: bill at scannell.org (Bill Scannell) Date: Fri, 13 Jun 2003 15:25:40 -0500 Subject: Victory. Homeland Security Pulls the Plug On CAPPS II Message-ID: We Win! CAPPS II Testing Stops Pending Privacy Analysis See the victory statement at http://www.boycottdelta.org All the best, Bill Scannell Founder Boycott Delta From bob.cat at snet.net Fri Jun 13 12:35:07 2003 From: bob.cat at snet.net (BobCat) Date: Fri, 13 Jun 2003 15:35:07 -0400 Subject: Israel's WMDs on MSNBC.COM References: Message-ID: <020901c331e2$f5659130$c8eafc40@Leopard> From: "Tyler Durden" > Hey...just found out about msnbc.com's hidden page on WMDs, including bio, > nuke, and chemical. Not hidden. http://archive.msnbc.com/modules/Israel_strategic/default.asp > Any way to push such a thing into a google cache? From rah at shipwright.com Fri Jun 13 16:34:41 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 13 Jun 2003 16:34:41 -0700 Subject: Fourth Announcement for ECC 2003 Message-ID: --- begin forwarded text From adam at homeport.org Fri Jun 13 14:17:34 2003 From: adam at homeport.org (Adam Shostack) Date: Fri, 13 Jun 2003 17:17:34 -0400 Subject: An attack on paypal --> secure UI for browsers In-Reply-To: References: <557dd8f2519377887312df07a5dd0977@rebleep> Message-ID: <20030613211734.GA77018@lightship.internal.homeport.org> On Fri, Jun 13, 2003 at 11:04:42PM +0200, Thomas Shaddack wrote: | > The problem (among others) is that this allows a virus to steal the | > client cert. If it is protected by a password, the malware must hang | > around long enough for the user to unlock the cert (perhaps because the | > malware sent a spoofed email calling for the user to visit the site, | > even the real site!). It can then read the user's keystrokes and acquire | > the password. Now it has the cert and password and can impersonate the | > user at will. | > | > The solution to this is Palladium (NGSCB). | | BAH! *shudders* | | All we need for this is an external cryptographic token - a smartcard with | a keypad, an USB device, a Bluetooth-enabled thingy. You plug it into the | machine, the server you connect to sends its certificate name and | challenge to the browser, which passes it unchanged to your token. The ... | get as low as few dollars, can easily interface with just about any OS | including PDAs, and doesn't require The Megacorp Whose Name Shouldn't Be | Spoken to take over your machine. Actually, most of the features of Nogsuccob are features that I want, like integrity protected, authenticated boot. The problem, bundled with those features, is the ability of the system to attest to its secure boot. This can be fixed by not letting the host know if you've exported its host key or not, which makes it possible to run a virtualized, trusted copy in your emulation environment. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From eccmaili at math.uwaterloo.ca Fri Jun 13 15:05:10 2003 From: eccmaili at math.uwaterloo.ca (ECC 2003) Date: Fri, 13 Jun 2003 18:05:10 -0400 (EDT) Subject: Fourth Announcement for ECC 2003 Message-ID: --------------------------------------------------------------------- THE 7TH WORKSHOP ON ELLIPTIC CURVE CRYPTOGRAPHY (ECC 2003) University of Waterloo, Waterloo, Ontario, Canada August 11, 12 & 13 2003 FOURTH ANNOUNCEMENT June 13, 2003 ********************************************************************* ********************************************************************* NOTES: 1) Please make your hotel bookings as soon as possible. The cutoff date for room bookings at the Waterloo Inn is June 29, and the cutoff date for room bookings at the Comfort Inn is July 7. The Waterloo Inn is sold out for the night of August 9. 2) The last lecture at ECC 2003 will end at 3:00 pm on Wednesday (Aug 13). This will give participants sufficient time to catch flights scheduled to leave Toronto after 7:00 pm. There are hourly flights from Toronto to Ottawa for those who wish to attend SAC 2003. 3) If you would like to be removed from this mailing list please reply with a brief note. You will promptly be removed from the list. ********************************************************************* ********************************************************************* ECC 2003 is the seventh in a series of annual workshops dedicated to the study of elliptic curve cryptography and related areas. The main themes of ECC 2003 will be: - The discrete logarithm problem. - Efficient parameter generation and point counting. - Provably secure cryptographic protocols. - Efficient software and hardware implementation. - Side-channel attacks. - Deployment of elliptic curve cryptography. It is hoped that the meeting will continue to encourage and stimulate further research on the security and implementation of elliptic curve cryptosystems and related areas, and encourage collaboration between mathematicians, computer scientists and engineers in the academic, industry and government sectors. Attendees of ECC 2003 might also wish to attend SAC 2003 (Ottawa, Aug 14-15) and CRYPTO 2003 (Santa Barbara, Aug 17-21). The last lecture at ECC 2003 will end at 3:00 pm on Wednesday (Aug 13). This will give participants sufficient time to catch flights scheduled to leave Toronto after 7:00 pm. There are hourly flights from Toronto to Ottawa. SPONSORS: Certicom Corp. MITACS Motorola University of Essen University of Waterloo ORGANIZERS: Gerhard Frey (University of Essen) Darrel Hankerson (Auburn University) Alfred Menezes (University of Waterloo) Christof Paar (Ruhr-Universitat Bochum) Edlyn Teske (University of Waterloo) Scott Vanstone (University of Waterloo) SPEAKERS: Hans Dobbertin (Ruhr-Universitat Bochum, Germany) Florian Hess (University of Bristol, UK) Hugo Krawczyk (Technion, Israel, and IBM Research, USA) Tanja Lange (Ruhr-Universitat Bochum, Germany) Reynald Lercier (Centre d'Electronique de L'Armement, France) Ben Lynn (Stanford University, USA) William Martin (National Security Agency, USA) Christof Paar (Ruhr-Universitat Bochum, Germany) John Proos (University of Waterloo, Canada) Jean-Jacques Quisquater (Universite Catholique de Louvain, Belgium) Pankaj Rohatgi (IBM Research, USA) Victor Shoup (New York University, USA) Jerome A. Solinas (National Security Agency, USA) Edlyn Teske (University of Waterloo, Canada) Nicolas Theriault (University of Toronto, Canada) Eran Tromer (Weizmann Institute of Science, Israel) CONFERENCE PROGRAMME: There will be 15-16 invited lectures (and no contributed talks), with the remaining time used for informal discussions. There will be both survey lectures as well as lectures on latest research developments. All lectures will be held on the campus of the University of Waterloo. Here is a tentative list of lecture titles: Hans Dobbertin To be announced Florian Hess The GHS attack revisited Hugo Krawczyk Design and analysis of authenticated Diffie-Hellman protocols Tanja Lange Efficient arithmetic on (hyper-)elliptic curves over finite fields Reynald Lercier Algorithmic aspects of Mestre's p-adic point counting ideas Ben Lynn Applications of bilinear maps William Martin To be announced Christof Paar Hyperelliptic curve cryptosystems for embedded applications John Proos Security in the presents of decryption failures Jean-Jacques Quisquater 2 or 3 side-channels for ECC Pankaj Rohatgi Power, EM and all that: Is your crypto device really secure? Victor Shoup Standardizing public key encryption algorithms Jerome A. Solinas To be announced Edlyn Teske Weak fields for ECC Nicolas Theriault Index calculus attack for hyperelliptic curves of small genus Eran Tromer Hardware-based implementation of factoring algorithms REGISTRATION: There will be a registration fee this year of $250 Cdn or $170 US or Euros 160 ($150 Cdn or $100 US or Euros 90 for full-time graduate students). PLEASE REGISTER AS SOON AS POSSIBLE AS SPACE IS LIMITED FOR THIS WORKSHOP; REGISTRATION IS ON A FIRST-COME FIRST-SERVE BASIS. We cannot process a registration until all fees are paid in full. The deadline for all fees to be paid and registration completed has been set for the 1st of August, 2003. However, you are encouraged to register earlier than Aug 1 since some hotels have a cutoff date of June 29. To register, complete, in full, the attached REGISTRATION FORM and return it along with your payment to: Mrs. Adrienne Richter, C&O Dept., University of Waterloo, Waterloo, Ontario, Canada N2L 3G1. You can also send your registration form by fax (519-725-5441) or by email (ecc2003 at math.uwaterloo.ca). Confirmation of your registration will be sent by email when payment is received in full. ------------------------cut from here--------------------------------- ECC 2003 CONFERENCE REGISTRATION FORM Fullname: _________________________________________________________ Affiliation: _________________________________________________________ Address: _________________________________________________________ _________________________________________________________ _________________________________________________________ _________________________________________________________ _________________________________________________________ E-Mail Address: _________________________________________________________ Telephone #: _________________________________________________________ Registration Fee: Please check the appropriate box: [ ] Registration .......$250.00 CAD ..............$________ [ ] Registration .......$170.00 USD ..............$________ [ ] Registration .......Euro 160.00 ..............$________ [ ] Full-time Student ..$150.00 CAD ..............$________ [ ] Full-time Student ..$100.00 USD ..............$________ [ ] Full-time Student ..Euro 90.00 ..............$________ Registration Fee includes Banquet: Attending [ ] Yes [ ] No Vegetarian [ ] Yes [ ] No TOTAL AMOUNT PAYABLE: ............................$________ **Make Cheque/Money Order Payable to: ECC 2003 Credit Card Payments: [ ] Visa [ ] MasterCard Cardholder's Name: ________________________________________________ Card Number: ______________________________________________________ Expiration Date: __________________________________________________ Signature: ________________________________________________________ Additional Information: ___________________________________________ -------------------------cut from here------------------------------- TRAVEL: Kitchener-Waterloo is approximately 100 km/60 miles from Pearson International Airport in Toronto. Ground transportation to Kitchener-Waterloo can be pre-arranged with Airways Transit. TRANSPORTATION TO AND FROM TORONTO AIRPORT PROVIDED BY AIRWAYS TRANSIT It is advisable to book your transportation between the Pearson Airport, Toronto, and Waterloo in advance to receive the advance booking rate of $38 CAD per person, one way, with Airways Transit (open 24 hours a day). Please quote "ECC2003" when making your reservation. Airways is a door-to-door service; they accept cash (Cdn or US funds), MasterCard, Visa and American Express. Upon arrival: Terminal 1: proceed to Ground Transportation Booth, Arrivals Level. Terminal 2: proceed to Airways Transit desk, Arrivals Level, Area E. Terminal 3: proceed to Ground Transportation Booth, Arrivals Level, between Doors B and C. You can make a reservation through their web site: www.airwaystransit.com Or, you can complete the form below and send by mail or fax (519-886-2141) well in advance of your arrival to Airways Transit. They will not fax confirmations: your fax transmission record is confirmation of your reservation. -------------------------cut from here--------------------------------- AIRWAYS TRANSIT ADVANCE BOOKING FORM - ECC 2003 ARRIVAL INFORMATION: ____________________________________________________________ Surname First name ____________________________________________________________ Toronto Arrival Date Airline Flight # ____________________________________________________________ Arrival Time Arriving From ____________________________________________________________ Destination in Kitchener/Waterloo No. in party DEPARTURE INFORMATION: ____________________________________________________________ Surname First name ____________________________________________________________ Toronto Departure Date Airline Flight # ____________________________________________________________ Departure Time Flight # Destination ____________________________________________________________ Pickup From No. in party ____________________________________________________________ Signature Date Send or Fax to: Airways Transit 99A Northland Road Waterloo, Ontario Canada, N2V 1Y8 Fax: (519) 886-2141 Telephone: (519) 886-2121 -----------------------------cut form here-------------------------------- ACCOMMODATIONS: There is a limited block of rooms set aside on a first-come first-serve basis at the Waterloo Inn for the evenings of August 10, 11, 12 and 13, and at the Comfort Inn for the evenings of August 9, 10, 11, 12 and 13. Please note that the Waterloo Inn is sold out for the evening of August 9. COMFORT INN Address: 190 Weber Street North, Waterloo, Ontario, Canada N2J 3H4 Phone: (519) 747-9400 Rate: $80 Cdn plus taxes/night for a single or double room Please quote "ECC 2003" when making your reservation Availability: Evenings of August 9, 10, 11, 12, 13 Cut-off date: July 7, 2003 WATERLOO INN Address: 475 King Street North, Waterloo, Ontario, Canada N2J 2Z5 Phone: (519) 884-0222 Fax: (519) 884-0321 Toll Free: 1-800-361-4708 Website: www.waterlooinn.com Rate: $118 Cdn plus taxes/night for a single or double room Please quote "ECC 2003" when making your reservation Availability: Evenings of August 10, 11, 12, 13 Cut-off date: June 29, 2003 Other hotels close to the University of Waterloo are: UNIVERSITY OF WATERLOO CONFERENCE CENTRE (on-campus accommodation; no air conditioning) Ron Eydt Village, Box 16610, Waterloo, Ontario, Canada N3J 4C1 Phone: 519-884-5400, 519-746-7599 Website: www.conferences.uwaterloo.ca (see "Room Registration") Approx rate: $52 Cdn plus taxes/night DESTINATION INN 547 King Street North, Waterloo, Ontario, Canada N2L 5Z7 Phone: (519) 884-0100 Website: www.destinationinn.com Approx rate: $73 Cdn plus taxes/night BEST WESTERN INN St. Jacobs Country Inn 50 Benjamin Road East, Waterloo, Ontario, Canada N2V 2J9 Phone: (519) 884-9295 Website: www.stjacobscountryinn.com Approx rate: $129 Cdn plus taxes/night THE WATERLOO HOTEL 2 King Street North, Waterloo, Ontario, Canada N2J 2W7 Phone: (519) 885-2626 Website: www.countryinns.org/inn_waterloo.html Approx rate: $120-160 Cdn plus taxes/night HOTEL TO CONFERENCE TRANSPORTATION: A shuttle to/from the campus will be available each day of the conference from the Waterloo Inn and Comfort Inn only. Place and times for pickup and drop-off will be provided in the final announcement. FURTHER INFORMATION: For further information or to return your Registration, please contact: Mrs. Adrienne Richter Department of Combinatorics & Optimization University of Waterloo Waterloo, Ontario, Canada N2L 3G1 e-mail: ecc2003 at math.uwaterloo.ca Fax: (519) 725-5441 Phone: (519) 888-4027 If you did not receive this announcement by email and would like to be added to the mailing list for the fourth announcement, please send email to ecc2003 at math.uwaterloo.ca. The announcements are also available from the web site www.cacr.math.uwaterloo.ca --------------------------------------------------------------------- --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From shaddack at ns.arachne.cz Fri Jun 13 14:04:42 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Fri, 13 Jun 2003 23:04:42 +0200 (CEST) Subject: An attack on paypal --> secure UI for browsers In-Reply-To: <557dd8f2519377887312df07a5dd0977@rebleep> Message-ID: > The problem (among others) is that this allows a virus to steal the > client cert. If it is protected by a password, the malware must hang > around long enough for the user to unlock the cert (perhaps because the > malware sent a spoofed email calling for the user to visit the site, > even the real site!). It can then read the user's keystrokes and acquire > the password. Now it has the cert and password and can impersonate the > user at will. > > The solution to this is Palladium (NGSCB). BAH! *shudders* All we need for this is an external cryptographic token - a smartcard with a keypad, an USB device, a Bluetooth-enabled thingy. You plug it into the machine, the server you connect to sends its certificate name and challenge to the browser, which passes it unchanged to your token. The token asks you for a PIN, and calculates a response. The browser then transparently relays the response back. There is nothing in the unit that's accessible from the computer, and because of a physically different keypad nothing can be sniffed from the computer. The cost of the unit can get as low as few dollars, can easily interface with just about any OS including PDAs, and doesn't require The Megacorp Whose Name Shouldn't Be Spoken to take over your machine. From eresrch at eskimo.com Sat Jun 14 06:34:54 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Sat, 14 Jun 2003 06:34:54 -0700 (PDT) Subject: An attack on paypal --> secure UI for browsers In-Reply-To: <20030614112016.30665.qmail@nym.alias.net> Message-ID: On 14 Jun 2003, lcs Mixmaster Remailer wrote: > Trusted Computing lets people convincingly tell the truth about what > software they are running. This is seen as a horrific threat in certain > circles. It's easy to see why liars wouldn't like it. What does an > honest man have to lose? Hmmmm.... Why is it that only liars are proposing it and defenders hide in the anonymous weeds? Patience, persistence, truth, Dr. mike From saeq at gmx.net Sat Jun 14 06:37:09 2003 From: saeq at gmx.net (Luthor Blisset) Date: Sat, 14 Jun 2003 06:37:09 -0700 Subject: An attack on paypal --> secure UI for browsers Message-ID: <5.1.0.14.2.20030614063707.026e7e20@pop.gmx.net> At 11:20 AM 6/14/2003 +0000, someone wrote: >Trusted Computing lets people convincingly tell the truth about what >software they are running. This is seen as a horrific threat in certain >circles. It's easy to see why liars wouldn't like it. What does an >honest man have to lose? The axiom "honest men have nothing to fear from the police" is currently under review at the Axiom Review Board. Thank you Terry Pratchett! If trolls like you weren't so easy to respond to, I'd just move on, but... Information about the software I'm running isn't anyone else's business. If someone wants to know about it, they can ask me, and under no circumstances am I obligated to tell them anything, much less what they want to hear. End of story. -- Luthor //Remembering is copying and copying is THEFT From adam.lydick at verizon.net Sat Jun 14 08:58:14 2003 From: adam.lydick at verizon.net (Adam Lydick) Date: 14 Jun 2003 08:58:14 -0700 Subject: An attack on paypal --> secure UI for browsers In-Reply-To: References: <1055523011.16502.29.camel@lorien> Message-ID: <1055606292.16496.145.camel@lorien> That is certainly a good point but don't confuse the "nexus" with NCAs (agents). I think the nexus just provides services to the NCAs which actually do the work. Think of it as a core library that services can draw on. So having to trust the nexus, is rather like trusting kernel32.dll or some other core components. Choosing to trust/run NCA sounds pretty grainular, so you can trust your validated P2P stack from your favorite independent developer and ignore (if you can) the restrictive DRM solutions that are offered. Problems certainly remain though: In the validated P2P scenario, an Adversary with enough influence to have Intel/AMD/... hand out a signed internal key can circumvent any such "protections". Thoughts? AdamL On Sat, 2003-06-14 at 11:50, David Wagner wrote: > Adam Lydick wrote: > >The faq (see attached) claims that "anyone can write a nexus" and that > >"users control which nexus(s) run". > > > >I certainly didn't see anything that suggests that anyone can force you > >to run arbitrary code, regardless of who has signed it. > > "Force", maybe not. No one can "force" me to turn my machine on, > for instance. But take a look at one line you quoted from the FAQ: > > "Only one nexus at a time will be able to run on a machine." > > That looks to me like an important sentence. -- Adam Lydick From mix at anon.lcs.mit.edu Sat Jun 14 04:20:16 2003 From: mix at anon.lcs.mit.edu (lcs Mixmaster Remailer) Date: 14 Jun 2003 11:20:16 -0000 Subject: An attack on paypal --> secure UI for browsers Message-ID: <20030614112016.30665.qmail@nym.alias.net> Adam Shostack writes: > Actually, most of the features of Nogsuccob are features that I > want, like integrity protected, authenticated boot. The problem, > bundled with those features, is the ability of the system to attest to > its secure boot. This can be fixed by not letting the host know if > you've exported its host key or not, which makes it possible to run a > virtualized, trusted copy in your emulation environment. Nothing forces you to tell anyone else that you booted securely. At most someone may offer to give you something in exchange for such a proof, but you're not obligated to take them up on it. It's not clear what you're getting at about exporting the host key. These systems (TCs) are generally designed to make that difficult or impossible to accomplish. The security of the whole system is built on that assumption. If you actually did manage to pull out the host key then you could make it attest to any falsehood you wanted, although you might get caught eventually. Trusted Computing lets people convincingly tell the truth about what software they are running. This is seen as a horrific threat in certain circles. It's easy to see why liars wouldn't like it. What does an honest man have to lose? From adam at homeport.org Sat Jun 14 08:22:01 2003 From: adam at homeport.org (Adam Shostack) Date: Sat, 14 Jun 2003 11:22:01 -0400 Subject: An attack on paypal --> secure UI for browsers In-Reply-To: <20030614112016.30665.qmail@nym.alias.net> References: <20030614112016.30665.qmail@nym.alias.net> Message-ID: <20030614152201.GA89414@lightship.internal.homeport.org> On Sat, Jun 14, 2003 at 11:20:16AM -0000, a Microsoft employee wrote: | Adam Shostack writes: | | > Actually, most of the features of Nogsuccob are features that I | > want, like integrity protected, authenticated boot. The problem, | > bundled with those features, is the ability of the system to attest to | > its secure boot. This can be fixed by not letting the host know if | > you've exported its host key or not, which makes it possible to run a | > virtualized, trusted copy in your emulation environment. | | Nothing forces you to tell anyone else that you booted securely. At most | someone may offer to give you something in exchange for such a proof, | but you're not obligated to take them up on it. Well, sure. And no one forces me to run Microsoft office, either, except Microsoft's monoploy. And when the document format can phone home to prevent piracy or openoffice from running, no one will be 'obligating' me to pay monopoly rents to Microsoft. In the same way, no one forces me to have a drivers license. But its damned hard living life without one. | It's not clear what you're getting at about exporting the host key. | These systems (TCs) are generally designed to make that difficult or | impossible to accomplish. The security of the whole system is built on | that assumption. If you actually did manage to pull out the host key | then you could make it attest to any falsehood you wanted, although you | might get caught eventually. The security of the system to make attestations is built on that assumption. However, there are other values that a TBC can offer, like secure key storage or trusted boot of a known OS image, that I might like. My ability to attest to any falsehood is limited by the statements the key is expected to sign. How broad are those? I thought they were quite limited. | Trusted Computing lets people convincingly tell the truth about what | software they are running. This is seen as a horrific threat in certain | circles. It's easy to see why liars wouldn't like it. What does an | honest man have to lose? Interoperability. Fair use. Market Choice. Archives. Control over their own computers. Ability to decide when to patch. The ability to run purchased software.. ... privately. ... when there are bugs in the license code. ... when the license server or the network is unavailable. That's off the top of my head. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From sunder at sunder.net Sat Jun 14 12:17:22 2003 From: sunder at sunder.net (Sunder) Date: Sat, 14 Jun 2003 15:17:22 -0400 (edt) Subject: Microsoft, TCPA, your wallet and the real ending of the story. In-Reply-To: <5.1.0.14.2.20030614063707.026e7e20@pop.gmx.net> Message-ID: Indeed. If it's coming from Redmond, and as usual if it smells of evil, there is an utterly simple solution in dealing with it: don't buy it. Don't buy Microsoft software, don't buy motherboards that include TCPA capabilities. When you're up for getting yourself a new PC, get a generic one without such options, or if you insist, call the vendor and tell them you want a box without evil-inside and without a Redmond OS pre-installed. Buy a generic intel/amd machine without the "Secure" processor, or give Steve Jobs some of your cash for a nice G4/G5 machine, or you can go to a generic PowerPC motherboard and run Linux, or you can go to McNeally's shop and buy an UltraSPARC, etc. There are plenty to choose from. If you find uses for TCPA, by all means, have fun. If you think Microsoft's secured from you OS platforms are the way to go for you, by all means, Ballmer and Gates surely could make better use of more of your cash than you can. Vote with your wallet. The market will ultimately dictate what M$ will and will not sell in regards to operating systems, digital rights management, application suites, and so forth. End of story. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Sat, 14 Jun 2003, Luthor Blisset wrote: > At 11:20 AM 6/14/2003 +0000, someone wrote: > > >Trusted Computing lets people convincingly tell the truth about what > >software they are running. This is seen as a horrific threat in certain > >circles. It's easy to see why liars wouldn't like it. What does an > >honest man have to lose? > > The axiom "honest men have nothing to fear from the police" is > currently under review at the Axiom Review Board. Thank you Terry > Pratchett! If trolls like you weren't so easy to respond to, I'd just move > on, but... > Information about the software I'm running isn't anyone else's > business. If someone wants to know about it, they can ask me, and under no > circumstances am I obligated to tell them anything, much less what they > want to hear. > End of story. > > -- Luthor //Remembering is copying and copying is THEFT From bill.stewart at pobox.com Sat Jun 14 15:20:55 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Sat, 14 Jun 2003 15:20:55 -0700 Subject: MS Format Flames Re: An attack on paypal --> secure UI for browsers In-Reply-To: <20030614224056.GD15195@jal.clueinc.net> References: <20030614195356.GA92289@lightship.internal.homeport.org> Message-ID: <5.1.1.6.2.20030614151220.02ec8e90@idiom.com> > > Oh get over it. There are other formats. >You ever heard of XML? HTML? RTF? There are output formats and input formats. It's easy to output data in formats other people can read - if you want something prettier than ASCII, HTML is usually fine, though there's not much support for embedded pictures as opposed to separate files. XML is a meta-format - you can't really guarantee that anybody else's XML tool can read your XML tool's documents, because they may not have all the same objects. If you want to give them something quasi-immutable, there's always PDF. That lets you be rude _and_ proprietary :-) Postscript is more flexible, but too many people don't have tools to read it with. Input formats are harder, because Microsoft keeps adding backwards-incompatibility every time they upgrade Office, just to force everybody else to upgrade. OpenOffice can often help, but not always. Microsoft does make free readers for Word and Powerpoint. They're only intended for running on Windows, but perhaps they work on WINE? From sunder at sunder.net Sat Jun 14 12:30:47 2003 From: sunder at sunder.net (Sunder) Date: Sat, 14 Jun 2003 15:30:47 -0400 (edt) Subject: An attack on paypal --> secure UI for browsers In-Reply-To: <20030614152201.GA89414@lightship.internal.homeport.org> Message-ID: Um, how's that agin? How does Ballmer and Gates force you, Adam Shostack to run Microsoft Office? Did they put a gun to your head? Did they manage to twist Congress's arms to put a gun to your head? Compatibility you say? Well, that's your choice. You can decide if it's important enough to you and act accordingly. I personally think MSFT is evil, and provides nothing but mediocre software. So I vote with my wallet by not paying them for their junk and I won't buy upgrades of their software if the previous versions do what I needed, and install Linux and OpenBSD on new machines. Yes, some of the older shittier machines I have run Windows, but that's because I'm either too lazy to track down drivers for Linux or want them to continue running what they run. Doesn't mean I have to go to XP or 2003. Yes, my work machine runs win2k, but I didn't pay for it, and I didn't have much choice in it - actually I could either quit and find a new job (really lots of fun in this economy) or reinstall Linux over it and live with Open Office and other open tools or have paid for Crossover office out of my pocket, etc. Wasn't worth the trouble and we already have a site license for win2k + office 2k, so that's the path I went. Not my money, the company's money. They chose to pay the Redmond Beast, so what do I care? But for home use, I have no real use for much more than OpenOffice and Linux. There's no need for me to pirate garbage from Microsoft. I can live without it. These are some old pentium1- 100Mhz notebook machines I have that came with Windows 95 and 98 - turd OS's really, but they serve a purpose - mp3 players and light web surfing in my living room and other places for example. And before you ask, no, I didn't pirate the mp3's. They're all ripped from CD's that I owned, and I still have the CD's as proof of ownership. Yes, I could go to linux on them, but why bother wasting half a day tracking down drivers and tuning kernels for them when they're already built and working the way I want them to? So why do you feel it's required of you to either pay Microsoft for, or pirate Office XP and Server 2003 and TCPA enabled junkware? What's so important that you can't live without them. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Sat, 14 Jun 2003, Adam Shostack wrote: > Well, sure. And no one forces me to run Microsoft office, either, > except Microsoft's monoploy. And when the document format can phone > home to prevent piracy or openoffice from running, no one will be > 'obligating' me to pay monopoly rents to Microsoft. > In the same way, no one forces me to have a drivers license. But its > damned hard living life without one. > From sunder at sunder.net Sat Jun 14 12:52:25 2003 From: sunder at sunder.net (Sunder) Date: Sat, 14 Jun 2003 15:52:25 -0400 (edt) Subject: Microsoft, TCPA, your wallet and the real ending of the story. In-Reply-To: <20030614195834.GB92289@lightship.internal.homeport.org> Message-ID: Right now, Intel, AMD, Transmeta, IBM+Motorola (PowerPC), Sun+Fuji+Tatung (UltraSPARC + clones), whomever is left making MIPS Rx000 chip based machines after SGI (Is sgi still making Irix boxes?) and so on. If you want TCPA, by all means, go have fun buying a motherboard with it and run whatever OS meets your needs, and if none do, feel free to write your own extensions for Linux, *BSD, etc. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Sat, 14 Jun 2003, Adam Shostack wrote: > Which CPU vendor will sell me a CPU without TCPA? > > And besides, I WANT a TCPA machine. I just don't want remote > attestation, or keys that I can't back-up and relocate. From adam at homeport.org Sat Jun 14 12:53:57 2003 From: adam at homeport.org (Adam Shostack) Date: Sat, 14 Jun 2003 15:53:57 -0400 Subject: An attack on paypal --> secure UI for browsers In-Reply-To: References: <20030614152201.GA89414@lightship.internal.homeport.org> Message-ID: <20030614195356.GA92289@lightship.internal.homeport.org> On Sat, Jun 14, 2003 at 03:30:47PM -0400, Sunder wrote: | Um, how's that agin? How does Ballmer and Gates force you, Adam Shostack | to run Microsoft Office? Did they put a gun to your head? Did they | manage to twist Congress's arms to put a gun to your head? | | Compatibility you say? Well, that's your choice. You can decide if it's | important enough to you and act accordingly. I personally think MSFT is | evil, and provides nothing but mediocre software. So I vote with my | wallet by not paying them for their junk and I won't buy upgrades of their | software if the previous versions do what I needed, and install Linux and | OpenBSD on new machines. Sure. And I'm glad you work with a small group of people who understand that you don't read their documents. After many years of refusal, I finally gave up. I work with lots of customers who expect documents in MS formats, and look at you askance for giving them anything else. You only get so many explanations before customers go elsewhere, and I chose not to spend them on this. Similarly, I could choose to speak to everyone I meet in, say, Russian. And some folks would understand. Others would walk away. So, you can argue that you're effectively required to speak English to do business in North America. I would argue that you're similarly required to use MS Office. | Yes, my work machine runs win2k, but I didn't pay for it, and I didn't | have much choice in it - actually I could either quit and find a new job | (really lots of fun in this economy) or reinstall Linux over it and live | with Open Office and other open tools or have paid for Crossover office | out of my pocket, etc. Wasn't worth the trouble and we already have a | site license for win2k + office 2k, so that's the path I went. Not my | money, the company's money. They chose to pay the Redmond Beast, so what | do I care? You'll be part of the problem when Nogsuccob is apon us, because the documents you create won't be readable in OpenOffice, and Crossover won't run. | So why do you feel it's required of you to either pay Microsoft for, or | pirate Office XP and Server 2003 and TCPA enabled junkware? What's so | important that you can't live without them. Office Nogsuccob will only interoperate with itself. Companies will end up deploying it to interact with other versions, not for any real feature. You don't like the word force, I suggest quitting all use of .DOC, .PPT, and .XLS formats. Please educate the world on how much better the alternatives are. Me, I'll pay my $200 to not bother today, and regret it tomorrow. And by the way, do you have a driver's license, or other state-issued ID card? Adam | On Sat, 14 Jun 2003, Adam Shostack wrote: | | > Well, sure. And no one forces me to run Microsoft office, either, | > except Microsoft's monoploy. And when the document format can phone | > home to prevent piracy or openoffice from running, no one will be | > 'obligating' me to pay monopoly rents to Microsoft. | | | | > In the same way, no one forces me to have a drivers license. But its | > damned hard living life without one. | > | | | -- "It is seldom that liberty of any kind is lost all at once." -Hume From adam at homeport.org Sat Jun 14 12:58:34 2003 From: adam at homeport.org (Adam Shostack) Date: Sat, 14 Jun 2003 15:58:34 -0400 Subject: Microsoft, TCPA, your wallet and the real ending of the story. In-Reply-To: References: <5.1.0.14.2.20030614063707.026e7e20@pop.gmx.net> Message-ID: <20030614195834.GB92289@lightship.internal.homeport.org> On Sat, Jun 14, 2003 at 03:17:22PM -0400, Sunder wrote: | Indeed. | | If it's coming from Redmond, and as usual if it smells of evil, there is | an utterly simple solution in dealing with it: don't buy it. Don't buy | Microsoft software, don't buy motherboards that include TCPA capabilities. | When you're up for getting yourself a new PC, get a generic one without | such options, or if you insist, call the vendor and tell them you want a | box without evil-inside and without a Redmond OS pre-installed. Which CPU vendor will sell me a CPU without TCPA? And besides, I WANT a TCPA machine. I just don't want remote attestation, or keys that I can't back-up and relocate. | Buy a generic intel/amd machine without the "Secure" processor, or give | Steve Jobs some of your cash for a nice G4/G5 machine, or you can go to a IBM is starting to add TCPA to the powerpc line. And much as I enjoy my Mac, the DVD player still has this bug where fast-forward doesn't work sometimes. Really annoying when you need to yank a DVD for cleaning, and watch the previews 3 or 4 times. http://www-3.ibm.com/chips/products/powerpc/newsletter/mar2003/ppc_process_at_work.html Sparc may be an option if Sun stays in business, but again, I want a TCPA chip that I can control. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From sunder at sunder.net Sat Jun 14 13:29:23 2003 From: sunder at sunder.net (Sunder) Date: Sat, 14 Jun 2003 16:29:23 -0400 (edt) Subject: An attack on paypal --> secure UI for browsers In-Reply-To: <20030614195356.GA92289@lightship.internal.homeport.org> Message-ID: Oh get over it. There are other formats. You ever heard of XML? HTML? RTF? If the day comes where MS Office DRM only works with MS Office DRM, how many people will switch to it? If your company is willing to switch to it, then they'll give you a PC with it on it. If they don't, then they can't expect you to interact with them via such formats and can't require you to do so. You sound like someone's holding a gun to your head and requiring you to have MS Office. Either way, you can ask them to export to other document formats which you can read. Even now Office will export to HTML for example which is readable by Mozilla and other browsers. Microsoft is not the DMV. You don't need to use their software. And no, I will never be part of your problem because the documents I will create for non work use will be made with Open Office or will be plain text, html, or xml files. If I'm required to use a DRM'ed Office for work, then fine, my company owns those documents anyway and they can do whatever the fuck they like with them either way. It doesn't matter to me at all -- it's their call, it's their company, it's their documents. But, for personal use, I won't buy any upgrades or new Microsoft software. End of story. Either way, how much a revolt do you think there will be if Microsoft decides to lock down their tools (such as word) to the point where they can no longer export to HTML, plain text, RTF should the author wish it to do so and provides whatever passphrases or ID's needed to unlock the document and export it out? Who would buy such a dog of a product? Do you think businesses are so stupid that they'd put up with a product that jails them in? Get real son, you're howling at the moon! On one hand you're bitching that you have to use Microsoft software on the other you're complaining that I'm using it while I'm telling you I don't want to and don't care to and won't upgrade to it. You want to make a difference? Go ahead, wipe every bit of Microsoft wares off all your machines and burn the CD's you've installed them from. Go all open source and show others the right way. At least I'd have some respect for you for voting with your wallet and practicing what you preach. Right now all you're doing is bitching that you're forced to buy and use Microsoft Office. I say that's bullshit, and you know it. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Sat, 14 Jun 2003, Adam Shostack wrote: > Sure. And I'm glad you work with a small group of people who > understand that you don't read their documents. After many years of > refusal, I finally gave up. I work with lots of customers who expect > documents in MS formats, and look at you askance for giving them > anything else. You only get so many explanations before customers go > elsewhere, and I chose not to spend them on this. Similarly, I could > choose to speak to everyone I meet in, say, Russian. And some folks > would understand. Others would walk away. So, you can argue that > you're effectively required to speak English to do business in North > America. I would argue that you're similarly required to use MS > Office. > > > You'll be part of the problem when Nogsuccob is apon us, because the > documents you create won't be readable in OpenOffice, and Crossover > won't run. > > > Office Nogsuccob will only interoperate with itself. Companies will end > up deploying it to interact with other versions, not for any real > feature. > > You don't like the word force, I suggest quitting all use of .DOC, > .PPT, and .XLS formats. Please educate the world on how much better > the alternatives are. Me, I'll pay my $200 to not bother today, and > regret it tomorrow. > > And by the way, do you have a driver's license, or other state-issued > ID card? From adam at homeport.org Sat Jun 14 13:53:57 2003 From: adam at homeport.org (Adam Shostack) Date: Sat, 14 Jun 2003 16:53:57 -0400 Subject: An attack on paypal --> secure UI for browsers In-Reply-To: References: <20030614195356.GA92289@lightship.internal.homeport.org> Message-ID: <20030614205356.GA92907@lightship.internal.homeport.org> A charming naivete. *Plonk* On Sat, Jun 14, 2003 at 04:29:23PM -0400, Sunder wrote: | Oh get over it. There are other formats. You ever heard of | XML? HTML? RTF? | | If the day comes where MS Office DRM only works with MS Office DRM, how | many people will switch to it? If your company is willing to switch to | it, then they'll give you a PC with it on it. If they don't, then they | can't expect you to interact with them via such formats and can't require | you to do so. | | You sound like someone's holding a gun to your head and requiring you to | have MS Office. | | Either way, you can ask them to export to other document formats which you | can read. Even now Office will export to HTML for example which is | readable by Mozilla and other browsers. | | Microsoft is not the DMV. You don't need to use their software. | | And no, I will never be part of your problem because the documents I will | create for non work use will be made with Open Office or will be plain | text, html, or xml files. | | If I'm required to use a DRM'ed Office for work, then fine, my company | owns those documents anyway and they can do whatever the fuck they like | with them either way. It doesn't matter to me at all -- it's their call, | it's their company, it's their documents. | | But, for personal use, I won't buy any upgrades or new Microsoft | software. End of story. | | Either way, how much a revolt do you think there will be if Microsoft | decides to lock down their tools (such as word) to the point where they | can no longer export to HTML, plain text, RTF should the author wish | it to do so and provides whatever passphrases or ID's needed to unlock | the document and export it out? | | Who would buy such a dog of a product? Do you think businesses are so | stupid that they'd put up with a product that jails them in? Get real | son, you're howling at the moon! | | On one hand you're bitching that you have to use Microsoft software on the | other you're complaining that I'm using it while I'm telling you I don't | want to and don't care to and won't upgrade to it. | | You want to make a difference? Go ahead, wipe every bit of Microsoft | wares off all your machines and burn the CD's you've installed them | from. Go all open source and show others the right way. At least I'd | have some respect for you for voting with your wallet and practicing what | you preach. | | Right now all you're doing is bitching that you're forced to buy and use | Microsoft Office. I say that's bullshit, and you know it. | | | ----------------------Kaos-Keraunos-Kybernetos--------------------------- | + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ | \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ | <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ | /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ | + v + : The look on Sadam's face - priceless! | --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ | | On Sat, 14 Jun 2003, Adam Shostack wrote: | | > Sure. And I'm glad you work with a small group of people who | > understand that you don't read their documents. After many years of | > refusal, I finally gave up. I work with lots of customers who expect | > documents in MS formats, and look at you askance for giving them | > anything else. You only get so many explanations before customers go | > elsewhere, and I chose not to spend them on this. Similarly, I could | > choose to speak to everyone I meet in, say, Russian. And some folks | > would understand. Others would walk away. So, you can argue that | > you're effectively required to speak English to do business in North | > America. I would argue that you're similarly required to use MS | > Office. | > | > | > You'll be part of the problem when Nogsuccob is apon us, because the | > documents you create won't be readable in OpenOffice, and Crossover | > won't run. | > | > | > Office Nogsuccob will only interoperate with itself. Companies will end | > up deploying it to interact with other versions, not for any real | > feature. | > | > You don't like the word force, I suggest quitting all use of .DOC, | > .PPT, and .XLS formats. Please educate the world on how much better | > the alternatives are. Me, I'll pay my $200 to not bother today, and | > regret it tomorrow. | > | > And by the way, do you have a driver's license, or other state-issued | > ID card? | -- "It is seldom that liberty of any kind is lost all at once." -Hume From jal at jal.org Sat Jun 14 15:40:56 2003 From: jal at jal.org (Jamie Lawrence) Date: Sat, 14 Jun 2003 17:40:56 -0500 Subject: An attack on paypal --> secure UI for browsers In-Reply-To: References: <20030614195356.GA92289@lightship.internal.homeport.org> Message-ID: <20030614224056.GD15195@jal.clueinc.net> On Sat, 14 Jun 2003, Sunder wrote: > Oh get over it. There are other formats. You ever heard of > XML? HTML? RTF? Yes, as a matter of fact. RTF is an MS format, BTW. They do change it sometimes, breaking various attempts at interoperability. They don't do it much; it seems like something they forget to break much of the time. > If the day comes where MS Office DRM only works with MS Office DRM, how > many people will switch to it? If your company is willing to switch to > it, then they'll give you a PC with it on it. If they don't, then they > can't expect you to interact with them via such formats and can't require > you to do so. > > You sound like someone's holding a gun to your head and requiring you to > have MS Office. No, there's no gun to anyone's head. However, as part of negotiating my current contract (I'm a partner in a small software development company), we recieved lots of MS Word/Excel docs. When you're negotiating new business, saying "erm, I don't do windows. Can you give me something else" is a bit of a show stopper. By comparison, if you're selling someone a car, are you going to stop them mid-sale and ask that they please haggle in Euros? (And in case you're curious, our project is entirely open source driven.) > Microsoft is not the DMV. You don't need to use their software. For that matter, one can drive without a license. I see your distinction, however it is very difficult to do business without MS software. I'm typing this on a Linux-running laptop, which is my primary user-level machine, and in order to do business, have to run Crossover. (And I do own my MS Office license.) All of my proposals are written in plain text and sometimes, done in Postgres when I need spreadsheet-like behavior. They have to be rendered in Word format for client consumption. (Open source spreadsheets still suck, in my opinion.) > And no, I will never be part of your problem because the documents I will > create for non work use will be made with Open Office or will be plain > text, html, or xml files. That's a rather fine point to put on it. There isn't much difference between work and non-work for me. Rather, there is, but nonwork choices directly impact my work choices. You seem to offload a lot of your choices onto your company. > If I'm required to use a DRM'ed Office for work, then fine, my company > owns those documents anyway and they can do whatever the fuck they like > with them either way. It doesn't matter to me at all -- it's their call, > it's their company, it's their documents. Just workin' for the man, eh? > Either way, how much a revolt do you think there will be if Microsoft > decides to lock down their tools (such as word) to the point where they > can no longer export to HTML, plain text, RTF should the author wish > it to do so and provides whatever passphrases or ID's needed to unlock > the document and export it out? Honestly, this is supposition, entirely unsupported by anything other than my intuition about how companies I've worked for in the past behave. Feel free to ignore. I think they'll lap it up. Along with expensive and annoying licensing terms, companies get no-forward emails and expiring spreadsheets. Think about what Enron would have done with that. Hell, I suspect MS probably evaluated what they did wrong in the antitrust trial in order to avoid similar outcomes in the future. There's a market there. > Who would buy such a dog of a product? Do you think businesses are so > stupid that they'd put up with a product that jails them in? Get real > son, you're howling at the moon! Um. Who owns the market in "desktop productivity software"? > You want to make a difference? Go ahead, wipe every bit of Microsoft > wares off all your machines and burn the CD's you've installed them > from. Go all open source and show others the right way. At least I'd > have some respect for you for voting with your wallet and practicing what > you preach. > > Right now all you're doing is bitching that you're forced to buy and use > Microsoft Office. I say that's bullshit, and you know it. I use MS software for interoperability testing (much like I use Quickbooks, some Oracle wares, etc.), and for client communication. Everything else in my company is open source. Everything we deploy is open source, unless the client asks for something else. They typically pay for that choice, not only because I'm frequently not familiar with the software they choose, but also because it's a bitch to work with (anyone else ever have to deal with Adobe Distiller under unix?) It isn't bullshit that to operate as a business entity, one needs MS software. I can certainly dick around with my personal website and write my memoirs without it, and 98% of what I do for a living is MS free, getting business without it (read aloud as "public interfaces") is nearly impossible. Perhaps you can ignore that, becuase you're just working for the man, and it isn't your fault that you write MS Word docs. DRM is going to be another cost. I'll have to have a real MS box on hand again, and the problem will be how it worms in to other parts of the business, diverting me from my favored platform. You can say you're not forced to use it. You're also not forced to do anything but swear at other people in public. -j -- Jamie Lawrence jal at jal.org "In my little way, I'm sneakily helping people understand a bit more about the sort of people God likes." - Larry Wall. From hseaver at cybershamanix.com Sat Jun 14 16:25:35 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Sat, 14 Jun 2003 18:25:35 -0500 Subject: An attack on paypal --> secure UI for browsers In-Reply-To: <20030614224056.GD15195@jal.clueinc.net> References: <20030614195356.GA92289@lightship.internal.homeport.org> <20030614224056.GD15195@jal.clueinc.net> Message-ID: <20030614232535.GA1287@cybershamanix.com> On Sat, Jun 14, 2003 at 05:40:56PM -0500, Jamie Lawrence wrote: > No, there's no gun to anyone's head. However, as part of negotiating my > current contract (I'm a partner in a small software development > company), we recieved lots of MS Word/Excel docs. When you're > negotiating new business, saying "erm, I don't do windows. Can you give I sure don't have any problems with word or excel docs. Ever heard of OpenOffice? I send people doc and xls files all the time, nobody's complained yet. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From daw at mozart.cs.berkeley.edu Sat Jun 14 11:50:49 2003 From: daw at mozart.cs.berkeley.edu (David Wagner) Date: 14 Jun 2003 18:50:49 GMT Subject: An attack on paypal --> secure UI for browsers References: <1055523011.16502.29.camel@lorien> Message-ID: Adam Lydick wrote: >The faq (see attached) claims that "anyone can write a nexus" and that >"users control which nexus(s) run". > >I certainly didn't see anything that suggests that anyone can force you >to run arbitrary code, regardless of who has signed it. "Force", maybe not. No one can "force" me to turn my machine on, for instance. But take a look at one line you quoted from the FAQ: "Only one nexus at a time will be able to run on a machine." That looks to me like an important sentence. From jal at jal.org Sat Jun 14 17:14:41 2003 From: jal at jal.org (Jamie Lawrence) Date: Sat, 14 Jun 2003 19:14:41 -0500 Subject: MS Format Flames Re: An attack on paypal --> secure UI for browsers In-Reply-To: <5.1.1.6.2.20030614151220.02ec8e90@idiom.com> References: <20030614195356.GA92289@lightship.internal.homeport.org> <5.1.1.6.2.20030614151220.02ec8e90@idiom.com> Message-ID: <20030615001441.GE15195@jal.clueinc.net> On Sat, 14 Jun 2003, Bill Stewart wrote: > If you want to give them something quasi-immutable, > there's always PDF. That lets you be rude _and_ proprietary :-) Doesn't have to be proprietary. One of our pseudo-products is a PDF generator built out of open source tools. Of course, most folks will read it in Acrobat, but it works fine with xpdf, too. > Microsoft does make free readers for Word and Powerpoint. > They're only intended for running on Windows, > but perhaps they work on WINE? They do run under Wine. The occasional glitch, of course. -j -- Jamie Lawrence jal at jal.org "The more corrupt the state, the more numerous the laws" - Tacitus From jal at jal.org Sat Jun 14 17:45:31 2003 From: jal at jal.org (Jamie Lawrence) Date: Sat, 14 Jun 2003 19:45:31 -0500 Subject: An attack on paypal --> secure UI for browsers In-Reply-To: <20030614232535.GA1287@cybershamanix.com> References: <20030614195356.GA92289@lightship.internal.homeport.org> <20030614224056.GD15195@jal.clueinc.net> <20030614232535.GA1287@cybershamanix.com> Message-ID: <20030615004531.GH15195@jal.clueinc.net> On Sat, 14 Jun 2003, Harmon Seaver wrote: > I sure don't have any problems with word or excel docs. Ever heard of > OpenOffice? I send people doc and xls files all the time, nobody's complained > yet. Why, yes, as a matter of fact, I have heard of it. I'd even use it for more than attempting to read .docs, if I didn't find vim to be superior for just about everything I do with text. OO even parses some documents well, most of the time. Which is of course not good enough. When you're dealing with folks that edit, re-edit, pass around, turn on revision tracking, fast save, pass the document around some more, turn off revision tracking, and then email you the file, It chokes. Hard. As Bill said, input formats are not output formats. -j -- Jamie Lawrence jal at jal.org "The sign that points to Boston doesn't have to go there." - Max Scheler From adam at homeport.org Sat Jun 14 16:52:21 2003 From: adam at homeport.org (Adam Shostack) Date: Sat, 14 Jun 2003 19:52:21 -0400 Subject: An attack on paypal --> secure UI for browsers In-Reply-To: <20030614232535.GA1287@cybershamanix.com> References: <20030614195356.GA92289@lightship.internal.homeport.org> <20030614224056.GD15195@jal.clueinc.net> <20030614232535.GA1287@cybershamanix.com> Message-ID: <20030614235221.GA94475@lightship.internal.homeport.org> On Sat, Jun 14, 2003 at 06:25:35PM -0500, Harmon Seaver wrote: | On Sat, Jun 14, 2003 at 05:40:56PM -0500, Jamie Lawrence wrote: | > No, there's no gun to anyone's head. However, as part of negotiating my | > current contract (I'm a partner in a small software development | > company), we recieved lots of MS Word/Excel docs. When you're | > negotiating new business, saying "erm, I don't do windows. Can you give | | I sure don't have any problems with word or excel docs. Ever heard of | OpenOffice? I send people doc and xls files all the time, nobody's complained | yet. Openoffice doesn't yet handle tables, or other complex document bits very well. It also can't create powerpoint files well. Its great if what you need is either simple, or read-mostly. 50 page documents with embedded spreadsheets, not there yet. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From kelsey.j at ix.netcom.com Sun Jun 15 08:23:27 2003 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Sun, 15 Jun 2003 11:23:27 -0400 Subject: An attack on paypal --> secure UI for browsers In-Reply-To: References: <20030614195356.GA92289@lightship.internal.homeport.org> Message-ID: <5.2.0.9.0.20030615102422.04569ec0@pop.ix.netcom.com> At 04:29 PM 6/14/03 -0400, Sunder wrote: ... >If the day comes where MS Office DRM only works with MS Office DRM, how >many people will switch to it? If your company is willing to switch to >it, then they'll give you a PC with it on it. If they don't, then they >can't expect you to interact with them via such formats and can't require >you to do so. So, have you ever tried doing substantial revisions on a large document that's going back and forth between two or more versions of Word? It's in MS' interest to get everyone using the same version, so it's not really in their interest to spend great amounts of time debugging their version translation functions. It shows. If you need to coordinate working on a big Word document with several other people (e.g., clients or coworkers who are most comfortable with Word), you pretty-much will need to use not just Word, but the same version of Word. That doesn't need any secure hardware to enforce, just buggy software. You can sometimes work around this, but it's a pain to do. >You sound like someone's holding a gun to your head and requiring you to >have MS Office. Well, let's distinguish between: a. The sort of network monopoly situation Microsoft is in, where the world has more-or-less settled on a bunch of their products, and so they can do a lot of irritating things before they actually lose their dominant market position. (Note that this doesn't mean they are unassailable; Word Perfect and Lotus -123 were once in similarly dominant positions.) b. Eventual laws requiring that every new computer contain a secure processing unit to enforce the dictates of the government, the record companies, or whomever else on your computers. I think a lot of the objection to TCPA is the worry that it will be mandated eventually, and that it will then be used to cement the network monopoly held by MS forever. And Vinge's description of "ubiquitous governance" comes to mind here--whether it's MS or the US federal government or the UN or the Catholic Church, if someone can put themselves in control of all computer equipment you own in some secure way, they look a heck of a lot like the government. >Either way, you can ask them to export to other document formats which you >can read. Even now Office will export to HTML for example which is >readable by Mozilla and other browsers. Sure. Or you can often translate their documents, or open them with OpenOffice. I do this when I just need to read and comment on a Word document. But if you are going to be revising and sending back the document a few times, this will not work--you will lose some formatting, you will probably introduce weird formatting bugs, you may mess up the file format, etc. It's just not worth the pain. Though I have a legitimate copy of Word on my machine, when given a choice, I always do everything in ASCII text until the very end, and then paste the text into Word and do formatting last. But again, this isn't too helpful if it's a document I'm working on with someone else. ... >Either way, how much a revolt do you think there will be if Microsoft >decides to lock down their tools (such as word) to the point where they >can no longer export to HTML, plain text, RTF should the author wish >it to do so and provides whatever passphrases or ID's needed to unlock >the document and export it out? >Who would buy such a dog of a product? Do you think businesses are so >stupid that they'd put up with a product that jails them in? Get real >son, you're howling at the moon! Mainframe customers used to put up with this kind of treatment routinely, so it's not impossible. Whether it will fly these days is an interesting question, but I don't think the answer is obvious. Someone might ask the same rhetorical question about whether customers would sit still for buggy, insecure software. But nobody would ask that question these days, as the answer is so painfully obvious. ... --John Kelsey, kelsey.j at ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 From nobody at cryptofortress.com Sun Jun 15 13:36:44 2003 From: nobody at cryptofortress.com (Anonymous) Date: Sun, 15 Jun 2003 15:36:44 -0500 (CDT) Subject: An attack on paypal --> secure UI for browsers Message-ID: <1a1afd9d8b4d540b2edf102cb2cab48d@remailer.cryptofortress.com> David Wagner wrote: > But take a look at one line you quoted from the FAQ: > > "Only one nexus at a time will be able to run on a machine." > > That looks to me like an important sentence. The Nexus is like a mini-OS for the trusted side of the machine. It acts as a kernel to manage the "trusted applications", the Nexus Computing Agents or NCAs. So what this sentence is really saying is that only one (trusted) OS will be able to run at a time on a machine. That's not that surprising or significant. Most machines only run one OS at a time. Sure, with virtualization and similar techniques you can manage to run more than one OS at once, but that's unusual. Probably 99.9% of machines are only running one OS at a time. Virtualization is not an option with trusted computing because part of the point is to be able to offer assurance to remote users about what the machine will do (i.e. its behavior is predictable, hence trusted). This implies that it only makes sense to run one trusted OS at a time. That's probably all the "important" sentence above means. Adam Lydick wrote: > That is certainly a good point but don't confuse the "nexus" with NCAs > (agents). I think the nexus just provides services to the NCAs which > actually do the work. Think of it as a core library that services can > draw on. Right, plus it schedules, loads them, etc, like an OS kernel. Here is a simplified form of a diagram they use. The left hand side is the legacy mode, with normal Windows applications and OS. The right hand side is the new trusted mode, with NCAs as the applications and Nexus as the OS. Normal Mode Trusted Mode +---------------------------++------------------------+ | || | | Applications || NCAs | USER | || | |---------------------------++------------------------| | || | | Main Windows OS || Nexus | KERNEL | || | +---------------------------++------------------------+ > So having to trust the nexus, is rather like trusting kernel32.dll or > some other core components. Choosing to trust/run NCA sounds pretty > grainular, so you can trust your validated P2P stack from your favorite > independent developer and ignore (if you can) the restrictive DRM > solutions that are offered. Yes, it sounds like it will work exactly like that. Plus, hopefully it will be possible for Linux to create its own Nexus ("Linexus"?) that uses the same hardware features to provide TC capabilities for that OS. Recall that Linus Torvalds recently adopted the position that DRM was an acceptable technology for Linux, even when it involved being built into the kernel. Since DRM is the main downside to TC for many people, and TC has many more good aspects beyond DRM, it is a near certainty that Linux will add support for Trusted Computing. > Problems certainly remain though: > > In the validated P2P scenario, an Adversary with enough influence to > have Intel/AMD/... hand out a signed internal key can circumvent any > such "protections". Right, he could watch all the Disney movies he wanted, without paying for them! Mwaa haa haa! Foolish humans! But seriously, these systems can only raise the cost of security. Neither cypherpunks nor Sony should risk their collective lives that no one will break Palladium, by hook or by crook. From comesefosse at ntani.firenze.linux.it Sun Jun 15 07:52:19 2003 From: comesefosse at ntani.firenze.linux.it (Tarapia Tapioco) Date: Sun, 15 Jun 2003 16:52:19 +0200 (CEST) Subject: phreq? Message-ID: What frequencies do the lea snoop devices run on? Is there a good site for info on such devices? From cpunk at lne.com Sun Jun 15 20:00:00 2003 From: cpunk at lne.com (cpunk at lne.com) Date: Sun, 15 Jun 2003 20:00:00 -0700 Subject: Cypherpunks List Info Message-ID: <200306160300.h5G300UW001719@gw.lne.com> Cypherpunks Mailing List Information Last updated: Sep 12, 2002 This message is also available at http://www.lne.com/cpunk Instructions on unsubscribing from the list can be found below. 0. Introduction The Cypherpunks mailing list is a mailing list for discussing cryptography and its effect on society. It is not a moderated list (but see exceptions below) and the list operators are not responsible for the list content. Cypherpunks is a distributed mailing list. A subscriber can subscribe to one node of the list and thereby participate on the full list. Each node (called a "Cypherpunks Distributed Remailer", although they are not related to anonymous remailers) exchanges messages with the other nodes in addition to sending messages to its subscribers. A message posted to one node will be received by the list subscribers on the other nodes, and vice-versa. 1. Filtering The various CDRs follow different policies on filtering spam and to a lesser extent on modifying messages that go to/from their subscribers. Filtering is done, on nodes that do it, to reduce the huge amount of spam that the cypherpunks list is subjected to. There are three basic flavors of filtering CDRs: "raw", which send all messages to their subscribers. "cooked" CDRs try to eliminate the spam on that's on the regular list by automatically sending only messages that are from cypherpunks list subscribers (on any CDR) or people who are replying to list messages. Finally there are moderated lists, where a human moderator decides which messages from the raw list to pass on to subscribers. 2. Message Modification Message modification policy indicates what modifications, if any, beyond what is needed to operate the CDR are done (most CDRs add a tracking X-loop header on mail posted to their subscribers to prevent mail loops). Message modification usually happens on mail going in or out to each CDR's subscribers. CDRs should not modify mail that they pass from one CDR to the next, but some of them do, and others undo those modifications. 3. Privacy Privacy policy indicates if the list will allow anyone ("open"), or only list members, or no one ("private") , to retrieve the subscribers list. Note that if you post, being on a "private" list doesn't mean much, since your address is now out there. It's really only useful for keeping spammers from harvesting addresses from the list software. Digest mode indicates that the CDR supports digest mode, which is where the posts are batched up into a few large emails. Nodes that support only digest mode are noted. 4. Anonymous posting Cypherpunks encourages anonymous posting. You can use an anonymous remailer: http://www.andrebacard.com/remail.html http://anon.efga.org/Remailers http://www.gilc.org/speech/anonymous/remailer.html or you can send posts to the list via cpunks_anon at einstein.ssz.com and your mail's headers will be stripped before posting. Note that this doesn't provide complete anonymity since the receiving site will still have log file entries showing the source of the mail (or you have to trust that they delete them). You also will be 'sharing' a reputation with the other entities that post through this alias, and some of them are spammers, so some subscribers will have this alias filtered. 5. Unsubscribing Unsubscribing from the cypherpunks list: Since the list is run from a number of different CDRs, you have to figure out which CDR you are subscribed to. If you don't remember and can't figure it out from the mail headers (hint: the top Received: line should tell you), the easiest way to unsubscribe is to send unsubscribe messages to all the CDRs listed below. How to figure out which CDR you are subscribed to: Get your mail client to show all the headers (Microsoft calls this "internet headers"). Look for the Sender or X-loop headers. The Sender will say something like "Sender: owner-cypherpunks at lne.com". The X-loop line will say something like "X-Loop: cypherpunks at lne.com". Both of these inticate that you are subscribed to the lne.com CDR. If you were subscribed to the algebra CDR, they would have algebra.com in them. Once you have figured out which CDR you're subscribed to, look in the table below to find that CDRs unsubscribe instructions. 6. Lunatics, spammers and nut-cases "I'm subscribed to a filtering CDR yet I still see lots of junk postings". At this writing there are a few sociopaths on the cypherpunks list who are abusing the lists openness by dumping reams of propaganda on the list. The distinction between a spammer and a subscriber is nearly always very clear, but the dictinction between a subscriber who is abusing the list by posting reams of propaganda and a subscriber who is making lots of controversial posts is not clear. Therefore, we tolerate the crap. Subscribers with a low crap tolerance should check out mail filters. Procmail is a good one, although it works on Unix and Unix-like systems only. Eudora also has a capacity for filtering mail, as do many other mail readers. An example procmail recipie is below, you will of course want to make your own decisions on which (ab)users to filter. # mailing lists: # filter all cypherpunks mail into its own cypherspool folder, discarding # mail from loons. All CDRs set their From: line to 'owner-cypherpunks'. # /dev/null is unix for the trash can. :0 * ^From.*owner-cypherpunks at .* { :0: * (^From:.*ravage at ssz\.com.*|\ ^From:.*jchoate at dev.tivoli.com.*|\ ^From:.*mattd at useoz.com|\ ^From:.*proffr11 at bigpond.com|\ ^From:.*jei at cc.hut.fi) /dev/null :0: cypherspool } 7. List of current CDRs All commands are sent in the body of mail unless otherwise noted. --------------------------------------------------------------------------- Algebra: Operator: Subscription: "subscribe cypherpunks" to majordomo at algebra.com Unsubscription: "unsubscribe cypherpunks" to majordomo at algebra.com Help: "help cypherpunks" to majordomo at algebra.com Posting address: cypherpunks at algebra.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- CCC: Operator: drt at un.bewaff.net Subscription: "subscribe [password of your choice]" to cypherpunks-request at koeln.ccc.de Unsubscription: "unsubscribe " to cypherpunks-request at koeln.ccc.de Help: "help" to to cypherpunks-request at koeln.ccc.de Web site: http://koeln.ccc.de/mailman/listinfo/cypherpunks Posting address: cypherpunks at koeln.ccc.de Filtering policy: This specific node drops messages bigger than 32k and every message with more than 17 recipients or just a line containing "subscribe" or "unsubscribe" in the subject. Digest mode: this node is digest-only NNTP: news://koeln.ccc.de/cbone.ml.cypherpunks Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Infonex: Subscription: "subscribe cypherpunks" to majordomo at infonex.com Unsubscription: "unsubscribe cypherpunks" to majordomo at infonex.com Help: "help cypherpunks" to majordomo at infonex.com Posting address: cypherpunks at infonex.com Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Lne: Subscription: "subscribe cypherpunks" to majordomo at lne.com Unsubscription: "unsubscribe cypherpunks" to majordomo at lne.com Help: "help cypherpunks" to majordomo at lne.com Posting address: cypherpunks at lne.com Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to lne CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. messages are demimed (MIME attachments removed) when posted through lne or received by lne CDR subscribers 2. leading "CDR:" in subject line removed 3. "Reply-to:" removed Privacy policy: private Info: http://www.lne.com/cpunk; "info cypherpunks" to majordomo at lne.com Archive: http://archives.abditum.com/cypherpunks/index.html (thanks to Steve Furlong and Len Sassaman) --------------------------------------------------------------------------- Minder: Subscription: "subscribe cypherpunks" to majordomo at minder.net Unsubscription: "unsubscribe cypherpunks" to majordomo at minder.net Help: "help" to majordomo at minder.net Posting address: cypherpunks at minder.net Filtering policy: raw Message Modification policy: no modification Privacy policy: private Info: send mail to cypherpunks-info at minder.net --------------------------------------------------------------------------- Openpgp: [openpgp seems to have dropped off the end of the world-- it doesn't return anything from sending help queries. Ericm, 8/7/01] Subscription: "subscribe cypherpunks" to listproc at openpgp.net Unsubscription: "unsubscribe cypherpunks" to listproc at openpgp.net Help: "help" to listproc at openpgp.net Posting address: cypherpunks at openpgp.net Filtering policy: raw Message Modification policy: no modification Privacy policy: ??? --------------------------------------------------------------------------- Ssz: Subscription: "subscribe cypherpunks" to majordomo at ssz.com Unsubscription: "unsubscribe cypherpunks" to majordomo at ssz.com Help: "help cypherpunks" to majordomo at ssz.com Posting address: cypherpunks at ssz.com Filtering policy: raw Message Modification policy: Subject line prepended with "CDR:" Reply-to cypherpunks at ssz.com added. Privacy policy: open Info: http://www.ssz.com/cdr/ --------------------------------------------------------------------------- Sunder: Subscription: "subscribe" to sunder at sunder.net Unsubscription: "unsubscribe" to sunder at sunder.net Help: "help" to sunder at sunder.net Posting address: sunder at sunder.net Filtering policy: moderated Message Modification policy: ??? Privacy policy: ??? Info: ??? --------------------------------------------------------------------------- Pro-ns: Subscription: "subscribe cypherpunks" to majordomo at pro-ns.net Unsubscription: "unsubscribe cypherpunks" to majordomo at pro-ns.net Help: "help cypherpunks" to majordomo at pro-ns.net Posting address: cypherpunks at pro-ns.net Filtering policy: cooked Posts from all CDR subscribers & replies to threads go to local CDR subscribers. All posts from other CDRs are forwarded to other CDRs unmodified. Message Modification policy: 1. leading "CDR:" in subject line removed 2. "Reply-to:" removed Privacy policy: private Info: http://www.pro-ns.net/cpunk From measl at mfn.org Sun Jun 15 18:21:50 2003 From: measl at mfn.org (J.A. Terranson) Date: Sun, 15 Jun 2003 20:21:50 -0500 (CDT) Subject: [We The People] WTP Congress Internet System Takes Wing (fwd) Message-ID: Interesting if it's kept up. Just think, Tim will be able to find out the next meeting at which Someone Will Need Killing :-) -- Yours, J.A. Terranson sysadmin at mfn.org ---------- Forwarded message ---------- Date: Sun, 15 Jun 2003 13:23:03 -0500 From: "Bob Schulz (DO NOT REPLY - Unmonitored Mailbox)" To: measl at mfn.org Subject: [We The People] WTP Congress Internet System Takes Wing 6-14-03 WTP Congress Internet System Takes Wing WTP Web Pages For Every State and County Across America Institutionalizing Vigilance: It's Underway Today, the We The People Congress unveiled its network of county and state Web Pages - one for each of the 3141 counties and 50 states in America. Soon, anyone, anywhere in the world, will be able to go to any county or state WTP Web Page and find out when and where the regular local meeting is held, what's on the next agenda, the contact information for the local WTP management team, which local companies have stopped withholding, the date and time of regular conference calls, the details about upcoming special events, what the local, state and federal governments are doing that is unconstitutional and what the local people are doing about it, upcoming appearances in the region by people of interest, special projects requiring volunteers, the construction schedule for that state's Citizen Vigilance Center, and much more. "Think about it," said Bob Schulz. "Soon, more than 3141meetings will be taking place on the same evening of every month, all across the country. They will be working on the same solution to the same governmental problem, often engaged in the same interactive teleconference, watching and listening to the same speaker, working together to hold local, state and federal government accountable to the state and federal constitutions. And, in a planned and organized way, they will be distributing information to their communities about the essential principles underlying our system of governance -- information, unfortunately, that the People are not getting from anywhere else these days." The web pages can also feature local businesses that are either owned by local constitutionalists or that offer discounts to WTP Congress members. Significant future enhancements are already being developed. This is a strategic move aimed at directly empowering the People to restore the Constitution through enhanced communications and coordinated forward planning. Now that this system has been deployed, the WTP Congress management team will be able to quickly take advantage of these integrated communications functions and begin to fully execute the mission and organized activities of the WTP Congress. All local and state WTP Coordinators will have access to their own WTP web page, enabling them to post local news stories and meeting agenda items. WTP Coordinators need only "sign in" to the WTP web site to upload these items through a simple fill-in-the-blank user interface. All web page formatting is done by the system. To see the new WTP Congress Web Pages and to see sample "news", local content and experience some of the potential of this system, click here , then select the state of California, select the county of San Mateo and click on the News, Events & Resources link. All county and state coordinators are now asked to begin entering the localized information required for their WTP Congress Web Page. To do this they need to click on the "My WTP" link at the top of the main WTP home page , sign in (if necessary) and select the "Edit WTP Congress Web Pages" option that appears. A "Help" file and a statement of "Use Policy" statement are available and should be read by the WTP Coordinators. We urge everyone that has been considering becoming a WTP Coordinator to "step up to the plate" and get involved. Now is the time for all good men and women to come to the aid of their country. The continuing deployment of extensive internet based WTP communications tools coupled with the professional management of the WTP Congress and the execution of a nationwide strategic plan is about to make things very exciting. "It's a new day," said Bob Schulz. " All across America we have always had people who knew when government was doing something it had no authority to do - who knew the truth - but they were isolated and felt disenfranchised because they didn't have anyone to turn to that was interested in confronting unconstitutional behavior by those wielding governmental power. The WTP Congress is changing all that. It's an organization that will soon have a presence in every community and where those People who are concerned about 'republicanism' and the health of our Constitutional Republic will feel at home - and be empowered through numbers." After the new DC national office of WTP opens on June 30, the new Executive Director of the WTP Congress, Devvy Kidd, will contact all the WTP Coordinators and begin to initiate tactical aspects of a nationwide, integrated strategic plan closely coordinating with the WTP Foundation and the WTP Legal Defense Association. Remember - as important as this development regarding the Congress web page system is, the BIG story for WTP is just days away. . . Stay tuned. . . And finally, you will notice the image of Thomas Jefferson's home (Monticello) that appears on each WTP Congress Web Page. As a symbol of the inspiration and defense of liberty undertaken by Jefferson and others, the icon of the Virginia home built by Jefferson will play prominently in the future landscape of the WTP Congress and in each capital city in America. Bob Schulz intends to see the construction of a Monticello-like building in every state capital to establish a physical, visible, public presence from where the emerging "institution of vigilance" will operate and exercise the inherent authority of We The People in the defense of both the Constitution and our freedom. Eventually, when the People see those buildings, they will instinctively know that this is where the People are watching the government. "The federal Congress is an institution. The Presidency is an institution. The Judiciary is an institution. We will make 'vigilance' an institution," said Bob. It's starting to happen. Join . Support . Stay well and stay vigilant! From marshall at idio.com Sun Jun 15 21:29:06 2003 From: marshall at idio.com (Marshall Clow) Date: Sun, 15 Jun 2003 21:29:06 -0700 Subject: anon news In-Reply-To: <426102557b9e5947e6d5cb260c67cfab@dizum.com> References: <426102557b9e5947e6d5cb260c67cfab@dizum.com> Message-ID: Nomen Nescio wrote: > Is there some way to read usenet anon, not with google, but with a linux >news reader like tin? I'm sure I can use google with JAP fairly securely, >but google's pretty slow. Sure. Run your own news server. Don't keep logs. -- -- Marshall Marshall Clow Idio Software Hey! Who messed with my anti-paranoia shot? From nobody at dizum.com Sun Jun 15 17:50:03 2003 From: nobody at dizum.com (Nomen Nescio) Date: Mon, 16 Jun 2003 02:50:03 +0200 (CEST) Subject: anon news Message-ID: <426102557b9e5947e6d5cb260c67cfab@dizum.com> Is there some way to read usenet anon, not with google, but with a linux news reader like tin? I'm sure I can use google with JAP fairly securely, but google's pretty slow. From mv at cdc.gov Mon Jun 16 07:59:38 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Mon, 16 Jun 2003 07:59:38 -0700 Subject: [Brinworld] Car's data recorder convicts driver Message-ID: <3EEDDB59.941E6BE3@cdc.gov> (ok, from slashdot..) http://www.newhouse.com/archive/jensen061203.html From sunder at sunder.net Mon Jun 16 06:23:29 2003 From: sunder at sunder.net (Sunder) Date: Mon, 16 Jun 2003 09:23:29 -0400 (edt) Subject: phreq? In-Reply-To: Message-ID: 666Ghz? ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Sun, 15 Jun 2003, Tarapia Tapioco wrote: > What frequencies do the lea snoop devices run on? Is there a good > site for info on such devices? From mv at cdc.gov Mon Jun 16 10:26:22 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 16 Jun 2003 10:26:22 -0700 Subject: [Brinworld] Car's data recorder convicts driver Message-ID: <3EEDFDBE.EA4455F5@cdc.gov> At 11:16 AM 6/16/03 -0500, Shawn K. Quinn wrote: >On Monday June 16 2003 09:59, Major Variola (ret.) wrote: >> (ok, from slashdot..) >> http://www.newhouse.com/archive/jensen061203.html > >I personally find the privacy implications of EDRs rather unsettling. >This story doesn't change that one bit. However, in this particular >case, I don't think what the EDR said really matters. Not only the privacy implications, but also the legal evidence validity. When you get radared, or ethanol-tested, the measurements are calibrated. When your house or computer gets searched, there is a concept of a chain of control over the evidence, to assure that no one slips something incriminating into an evidence bag or onto your disk. Now, I don't know how subpeoned phone or other electronic records are handled ---has anyone ever questioned Telco's or paging company recordkeeping? Any readers know more? Are these records merely put forth for the jury to consider, on the assumption that they will consider them 'impartial' and also 'infallible'? (Note that when red-light-camera operators (TRW) get a cut of the $ take, judges/juries will sometimes throw out those tickets, on the basis of calibration & motivation. San Diego did this.) The different-diameter tire, and hacked control system *are* relevent, as well as the EDR system not being designed for legal-forensic reliability. Albeit in this particular case, the driver needs to be hung merely on what's been admitted and what happened. But in cases where the EDR is critical to an argument, I wonder. The PR aspect for the car companies is also very interesting. Of course, when an EDR *absolves* someone, they will surely play it up. From skquinn at speakeasy.net Mon Jun 16 09:16:06 2003 From: skquinn at speakeasy.net (Shawn K. Quinn) Date: Mon, 16 Jun 2003 11:16:06 -0500 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: <3EEDDB59.941E6BE3@cdc.gov> References: <3EEDDB59.941E6BE3@cdc.gov> Message-ID: <200306161116.06973.skquinn@speakeasy.net> On Monday June 16 2003 09:59, Major Variola (ret.) wrote: > (ok, from slashdot..) > http://www.newhouse.com/archive/jensen061203.html I personally find the privacy implications of EDRs rather unsettling. This story doesn't change that one bit. However, in this particular case, I don't think what the EDR said really matters. The three paragraphs from the story say a lot about what happened here: | Matos was driving the 2002 Pontiac Trans Am in a 30 mph zone of a | suburb near Fort Lauderdale, Fla., when the car driven by a teenage | girl pulled out of a driveway into his path. | | The driver and her friend died instantly. | | Defense lawyer Robert Stanziale said Matos was going about 60 mph. | Assistant State Prosecutor Michael Horowitz said that his accident | investigator calculated Matos was traveling about 98 mph. The | electronic data recorder in Matos' car showed his peak speed was 114 | mph in the seconds before the crash. The *defense* attorney said his client was going 30 mph over the limit (60 mph in a 30 mph zone)! That is a grossly inappropriate speed in a residential area. Here in Texas, a ticket for 55 mph in a 30 mph zone cannot be dismissed with DSC. Not sure how the law works in Florida but I would be surprised if it was that dissimilar. Let's assume for the moment the prosecution's accident invesitigator is totally full of bovine excrement, and that all manner of gremlins snuck into the EDR thus causing it to record a grossly inaccurate peak speed, and thus, the only version of the story we can give full credibility to is the defense's version. If I were on that jury, I'd still vote for a conviction. Matos is a scofflaw and deserves exactly what he is getting. -- Shawn K. Quinn From juicy at melontraffickers.com Mon Jun 16 11:36:50 2003 From: juicy at melontraffickers.com (A.Melon) Date: Mon, 16 Jun 2003 11:36:50 -0700 (PDT) Subject: [Brinworld] Car's data recorder convicts driver Message-ID: <90d37a5a1e0542272e2c391bdafc7bd1@melontraffickers.com> > Now, I don't know how subpeoned phone or other > electronic records are handled ---has anyone ever > questioned Telco's or paging company recordkeeping? > Any readers know more? I work as a programmer at a company that writes software to handle switch functions and bill cellular and gsm customers. (I work in the billing part) It is a simple matter to get access to the files that store these records. To my knowledge there is no direct audit trail, though I don't know what records the switch itself keeps, if any. The security is rather silly. It is a simple matter to write a few lines of code to dump the name, address, phone number, social security number, mother's maiden name and credit card number of millions of cell phone users. I imagine adding or removing a call record would be simple, as well. From adam at homeport.org Mon Jun 16 08:50:30 2003 From: adam at homeport.org (Adam Shostack) Date: Mon, 16 Jun 2003 11:50:30 -0400 Subject: Diners club switches to passwords Message-ID: <20030616155030.GA15190@lightship.internal.homeport.org> I just called Diner's Club, and was suprised to be asked for a password to (replace? supplement?) my mother's maiden name. Is this something that Citibank in general is doing? How long before this becomes a standard of due care? Also, I'm curious what the forgot-my-password recovery mechanisms will be... Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From bob.cat at snet.net Mon Jun 16 09:06:30 2003 From: bob.cat at snet.net (BobCat) Date: Mon, 16 Jun 2003 12:06:30 -0400 Subject: Fw: Online Registration and Voting Experiment to Be Launched Message-ID: <042701c33421$86784560$c8eafc40@Leopard> Milspec elections. ----- Original Message ----- From: "Press Service" To: Sent: Monday, June 16, 2003 11:43 AM Subject: Online Registration and Voting Experiment to Be Launched > By Sgt. 1st Class Doug Sample > American Forces Press Service > > WASHINGTON, June 16, 2003 A DoD voting experiment in the 2000 presidential > elections that allowed military and overseas voters to cast their ballots > through the Internet will be expanded in 2004. > > Beginning this fall, the Federal Voting Assistance Program hopes to get as many > as 100,000 military personnel stateside and overseas their eligible > dependents and U.S. citizens living outside the United States to take part in > the Secure Electronic Registration and Voting Experiment, said Polli Brunelli, > the program director. SERVE covers only those U.S. citizens who fall under the > Uniformed and Overseas Citizens Absentee Voting Act. > > Mandated by Congress, the project eligible voters from participating project > states will be able to register and vote electronically via any Windows-based > personal computer with Internet access from anywhere in world, Brunelli said. > > In the 2000 experiment, 84 citizens located in 21 states and 11 countries voted > in jurisdictions in South Carolina, Texas, Florida, and Utah, proving the > theory that online voting could work for voters wherever they lived, Brunelli > said. > > "We conducted a small 'proof of concept' experiment for the 2000 presidential > election, and it was very successful. Now we are conducting another electronic > voting project. Congress wants it to be large enough to be statistically > relevant. This will allow us to make supportable recommendations to the > Congress on the future of Internet voting for UOCAVA citizens," she said. > > Brunelli noted that 10 states are interested in participating in the 2004 SERVE > project: Arkansas, Florida, Hawaii, Minnesota, North Carolina, South Carolina, > Utah, Ohio, Pennsylvania and Washington. > > "We're looking for volunteer voters to participate in the project," she > explained, "and we have a Web site where interested voters can see if their > voting jurisdiction is participating in the project. Beginning later this year, > the voter can sign up, then register and be able to vote in the 2004 > elections." > > According to Brunelli, local and state election officials will use the SERVE > system to receive voter registration applications, provide ballots to voters > and accept voted ballots. > > Brunelli said security during the registration and ballot process is a primary > concern. SERVE will utilize digital signatures for registration and ballot > encryption as part of the security features. > > "People are concerned about Internet security. We've looked at the threats that > could happen to this type of system, and we've developed mitigating measures to > guard against those threats," she said. > > Brunelli said that not every county in states participating in the experiment > will be part of SERVE. She said voters can find a list of participating > jurisdictions at the SERVE Web site. However, she added that those counties > that do participate will include the "full ballot" for that election -- local, > state and federal. > > The experiment's official Web site can be found at www.serveusa.gov [http://www.serveusa.gov]. For more information on > SERVE or the Federal Voting Assistance Program, go to www.fvap.gov [http://www.fvap.gov]. > > _______________________________________________________ > NOTE: This is a plain text version of a web page. If your e-mail program > did not properly format this information, you may view the story at > http://www.defenselink.mil/news/Jun2003/n06162003_200306162.html > Any photos, graphics or other imagery included in the article may also > be viewed at this web page. > > > > ==================================================== > > Visit the Defense Department's Web site for the latest news > and information about America's response to the Sept. 11, 2001, > terrorist attacks and the war against terrorism: "Defend America" > at http://www.DefendAmerica.mil. > > ==================================================== > Visit the "Department of Defense Homeland Security" Web site > at http://www.defenselink.mil/specials/homeland/ to learn more > about the Department of Defense role in homeland security. > > ==================================================== > > Unsubscribe from or Subscribe to this mailing list: > http://www.defenselink.mil/news/subscribe.html > ==================================================== From ashwood at msn.com Mon Jun 16 13:00:19 2003 From: ashwood at msn.com (Joseph Ashwood) Date: Mon, 16 Jun 2003 13:00:19 -0700 Subject: An attack on paypal --> secure UI for browsers References: <06f23f75a0aaa6f5f3a09c2c6917e3c8@dizum.com> Message-ID: <00fb01c33442$736c2920$6601a8c0@JOSEPHAS> ----- Original Message ----- From: "Nomen Nescio" Subject: Re: An attack on paypal --> secure UI for browsers > Joe Ashwood writes: > > From: "Anonymous" > > > You clearly know virtually nothing about Palladium. > > > I still stand by, "Arbitrarily trusting anyone to write a secure program > > simply doesn't work" regardless of how many times MS says "trust us" any > > substantially educated person should as well be prepared to either trust a > > preponderance of evidence, or perform their own examination, neither of > > these options is available. > > Apparently you neglected to read > http://www.microsoft.com/resources/ngscb/NGSCB_Overview.mspx, where > Microsoft says (as they have repeated many times) "Customers and partners > need reliable ways to ensure the quality of technology that addresses > the critical needs met by NGSCB. That's why Microsoft will make available > for public review the source code of the core piece of enabling software > in NGSCB, called the 'nexus,' so it can be evaluated and validated by > third parties for both security and privacy considerations." > > Therefore some educated person (obviously not you, at least not yet) > will in fact be able to perform their own examination of the trusted part > of the OS, since it will have its source code published for exactly this > sort of review. I think there was some substantial miscommunication here (probably my fault for snipping too much). Even assuming that MS's implementation is perfect, the NCAs (as suggested by anonymous) would be downloaded from a variety of sources, assumedly without source code. These are at least as big of a threat, as the ActiveX saga demonstrates. The problem with ActiveX was never that the core technology was itself causing problems, the problem was that the supplemental technologies (the signature verification, the sandboxing when applicable, etc) were continually being attacked by rogue ActiveX components (I would consider everything form Gator to be such an attck) that did undesirable things. Since the can I buy a vowel technology once called Palladium "protects" these NCAs the result is a new ActiveX-type saga, even if MS gets everything perfect. Assuming general software rules where bugs will be present, we're looking at something potentially worse. > Microsoft's legacy software is all extremely complex. Palladium is > taking a different approach, aiming at simplicity and transparency. > The Nexus, which is the micro-kernel for the trusted components (NCAs), > will be published for review. But what about everything outside of the micro-kernel? It's still untrustable. > The brilliance of Palladium is that the LHS can't touch the RHS, > because of hardware protection. If that were true, the Palladium would be useless. The LHS, MUST be able to touch the RHS, otherwise the LHS would be a completely seperate system, with no software to run on it, performing no computation, and simply taking up board space and processor time. However, there is a connection, and no person has any control over what is run in the the LHS. That is in itself problematic, and leads to a perfect avenue for massive abuse of power. And as we all know the ability to abuse power, quite quickly leads to the abuse of power. > At one stroke, the new trusted mode is > insulated from bugs in the Windows OS, device drivers and applications. Except for the fact that the buggy everything can contact it, and give it a new NCA, that NCA can do as it pleases. > It in effect allows the designers to start with a clean piece of paper > and produce a simple micro-kernel (the Nexus) whose only job is to > service the NCAs. This is a manageable task and, in conjunction with > public review, there is good reason to hope and expect that the Nexus > will be secure. If you look I never suggested that the nexus itself would necessarily be insecure, I've said that the supporting technology (everything MS has not agreed to release) is open to massive abuse, and that the likelihood that it will have numerous insecurities found is very high. > If so then NCAs will indeed run in a mode where they > are protected from other software components (including other NCAs). But what about the rogue NCA? the one that decides to consume all the processor, store inordinate amounts of information, spy on the user, provided of course by the "buggy" software that put it there. > As far as the NCAs being "foolishly trusted", all they are trusted to > do is to run without being molested. That's not exactly giving them the > keys to the kingdom. And see above for the reasons why it is reasonable > to believe that they can in fact be trusted to run with this degree > of security. I guess I missed where you mentioned NCA at all before this, in fact I went back and did a text search, the only ways that you mentioned NCAs so far were "The Nexus, which is the micro-kernel for the trusted components (NCAs), will be published for review," "and the NCAs acting as the applications" "whose only job is to service the NCAs, " some rant about manifest (which is another avenue for attack, but does not present what you believe, and this one I'm responding to.. All you've done is rant on about how the nexus this and the nexus that, completely ignoring the fact that most of the problems with any operating system are not in the kernel (micro-kernels are relatively easy), the problems continue to stem from the same source they had in ActiveX, everything around the core component, the loading, the verification, the scheduling, the stopping them from doing as they please. These you have not even made an effort to address. You have ranted around and around, pretending that spouting all these worthless words actually justify claiming that can I buy a vowel, and all the NCAs that will be produced by every company, all the hackers, various individuals, etc can all be trusted. To quote myself yet again "Arbitrarily trusting anyone to write a secure program simply doesn't work" and that is exactly what is being claimed about can I buy a vowel. > In my proposal, each ecommerce site would have its own unique NCA with > its own unique identity. As anyone who has studied NGSCB (except you) > knows, NCAs are protected from each other as well as from the rest of > the system. Therefore rogue or compromised sites would not be able to > touch the information that was being held for other sites. e-go1d.com > would not be able to get at the information associated with e-gold.com. > Your proposed attack does not work. What proposed attack? I never stated that the information protected by can I buy a vowel would be compromised, I claimed that it will almost certainly have gaping security holes, and that it's design makes some very bad decisions. If each website has it's own NCA, then each website is free to do as they please on your computer (including read the still encrypted information form others), "Arbitrarily trusting anyone to write a secure program" is a bad idea. > Your comments above make it clear that you are not at all acquainted > with the material in those documents. If you're going to pretend to > be a security expert (remember when you advocated ECB mode for the XML > encryption effort?!!), Actually yes I do, and I still believe that ECB mode has its advantages in very specific targets, if you had bothered to actually read the statements I have made you would understand that. The goal I had for the possibility of adding ECB was not to provide a common resource, but to push the issue of clarity, by pushing the issue of ECB even slightly, I succeeded in having clarity added to the document, both the spec and the XML. If you would actually care to debate whether or not ECB is a valid mode for inclusion in a wide usage standard, I suggest first you take it up with NIST, they have perhaps the oldest standard for it, once you succeed in that, I suggest that you consider all the border cases, especially the ones where a single block is encrypted (other modes double the size), random data being encrypted (which is equivalent security to all other modes), and where a limited subset of the possible block space is being used (especially useful when there is an attack that requires a large volume of text pairs). In each of these cases ECB is at least as secure as any other mode, and in the last it can be argued that under some circumstances it may actually be more secure. I remember very well my advocation of ECB for XML Enc, it appears once again to be you that has faield to grasp realities of the situation. you could do worse than spending a few hours > studying these documents closely. It's very likely that NGSCB will > be a central technology for security in the next two to ten years or > even longer. This is undoubtedly an area where security consulting > could be lucrative. Sadly, even "experts" of your caliber can probably > be very successful in this area. But you'll have to do your homework. Here you go assuming things that simply aren't true. I don't see can I buy a vowel becoming the "central techonology" for anything for very long. We're already seeing the X86 processor being replaced at the high end, and slowly being displaced at the mid-range, can I buy a vowel only has a few years before it will need to be completely replaced, and since it will take a few years for it to be adopted it's almost certainly a dead-end technology. Now the other assumption, you assume that I intend to do security consulting, how mistaken you are. I am actually the CEO of Trust Laboratories, and security consulting would almost certainly be a pay cut. There is a chance that eventually you can make something of yourself "But you'll have to do your homework" Joe Trust Laboratories Changing Software Development http://www.trustlaboratories.com From ericm at lne.com Mon Jun 16 13:12:16 2003 From: ericm at lne.com (Eric Murray) Date: Mon, 16 Jun 2003 13:12:16 -0700 Subject: Diners club switches to passwords In-Reply-To: <20030616155030.GA15190@lightship.internal.homeport.org>; from adam@homeport.org on Mon, Jun 16, 2003 at 11:50:30AM -0400 References: <20030616155030.GA15190@lightship.internal.homeport.org> Message-ID: <20030616131216.A7061@slack.lne.com> On Mon, Jun 16, 2003 at 11:50:30AM -0400, Adam Shostack wrote: > I just called Diner's Club, and was suprised to be asked for a > password to (replace? supplement?) my mother's maiden name. > > Is this something that Citibank in general is doing? How long before > this becomes a standard of due care? Also, I'm curious what the > forgot-my-password recovery mechanisms will be... Mother's maiden name. Eric From schear at attbi.com Mon Jun 16 14:25:26 2003 From: schear at attbi.com (Steve Schear) Date: Mon, 16 Jun 2003 14:25:26 -0700 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: <5.2.0.9.0.20030616170631.044ddc00@pop.ix.netcom.com> References: <200306161116.06973.skquinn@speakeasy.net> <3EEDDB59.941E6BE3@cdc.gov> <3EEDDB59.941E6BE3@cdc.gov> Message-ID: <5.2.1.1.0.20030616142314.043348d8@mail.attbi.com> Seems like a market for "open source" EDRs could be a good one. A user accessible reset button could come in handy. steve From ericm at lne.com Mon Jun 16 14:29:37 2003 From: ericm at lne.com (Eric Murray) Date: Mon, 16 Jun 2003 14:29:37 -0700 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: <5.2.0.9.0.20030616170631.044ddc00@pop.ix.netcom.com>; from kelsey.j@ix.netcom.com on Mon, Jun 16, 2003 at 05:11:57PM -0400 References: <3EEDDB59.941E6BE3@cdc.gov> <3EEDDB59.941E6BE3@cdc.gov> <200306161116.06973.skquinn@speakeasy.net> <5.2.0.9.0.20030616170631.044ddc00@pop.ix.netcom.com> Message-ID: <20030616142937.A7619@slack.lne.com> On Mon, Jun 16, 2003 at 05:11:57PM -0400, John Kelsey wrote: ... > It seems intuitively like the EDR ought to be about as valuable to the > defense as the prosecution, right? E.g., the prosecutor says "this guy was > driving 120 miles an hour down the road while being pursued by the police," > but the EDR says he'd never topped 70. There are creepy privacy > implications in there somewhere, but the basic technology seems no more > inherently Orwellian than, say, DNA testing--which seems to be a pretty > good way of actually locking up the right guy now and then, rather than > someone who looks kind-of like the guy who did it, and was seen in the area > by an eyewitness and picked out of a police lineup. The types of problems with DNA testing such as state's refusal to allow testing of convicts when it might prove their innocence, and testing lab "errors", would also apply to EDR boxes. I.e. states will contrive to use EDR records only when it proves their case, and data recovered will be subject to "interpretation". You can bet that when EDRs become important as evidence, citizens won't be allowed to posess the means to read their own EDRs let alone write to them. Eric From adam at homeport.org Mon Jun 16 13:17:40 2003 From: adam at homeport.org (Adam Shostack) Date: Mon, 16 Jun 2003 16:17:40 -0400 Subject: Diners club switches to passwords In-Reply-To: <20030616131216.A7061@slack.lne.com> References: <20030616155030.GA15190@lightship.internal.homeport.org> <20030616131216.A7061@slack.lne.com> Message-ID: <20030616201740.GA19082@lightship.internal.homeport.org> On Mon, Jun 16, 2003 at 01:12:16PM -0700, Eric Murray wrote: | On Mon, Jun 16, 2003 at 11:50:30AM -0400, Adam Shostack wrote: | > I just called Diner's Club, and was suprised to be asked for a | > password to (replace? supplement?) my mother's maiden name. | > | > Is this something that Citibank in general is doing? How long before | > this becomes a standard of due care? Also, I'm curious what the | > forgot-my-password recovery mechanisms will be... | | | Mother's maiden name. Heh! Seriously? -- "It is seldom that liberty of any kind is lost all at once." -Hume From kelsey.j at ix.netcom.com Mon Jun 16 14:11:57 2003 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Mon, 16 Jun 2003 17:11:57 -0400 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: <200306161116.06973.skquinn@speakeasy.net> References: <3EEDDB59.941E6BE3@cdc.gov> <3EEDDB59.941E6BE3@cdc.gov> Message-ID: <5.2.0.9.0.20030616170631.044ddc00@pop.ix.netcom.com> At 11:16 AM 6/16/03 -0500, Shawn K. Quinn wrote: ... >I personally find the privacy implications of EDRs rather unsettling. >This story doesn't change that one bit. However, in this particular >case, I don't think what the EDR said really matters. The three >paragraphs from the story say a lot about what happened here: ... It seems intuitively like the EDR ought to be about as valuable to the defense as the prosecution, right? E.g., the prosecutor says "this guy was driving 120 miles an hour down the road while being pursued by the police," but the EDR says he'd never topped 70. There are creepy privacy implications in there somewhere, but the basic technology seems no more inherently Orwellian than, say, DNA testing--which seems to be a pretty good way of actually locking up the right guy now and then, rather than someone who looks kind-of like the guy who did it, and was seen in the area by an eyewitness and picked out of a police lineup. ... >Shawn K. Quinn --John Kelsey, kelsey.j at ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 From hseaver at cybershamanix.com Mon Jun 16 15:55:53 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Mon, 16 Jun 2003 17:55:53 -0500 Subject: bbc Message-ID: <20030616225553.GA13134@cybershamanix.com> Did the IRA bomb the BBC newserver or something? They've been down for two days now. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From adam at homeport.org Mon Jun 16 15:19:07 2003 From: adam at homeport.org (Adam Shostack) Date: Mon, 16 Jun 2003 18:19:07 -0400 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: <5.2.0.9.0.20030616170631.044ddc00@pop.ix.netcom.com> References: <3EEDDB59.941E6BE3@cdc.gov> <3EEDDB59.941E6BE3@cdc.gov> <5.2.0.9.0.20030616170631.044ddc00@pop.ix.netcom.com> Message-ID: <20030616221907.GA20708@lightship.internal.homeport.org> On Mon, Jun 16, 2003 at 05:11:57PM -0400, John Kelsey wrote: | At 11:16 AM 6/16/03 -0500, Shawn K. Quinn wrote: | ... | >I personally find the privacy implications of EDRs rather unsettling. | >This story doesn't change that one bit. However, in this particular | >case, I don't think what the EDR said really matters. The three | >paragraphs from the story say a lot about what happened here: | | ... | It seems intuitively like the EDR ought to be about as valuable to the | defense as the prosecution, right? E.g., the prosecutor says "this guy was | driving 120 miles an hour down the road while being pursued by the police," | but the EDR says he'd never topped 70. There are creepy privacy | implications in there somewhere, but the basic technology seems no more | inherently Orwellian than, say, DNA testing--which seems to be a pretty | good way of actually locking up the right guy now and then, rather than | someone who looks kind-of like the guy who did it, and was seen in the area | by an eyewitness and picked out of a police lineup. Just wait 'till they integrate GPS, and GPRS or 802.11. Much of this can be seem in the OnStar systems, which haven't yet featured in divorce proceedings, afaik. You can call up and find out where your car is. Adam PS: Bob Blakely once defined privacy as the right to lie and get away with it, which fits into some of what many people mean by privacy. -- "It is seldom that liberty of any kind is lost all at once." -Hume From mv at cdc.gov Mon Jun 16 18:30:36 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Mon, 16 Jun 2003 18:30:36 -0700 Subject: PGP 8 flaw work-around Message-ID: <3EEE6F3B.8E39DCB4@cdc.gov> Someone posted a bug wherein PGP 8 (XP version) saw keys >4 years as expired. There is a workaround, merely change your passphrase and resend the key. (You may change the passphrase to the same passphrase.) From justin-cypherpunks at soze.net Mon Jun 16 15:20:27 2003 From: justin-cypherpunks at soze.net (Justin) Date: Mon, 16 Jun 2003 22:20:27 +0000 Subject: Diners club switches to passwords In-Reply-To: <20030616155030.GA15190@lightship.internal.homeport.org> References: <20030616155030.GA15190@lightship.internal.homeport.org> Message-ID: <20030616222027.GH11753@dreams.soze.net> Adam Shostack (2003-06-16 15:50Z) wrote: > I just called Diner's Club, and was suprised to be asked for a > password to (replace? supplement?) my mother's maiden name. > > Is this something that Citibank in general is doing? How long before > this becomes a standard of due care? Also, I'm curious what the > forgot-my-password recovery mechanisms will be... Never fear; if you forget your password and the secret token used for authentication if you forget your password, they will still auth you. All they need is your account info, birthdate, and the last 4 digits of your SSN. Secure, indeed. Even after most people realize the utility of relatively strong _required_ passwords being used, as they often are in movies, to deal with banks, they are satisfied when real banks use two publicly available pieces of information and 13 bits of your maybe-or-maybe-not-so-secure SSN is good enough. Imagine the panic if Americans were required to use passwords like "b2\9690d" to access their bank accounts. I suppose the objection would be that we're not all as smart as Michael Douglas. (That's the password for one of his accounts in "The Game.") -- Freedom's untidy, and free people are free to make mistakes and commit crimes and do bad things. They're also free to live their lives and do wonderful things. --Rumsfeld, 2003-04-11 From nobody at cypherpunks.to Mon Jun 16 13:30:55 2003 From: nobody at cypherpunks.to (Anonymous via the Cypherpunks Tonga Remailer) Date: Mon, 16 Jun 2003 22:30:55 +0200 (CEST) Subject: An attack on paypal --> secure UI for browsers Message-ID: <1a1afd9d8b4d540b2edf102cb2cab48d@cypherpunks.to> David Wagner wrote: > But take a look at one line you quoted from the FAQ: > > "Only one nexus at a time will be able to run on a machine." > > That looks to me like an important sentence. The Nexus is like a mini-OS for the trusted side of the machine. It acts as a kernel to manage the "trusted applications", the Nexus Computing Agents or NCAs. So what this sentence is really saying is that only one (trusted) OS will be able to run at a time on a machine. That's not that surprising or significant. Most machines only run one OS at a time. Sure, with virtualization and similar techniques you can manage to run more than one OS at once, but that's unusual. Probably 99.9% of machines are only running one OS at a time. Virtualization is not an option with trusted computing because part of the point is to be able to offer assurance to remote users about what the machine will do (i.e. its behavior is predictable, hence trusted). This implies that it only makes sense to run one trusted OS at a time. That's probably all the "important" sentence above means. Adam Lydick wrote: > That is certainly a good point but don't confuse the "nexus" with NCAs > (agents). I think the nexus just provides services to the NCAs which > actually do the work. Think of it as a core library that services can > draw on. Right, plus it schedules, loads them, etc, like an OS kernel. Here is a simplified form of a diagram they use. The left hand side is the legacy mode, with normal Windows applications and OS. The right hand side is the new trusted mode, with NCAs as the applications and Nexus as the OS. Normal Mode Trusted Mode +---------------------------++------------------------+ | || | | Applications || NCAs | USER | || | |---------------------------++------------------------| | || | | Main Windows OS || Nexus | KERNEL | || | +---------------------------++------------------------+ > So having to trust the nexus, is rather like trusting kernel32.dll or > some other core components. Choosing to trust/run NCA sounds pretty > grainular, so you can trust your validated P2P stack from your favorite > independent developer and ignore (if you can) the restrictive DRM > solutions that are offered. Yes, it sounds like it will work exactly like that. Plus, hopefully it will be possible for Linux to create its own Nexus ("Linexus"?) that uses the same hardware features to provide TC capabilities for that OS. Recall that Linus Torvalds recently adopted the position that DRM was an acceptable technology for Linux, even when it involved being built into the kernel. Since DRM is the main downside to TC for many people, and TC has many more good aspects beyond DRM, it is a near certainty that Linux will add support for Trusted Computing. > Problems certainly remain though: > > In the validated P2P scenario, an Adversary with enough influence to > have Intel/AMD/... hand out a signed internal key can circumvent any > such "protections". Right, he could watch all the Disney movies he wanted, without paying for them! Mwaa haa haa! Foolish humans! But seriously, these systems can only raise the cost of security. Neither cypherpunks nor Sony should risk their collective lives that no one will break Palladium, by hook or by crook. From discord-nobody at erisiandiscord.de Mon Jun 16 21:30:41 2003 From: discord-nobody at erisiandiscord.de (Anonymous) Date: Tue, 17 Jun 2003 06:29:41 +0159 (CEST) Subject: [Brinworld] Car's data recorder convicts driver Message-ID: Adam Shostack wrote: > PS: Bob Blakely once defined privacy as the right to lie and get away > with it, which fits into some of what many people mean by privacy. So privacy is only of value to the dishonest? I don't think so! I post anonymously, but not to lie. From jya at pipeline.com Tue Jun 17 08:32:56 2003 From: jya at pipeline.com (John Young) Date: Tue, 17 Jun 2003 08:32:56 -0700 Subject: US Encryption Export Clarified Message-ID: The Bureau of Industry and Security today issued: Export Administration Regulations: Encryption Clarifications and Revisions SUMMARY: This rule amends the Export Administration Regulations (EAR) to clarify when encryption commodities and software may be given de minimis treatment, when short-range wireless devices incorporating encryption may be given mass market or retail treatment, and to provide guidance on when exporters are required to submit encryption review requests. It also expands the authorizations according to which travelers departing the United States may take encryption for their personal use, and clarifies that specially designed medical equipment and software are not controlled as encryption or ``information security'' items under the EAR. Finally this rule implements changes to the Wassenaar Arrangement List of dual-use items (agreed upon in the September 2002 meeting and finalized in December 2002) that eliminate from Export Control Classification Number (ECCN) 5A002 certain types of ``Personalized smart cards'' and equipment specially designed and limited to controlling access to copyright protected data. ----- http://cryptome.org/bis061703.txt From mv at cdc.gov Tue Jun 17 14:05:58 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Tue, 17 Jun 2003 14:05:58 -0700 Subject: Encrypted SMS (alas, closed source) Message-ID: <3EEF82B6.FBF37A1E@cdc.gov> http://www.fortressmail.net/fortress_sms.htm also limited-platform (Platform: Series 60 (Symbian v6) - for example the Nokia 7650) If well implemented looks good. From hseaver at cybershamanix.com Tue Jun 17 16:15:11 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Tue, 17 Jun 2003 18:15:11 -0500 Subject: weird logic Message-ID: <20030617231511.GA13887@cybershamanix.com> http://news.bbc.co.uk/2/hi/middle_east/2998870.stm "With Iraq's judicial system in disarray after the end of the war, Paul Bremer said a special criminal court would be set up. He said the court would try people, "in particular senior Baathists... may have committed crimes against the coalition, who are trying to destabilise the situation"." So you invade a country, and the patriots who resist you are no longer soldiers, even guerillas, but "criminals" to be tried in the US's weird new courts, probably secretly with no representation. Velkomen, to ze New Verld Order. Sieg Heil! And may Jesus bless you. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From timcmay at got.net Tue Jun 17 21:23:25 2003 From: timcmay at got.net (Tim May) Date: Tue, 17 Jun 2003 21:23:25 -0700 Subject: weird logic In-Reply-To: <20030617231511.GA13887@cybershamanix.com> Message-ID: <9AB20FF8-A144-11D7-9C17-000A956B4C74@got.net> On Tuesday, June 17, 2003, at 04:15 PM, Harmon Seaver wrote: > http://news.bbc.co.uk/2/hi/middle_east/2998870.stm > > "With Iraq's judicial system in disarray after the end of the war, > Paul Bremer > said a special criminal court would be set up. > > He said the court would try people, "in particular senior Baathists... > may have > committed crimes against the coalition, who are trying to destabilise > the > situation"." > > So you invade a country, and the patriots who resist you are no > longer > soldiers, even guerillas, but "criminals" to be tried in the US's > weird new > courts, probably secretly with no representation. > > Velkomen, to ze New Verld Order. Sieg Heil! And may Jesus bless you. > Yes, this is the logic. Discussed in many other fora. And not new. When the U.S. "liberated" Somalia the first thing they did was to seize control of the press and begin to collect the guns...then the "warlords" were able to operate freely amongst the disarmed peasants, and ultimately the U.S. got its ass kicked and left in shame. The U.S. believes in basic rights for _some_ Americans, but certainly for none of the sand niggers it conquers. It declares the soldiers it fights to be "illegal combatants" and subjects them to torture at Guantanamo Bay. I hope some captured U.S. soldiers are declared to be "illegal combatants" and similarly tortured and murdered. As for Bush, Cheney, Rice, Powell, Wolfowitz, Perle and the rest of the Jew, er, New World Order, I hope they are eventually tried for treason for their lies and, if found guilty of lying about the supposed "WMDs," then hanged in a public square. Actually, I hope General Powell first does the honorable thing and uses his .45 for its Approved Alternative Shame-Reduction Purpose. (Note to the SS Gestapo: This is a statement of my protected political beliefs about what the court system of the U.S. _should_ do, not a statement of what freedom fighters plan to do. When freedom fighters act, the act will be a blinding white flash over the Criminal Capital, not some bullshit hanging of some run-of-the-mill criminals like Bush, Hitler, Rice, Goebbels, Powell, Mussolini, Wolfwowitz, Quisling, etc. ) The United States needs to have its hard drive reformatted. --Tim May From timcmay at got.net Tue Jun 17 21:25:14 2003 From: timcmay at got.net (Tim May) Date: Tue, 17 Jun 2003 21:25:14 -0700 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: Message-ID: On Tuesday, June 17, 2003, at 03:48 PM, Thomas Shaddack wrote: > On Mon, 16 Jun 2003, Steve Schear wrote: >> Seems like a market for "open source" EDRs could be a good one. A >> user >> accessible reset button could come in handy. > > Could a stun gun help? > Unlikely. Getting juice into the innards of a box in a way so as to overwrite data is not nearly so simply as applying sparky things to the outside of the box. Lots of reasons for this. --Tim May From timcmay at got.net Tue Jun 17 21:30:35 2003 From: timcmay at got.net (Tim May) Date: Tue, 17 Jun 2003 21:30:35 -0700 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: Message-ID: <9B29CB08-A145-11D7-9C17-000A956B4C74@got.net> On Tuesday, June 17, 2003, at 03:48 PM, Thomas Shaddack wrote: > >> Adam >> >> PS: Bob Blakely once defined privacy as the right to lie and get away >> with it, which fits into some of what many people mean by privacy. > > Another possible definition is the right to tell the truth and get away > with it. > > But both definitions are rather about free speech than about privacy, > but > then we'd get to a fight over definitions which is in this context > better > to leave on the shoulders of people making encyclopedias. > Maybe I have a minor corollary to Somebody's Law: "All debates about privacy eventually degenerate into foolish and off-target debates about the meaning of truth." It never makes sense to argue about a "right to lie" or a "right to tell the truth." One man's lie is another man's truth. And even _asking_ for a true response is usually an overstepping, as it presumes the asker knows what is true and what is not. Pilate said it all 2000 years ago. --Tim May From bill.stewart at pobox.com Wed Jun 18 00:20:02 2003 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 18 Jun 2003 00:20:02 -0700 Subject: weird logic In-Reply-To: <20030617231511.GA13887@cybershamanix.com> Message-ID: <5.1.1.6.2.20030618000130.18648ec0@idiom.com> At 06:15 PM 06/17/2003 -0500, Harmon Seaver wrote: >http://news.bbc.co.uk/2/hi/middle_east/2998870.stm >"With Iraq's judicial system in disarray after the end of the war, Paul Bremer >said a special criminal court would be set up. >He said the court would try people, "in particular senior Baathists... may >have >committed crimes against the coalition, who are trying to destabilise the >situation"." > > So you invade a country, and the patriots who resist you are no longer >soldiers, even guerillas, but "criminals" to be tried in the US's weird new >courts, probably secretly with no representation. Yup. And USA Today was referring to the US military reserve soldiers who were sent there as "Citizen Soldiers", but of course *Iraqis* who fought the invaders weren't "citizen soldiers", they were "terrorists" or "illegal combatants" or "evil" or "failing to act sufficiently French by surrendering". And since the US Constitution doesn't apply to US forces operating outside the US, there's no prohibition against "ex post facto" laws about "crimes against the coalition", and of course the Bush Administration bullied Brussels into exempting their armed forces from war crimes laws. From shaddack at ns.arachne.cz Tue Jun 17 15:48:10 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Wed, 18 Jun 2003 00:48:10 +0200 (CEST) Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: <20030616221907.GA20708@lightship.internal.homeport.org> Message-ID: > Just wait 'till they integrate GPS, and GPRS or 802.11. Transmitter is easy to find. Receiver is easy to jam with a micropower jammer. Sometimes all you need could just be creatively tweaking the ignition and antenna wiring to get "faulty shielding" in the right places; it requires much more experience to make it look "accidental", though. > Much of this can be seem in the OnStar systems, which haven't yet > featured in divorce proceedings, afaik. Matter of time. The next generation of sleuths will be much more tech savvy than the current one. > You can call up and find out where your car is. ...eg, in a nameless radio shadow. > Adam > > PS: Bob Blakely once defined privacy as the right to lie and get away > with it, which fits into some of what many people mean by privacy. Another possible definition is the right to tell the truth and get away with it. But both definitions are rather about free speech than about privacy, but then we'd get to a fight over definitions which is in this context better to leave on the shoulders of people making encyclopedias. From shaddack at ns.arachne.cz Tue Jun 17 15:48:49 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Wed, 18 Jun 2003 00:48:49 +0200 (CEST) Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: <5.2.1.1.0.20030616142314.043348d8@mail.attbi.com> Message-ID: On Mon, 16 Jun 2003, Steve Schear wrote: > Seems like a market for "open source" EDRs could be a good one. A user > accessible reset button could come in handy. Could a stun gun help? From kelsey.j at ix.netcom.com Tue Jun 17 21:58:56 2003 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Wed, 18 Jun 2003 00:58:56 -0400 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: Message-ID: <5.2.0.9.0.20030618005834.044d4a00@pop.ix.netcom.com> At 06:29 AM 6/17/03 +0159, Anonymous wrote: >Adam Shostack wrote: > > > PS: Bob Blakely once defined privacy as the right to lie and get away > > with it, which fits into some of what many people mean by privacy. > >So privacy is only of value to the dishonest? I don't think so! >I post anonymously, but not to lie. "Fred, did you post that crap to cypherpunks?" --John Kelsey, kelsey.j at ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 From jtrjtrjtr2001 at yahoo.com Wed Jun 18 06:22:30 2003 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Wed, 18 Jun 2003 06:22:30 -0700 (PDT) Subject: weird logic In-Reply-To: <5.1.1.6.2.20030618000130.18648ec0@idiom.com> Message-ID: <20030618132230.76673.qmail@web21201.mail.yahoo.com> hi, Did any one say the US system works based on logic :-) The news here is that on an average one US soidler dies per day to a iraqi sniper particlually in crowded areas where you cant blow of a whole builiding immediately.Maybe this is the wierd logic that the iraqi's follow.Even they too have the right to follow their own logic. Only problem is that innocent soldiers on both sides are the sufferers due to a bunch of intelligent people who say they are doing it in national interest while they are doing it for themselves in both nations. Sarath. --- Bill Stewart wrote: > At 06:15 PM 06/17/2003 -0500, Harmon Seaver wrote: > >http://news.bbc.co.uk/2/hi/middle_east/2998870.stm > >"With Iraq's judicial system in disarray after the > end of the war, Paul Bremer > >said a special criminal court would be set up. > >He said the court would try people, "in particular > senior Baathists... may > >have > >committed crimes against the coalition, who are > trying to destabilise the > >situation"." > > > > So you invade a country, and the patriots who > resist you are no longer > >soldiers, even guerillas, but "criminals" to be > tried in the US's weird new > >courts, probably secretly with no representation. > > Yup. And USA Today was referring to the US military > reserve soldiers > who were sent there as "Citizen Soldiers", but of > course > *Iraqis* who fought the invaders weren't "citizen > soldiers", > they were "terrorists" or "illegal combatants" or > "evil" or > "failing to act sufficiently French by > surrendering". > > And since the US Constitution doesn't apply to > US forces operating outside the US, there's no > prohibition > against "ex post facto" laws about "crimes against > the coalition", > and of course the Bush Administration bullied > Brussels into exempting > their armed forces from war crimes laws. > __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com From eresrch at eskimo.com Wed Jun 18 06:25:52 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Wed, 18 Jun 2003 06:25:52 -0700 (PDT) Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: <20030618121705.GB45331@lightship.internal.homeport.org> Message-ID: On Wed, 18 Jun 2003, Adam Shostack wrote: > I wasn't arguing, I was quipping. > > I find the many meanings of the word privacy to be fascinating. So > when someone commented that the car's tattle-box is or isn't a privacy > invasion, I thought I'd offer up a definition under which it is. > Its a definition that lots of people use, as John points out. > > Perhaps better than 'right' would be 'ability,' 'The ability to lie > and get away with it.' > > Adam > > > -- > 'No, honey, I was working late at the office.' Reminds me of the first time I saw a guy with a "brick phone". I'm in a bar eating a burger and drinking beer, and this guy sits down one seat away from me, pulls out this huge cell phone, and starts punching away. 10 seconds later he's saying "I'll be late coming home, I have more work to do in the office". Like she can't here the background music! Oh well, I was getting paid for his air time :-) Patience, persistence, truth, Dr. mike From jtrjtrjtr2001 at yahoo.com Wed Jun 18 06:38:00 2003 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Wed, 18 Jun 2003 06:38:00 -0700 (PDT) Subject: Design criteria of md5 Message-ID: <20030618133800.92973.qmail@web21202.mail.yahoo.com> hi, does any one have a reference to ron rivests paper on the design criteria of md5. Tbank You. Sarath. __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com From adam at homeport.org Wed Jun 18 05:13:17 2003 From: adam at homeport.org (Adam Shostack) Date: Wed, 18 Jun 2003 08:13:17 -0400 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: <5.2.0.9.0.20030618005834.044d4a00@pop.ix.netcom.com> References: <5.2.0.9.0.20030618005834.044d4a00@pop.ix.netcom.com> Message-ID: <20030618121317.GA45331@lightship.internal.homeport.org> On Wed, Jun 18, 2003 at 12:58:56AM -0400, John Kelsey wrote: | At 06:29 AM 6/17/03 +0159, Anonymous wrote: | >Adam Shostack wrote: | > | >> PS: Bob Blakely once defined privacy as the right to lie and get away | >> with it, which fits into some of what many people mean by privacy. | > | >So privacy is only of value to the dishonest? I don't think so! | >I post anonymously, but not to lie. | | | "Fred, did you post that crap to cypherpunks?" "Are you a slacker, McFly?" -- "It is seldom that liberty of any kind is lost all at once." -Hume From adam at homeport.org Wed Jun 18 05:17:06 2003 From: adam at homeport.org (Adam Shostack) Date: Wed, 18 Jun 2003 08:17:06 -0400 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: <9B29CB08-A145-11D7-9C17-000A956B4C74@got.net> References: <9B29CB08-A145-11D7-9C17-000A956B4C74@got.net> Message-ID: <20030618121705.GB45331@lightship.internal.homeport.org> On Tue, Jun 17, 2003 at 09:30:35PM -0700, Tim May wrote: | On Tuesday, June 17, 2003, at 03:48 PM, Thomas Shaddack wrote: | > | >>Adam | >> | >>PS: Bob Blakely once defined privacy as the right to lie and get away | >>with it, which fits into some of what many people mean by privacy. | > | >Another possible definition is the right to tell the truth and get away | >with it. | > | >But both definitions are rather about free speech than about privacy, | >but | >then we'd get to a fight over definitions which is in this context | >better | >to leave on the shoulders of people making encyclopedias. | > | | Maybe I have a minor corollary to Somebody's Law: "All debates about | privacy eventually degenerate into foolish and off-target debates about | the meaning of truth." | | It never makes sense to argue about a "right to lie" or a "right to | tell the truth." One man's lie is another man's truth. And even | _asking_ for a true response is usually an overstepping, as it presumes | the asker knows what is true and what is not. Pilate said it all 2000 | years ago. I wasn't arguing, I was quipping. I find the many meanings of the word privacy to be fascinating. So when someone commented that the car's tattle-box is or isn't a privacy invasion, I thought I'd offer up a definition under which it is. Its a definition that lots of people use, as John points out. Perhaps better than 'right' would be 'ability,' 'The ability to lie and get away with it.' Adam -- 'No, honey, I was working late at the office.' From schear at attbi.com Wed Jun 18 08:20:44 2003 From: schear at attbi.com (Steve Schear) Date: Wed, 18 Jun 2003 08:20:44 -0700 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: <20030618121705.GB45331@lightship.internal.homeport.org> References: <9B29CB08-A145-11D7-9C17-000A956B4C74@got.net> <9B29CB08-A145-11D7-9C17-000A956B4C74@got.net> Message-ID: <5.2.1.1.0.20030618073856.041bdea8@mail.attbi.com> At 08:17 2003-06-18 -0400, Adam Shostack wrote: >| It never makes sense to argue about a "right to lie" or a "right to >| tell the truth." One man's lie is another man's truth. And even >| _asking_ for a true response is usually an overstepping, as it presumes >| the asker knows what is true and what is not. Pilate said it all 2000 >| years ago. > >I wasn't arguing, I was quipping. > >I find the many meanings of the word privacy to be fascinating. So >when someone commented that the car's tattle-box is or isn't a privacy >invasion, I thought I'd offer up a definition under which it is. >Its a definition that lots of people use, as John points out. > >Perhaps better than 'right' would be 'ability,' 'The ability to lie >and get away with it.' Indeed 'privacy' and 'secrecy' are often confused and their meanings overlap in many a mind. I think that most, at least in the West, accept that privacy "..is based on rules and trust," for example, records kept on us by our doctors. Because exposure of various aspects of our private lives can do lasting damage, privacy is only effective when controlled by the party seeking it, who may disclose it or not as they see fit and can only be guaranteed when those who would "sell you out" don't possess the possibly damaging information. For that reason among others, I am really only interested in privacy mediated by personal secrecy and technologies I trust and/or control. steve From hseaver at cybershamanix.com Wed Jun 18 06:46:35 2003 From: hseaver at cybershamanix.com (Harmon Seaver) Date: Wed, 18 Jun 2003 08:46:35 -0500 Subject: bbc In-Reply-To: <20030618145333.E50731-100000@localhost> References: <20030616225553.GA13134@cybershamanix.com> <20030618145333.E50731-100000@localhost> Message-ID: <20030618134635.GA14926@cybershamanix.com> On Wed, Jun 18, 2003 at 03:01:01PM +0100, Jim Dixon wrote: > On Mon, 16 Jun 2003, Harmon Seaver wrote: > > > Did the IRA bomb the BBC newserver or something? They've been down for two > > days now. > > There has certainly been no interruption in service in the UK; I look > at it daily. > > However, news.bbc.co.uk is not one machine. The BBC has at least two > clusters of servers, one at Telehouse in London and the other in > Telehouse America in New York. When I was providing services to the > BBC (up until about 18 months ago), these server farms were connected > by a private circuit, enabling the NY site to mirror the UK site. > Custom DNS software looked at where you were (by IP address) and then > gave you an IP address in either London or New York, depending on > whether you connected through the London Internet exchange. > > What's most likely is that someone along the way has tried to be clever > with caching/proxying and in effect has broken your connection. Must be something like that -- weird tho. I can get to news.bbc.co.uk just fine, but the one I'd been using for a long, long time on a daily basis, www.bbc.uk.com, just disappeared. Oh well. Makes me wonder tho, about who/what the sites actually are that we go to -- maybe nothing is as it seems. -- Harmon Seaver CyberShamanix http://www.cybershamanix.com From mv at cdc.gov Wed Jun 18 09:11:39 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Wed, 18 Jun 2003 09:11:39 -0700 Subject: Hacking for pigs makes you a pig, trojans, 4th amend Message-ID: <3EF08F3B.6F32B81B@cdc.gov> June 18, 2003 Evidence Barred in Ex-O.C. Judge's Child-Porn Case Writings and photos were illegally obtained from Ronald Kline's computer, court rules. By Christine Hanley, Times Staff Writer A federal judge on Tuesday threw out most of the key evidence in a high-profile child pornography case against a former Orange County judge, ruling that sexually explicit diary entries and photos were discovered after illegal computer searches by a Canadian hacker who was working for police. The ruling could undermine much of the case against Ronald C. Kline, whose arrest drew national attention and ultimately resulted in the judge dropping his bid for reelection. U.S. District Judge Consuelo B. Marshall in Los Angeles found that Kline's 4th Amendment privacy rights were violated when Bradley Willman of Langley, British Columbia, invaded his home computer with a so-called Trojan Horse virus. In a 12-page decision, Marshall suppressed all the evidence seized from Kline's home and his home computer, including excerpts from a computer diary about his sexual desires and more than 1,500 pornographic photos of young boys. "The Court finds that Bradley Willman was a government agent at the time of the intrusion, that Willman thought of himself as an agent for law enforcement, and that Willman's motivation was to act for law enforcement purposes," Marshall wrote. Willman, the judge ruled, was acting as a tool for police and as with any law enforcement agent would be barred from seizing any personal property without a search warrant. Marshall left open the question of whether material seized from Kline's courthouse computer will be allowed, asking both sides to return Sept. 15 to discuss that matter. http://www.latimes.com/news/local/la-me-kline18jun18,1,5480864.story?coll=la-headlines-california From timcmay at got.net Wed Jun 18 09:11:58 2003 From: timcmay at got.net (Tim May) Date: Wed, 18 Jun 2003 09:11:58 -0700 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: <20030618121705.GB45331@lightship.internal.homeport.org> Message-ID: <967DC182-A1A7-11D7-9C17-000A956B4C74@got.net> On Wednesday, June 18, 2003, at 05:17 AM, Adam Shostack wrote: > > I wasn't arguing, I was quipping. > > I find the many meanings of the word privacy to be fascinating. So > when someone commented that the car's tattle-box is or isn't a privacy > invasion, I thought I'd offer up a definition under which it is. > Its a definition that lots of people use, as John points out. > > Perhaps better than 'right' would be 'ability,' 'The ability to lie > and get away with it.' I wasn't picking on you or your points, that's for sure. In fact, I barely noticed whose message I was replying to. My point was a larger one, that nearly all such debates about privacy eventually come round to issues of "what have you got to hide?" and issues of truth and lies. This is why I like the "Congresss shall make no law" and "shall not be infringed" absoluteness of the original Constitution. The language does not natter about "truthful speaking shall not be infringed." And this is why more recent legislation allowing government to regulate "commercial speech" or to decide which speech is true and which is false (as in advertising claims) is so corrosive to liberty. --Tim May "The great object is that every man be armed and everyone who is able may have a gun." --Patrick Henry "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton From mv at cdc.gov Wed Jun 18 09:20:56 2003 From: mv at cdc.gov (Major Variola (ret.)) Date: Wed, 18 Jun 2003 09:20:56 -0700 Subject: 1st amend, thoughtcrime, schools as pipelines to jail Message-ID: <3EF09168.92FFE142@cdc.gov> To establish a criminal threat, it would have to be shown that he wanted the [threatened] officer to see the work, the court said. "The painting does not appear to be anything other than pictorial ranting," the court said. "The criminal law does not, and cannot now, implement a zero-tolerance policy concerning the expressive depiction of violence." Schools are becoming one of the primary pipelines to the juvenile justice system," said Shannan Wilber, executive director of Legal Services for Children in San Francisco. Excerpts from http://www.latimes.com/news/local/la-me-threat18jun18001434,1,6789200.story?coll=la-headlines-california From jal at jal.org Wed Jun 18 09:45:16 2003 From: jal at jal.org (Jamie Lawrence) Date: Wed, 18 Jun 2003 11:45:16 -0500 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: <5.2.1.1.0.20030618073856.041bdea8@mail.attbi.com> References: <9B29CB08-A145-11D7-9C17-000A956B4C74@got.net> <9B29CB08-A145-11D7-9C17-000A956B4C74@got.net> <5.2.1.1.0.20030618073856.041bdea8@mail.attbi.com> Message-ID: <20030618164515.GB17656@jal.clueinc.net> On Wed, 18 Jun 2003, Steve Schear wrote: > Indeed 'privacy' and 'secrecy' are often confused and their meanings > overlap in many a mind. I think that most, at least in the West, accept > that privacy "..is based on rules and trust," for example, records kept on > us by our doctors. Because exposure of various aspects of our private > lives can do lasting damage, privacy is only effective when controlled by > the party seeking it, who may disclose it or not as they see fit and can > only be guaranteed when those who would "sell you out" don't possess the > possibly damaging information. For that reason among others, I am really > only interested in privacy mediated by personal secrecy and technologies I > trust and/or control. I agree with you. Being anonymous is very important here. Privacy is something alluded to by the famous "Gentlemen do not read other gentlemen's mail". Secrecy is what other people cannot find out. Anonymity (strong or not) is vastly important to secrecy. Medical data is a great example of this. It may be private, for some (weak) values of private, right now. Being John Doe at the doctor's office and paying cash, though, is vastly better in terms of assurance, at least until the doctor's business-cam interfaces with other databases. Too bad that works so poorly with insurance, but then worker insurance in the US is nearly a government program, anyway. -j -- Jamie Lawrence jal at jal.org A computer without a Microsoft operating system is like a dog without bricks tied to its head. From schear at attbi.com Wed Jun 18 13:03:32 2003 From: schear at attbi.com (Steve Schear) Date: Wed, 18 Jun 2003 13:03:32 -0700 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: <20030618164515.GB17656@jal.clueinc.net> References: <5.2.1.1.0.20030618073856.041bdea8@mail.attbi.com> <9B29CB08-A145-11D7-9C17-000A956B4C74@got.net> <9B29CB08-A145-11D7-9C17-000A956B4C74@got.net> <5.2.1.1.0.20030618073856.041bdea8@mail.attbi.com> Message-ID: <5.2.1.1.0.20030618125752.041dde70@mail.attbi.com> At 11:45 2003-06-18 -0500, Jamie Lawrence wrote: >Anonymity (strong or not) is vastly important to secrecy. > >Medical data is a great example of this. It may be private, for some >(weak) values of private, right now. Being John Doe at the doctor's >office and paying cash, though, is vastly better in terms of >assurance, at least until the doctor's business-cam interfaces >with other databases. Too bad that works so poorly with insurance, >but then worker insurance in the US is nearly a government program, >anyway. There may be a viable opportunity for an off-shore private medical insurance carrier which does not use your social security number as your identifier to the medical service provider. Due to excessive U.S. fed and state insurance regulations many/most doctors might refuse to accept it (at least initially) it may be necessary for this insurance to operate "off network" so that subscribers would have to pay the care giver and be reimbursed. steve From ravage at einstein.ssz.com Wed Jun 18 11:03:42 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 18 Jun 2003 13:03:42 -0500 (CDT) Subject: New Zealand News - World - Beijing goes high-tech to block Sars messages (fwd) Message-ID: http://www.nzherald.co.nz/storydisplay.cfm?storyID=3507534&thesection=news&thesubsection=world -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From jdd at dixons.org Wed Jun 18 07:01:01 2003 From: jdd at dixons.org (Jim Dixon) Date: Wed, 18 Jun 2003 15:01:01 +0100 (BST) Subject: bbc In-Reply-To: <20030616225553.GA13134@cybershamanix.com> Message-ID: <20030618145333.E50731-100000@localhost> On Mon, 16 Jun 2003, Harmon Seaver wrote: > Did the IRA bomb the BBC newserver or something? They've been down for two > days now. There has certainly been no interruption in service in the UK; I look at it daily. However, news.bbc.co.uk is not one machine. The BBC has at least two clusters of servers, one at Telehouse in London and the other in Telehouse America in New York. When I was providing services to the BBC (up until about 18 months ago), these server farms were connected by a private circuit, enabling the NY site to mirror the UK site. Custom DNS software looked at where you were (by IP address) and then gave you an IP address in either London or New York, depending on whether you connected through the London Internet exchange. What's most likely is that someone along the way has tried to be clever with caching/proxying and in effect has broken your connection. -- Jim Dixon jdd at dixons.org tel +44 117 982 0786 mobile +44 797 373 7881 From sunder at sunder.net Wed Jun 18 13:36:14 2003 From: sunder at sunder.net (Sunder) Date: Wed, 18 Jun 2003 16:36:14 -0400 (edt) Subject: 1st amend, thoughtcrime, schools as pipelines to jail In-Reply-To: <3EF09168.92FFE142@cdc.gov> Message-ID: Anyone got a "cypherpunks/cypherpunks" like login for the turd of a login? ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ <--*-->:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD. \|/ + v + : The look on Sadam's face - priceless! --------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------ On Wed, 18 Jun 2003, Major Variola (ret.) wrote: > http://www.latimes.com/news/local/la-me-threat18jun18001434,1,6789200.story?coll=la-headlines-california From adam at homeport.org Wed Jun 18 14:38:46 2003 From: adam at homeport.org (Adam Shostack) Date: Wed, 18 Jun 2003 17:38:46 -0400 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: <967DC182-A1A7-11D7-9C17-000A956B4C74@got.net> References: <20030618121705.GB45331@lightship.internal.homeport.org> <967DC182-A1A7-11D7-9C17-000A956B4C74@got.net> Message-ID: <20030618213846.GA52977@lightship.internal.homeport.org> On Wed, Jun 18, 2003 at 09:11:58AM -0700, Tim May wrote: | On Wednesday, June 18, 2003, at 05:17 AM, Adam Shostack wrote: | > | >I wasn't arguing, I was quipping. | > | >I find the many meanings of the word privacy to be fascinating. So | >when someone commented that the car's tattle-box is or isn't a privacy | >invasion, I thought I'd offer up a definition under which it is. | >Its a definition that lots of people use, as John points out. | > | >Perhaps better than 'right' would be 'ability,' 'The ability to lie | >and get away with it.' | | I wasn't picking on you or your points, that's for sure. In fact, I | barely noticed whose message I was replying to. Gives new meaning to anonymous postings. ;) | My point was a larger one, that nearly all such debates about privacy | eventually come round to issues of "what have you got to hide?" and | issues of truth and lies. | | This is why I like the "Congresss shall make no law" and "shall not be | infringed" absoluteness of the original Constitution. The language does | not natter about "truthful speaking shall not be infringed." | | And this is why more recent legislation allowing government to regulate | "commercial speech" or to decide which speech is true and which is | false (as in advertising claims) is so corrosive to liberty. Indeed. The European data protection laws are fundamentally unamerican. Unfortunately, Congress has made laws, numbering each of us, and then tries to regulate the abuse of that (free, freely usable, legally enforced) numbering scheme. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From eresrch at eskimo.com Wed Jun 18 19:41:53 2003 From: eresrch at eskimo.com (Mike Rosing) Date: Wed, 18 Jun 2003 19:41:53 -0700 (PDT) Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: Message-ID: On Thu, 19 Jun 2003, Thomas Shaddack wrote: > Works very nicely. :) > > Problem: leaves evidence, and takes time. The main advantage of electric > shock is that the fried chip looks for the naked eye exactly the same way > as a non-fried chip. The only difference could be found with a scanning > electron microscope on the chip itself, which is something nobody is > likely to bother with. Especially in harsh environments (cars classify) > chips tend to die, so its death could look as natural enough to not be > suspicious. > > If I am wrong, please tell me where and why. :) Automotive environments are known to be harsh, so electronics is protected to some extent. The assumption is that spark plug voltages can get into sensors, so most data lines are protected as are the sensor lines. If you try to fry things with double the voltage of a standard spark plug it may not work, if you use 10 times that it will, but the ESD protection will obviously be blown too. That begins to look suspicious (but I doubt anyone could _prove_ you fried it on purpose). The main question is how deep is the memory of these things. If they only remember the last catastrophic event then "privacy" isn't a problem. The actual routes taken are not stored. If you are in an accident and the cops ask you to take a breath test, you can take the test or not - and deal with the consequences of the legal system based on your choice. The data taken from the recorder for the "event" is then corroboration, which may help instead of hurt you. If the box remembers everything you do, and the garage mechanic can use it to blackmail you, then it becomes a "privacy" issue. I think the issue is when data is removed, and how much is actually stored. Can anybody explain the details? Patience, persistence, truth, Dr. mike From jburnes at vonu.net Wed Jun 18 18:02:33 2003 From: jburnes at vonu.net (jburnes) Date: Wed, 18 Jun 2003 20:02:33 -0500 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: Message-ID: Why go to all that trouble. Just take it out of circuit. Cut the printed circuit board leads and disable it or if its in an inaccessible black box, cut the leads to the box. Easy enough. On Wednesday, June 18, 2003, at 04:11 PM, Thomas Shaddack wrote: > On Tue, 17 Jun 2003, Tim May wrote: >> Unlikely. Getting juice into the innards of a box in a way so as to >> overwrite data is not nearly so simply as applying sparky things to >> the >> outside of the box. Lots of reasons for this. > > The idea wasn't about overwriting the data. The idea was about frying > the > chip with the data inside (and if all the other chips inside the box > become a collateral damage, let's that be so). As long as it is outside > the technological abilities of the given adversary to retrieve the data > from the fried chip, the objective is reached. > > The idea also wasn't about the outside of the box, I thought rather > disconnecting the power leads and blasting the spark into the power-GND > pair, or into the (disconnected, we don't want to kill the entire car > electronics) data bus. With a bit of luck, the spark could get through > the > filters and into the Vcc pins of the chips. From ravage at einstein.ssz.com Wed Jun 18 18:12:50 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 18 Jun 2003 20:12:50 -0500 (CDT) Subject: Slashdot | Sweden To Outlaw File Sharing, Crypto Breaking? (fwd) Message-ID: http://yro.slashdot.org/yro/03/06/18/2328233.shtml?tid=153&tid=99 -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From timcmay at got.net Wed Jun 18 20:16:57 2003 From: timcmay at got.net (Tim May) Date: Wed, 18 Jun 2003 20:16:57 -0700 Subject: Destroying government computers Message-ID: <7C31FD64-A204-11D7-9C17-000A956B4C74@got.net> http://www.signonsandiego.com/news/uniontrib/wed/business/ news_1b18hatch.html > > June 18, 2003, WASHINGTON - The chairman of the Senate Judiciary Committee > said yesterday he favors developing new technology to remotely destroy the > computers of people who illegally download music from the Internet. > > "If that's the only way, then I'm all for destroying their machines. If you > have a few hundred thousand of those, I think people would realize" the > seriousness of their actions, he said. If Orrin Hatch proposes such a thing, we can propose technologies which identify those from .gov or .mil or other Congress/Gov't. domains and send lethal viruses and suchlike back to them to destroy their machines if they illegally connect to our machines. (A simple warning that government stooges, lawyers, judges, clerks, and any GS-xx employees are not allowed to connect should suffice. After that, if they connect, fuck their machines dead.) --Tim May "Ben Franklin warned us that those who would trade liberty for a little bit of temporary security deserve neither. This is the path we are now racing down, with American flags fluttering."-- Tim May, on events following 9/11/2001 From ravage at einstein.ssz.com Wed Jun 18 20:30:02 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 18 Jun 2003 22:30:02 -0500 (CDT) Subject: cisco.com || Interpol Bureaus Around the World to Collaborate over VPNs (fwd) Message-ID: ---------- Forwarded message ---------- Date: Wed, 18 Jun 2003 11:11:49 -0500 Subject: cisco.com || Interpol Bureaus Around the World to Collaborate over VPNs As part of its ongoing mission to help customers leverage the power of the Internet, Cisco Systems recently joined forces with Interpol, an international organization that facilitates cross-border criminal police cooperation, to create and deploy a new Virtual Private Network (VPN) called I-247. http://newsroom.cisco.com/dlls/hd_052003.html> From ravage at einstein.ssz.com Wed Jun 18 20:30:45 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Wed, 18 Jun 2003 22:30:45 -0500 (CDT) Subject: Mining E-mail Content for Author Identification Forensics (ResearchIndex) (fwd) Message-ID: http://citeseer.nj.nec.com/devel01mining.html -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From shaddack at ns.arachne.cz Wed Jun 18 14:11:30 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Wed, 18 Jun 2003 23:11:30 +0200 (CEST) Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: Message-ID: On Tue, 17 Jun 2003, Tim May wrote: > Unlikely. Getting juice into the innards of a box in a way so as to > overwrite data is not nearly so simply as applying sparky things to the > outside of the box. Lots of reasons for this. The idea wasn't about overwriting the data. The idea was about frying the chip with the data inside (and if all the other chips inside the box become a collateral damage, let's that be so). As long as it is outside the technological abilities of the given adversary to retrieve the data from the fried chip, the objective is reached. The idea also wasn't about the outside of the box, I thought rather disconnecting the power leads and blasting the spark into the power-GND pair, or into the (disconnected, we don't want to kill the entire car electronics) data bus. With a bit of luck, the spark could get through the filters and into the Vcc pins of the chips. From camera_lumina at hotmail.com Wed Jun 18 22:07:49 2003 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 19 Jun 2003 01:07:49 -0400 Subject: Destroying government computers Message-ID: >The chairman of the Senate Judiciary Committee said yesterday he favors >developing new technology to remotely destroy the computers of people who >illegally download music from the Internet. Well, even if they COULD develope such a technology, wouldn't it only work for about a day or two before a patch was made to block it? Sounds awfully Dilbert-like. Methinks Mr Hatch is not a very bright man. >If Orrin Hatch proposes such a thing, we can propose technologies which >identify those from .gov or .mil or other Congress/Gov't. domains and send >lethal viruses and suchlike back to them to destroy their machines if they >illegally connect to our machines. Why wait? And of course, such an act would be our patriotic duty, because if we didn't, then The Terrorists certainly would when we were least prepared for it. -TD >From: Tim May >To: cypherpunks at lne.com >Subject: Destroying government computers >Date: Wed, 18 Jun 2003 20:16:57 -0700 > >http://www.signonsandiego.com/news/uniontrib/wed/business/ >news_1b18hatch.html > > > > June 18, 2003, WASHINGTON - The chairman of the Senate Judiciary >Committee > > said yesterday he favors developing new technology to remotely destroy >the > > computers of people who illegally download music from the Internet. > > > > "If that's the only way, then I'm all for destroying their machines. If >you > > have a few hundred thousand of those, I think people would realize" the > > seriousness of their actions, he said. > > >If Orrin Hatch proposes such a thing, we can propose technologies which >identify those from .gov or .mil or other Congress/Gov't. domains and send >lethal viruses and suchlike back to them to destroy their machines if they >illegally connect to our machines. > >(A simple warning that government stooges, lawyers, judges, clerks, and >any GS-xx employees are not allowed to connect should suffice. After that, >if they connect, fuck their machines dead.) > > >--Tim May >"Ben Franklin warned us that those who would trade liberty for a little >bit of temporary security deserve neither. This is the path we are now >racing down, with American flags fluttering."-- Tim May, on events >following 9/11/2001 _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus From shaddack at ns.arachne.cz Wed Jun 18 18:15:54 2003 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Thu, 19 Jun 2003 03:15:54 +0200 (CEST) Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: Message-ID: On Wed, 18 Jun 2003, jburnes wrote: > Why go to all that trouble. Just take it out of circuit. Cut the > printed circuit > board leads and disable it or if its in an inaccessible black box, cut > the > leads to the box. > > Easy enough. Works very nicely. :) Problem: leaves evidence, and takes time. The main advantage of electric shock is that the fried chip looks for the naked eye exactly the same way as a non-fried chip. The only difference could be found with a scanning electron microscope on the chip itself, which is something nobody is likely to bother with. Especially in harsh environments (cars classify) chips tend to die, so its death could look as natural enough to not be suspicious. If I am wrong, please tell me where and why. :) From mv at cdc.gov Thu Jun 19 07:41:52 2003 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 19 Jun 2003 07:41:52 -0700 Subject: Destroying computers Message-ID: <3EF1CBB0.69B23446@cdc.gov> At 01:07 AM 6/19/03 -0400, Tyler Durden wrote: > Methinks Mr Hatch is not a very bright man. A Southern senator. Need I say more? Usual suspect wrote: >>If Orrin Hatch proposes such a thing, we can propose technologies which >>identify those from .gov or .mil or other Congress/Gov't. domains and send >>lethal viruses and suchlike back to them to destroy their machines if they >>illegally connect to our machines. Trivial to do, and legal, if they are advised and consent by clicking through. M$'s auto bug- / RAMsnooping- reporting is legal since the lUsers agreed. One man's trojan is another's remote control / file sharing program, baby. Similarly an encryption program that won't decrypt without a license. I have often considered releasing binaries with a EULA that stipulates various actions taken if found to be running on machines whose IP address reverse-lookups to an evil, (specified) TLD. No different than a demo program that won't save results without a license; if the license is granted automatically for non-evil TLDs. Similarly with M$'s auto posting of RAM. Of course, that astronomy Professor Usher would be pretty bummed when his research was toasted by an RIAA killbot, but then the Prof employs a provocatory surname, no? "Collateral damage" -hey, he could change his name, after all. Maybe to David Nelson :-) ---- If programmers are liable for security flaws in code, are legislators liable for unconstitutional laws they pass? From ravage at einstein.ssz.com Thu Jun 19 06:31:12 2003 From: ravage at einstein.ssz.com (Jim Choate) Date: Thu, 19 Jun 2003 08:31:12 -0500 (CDT) Subject: The Register - Researchers build gadget to see through walls (fwd) Message-ID: http://www.theregister.co.uk/content/54/31304.html -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage at ssz.com jchoate at open-forge.org www.ssz.com www.open-forge.org -------------------------------------------------------------------- From timcmay at got.net Thu Jun 19 08:59:59 2003 From: timcmay at got.net (Tim May) Date: Thu, 19 Jun 2003 08:59:59 -0700 Subject: Destroying computers In-Reply-To: <3EF1CBB0.69B23446@cdc.gov> Message-ID: <1429EEEB-A26F-11D7-9C17-000A956B4C74@got.net> On Thursday, June 19, 2003, at 07:41 AM, Major Variola (ret) wrote: > At 01:07 AM 6/19/03 -0400, Tyler Durden wrote: >> Methinks Mr Hatch is not a very bright man. > > A Southern senator. Need I say more? Except Utah is not in the South by anybody's definition. > Of course, that astronomy Professor Usher would be pretty bummed when > his research was toasted by an RIAA killbot, but then the Prof employs > a > > provocatory surname, no? "Collateral damage" -hey, he could change his > name, after all. Maybe to David Nelson :-) > I was going to mention Prof. Usher in a follow-up I was mentally planning a few minutes ago. For those who may not have heard about him, he's a retired astronomy prof. who included a .MP3 of one of his own songs on his Web site. The record company conglomerate representing the negro minstrel named "Usher" somehow found his site, found that it had .MP3 files, and made the assumption the site was pirating the minstrel Usher's music. They fired off threatening letters and demanded action. Had Orrin Hatche's seek and destroy software been available, his site would have been toast. When the record company was informed of the truth, they proposed to send him a free Usher t-shirt. Just what a retired white astronomy prof wants, the t-shirt of a negro rap crapper. --Tim May From timcmay at got.net Thu Jun 19 09:07:36 2003 From: timcmay at got.net (Tim May) Date: Thu, 19 Jun 2003 09:07:36 -0700 Subject: [Brinworld] Car's data recorder convicts driver In-Reply-To: Message-ID: <24953EAE-A270-11D7-9C17-000A956B4C74@got.net> On Wednesday, June 18, 2003, at 06:15 PM, Thomas Shaddack wrote: > On Wed, 18 Jun 2003, jburnes wrote: >> Why go to all that trouble. Just take it out of circuit. Cut the >> printed circuit >> board leads and disable it or if its in an inaccessible black box, cut >> the >> leads to the box. >> >> Easy enough. > > Works very nicely. :) > > Problem: leaves evidence, and takes time. The main advantage of > electric > shock is that the fried chip looks for the naked eye exactly the same > way > as a non-fried chip. The only difference could be found with a scanning > electron microscope on the chip itself, which is something nobody is > likely to bother with. Especially in harsh environments (cars classify) > chips tend to die, so its death could look as natural enough to not be > suspicious. > > If I am wrong, please tell me where and why. :) > The point being that sensor data from outside the box does NOT get written to either flash or disk drive storage directly. It is collected from many places and fed through the assortment of microprocessors. High voltages are clamped in the usual ways, with Schottky diodes protecting the inputs, etc. Even if signals massively outside the specs got into the boxes, it would be the processors which got fried, not the storage devices. This was my point about how "sparky things" would not overwrite data. It takes logic to correctly write to storage. The processors and peripheral logic _might_ be zapped, but the storage chips would almost certainly not have been erroneously overwritten...just a matter of disconnecting them and reading them in another system, something most forensic or recovery labs probably have many jigs set up for. --Tim May From jwashburn at whittmanhart.com Thu Jun 19 07:27:19 2003 From: jwashburn at whittmanhart.com (John Washburn) Date: Thu, 19 Jun 2003 09:27:19 -0500 Subject: [Brinworld] Car's data recorder convicts driver Message-ID: <9A1CCCE54805534C80F5BD0FC19D1E6B179859@chi-exch02.ffhq.ffconsulting.net> A better definition of privacy is: When Mr. GovernmentAgent or Mrs. BusyBody asks, you have the ABILITY to say yes, no, or bugger off and they have no recourse in the matter but to involve magistrates. This is why the ABILITY to look up the information in the face-scanning, RFID-tracking, Money Monitoring, GPS, Insurance Service Evaluation system(s) (government or corporate), is an intuitive affront to most peoples' intuitive sense of what privacy is. -----Original Message----- From: Thomas Shaddack [mailto:shaddack at ns.arachne.cz] Sent: Tuesday, June 17, 2003 5:48 PM To: cypherpunks at lne.com X-Orig-To: Adam Shostack Cc: John Kelsey; Shawn K. Quinn; cypherpunks at lne.com Subject: Re: [Brinworld] Car's data recorder convicts driver > Just wait 'till they integrate GPS, and GPRS or 802.11. Transmitter is easy to find. Receiver is easy to jam with a micropower jammer. Sometimes all you need could just be creatively tweaking the ignition and antenna wiring to get "faulty shielding" in the right places; it requires much more experience to make it look "accidental", though. > Much of this can be seem in the OnStar systems, which haven't yet > featured in divorce proceedings, afaik. Matter of time. The next generation of sleuths will be much more tech savvy than the current one. > You can call up and find out where your car is. ..eg, in a nameless radio shadow. > Adam > > PS: Bob Blakely once defined privacy as the right to lie and get away > with it, which fits into some of what many people mean by privacy. Another possible definition is the right to tell the truth and get away with it. But both definitions are rather about free speech than about privacy, but then we'd get to a fight over definitions which is in this context better to leave on the shoulders of people making encyclopedias. From rah at shipwright.com Thu Jun 19 10:00:42 2003 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 19 Jun 2003 10:00:42 -0700 Subject: You Don't Say Message-ID: Ann Coulter You Don't Say June 18, 2003 IF YOU ARE one of the millions of Americans who recently canceled your subscription to the New York Times, you may not know that we are in the middle of a civil-liberties emergency. Apparently, in the weeks following the terrorist attack of 9-11, the FBI rounded up a lot of Muslim men who were in this country illegally. Not only that, but some were actually questioned. These, my friends, were only some of the atrocities detailed in a "frank and blistering" report plastered all over the New York Times a few weeks ago. The report, released by the inspector general of the Department of Justice, was showcased on the front page of the Times; it was excerpted in the national section; and it was the subject of the lead editorial that day, somberly titled "The Abusive Detentions of Sept. 11." job as a reporter.The laboriously assembled report includes such shocking revelations as these: "[T]he Sept. 11 attacks changed the way the department, particularly the FBI and the INS, responded when encountering aliens who were in violation of their immigration status." "In other times, many of these aliens might not have been arrested or detained for these violations." And in the searing words of the New York Times: "Had it not been for the attacks, 'most if not all' of the arrests would probably have never been pursued." In other words, under Attorney General John Ashcroft, the FBI, the INS and the Department of Justice are so out of control that they have actually begun to enforce U.S. immigration laws. Also according to the report, guards at a Brooklyn detention facility - weeks after the attack and within sight of ground zero - subjected illegal immigrant Muslim detainees to "physical and verbal abuse." As the Times described it, "Detainees reported being slammed against the wall, or being subjected to such verbal taunts as 'You're going to die here.'" To quote Tony Soprano: You don't say. Does anyone at the Times even know any normal people? The detainees are in this country illegally, their co-religionists had just slaughtered thousands of Americans, and the Times is dismayed, perplexed, angry and shocked that some of them may have been subjected to the sort of manhandling that occurs in the hallways of middle schools throughout the nation. Why, I'm subjected to physical and verbal abuse every time I go through an airport security check, and I'm a citizen. After a bit of overheated fulminating, the Times editorial unleashed this whopper: "The inspector general's findings are particularly powerful because they come not from politicians or advocacy groups, but from a unit of the Bush administration itself." This is how the New York Times always prefaces its outrageous statements: "it is widely understood that ..."; "all learned men agree ..."; "all people of good will believe ..." Not so fast. The report came from Inspector General Glenn Fine - a lingering, festering Clinton appointee. As a rule of thumb, all career government bureaucrats are liberal Democrats. (Children in Republican families do not grow up yearning to work for the government someday.) Republican presidents come in, make a handful of appointments to each department, and then the career bureaucrats go about gleefully denouncing the Republicans while allowing themselves to described in the New York Times as "internal" whistleblowers. This leads to a somewhat inconsistent pattern of "internal" reports. After Janet Reno gassed American citizens in Waco, Texas, leaving 80 dead, the Justice Department's internal report "found no mistakes by anybody at the Justice Department or the FBI," in the words of Newsweek magazine. Also, one searches Lexis-Nexis in vain for any mention of an internal report on Janet Reno's commando raid against a small Cuban boy in Miami whose mother died bringing him to freedom. But when Clinton-appointee Fine discovered that, immediately after the 9-11 attack, Bush administration officials failed to inform the Muslim detainees "in a timely manner about the process for filing complaints about their treatment" - he produces an indignant report. (The guards should have told Fine that the illegal immigrants were liars, bimbos, "stalkers" or just wanted a book deal.) Accustomed to the high ethical standards of the Clinton administration, one can certainly understand Fine's outrage upon learning that guards overseeing Muslim illegal aliens after 9-11 imposed "restrictive and inconsistent policies on telephone access for detainees." Indeed, there are unconfirmed reports that several illegal detainees were prevented from using the phone to cast their votes on "American Idol." So, it was pretty much like a week in Uday and Qusay's torture rooms. "Instead of taking a few days as anticipated," the report says, "the clearance process took an average of 80 days, primarily because it was understaffed and not given sufficient priority by the FBI." That is pretty shocking when you consider how much time the FBI must have had on their hands immediately after 9-11. Some detainees were held so long that they had to drop out of U.S. flight schools altogether. FBI officials' explanation was that they were engaged in some mysterious project known only as "preventing the next terrorist attack on U.S. soil." In a remark worthy of Inspector Clouseau, Fine's report says: "Department officials acknowledged to the inspector general's office that they realized soon after the roundups began 'that many in the group of Sept. 11 detainees were not connected to the attacks or terrorism.'" Indeed, the Clinton appointee's report repeatedly takes the FBI to task for failing to "distinguish" between illegal immigrants and terrorists. Wow. What a great idea. If the FBI would simply "distinguish" between the terrorists and everyone else, then they could just arrest all the terrorists! Why didn't anyone else think of that? Remember this report by Clinton-appointee Glenn Fine the next time a liberal tells you a Democrat president would have done as good a job as Bush in fighting the war on terrorism. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation