From rah at shipwright.com Sat May 1 01:57:00 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 1 May 2004 04:57:00 -0400 Subject: bubbling fondues (Re: NTK now, 2004-04-30) In-Reply-To: <3.0.6.32.20040430164809.008d9ad0@127.0.0.1> References: <3.0.6.32.20040430164809.008d9ad0@127.0.0.1> Message-ID: At 4:48 PM +0100 4/30/04, Dave Green wrote: > bubbling fondues > > Mr Blunkett's publicity campaign to gee Britons to get > inky-fingered, red-eyed and funky with their biometric > entitlement cards continued this week. "This is about true > identity," he said on Breakfast with Frost, in an apparent > attempt to win over the Vernor Vinge fans. "Being known, > being checkable, being used in order to ensure we know who's > in the country, what they're entitled to and whether they're > up to no good". And if that first mention of the cards' > unique "Santa Claus" capability to discern moral failings > in carriers isn't terrifying enough, you really should read > the government's new 160 page opus on how they'll be running > the show. It's not about the ID cards: it's about the huge > centralised biometric database the government is planning to > smuggle in on the back of it. Couldn't they just put the > biometrics on the card where we can see them, and then store > a comparison hash or some other translucent database > technique centrally? Of course not. Terrorists would win. > Feel free to add your own comments to the consultation, > which requires replies by July 20th. And we're *so* sure > they'll count all the responses correctly this time. > http://www.homeoffice.gov.uk/docs3/identitycardsconsult.pdf > - consultation. "Vindicated" by bomb plot, apparently: > http://news.bbc.co.uk/1/hi/uk_politics/3607141.stm > - vs http://www.spy.org.uk/spyblog/archives/000251.html >http://www.libdems.org.uk/index.cfm/page.homepage/section.home/article.6599 > - why not print them out + carry with you at all times? -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat May 1 02:57:21 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 1 May 2004 05:57:21 -0400 Subject: Google denies FBI interest in Gmail Message-ID: Google denies FBI interest in Gmail Staff CNET News.com April 30, 2004, 11:25 BST Google on Thursday denied that it has had any contact with the FBI regarding the design of its Gmail Web email service. The search firm's denial came after the Electronic Privacy Information Centre (EPIC) submitted a Freedom of Information Act request to the FBI seeking information about whether the bureau was considering the "possible use of Google's Gmail service for law enforcement and intelligence investigations." EPIC, which gave an award last week to a California state senator who is trying to ban Gmail, announced the request immediately after Google said it was filing for an initial public offering. Critics immediately criticised EPIC's request as a publicity stunt because the nonprofit likened Google's Web-based email service to the FBI's controversial Carnivore wiretapping utility and the Pentagon's discontinued "Orwellian Total Information Awareness program." EPIC's request also asked whether Google had discussed licensing its search technology, in use by customers in the private sector, to the FBI "to further law enforcement investigations or intelligence gathering activities." Google spokesman Nathan Tyler replied: "I cannot confirm whether they're using our technology." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From ccikrs1 at cranbrook.edu Sat May 1 13:58:38 2004 From: ccikrs1 at cranbrook.edu (Ivan Krstic) Date: Sat, 01 May 2004 16:58:38 -0400 Subject: Wikipedia project: Crypto Message-ID: The good people at Wikipedia have started a cryptography subproject, "an attempt to build a comprehensive and detailed guide to cryptography in the Wikipedia." The project page: http://en.wikipedia.org/wiki/Wikipedia:WikiProject_Cryptography features a list of open tasks and things that need cleanup or writing about. For anyone who has a few minutes to spare, their contributions would without a doubt be most appreciated. Cheers, Ivan --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat May 1 14:43:13 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 1 May 2004 17:43:13 -0400 Subject: Top Italian Mafia Boss Dies in U.S. Prison Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The life, and death, of Mr. Badalamenti is important to cryptography people and cypherpunks for two reasons. First, the so-called "Pizza Connection" case is one of the very few times, if not the first, where actual wiretap data was good enough to convict someone. The other reason it is important is that it was the case in which Louis Freeh made his bones as a prosecutor. Combine the two, and you end up with an FBI director who was singularly ill-disposed to the idea of telephonic cryptography. In his advocacy of the NSA's then-failing "Clipper" chip project, he superheated what was already a firestorm of rage everywhere liberty is treasured. Fortunately, financial -- and not political -- cryptography is the only cryptography that matters. :-). For all the attacks on the chip by political advocates civil libertarian grounds, and, ultimately, its sheer technical incompetence by members of the cryptography community, it was, in fact, the absolute business *necessity* of SSL for credit card transactions and secure access to business information that settled the issue of ubiquitous strong cryptography once and for all. The camel's nose isn't sticking the tent. The camel's nose is stuck *out* of the tent, and the camel is inside, ready to spit in the eye of anyone who wants to take his stash. Physics causes finance. Finances causes politics. It was ever thus. It will ever be thus. Cheers, RAH ------- Reuters Top Italian Mafia Boss Dies in U.S. Prison Fri Apr 30, 2004 06:29 PM ET By Ellen Wulfhorst NEW YORK (Reuters) - Top Mafia boss Gaetano Badalamenti has died in a U.S. federal prison where he was serving a sentence for international drug smuggling, authorities said on Friday. Badalamenti, 80, died of cardiac arrest at a federal medical center in Devens, Massachusetts., on Thursday evening, said a spokesman for the federal prison system. Badalamenti, born in the village of Cinisi in Palermo in 1923, was one of the key figures in the Sicilian Cosa Nostra in the 1970s. Known as Don Tano, he was a close friend of Charles "Lucky" Luciano, one of America's biggest mobsters in the 1970s, and part of the so-called 'triumvirate' that ran the Sicilian Mafia. Others in the triumvirate were Luciano Liggio and Stefano Bontade. But the 1970s saw the rise of another clan which included Salvatore 'Toto' Riina, who went on to become the Sicilian Mafia's boss of bosses, and Badalamenti was forced to flee to Brazil and then Spain. He later went into business with organized crime figures in New York who were using pizza parlors in a giant operation that smuggled more than $1 billion worth of heroin from Sicily. In 1987, Badalamenti was convicted and sentenced to 45 years in prison for his role in what was called the "Pizza Connection." In 2002 in Italy, he was convicted and sentenced to life in prison in absentia for the 1978 murder of a left-wing disc jockey who regularly insulted the Mafia boss. But last October in Italy, he and former prime minister Giulio Andreotti were acquitted of involvement in the murder of journalist Mino Pecorelli in 1979. Badalamenti had been housed until Feb. 27 at a federal prison in Fairton, New Jersey before he was moved to the medical facility in failing health, authorities said. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQJQZ38PxH8jf3ohaEQLgjwCgkS46hzVOH4U+UzZfHHcybowOdc8AoPBg HI6qtQ68QLvnYc0ROdmSyu/w =ntDC -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From djc at crimbles.demon.co.uk Sat May 1 11:40:55 2004 From: djc at crimbles.demon.co.uk (David Crookes) Date: Sat, 01 May 2004 19:40:55 +0100 Subject: no anon conversations? In-Reply-To: <65cb06ef96e9059249828c91f05e223a@anonymous> References: <65cb06ef96e9059249828c91f05e223a@anonymous> Message-ID: <4093EF37.5070206@crimbles.demon.co.uk> An Metet wrote: > What technologies currently exist for receiving a/psuedononymous message? > With Mixmaster, sending mail, posting news, and even blog posting are > possible, However, receiving replies securely or, better, holding a private > conversation is difficult or impossible. Best bet seems is to encrypt and > spam somewhere very public? Ugly, ugly. No technological method, just a few > "trust me" remailers. Other options? > Mixminion offers a basic building block called SURBs, Single User Reply Blocks. http://mixminion.net/ http://mixminion.net/minion-spec.txt There is a draft spec. for a nymserver which uses this building block but I've seen no news of an ongoing implementation: http://mixminion.net/nym-spec.txt Mixminion installation still indicates that anonymity is still not available, due to traffic levels still being too low. The mailing list discussed current traffic levels recently: http://archives.seul.org/mixminion/dev/Apr-2004/msg00001.html From bgt at chrootlabs.org Sun May 2 11:35:21 2004 From: bgt at chrootlabs.org (bgt) Date: Sun, 2 May 2004 13:35:21 -0500 Subject: message, but also test In-Reply-To: <8e0291d327b38f5e3db85fbe2dfd6c7e@anonymous> References: <8e0291d327b38f5e3db85fbe2dfd6c7e@anonymous> Message-ID: <781B7162-9C67-11D8-BD8E-000A95D02140@chrootlabs.org> On Apr 29, 2004, at 20:03, An Metet wrote: > I'm a big user of anonymity systems, and the worst problem I've had > with > proxies is remembering who I am supposed to be at the time. Several > times > with Freedom and more recently with other proxies, I have done stuff > using my real name when I was in the mode where my nym was being used, > and vice versa. Oops. That's a pretty big mistake to make and can > totally destroy your pseudonymity, both at the time and throughout the > past lifetime of the nym. > > What I'd like would be some kind of big, glaring indication that I am > in "anonymous" mode, like overlaying some kind of color display on the > screen, or maybe a crawling animation around the edges, or something. > I realize that this is out of scope for most efforts of this type, but > from my experience it's a big problem. If I recall correctly, (and it's possible I don't), the ZKS freedom.net client had features to pattern match strings (that you configure) when you were using your nym, and warn you with a popup message box when it detected them in outgoing traffic. So you could be sure you weren't inadvertently sending data that could compromise your nym (like your real name, or your other nym's names, etc). --bgt From ryan at venona.com Sun May 2 11:56:49 2004 From: ryan at venona.com (Ryan Lackey) Date: Sun, 2 May 2004 18:56:49 +0000 Subject: message, but also test In-Reply-To: <99c7d6f7917915d460343a1ee5e59882@freedom.gmsociety.org> References: <99c7d6f7917915d460343a1ee5e59882@freedom.gmsociety.org> Message-ID: <20040502185649.GA11266@metacolo.com> I've always used a special vmware instance whenever I wanted to do something anonymously, as I assumed my OS choices and customizations might give me away to the other end as well, especially for anything I don't notice (a good attack would be trying a well-known 0-day OS vulnerability on an interactive counterparty, seeing if his machine drops off the net -- you could do this several times and figure out which OS is running). Running a pretty much standard win2k/xp virtual machine with whatever anonymity functionality running on the windows side OR the unix side seems to deal with that, as well as making it easier to sniff all output from the machine in realtime to make sure nothing else is going through. And it would then be very obvious which nym you're using. I don't think gmail would work well with a 500MB archive -- I've used it, and their UI seems inefficient past a certain point. General web indexing of html archives works pretty well -- ("from, "to" searching would be equivalent to author searches, and keyword + or - terms can be done through a web ui as easily) I think I'd also prefer being able to do LOCAL searches on most of the topics on cypherpunks, vs. web searches on someone else's machine, so I'll just let people download raw archives when reconstructed, with a 5Mbps cap or something. I am not sure how safely spam can be filtered from the list -- each person would have his own view of what is spam. I think ideally there would be all messages in the spool, broken up by month or quarter or year, and then a way to run various filters on it, like kill certain senders, kill keywords, "traditional" spamassassin/bayesian type systems, etc. Then the ability to search over any subset. Google doesn't support enough negative keywords to do this, and it would be computationally expensive to do the filtering and reindexing in realtime for each user. If you had all the spools yourself locally, you could run whatever spam elimination you considered proper once, and then search index, with negative keywords for specific senders (or just excise certain senders permanently as spam) Quoting An Metet : > Ryan Lackey writes: > > > I have two questions: > > > > 1) Does anyone have actual performance measurements of ZKS from when > > it was operational/at peak, in terms of bandwidth, MTU, latency, and > > jitter? Is there a good way to quantify just how far from > > "acceptable" it was? > > I don't have any actual measurements, but as far as I can remember it > worked pretty well, i.e., slower than usual but still pages would load > within a few seconds. > > Recently I've experimented with the onion routing system at > www.freehaven.net/tor, and the main problem there is slow startup times > setting up the first path. Seems to take a couple of minutes sometimes > for the first web page to download. I think it's struggling to find a > working path, or something. But then after that the performance seems > comparable to Freedom. > > I'm a big user of anonymity systems, and the worst problem I've had with > proxies is remembering who I am supposed to be at the time. Several times > with Freedom and more recently with other proxies, I have done stuff > using my real name when I was in the mode where my nym was being used, > and vice versa. Oops. That's a pretty big mistake to make and can > totally destroy your pseudonymity, both at the time and throughout the > past lifetime of the nym. > > What I'd like would be some kind of big, glaring indication that I am > in "anonymous" mode, like overlaying some kind of color display on the > screen, or maybe a crawling animation around the edges, or something. > I realize that this is out of scope for most efforts of this type, but > from my experience it's a big problem. > > > (I also subscribed the al-qaeda node, and will probably finish setting > > up the spamfiltered version of the list, as well as passing the back > > archives through the same archiving software as current archives, and > > search-indexing them, next time I get bored) > > Making your deep archive available in search-indexed form would be a > great service, as would spam-cleaning your current one. May you grow > bored soon. > > BTW, how big is the entire CP archive when compressed? Would it fit into > a gmail account that someone could set up and share the passphrase to? > I'd pay quite a few bucks to have a copy of that on my disk. > > _______________________________________________ > cypherpunks mailing list > cypherpunks at cypherpunks.metacolo.com > http://cypherpunks.metacolo.com/mailman/listinfo/cypherpunks -- Ryan Lackey [RL960-RIPE AS24812] ryan at venona.com +1 202 258 9251 OpenPGP DH 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F _______________________________________________ cypherpunks mailing list cypherpunks at cypherpunks.metacolo.com http://cypherpunks.metacolo.com/mailman/listinfo/cypherpunks From andrew at ceruleansystems.com Mon May 3 22:08:30 2004 From: andrew at ceruleansystems.com (J.Andrew Rogers) Date: Mon, 3 May 2004 22:08:30 -0700 Subject: [FoRK] Why We Are Losing The War on Terrorism Message-ID: On May 3, 2004, at 9:14 AM, Contempt for Meatheads forwarded: >We desperately need adult supervision and high quality minds in the >intelligence business! I am growing more convince that the security >clearance process, the government hiring/promotion process, and >information silos are overwhelming our ability to get even a >marginally adequate level of intelligence needed to fight terrorism. >Wow, this is depressing. > >My confident belief (100%): we will continue to lose the war on >terrorism until we fix our intelligence system. I think this analysis is correct, but also a bit too shallow to be really insightful. While there are some significant institutional problems and byzantine self-defeating regulations, these things are masking a much bigger technical problem that desperately needs to be tackled from their perspective. The volume of data they collect has reached the point where good analysis is no longer tractable in a theoretical algorithmic sense with the best tools they currently have at their disposal, particularly when you have a data space as broad and diffuse as "terrorism" to sift. Institutional procedures and problems aggravate this, but the underlying issues are deeper. One of the ways I keep track of what the US DoD is up to is by analysis of the open research programs, contracts, and grants that they publish. By threading the many, many programs together over time, you can see how fast different technologies are progressing and you can chain inferences to make an intelligent estimate as to when specific capabilities (which may require the intersection of multiple research tracks) could theoretically be available to the DoD. Furthermore, the program managers have a habit of mildly editorializing their program descriptions in response to some of the proposals they have received and the success of the proposals they have actually funded, which also gives some added insight. One thing that I have noticed for several years is that the advanced data mining and automated intelligence analysis research programs have been essentially stalled for many years now despite aggressive marketing and a large number of agencies willing to liberally fund proposals. And the editorializing of the program managers on this research track makes it clear that they are quite frustrated both with the lack of progress in this area and with the fact that research proposals keep trying to beat the same dead horse over and over. Furthermore, while most programs have a shelf-life after which they are either closed (both on good progress or no progress), these particular programs keep getting extended and re-funded over and over, sometimes under a different name but always with roughly the same parameters. As long as this program track is stuck in neutral, the intelligence agencies will have serious problems that will be all but insurmountable. The US intelligence service is a victim of its own ability to acquire data. This isn't a problem that they can simply throw money at in the sense that it requires pretty substantial algorithm breakthroughs to even be tractable for high-quality analysis. To date, private research organizations have clearly been unable to solve this problem in any meaningful way, and there is substantial evidence of this fact. In the mean time, they are left using narrow brittle algorithms to sift and analyze the data, with holes you could drive a truck (bomb) through. Someone who fully understood the theoretical limitations and likely implementation parameters of the current state-of-the-art could likely defeat the automated analysis. Fortunately for the intelligence agencies, few people have those skills and they get by on a pretty broken system hampered further by institutional problems. j. andrew rogers _______________________________________________ FoRK mailing list http://xent.com/mailman/listinfo/fork ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From rah at shipwright.com Mon May 3 20:05:08 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 3 May 2004 23:05:08 -0400 Subject: PGP Message-ID: Main Page | Recent changes | Edit this page | Page history Printable version | Disclaimers Not logged in Log in | Help Pearl of Great Price >From Wikipedia, the free encyclopedia. Pearl of Great Price (PGP) is a collection of scriptures of the Church of Jesus Christ of Latter-day Saints. The PGP includes: the Book of Abraham, a book dealing with Abraham's journeys in Egypt, containing many distinctive Mormon doctrines such as eternal progression; the Book of Moses, which comes from the Joseph Smith Translation of the Bible; the Joseph Smith-History, a history of the early Mormon church by Joseph Smith; Joseph Smith-Matthew, a translation of a portion of the Gospel of Matthew by Joseph Smith; and the Articles of Faith, a brief summary of the major doctrines of the Mormon faith written by Joseph Smith for a newspaper. Considerable controversy surrounds the Book of Abraham, and the Papyri that some claim it was translated from. Others dispute that such papyri have been found, or dispute that Smith used direct revelation from God, rather than any other source write it. External link To read the text, go to http://scriptures.lds.org/pgp/contents. The Pearl of Great Price also refers to a parable told by Jesus Christ, recounted at Matthew 13:45-46 in explaining the Kingdom of Heaven. A man discovered that a certain field had an extremely valuable pearl in it. He then sold all that he had to raise money to purchase the field, so that he could obtain the pearl, with the final result that he was wealthier than before. The Pearl, a 14th century Middle English alliterative poem written by the Pearl Poet, makes allusion to the parable in describing the narrator's dead daughter, Pearl. It begins: Perle, pleasaunte to prynces paye To clanly clos in golde so clere, Oute of oryent, I hardyly saye, Ne proued I neuer her precios pere. Edit this page | Discuss this page | Page history | What links here | Related changes Main Page | About Wikipedia | Recent changes | This page was last modified 16:57, 23 Apr 2004. All text is available under the terms of the GNU Free Documentation License (see Copyrights for details). Disclaimers. Wikipedia is powered by MediaWiki, an open source wiki engine. Main Page Recent changes Random page Current events Community Portal Edit this page Discuss this page Page history What links here Related changes Special pages Contact us Donations -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue May 4 06:24:37 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 4 May 2004 09:24:37 -0400 Subject: Getting Carded Message-ID: The Wall Street Journal May 4, 2004 REVIEW & OUTLOOK Getting Carded May 4, 2004 The Scottish historian and philosopher David Hume once wrote that "it is seldom that any liberty is lost all at once." British Home Secretary David Blunkett seems to have taken Hume's lesson to heart with his slow-motion effort to introduce mandatory identity cards in the U.K. Last week, the U.K. began issuing national ID cards with biometric information. The pilot program will issue 10,000 ID cards. But this plan is scheduled to expand. By 2007 cards will be distributed "voluntarily" when renewing a passport; those not interested in a biometric card will be free to surrender their passports. Before the Parliament votes in 2012 or 2013 on whether to give everyone over 16 years of age a card and require people to carry them at all times, 80% of the population will have been issued a card. That's why now is the time for a serious debate over the merits of national ID cards that will include a retinal scan, fingerprints or measurements of the exact dimensions of the face in addition to the usual name, address, and passport number. The cards might make life harder on illegal immigrants, but it's hard to see how they would protect British subjects or anyone else from terrorists. Mr. Blunkett has managed to muddy the water by introducing the cards incrementally and by fueling a stir over whether royals would carry them. He is quoted in the media describing the level of fine for failing to update an address, (#1,000), or failing to carry a card when (and if) the program becomes mandatory (#2,500). A Home Office that argues that such a program would protect against identity theft, benefits fraud and illegal immigration has sought to capitalize on fears and anxieties prompted by terrorist attacks to build support for the program. But all this distracts from the basic debate of whether the net benefit of universal biometric ID cards is worth the cost in terms of civil liberties, privacy and freedom. That debate has nothing to do with recent Home Office hype. It's important to acknowledge what a national ID program would and would not do. Such a program undoubtedly would make life more difficult for economic refugees and other immigrants. That is not to say that immigrants would cease to flee unlivable economic and political situations because of an added layer of regulation, but such persons would be driven into an underground economy to an even greater extent than currently. If Mr. Blunkett wants to debate immigration policy, he should do so. Hiding xenophobic policies behind the terror threat, from which many look to the government for protection, is disingenuous. ID cards might also reduce some social security fraud. But British taxpayers shouldn't see the cards as saving money. ID cards could prevent an estimated 5% of the #2 billion of social-security fraud each year. But once you've paid for the cards themselves (just over #3 billion according to Mr. Blunkett's estimate) and bought 4,500 card readers, it's hard to see a huge net gain. There are better, cheaper and less invasive methods of curbing fraud. Most importantly, ID cards would not protect against terrorists. To argue that a small plastic card would present an obstacle to a suicidal fundamentalist terrorist is preposterous. Mr. Blunkett has danced just shy of this argument, saying, of course it wouldn't prevent terror, and in the same breath arguing that it would help terror enforcement. In the introduction to the bill, he's written "the threat of global terrorism . . . make[s] secure identification more vital than ever." But better protection against false identities wouldn't have prevented the 9/11 attacks, where individuals -- most with clean records and bona fide papers -- entered the U.S., in some cases years before the attacks. Unlike economic migrants, terrorists have the wherewithal to get their papers in order. Al Qaeda terrorists are far too sophisticated to get tripped up by a regulation requiring IDs. The attempt to harness the anxiety from the Madrid bombings and channel it to provide momentum for his bill is intellectually dishonest. Mr. Blunkett at least owes an undisguised debate about ID cards. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Tue May 4 10:32:54 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Tue, 04 May 2004 10:32:54 -0700 Subject: [FoRK] Why We Are Losing The War on Terrorism Message-ID: <4097D3C6.7EC67232@cdc.gov> >"The volume of data they collect has reached the point where good >analysis is no longer tractable in a theoretical algorithmic sense with >the best tools they currently have at their disposal, particularly when >you have a data space as broad and diffuse as "terrorism" to sift. " This is a sham. Their traffic analysis tools are very competent. And pervasive. They are perhaps jockeying for money for translators, since that may be the limiting resources. That may be what keeps the signal to noise down so that further resources can be applied. Tracking and correlating are not the bottlenecks. From camera_lumina at hotmail.com Tue May 4 07:37:49 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 04 May 2004 10:37:49 -0400 Subject: [FoRK] Why We Are Losing The War on Terrorism (fwd from andrew@ceruleansystems.com) Message-ID: "The volume of data they collect has reached the point where good analysis is no longer tractable in a theoretical algorithmic sense with the best tools they currently have at their disposal, particularly when you have a data space as broad and diffuse as "terrorism" to sift. " This is also going to get increasingly difficult in the US, as the entire world begins to view us as a rogue nation. In other words, within a few years a search of potential terrorists is likely to spit out 95% of the world's population! (Unless, of course, we can convince everyone that torture is a necessary tool for freedom.) -TD >From: Eugen Leitl >To: transhumantech at yahoogroups.com, cypherpunks at al-qaeda.net >Subject: Re: [FoRK] Why We Are Losing The War on Terrorism (fwd from >andrew at ceruleansystems.com) >Date: Tue, 4 May 2004 10:56:42 +0200 > >----- Forwarded message from "J. Andrew Rogers" > ----- > >From: J.Andrew Rogers >Date: Mon, 3 May 2004 22:08:30 -0700 >To: fork at xent.com >Subject: Re: [FoRK] Why We Are Losing The War on Terrorism >X-Mailer: Apple Mail (2.613) > > >On May 3, 2004, at 9:14 AM, Contempt for Meatheads forwarded: > >We desperately need adult supervision and high quality minds in the > >intelligence business! I am growing more convince that the security > >clearance process, the government hiring/promotion process, and > >information silos are overwhelming our ability to get even a > >marginally adequate level of intelligence needed to fight terrorism. > >Wow, this is depressing. > > > >My confident belief (100%): we will continue to lose the war on > >terrorism until we fix our intelligence system. > > >I think this analysis is correct, but also a bit too shallow to be >really insightful. While there are some significant institutional >problems and byzantine self-defeating regulations, these things are >masking a much bigger technical problem that desperately needs to be >tackled from their perspective. > >The volume of data they collect has reached the point where good >analysis is no longer tractable in a theoretical algorithmic sense with >the best tools they currently have at their disposal, particularly when >you have a data space as broad and diffuse as "terrorism" to sift. >Institutional procedures and problems aggravate this, but the >underlying issues are deeper. > >One of the ways I keep track of what the US DoD is up to is by analysis >of the open research programs, contracts, and grants that they publish. > By threading the many, many programs together over time, you can see >how fast different technologies are progressing and you can chain >inferences to make an intelligent estimate as to when specific >capabilities (which may require the intersection of multiple research >tracks) could theoretically be available to the DoD. Furthermore, the >program managers have a habit of mildly editorializing their program >descriptions in response to some of the proposals they have received >and the success of the proposals they have actually funded, which also >gives some added insight. > >One thing that I have noticed for several years is that the advanced >data mining and automated intelligence analysis research programs have >been essentially stalled for many years now despite aggressive >marketing and a large number of agencies willing to liberally fund >proposals. And the editorializing of the program managers on this >research track makes it clear that they are quite frustrated both with >the lack of progress in this area and with the fact that research >proposals keep trying to beat the same dead horse over and over. >Furthermore, while most programs have a shelf-life after which they are >either closed (both on good progress or no progress), these particular >programs keep getting extended and re-funded over and over, sometimes >under a different name but always with roughly the same parameters. > >As long as this program track is stuck in neutral, the intelligence >agencies will have serious problems that will be all but >insurmountable. The US intelligence service is a victim of its own >ability to acquire data. This isn't a problem that they can simply >throw money at in the sense that it requires pretty substantial >algorithm breakthroughs to even be tractable for high-quality analysis. > To date, private research organizations have clearly been unable to >solve this problem in any meaningful way, and there is substantial >evidence of this fact. In the mean time, they are left using narrow >brittle algorithms to sift and analyze the data, with holes you could >drive a truck (bomb) through. > >Someone who fully understood the theoretical limitations and likely >implementation parameters of the current state-of-the-art could likely >defeat the automated analysis. Fortunately for the intelligence >agencies, few people have those skills and they get by on a pretty >broken system hampered further by institutional problems. > >j. andrew rogers > >_______________________________________________ >FoRK mailing list >http://xent.com/mailman/listinfo/fork > >----- End forwarded message ----- >-- >Eugen* Leitl leitl >______________________________________________________________ >ICBM: 48.07078, 11.61144 http://www.leitl.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE >http://moleculardevices.org http://nanomachines.net ><< attach3 >> _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar  get it now! http://toolbar.msn.com/go/onm00200415ave/direct/01/ From eugen at leitl.org Tue May 4 01:56:42 2004 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 4 May 2004 10:56:42 +0200 Subject: [FoRK] Why We Are Losing The War on Terrorism (fwd from andrew@ceruleansystems.com) Message-ID: <20040504085642.GX25728@leitl.org> ----- Forwarded message from "J. Andrew Rogers" ----- From rah at shipwright.com Tue May 4 09:53:50 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 4 May 2004 12:53:50 -0400 Subject: TSA to Test New Rail Security Technology Message-ID: Newsday.com TSA to Test New Rail Security Technology By LESLIE MILLER Associated Press Writer May 4, 2004, 9:36 AM EDT WASHINGTON -- Amtrak and commuter rail passengers at one suburban station will have to walk through an explosives detection machine and have their bags screened in a new security experiment designed to frustrate terrorists. The Transportation Security Administration was beginning a pilot project Tuesday at a rail stop in a Maryland suburb of Washington. Passengers were to walk through a "puffer" machine, which sucks in the air around them and within seconds determines whether they've been in contact with explosives. Jack Riley, director of the public safety research program for Rand Corp., a think tank, said harried commuters probably won't like being screened. "Anything that lengthens their rail experience is just going to meet with resistance," he said. TSA spokeswoman Yolanda Clark said the agency hopes passengers will see it "as another ring of security in another mode of transportation." The 30-day pilot program also includes a baggage screening machine used in overseas airports. The TSA wants to see how well the machines work in a passenger rail and commuter environment. Amtrak and a commuter railroad service use the station in New Carrollton, Md., about 9 miles northeast of Washington. The TSA announced the project in March, soon after terrorist bombings on trains in Madrid killed 191 people and injured more than 2,000. The FBI and the Homeland Security Department have warned that terrorists might strike trains and buses in major U.S. cities using bombs concealed in bags or luggage. Since more than half of Amtrak's 500 stations are unstaffed, screening all passengers is nearly impossible. TSA spokesman Mark Hatfield said of the experiment, "We're looking to get a lot of data that's going to help us look at ways it can be deployed and eliminate ways that it won't be practical." A key problem in screening railway passengers is doing it quickly enough that trains still run on time. That is not supposed to be a problem with the puffer machine, made by General Electric. The machine -- formally called EntryScan -- already is used in power plants and military installations in the United States and Europe. GE spokesman James Bergen said every person constantly radiates as much heat as a 100-watt light bulb in a "human convection plume." The puffer machine has a hood that catches the optimal amount of plume, he said. If someone has a bomb or has been in contact with one, the plume will carry traces of explosives into a detector that measures the wavelength of the energy coming off the particles. Some passengers also will be asked to put their bags through a machine that uses X-ray technology to determine what's in them. The machine, made by L-3 Communications of New York City, is used in overseas airports, as well as at the Statue of Liberty and in government buildings on Capitol Hill. The Rand Corp.'s Riley said he doubts the equipment will be practical on a day-to-day basis. Screening rail passengers might make sense for certain events, he said, such as the upcoming political conventions. Only passengers on Amtrak and the Maryland Transit Administration's MARC commuter rail system will be affected. A Washington Metro train also stops at the New Carrollton station, but those passengers won't be part of the study. * __ On the Net: Transportation Security Administration: http://www.tsa.gov Transportation Department: http://www.dot.gov -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From dave at farber.net Wed May 5 06:26:10 2004 From: dave at farber.net (Dave Farber) Date: Wed, 05 May 2004 09:26:10 -0400 Subject: [IP] microsoft offers "whitelist" Message-ID: Microsoft offers anti-spam bypass Hotmail, MSN operator adopts program that will allow marketers to bypass filters by paying a bond. May 5, 2004: 6:28 AM EDT WASHINGTON (Reuters) - Microsoft Corp. said Wednesday it has adopted an e-mail "whitelist" program by IronPort Systems Inc. that will allow legitimate marketers to thread the gauntlet of spam filters protecting its in-boxes. Microsoft's Hotmail and MSN e-mail services, which together claim 170 million regular users, will require marketers to put money up front if they wish to ensure their messages aren't mistaken for unwanted spam. IronPort's "Bonded Sender" service guarantees that legitimate marketers who post a cash bond and adhere to a set of guidelines will get their messages delivered. "It's the exact opposite of blocking. It says, 'Hey you're a good guy, I'm not going to run you through the metal detectors," said Tom Gillis, IronPort's vice president for marketing. Such a "whitelist" approach requires the active cooperation of marketers -- a much more likely prospect now that Microsoft has signed up, Gillis said. Unsolicited bulk messages now account for roughly two-thirds of all e-mail, according to several estimates. Internet providers use filters to examine incoming messages and consult "blacklists" to block traffic from computers known to send out spam. IronPort's approach rewards e-mail senders who agree to be held accountable for their messages. Participating marketers must demonstrate a history of responsible e-mailing and must provide an easy way for consumers to opt out of future mailings, among other things. Those found to be engaging in abusive behavior forfeit a cash bond of up to $20,000, Gillis said. Internet providers are considering other ways to make e-mail more reliable. Both Microsoft and Yahoo Inc. (YHOO: Research, Estimates) are developing authentication systems that could make it harder for spammers to appropriate others' e-mail addresses. Other methods would make spamming less profitable by sucking up computing power or requiring human input every time a message is sent. "When you add these up over time, it will be uneconomical to send out spam," said Microsoft spam specialist George Webb. ------------------------------------- You are subscribed as rah at shipwright.com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Wed May 5 15:13:09 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 5 May 2004 18:13:09 -0400 Subject: [IP] microsoft offers "whitelist" Message-ID: "A whitelist for my friends." Check. "All others pay cash." Next? Anybody get this? Anybody?? ;-). Cheers, RAH ------ --- begin forwarded text From rah at shipwright.com Wed May 5 15:52:05 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 5 May 2004 18:52:05 -0400 Subject: Microsoft: 'Palladium' Is Still Alive and Kicking Message-ID: Wednesday, May 05, 2004 Microsoft: 'Palladium' Is Still Alive and Kicking By Mary Jo Foley Updated: Redmond denies published report that it is axing its Next-Generation Secure Computing Base and insists the technology still will debut in Longhorn. SEATTLE - Microsoft spent much of Day 2 of its Windows Hardware Engineering Conference (WinHEC) here refuting a published report claiming the company has axed its Next Generation Secure Computing Base (NGSCB) security technology. "NGSCB is alive and kicking," said Mario Juarez, a product manager in Microsoft's security and technology business unit. ADVERTISEMENT NGSCB - the hardware/software security system formerly code-named "Palladium" - has been one of the most controversial components expected to debut in the version of Windows that's due out in 2006+. Unlike last year's WinHEC, where NGSCB received top billing, this year, it's just a blip on the radar screen. In fact, there are at only three sessions on the WinHEC docket specifically about NGSCB. But Microsoft is still talking up its NGSCB vision at this week's show. Microsoft is continuing to be vague about exactly how much of its NGSCB code will ship as part of Longhorn. Company officials have gone on record saying that customers would not be impacted by the technology until Microsoft delivered Version 2 of the NGSCB platform. The company has not provided a date for Version 2. In spite of these facts, the plan of record continues to be to deliver Version 1 of its NGSCB technology as part of Longhorn, said Juarez. Juarez acknowledged that Microsoft is reworking its NGSCB technologies to enable independent software vendors and customers with a way to allow their existing applications to take advantage of NGSCB without having to rewrite them. He said that customers to whom Microsoft has shown early versions of NGSCB requested this change. He added that Microsoft will provide more details on how it plans to do this some time later this year. Microsoft has explained NGSCB's inner workings this way: The two foundations of NGSCB were designed to be the Trusted Platform Module on the hardware side, and the Trusted Operating Root (or "nexus") on the software side. The nexus was to be the kernel of an isolated software stack that was designed to run inside the standard Windows environment. The nexus was slated to provide a set of APIs that would enable sealed storage and other foundations for trusted-computing. But up until this week, Microsoft had said that only applications that were designed from the ground-up to be nexus-aware would be able to take advantage of these features. Juarez also admitted that the NGSCB team currently "did not have a managed code story." He said, "We need to go back and figure out how that will look and work." Managed code is a key concept in Longhorn. It involves a new programming model centered around a new "managed" application programming interface. Microsoft is gunning to have many of Longhorn's own subsystems function as managed applications and is advocating that third parties make their Longhorn applications managed, as well. Juarez said Microsoft is not providing any of its NGSCB bits as part of the new Longhorn pre-alpha release that it is distributing this week to WinHEC attendees. But he denied that this means that the company is exorcising NGSCB from the product. Instead, he said that the NGSCB team decided that the driver developers at the show wouldn't be the right targets for this code. "We are not updating the development environment now. We are evaluating whether there will be one in Longhorn," he said. "The only question is what it will look like." Microsoft did include in the pre-alpha version of Longhorn software developer kit that it distributed at the Professional Developers Conference last fall both the NGSCB application programming interface (API) set, as well as various NGSCB class-library files. "We are making some predictable changes," Juarez continued. He said that Microsoft has attempted to be very transparent about its NGSCB plans over the past two years in order to allay industry fears about Microsoft's security intentions. "We've just been doing in public what is usually done in private," Juarez said, in terms of detailing the NGSCB evolving its strategy and directions. (Note: This story was updated. One of the four scheduled NGSCB sessions at this year's show was cancelled, leaving only three on the docket. Also: Juarez said he misspoke, re: whether there will be an NGSCB development environment included as part of Version 1 of NGSCB. Microsoft is currently evaluating whether or not to make the dev environment part of the release, he said.) -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Wed May 5 15:55:23 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 5 May 2004 18:55:23 -0400 Subject: Everything you never wanted to know about the UK ID card Message-ID: The Register Biting the hand that feeds IT The Register ; Internet and Law ; Digital Rights/Digital Wrongs ; Original URL: http://www.theregister.co.uk/2004/05/05/complete_idcard_guide/ Everything you never wanted to know about the UK ID card By John Lettice (john.lettice at theregister.co.uk) Published Wednesday 5th May 2004 20:47 GMT A pub bore's guide Do you know how the UK's projected compulsory ID card will work, and what it will entail? If you do, you're significantly in advance of David Blunkett and the Home Office, because although a draft bill and consultation document was published at the end of April, these really only provide signposts to what the powers that be would like it to be able to do, and a little bit of evidence as to how they might propose to get it to do these things. But we're considerably further on in terms of information than we were before the draft, and it's not likely to get much better by the time the consultation period ends. So, as our small contribution to the democratic process, we present The Register Idiot's Guide to the UK ID Card. What do you get, when? There will be a "family" of ID documents that will be phased in, beginning with passports. These will start to appear in three years, at which point it will not be possible to get an old style non-biometric passport. The system's non-compulsory nature therefore hinges on your not actually wanting a passport any more - otherwise you have to give the Passport Office the #73 for the new one. Rollout periods for other members of the family are not covered in the draft bill, but as these are introduced, the old version will similarly cease to exist. Proud owners of old-style perpetual paper UK driving licences, already smug because they don't have to cough up to renew the existing picture licence, can be even smugger. Until such time as Blunkett hunts us all down. The new ten year biometric driving licence will cost around #69, says the Home Office (what do they mean "around"? #68.99?) and the new ten year ID card #35. Which, if they don't get feature-consolidated pretty quickly, is an impressive outlay every ten years. 80 per cent penetration for the new ID is intended to be achieved by 2013. The draft bill includes power to set a date for the card becoming compulsory, but this will not happen until after "the initial stage of the identity card scheme was in place and following a vote in both Houses of Parliament on a detailed report which sets out all the reasons for the proposed move to compulsion." Correct - that does not specify a date. The ID document will contain a picture, one or more pieces of biometric ID, and a unique number which will identity you on the central database. The documentation at the moment only talks about what is likely to be visible on the document, with name and date of birth being put forward as the bare minimum. But it is more specific about the information that will be recorded in the database (see below). The Home Office suggests more visible information: "name, age, validity dates, whether a person has a right to work, and an unique number". There you go, feature-creep already. The biometric can be used to tie a specific individual to the ID document, and to look up an individual and identity them from the database. In that case, you theoretically don't need the document to identify someone in the first place, and the Home Office (and Blunkett) do airily suggest that people might want to have a database check performed on themselves in order to establish their identity. But as we explain below, this really is not something it's smart for them to be pinning too much hope on. Which biometric? For reasons explained here, (http://www.theregister.co.uk/2004/04/19/biometrics/) previous Home Office studies fix on fingerprint as the best combination of identifier and practicality, but recommend a second biometric to be used as a decider in order to bring false alarms down to a more acceptable level (using fingerprint alone with a reasonable trade-off between false alarms and failed matches, Heathrow would generate in excess of 1,000 false alarms a week). The choice of the second biometric isn't so obvious. Iris is in principle a more effective ID biometric than fingerprint, but you need optimum positioning, lighting etc, so it's not so good for widespread deployment or fast throughput in an immigration queue. Facial recognition currently doesn't cut it for mass ID purposes, but might just work as a 50:50 'decider throw' secondary biometric for use at entry points. But the big thing it has going for it is that it's been adopted by ICAO (the International Civil Aviation Authority) as the next step for machine-readable passports. So unless ICAO is persuaded to change its mind, it's coming in passports anyway. ICAO's decision, by the way, seems to have been made on the basis that face had a higher "compatibility" rating than fingerprint or iris. By this, they appear to mean that because passport-based identity currently leans heavily on the picture, it makes sense to carry on using the picture (Yes, we know - don't tell us, tell ICAO). So although the Home Office has kicked off a 10,000 volunteer trial of the three technologies, fingerprint seems the racing certainty for primary biometric, with facial a strong contender for the secondary. The Home Office no doubt has its own reasons for thinking the trial will tell it something useful, but as the target population is over 60 million (us, plus all the people we're looking for and have data on), and the British Airport Authority airports processed 134 million passengers last year (Heathrow 60 million, Gatwick 30 million), you could reasonably doubt that it will learn much of value applicable to very large throughputs and databases. Issues associated with the deployment of the secondary biometric readers (cost, location, environment) could well lead to their not being used outside of entry points and major installations, which might mean non-passport ID would use only the fingerprint. Other differences are likely to creep in; for example, the Home Office appears to be willing to allow veiled pictures for moslem women in ID, but the draft documentation reiterates current passport office guidelines, which amount to 'headscarf OK, veil bad'. So unless somebody's got it wrong, different strengths of ID are already creeping in, and any dreams you had about a single, do-anything document are way, way in the future. The Home Office's suggestion of three different levels of checking (see below), by the way, makes it clear that it in some senses accepts the view that you should use different strengths of security in different situations. But philosophically this doesn't entirely match with its pitching the cards as a single, high-strength security device. How will it work? That depends. The basic link is between you and the document, and this can be readily established by using a machine that checks you against the biometrics in the document. This is essentially a local check which depends on the document being valid and untampered with in the first place, but the introduction of biometrics in the document should make it significantly harder to produce forgeries, so we can expect a substantial initial increase in confidence in the piece of ID produced, even if we are simply looking at the picture and not bothering with the biometrics. Which is A Good Thing, because it's difficult to conceive of biometric readers being either welcome or likely to stay in usable nick for long at point of sale, doctor's surgery, council offices, etc. The Home Office suggests three likely levels of check for non-government purposes. Retailers would check the photo, banks etc would check the biometric and verify it against the database, and employers would check immigration status "via an automated telephone check." These suggestions most likely derive from the Home Office's doomed quest to make us love and demand ID cards, and on a voluntary basis are unlikely to become widespread. How often do you get asked for ID to back up your credit card? So why should shops want the new passport when they don't want the old passport? Banks do need to make pretty strict checks covering identity and place of residence when you open a bank account, but their existing systems work, and they won't jump into a new and unproven system which, from their point of view, brings little to the table, lightly. Plus they're already reading entirely different kinds of cards. And employee checks? Here comes the stick. Employers don't at the moment have to check immigration status when they hire someone, so why would they? Indeed, why would they care? But under the provisions of the Asylum and Immigration Act 1996 the secretary of state can make orders requiring eligibility checks by employers. This will be considered "closer to the date of implementation" of the ID card scheme. The Home Office, bless 'em, pitches ID cards as the "key to the UK's future", and witters (in the press release) (http://www.homeoffice.gov.uk/n_story.asp?item_id=918) that "crucially, the cards will help people to live their lives more easily, giving them a watertight proof of identity for use in daily transactions and travel." So it's clear they want all of your personal transactions to be underpinned by the national unique ID, but we've already seen that the private sector is unlikely to be keen. Not only that, it's more likely to be actively hostile. Banks and credit card companies do not want to make their systems dependent on a database they're not in control of, and no matter how much you want all of your credit cards on one piece of plastic (which is a bad idea anyway, trust us), they ain't going to give you it. They really are not going to help the government in its efforts to make the ID card popular. Really. Moving on from low level and relatively rare operation in the private sector, we get to the government and public sector. There will, as we've already suggested, be considerable resistance to the use of readers and the checking of cards in areas of the public sector, but this will be neither here nor there from the point of view of you, the user. Think about it: not that many of the public services you're likely to be using will be available if you don't establish an ID as part of the process, and you go onto a record as a part of that process. So doctors can be as precious as they like about not checking your ID card, but will still put you onto a list which can and will be checked against the ID register, and if it's not on there, consequences will ensue. As the system matures and increasingly interacts with other public sector ID systems, it will inevitably engulf the whole of the public sector, and it doesn't need support for this to happen. The arms of government that obviously do want to embrace the system are passports and immigration, and the police. It will most obviously sing and dance at the arrivals terminal, so it's worth at this point taking a small detour so that we understand that the singing and the dancing here will by no means be automatic. Passport Control We've already established that a biometric will be used to tie the bearer to the document, and that we can use a secondary biometric to deal with disputes, and a network check in addition to this. But rewind - how, physically, are we handling this? We need to have a reader that will take the biometric from the passport and compare it to a handprint (we'll assume we're doing fingers, OK?) which will probably be produced by placing one hand firmly on a flat surface. So we need the people coming in to understand what they're supposed to do and get it right, and we need to deal with failures to read the passport, and we need to intercept jokers, terrorists and our slower brethren who might be using false hands, cunning fingerprint gloves, or even just the wrong hand. We need an attendant combining a nice and a nasty attitude as appropriate to get them through, or whisk them off to another stage in the process where complete failures to read are checked more thoroughly. Maybe you get your terrorists in there, and you'll certainly get some immigration 'issues' but mostly you're likely to net perfectly innocent UK citizens whose fingers are worn/dirty or whose passports are bust. So you're detaining people you wouldn't have detained under the current system, and you need to undetain them pretty fast if you don't want unpleasant headlines about dud government IT systems in the press. Aside from reading failures and hardware failures, you'll have false matches and failures to identify, and you need procedures to deal with these. For a false match you need to check the secondary biometric to arbitrate, so you need to move these people quickly to that reader, and through it without their thinking 'I am being accused of being a terrorist.' Failure to identify is trickier, because you need to decide on a procedure. If they fail to match up to an apparently working passport, they might also fail to match up to a network check, because you're comparing them to the same thing, right? So do you have a fraud, or do you have somebody with worn fingerprints? If the secondary biometric is iris, then you can check them with that and be pretty sure which, but can you trust facial to be used as a primary identifier? No, you can't, so you you're either treating all of this category of exception as suspect, or you're making human decisions that will, as previously, not always hit the right target. Given that you will be able to check (unless the network is down) whether or not the passport, name and ID exists on the database, you can at least flag failures to read for future investigation. You might be able to avoid quite a bit of the above if you take a slightly different view of what it you're looking for. Failure to match, or false non-match, can be expected to run at a fairly high rate if false alarm/false match is kept down to an acceptable level. The bulk of your failures to match will, actually, be false non-matches, i.e. people who really are on the database but who don't match up to it in this particular instance. And a terrorist is unlikely to want to chance it on the basis that they've got, say a 5 per cent chance of getting through. So you ignore them all? Ah, but when word gets around, the bad guys and the multiple applicants will take steps to file down their fingerprints a little before they attempt entry, and your acceptable compromise starts to morph into a security hole. Which is why flagging failures is important. The network check is obviously useful in cases of passport failure (NB it's an offence not to get it fixed once you know it's broken), but is dependent on the network being up and the response being swift. The Home Office appears to envisage a pretty high level of network checking, but it seems reasonable to doubt that this will happen in real life. Current UK passports first became machine-readable in 1988, but are seldom machine-read. Theoretically this could be used to check that the passport actually exists, that the bearer is not on a watchlist, and that it has not been notified lost or stolen - but possibly not in the latter case. The Passport Office announced a lost and stolen database in December 2003, so IND (the Immigration and Nationality Directorate) may only recently have been able to start looking. Similarly IND has also been working on an automated fingerprint system, intended to match fingers against the 350,000 fingerprints (a 2001 figure) it has on file, and a "warnings list" system. It also has a case information system developed by Siemens and called ACID Warehouse. Really. As we contemplate how effectively we're not using the systems we've had available for 15 years, we should consider the way we're currently not using it. In the EU citizen channel at the airport we'll probably have the picture page of our passport looked at and be nodded through. The introduction of machines will add a more time-consuming stage to this (failures in the queue will slow you up, even if you register first time) and more staff. The process will still need the staff on the desk looking you over, unless we're going to trust machine decision-making entirely as our front line. As non-UK passports won't work with the system, other EU citizens will now have to have their own channel, faster than the UK one, or be sent to the Channel of Death, where we send everybody else. But if they are they'll complain to Brussels, and we'll be told to stoppit. There are actually strict EU limits on what immigration is allowed to ask the local citizenry - did you know this? "As a result of judgements in the European Court of Justice (ECJ), an immigration officer may not require an EEA national to answer questions regarding the purpose and duration of his journey and the financial means available to him. Examination should be restricted to the occasional discretionary warnings index check. Questions may only be directed at establishing whether the person's admission to the United Kingdom would result in a threat to public policy, or public security or public health." (Source: IND general guidance document. Get lippy at your own risk and don't blame us.) Many difficult questions will arise at the airport, where conditions will be just about as optimum as they can get. But what about elsewhere, what about the ferryport? At busy ones, the increasing size of the ferries can produce longish unloading queues already, and mostly all that happens is that drivers holding a clutch of things that looks like approximately the right number of the right documents are waved through. So where do we put the reader? And where do we put the holding area where all the passengers get out of the car, deliver their print and get back in? Where do we put the tailback (quick, there's another three ferryloads coming in)? Nightmare. Monitoring departures is actually harder, because typically the passport check is conducted by the ferry staff, and there's a non-secure holding area beyond this where passengers could be switched. We can all look forward to hearing how the government's going to figure this one out without bankrupting all the ferry companies. The Police The draft is quite specific that it will not be compulsory to carry an ID card, nor will it be permissible for the police to demand to see your card. But in the case of the driving licence (which will morph into an ID card) you'll still have to report to a police station to show it within seven days, and the consultation document tells us that "people will be able to have their biometrics checked against the Register even in the absence of a card on a voluntary basis in order to establish their identity if, for example, they are stopped by the police." To grasp the full import of this peculiarly British situation, we need to think a little about the powers the police already have, and the way they use them. They can't ask you for ID, but they can seek to establish your identity if they arrest you, and they can arrest you on grounds of reasonable suspicion. Questioning their reasonableness at this juncture is usually not constructive, although you may consider risking a polite indication that you are aware of the relevant laws. Also, their powers of stop and search have been reintroduced via several anti-terrorist measures, and these have been so widely deployed against demonstrators that even David Blunkett has expressed concern. Effectively though, if they want to find out who you are, they have the means to do so, and if they've arrested you, they have the means to find out who you are. But they actually only want to know who you are in pretty specific circumstances. There are those where their reasonable suspicion is actually pretty reasonable, and there are more heavy-handed and wider-ranging checks of, say, protesters at an arms fair. But bitter experience from the 80s means that they avoid stop and search operations that would be interpreted as ethnically targeted and that might trigger unfortunate riot-style situations. So the police are not going to voluntarily implement intensive ID checking in areas of high immigrant population, and the kind of gains that could be made (if you call lots more illegals caught plus lots of bits of London ablaze, gains) by pass-law style implementation of ID won't happen. News that senior police officers support a compulsory ID card is about as surprising as news that they've got fast cars with groovy flashing lights. But in operation the card is most likely to be an adminstrative convenience to them, used to provide a more reliable ID in circumstances where they're seeking to establish it. If the ID's present they can rely more on it being genuine, and if it's not they can establish ID quickly by checking against the database. This will, as at present, leave them with those with invalid ID, but the process should be faster. It'll also allow them to check immigration status and right to work, as these will be on the database even if they're not on the face of the card, so it speeds their processing here, if it's illegal immigrants they're looking for. How, though, do they do the biometric reading? The Home Office appears to envisage the use of mobile readers, but it's doubtful that these will prove reliable enough for use in some kind of networked handheld configuration, and they don't seem particularly compelling from the police point of view. A "reasonable suspicion" candidate with no ID card can be sent down to the station for checking, and one producing an ID card can be identified on the basis that the card is probably genuine and the bearer looks like the picture. If they're concerned about immigration status then a query based on the unique number can be made - biometric check is unnecessary. Nor are there any obvious scenarios where the existence of ID cards will reduce crime. If the police don't know who did it, then the ID card is no use. If they do, then the ID card is merely an administrative advantage. Sure, they know where you live, but so long as you know they know this, you're not there, right? 'What was that you said about them knowing where I live?' Ah yes, this takes us on to the National Identity Register, referred to largely in the documentation as "the Register." For the record, we are The Register, and you should therefore not worry about sentences like: "Clause 29 makes it an offence for any person to disclose information from the Register without lawful authority." Makes it damnable to write about though. The ID Register will hold data as specified in schedule 1 of the draft bill. This is: personal information - names, date and place of birth, gender, address; identifying information - photograph, fingerprint, other biometric information; residential status - nationality, entitlement to remain, terms and conditions of that entitlement; personal reference numbers - National Identity Registration Number and other government issued numbers, and validity periods of related documents; record history - historical information previously recorded, audit trail of changes and date of death; registration history - dates of application, changes to information, dates of confirmation, information regarding other ID cards already issued, details of counter-signatures; validation information - information provided by any application, modification, confirmation or issue and other steps taken in connection with an application or entry, details of any requirement to surrender; security information - personal identification numbers, password or other codes, and questions and answers that could be used to identify a person seeking access; access records - the audit trail of accesses to the entry. Not listed in schedule 1, but listed elsewhere in the documentation as being held by the Register, we have PIN, passport validation information, background evidence or document checks carried out to confirm status, details of non-UK ID (including foreign passports), and information (including biometrics, where available) of unsuccessful applications. Other categories can be added by the home secretary, and information can be added at the request of the holder, provided the home secretary agrees. Blood type and organ donor status are suggested examples of these, but this is slightly potty, given that in both cases you want the information to be immediately obvious to the medics, not dependent on them shoving your card into a reader first. So we can file that with the other feeble attempts to make the card popular. We can draw a number of conclusions from the information that's intended to be on the Register. The presence of "other government issued numbers" means that they can use the ID system to consolidate and weed the NHS and National Insurance systems as they add numbers. This will ultimately make it simpler to associate services with ID, without approval or cooperation of the operators of these services. PIN is interesting, because it could conceivably provide a mechanism for you to use your national ID over the Internet. ""In an increasingly technologically complex and global [sic - as opposed to, say, 'stubbornly oblong?'] world, correct identification has become critically important, and we want to ensure that UK citizens are properly protected and equipped to deal with this emerging world," Blunkett tells us. Unhappily, there is scant sign in the draft bill that they've actually twigged that fingerprints aren't going to be a whole heap of use when you're sitting in front of your screen (anybody who says 'personal reader', see me after class), and the odd mention of PIN is the only sign that there might be something there that they'll get to when they've time to think about anything beyond biometrics. Other listed information is, you'll note, heavily weighted towards immigration control. Clearly, the intention is to have a great deal of data on anybody who isn't a UK citizen from birth. Please yourself as to whether or not you feel this is too much information about you for the government to hold - a commissioner will be appointed to make sure the data is not abused, but actually that's not the half of it. Consider what it doesn't include, things like credit status or whether the security services are after you. Obviously if you're a wanted criminal or terrorist trying to flee the country, police and immigration are going to have you on their list (actually this isn't obvious at all, but they obviously should have you on it) in order to nick you when you hit the border check. So actually they'll have their own database which will interact with the ID Register. Similarly, a bank checking up on you is going to be checking credit rating, homeowner status, county court judgments etc, so will have its own external database and links to other external databases. It will likely prove useful to the bank to consult the Register to confirm you exist and where you live, and it's perfectly conceivable that the unique ID will therefore move out of the Register and into the world in general as a handy, well, unique identifier. So the government reps telling you there's not much in the database and there's a commissioner to mind it, so that's OK, are being really thick, in a 'don't know much about databases' sort of way. They are, without, clearly grasping it, proposing the ID Register as the focus around which an ever-increasing number of personal information databases revolve. They've set themselves a non-trivial task in keeping all of the specified information in the Register accurate and up to date, and the freeform nature of "information relating to an application or entry" will be a particular problem, because it should really be in another kind of database. Indeed, the amount of immigration-related data in the Register makes it look more like an immigration database than a general population register. Granted, the Home Office may be taking the view that the data should be there because it is needed by multiple agencies, but that's the case for much police and social services data too. If these (where they actually exist fully) can be external, why not immigration? From, the subject's perspective of course it doesn't matter whether the database is elegantly conceived and designed; what matters to subjects is the extent to which it enables the collation, use and abuse of data on them. By pitching the ID card as "watertight proof of identity for use in daily transactions and travel" the Home Office is essentially begging for the satellite databases to be produced. So, small piece of government control-freakery possibly under the commissioner's control, potential hordes of escaped privacy monsters enabled by said small database. Security and usability We can't comment on the security of the system at this juncture, but we can run down its sins against security good practice fairly readily. Experts who've given evidence to the Home Affairs Committee ID card enquiry so far have tended to fall into two camps on the scheme. The critics argue that placing all your eggs in one basket is stupid, while the apologists/supporters say that in principle the system can be made secure. If you're not immediately with the critics on this one, consider how the apologists react when pressed. They accept that by placing a great deal of reliance on one card, ID, database or whatever you are inevitably increasing the stakes, but say that in principle the system can be made to function, and can be secure. Pressed further they then concede that we can never guarantee anything 100 per cent. Security experts would be largely with the critics on this one - single points of failure are bad. The proposed ID system, however, has numerous of these, at least conceptually. If you actually need your ID card as the pivotal ID around which your life revolves, allowing you to use government services, financial services, buy stuff, then you're snookered if it breaks. Or if the network breaks. Or the Register. We also need to be concerned about what happens if the card (or the ID without the card) is stolen or compromised. Now, in principle this ought to be impossible or very hard, because the system is dependent on your particular biometric signature. But we've already noted government suggestions of areas where this would not be read, and we've suggested that not checking the biometric or not checking against the central database will be fairly common. So the theft value of the card will depend on how much of value can be obtained using it without tripping a strong biometric check. The more it is used for daily transactions, the higher this value will be. David Blunkett has claimed the system "will make identity theft and multiple identity impossible, not nearly impossible, impossible." Clearly this is untrue, but we need to assess the extent of its untruthfulness; aside from situations where ID theft is enabled by the security systems not actually being used, what about the possibility of the card, or the system, being compromised? Currently it is clearly harder to forge a biometric passport than it is a conventional one, but as biometric passports do not yet exist, why should forgers try to forge one? How much of the difficulty is because of it actually being harder, as opposed to there not having been any motivation for anybody to develop the skills yet? Clearly we can't yet be sure, but you can see the likely dangers. Traditional avenues such as switching the picture and changing the details may still be viable (although surely a bit more complicated) in instances where the biometric isn't read, and altering the biometric itself (clearly harder until it's cracked - then it's easy) could be useful if there's no network check, or depending on the procedures implemented around that check (see Passport Control, above). And there's also the job of making sure any invisible data tallies up - but never say never, it's at least as theoretically possible as the system is theoretically invulnerable, and if it is cracked, the Home Office has a very expensive security update rollout on its hands. The alternative to this is a more distributed, defence-in-depth, horses-for-courses approach where you use different strengths of ID, different cards and different systems where appropriate. A mugshot and a bearer who looks like she might be 12 is enough for a child's weekly season ticket, surely, while (despite howls to the contrary about identity fraud) a piece of plastic and a PIN is good enough to get a bank to give you money. Would the banks like a 100 per cent secure system? Certainly. Will the banks accept a system that eliminates fraud while turning away significant numbers of genuine customers? Not a chance. What they've got now is their current best compromise, and the ID system is not going to change that. Similarly, although the state of the NHS and National Insurance ID systems is lamentable, that is not entirely caused by the UK public sector being historically crap at implementing IT projects. It is in no small measure due to the fact that it really doesn't matter much. Certainly there's a fraud component in there, but it's an acceptable one from the point of view of the particular system, otherwise the system would have reacted by doing something about it. A rational estimate of the annual cost of 'health tourism', for example, is #200 million out of a total budget of #70 billion. From the system's point of view there is absolutely no point in it diverting resources from its primary objectives in order to tackle a problem that small. Other government ID systems can be positioned at different points along the scale. National Insurance should obviously be concerned about the use of fraudulently obtained numbers to get benefits, but hasn't a great deal of reason to worry about the status of a user provided they're working and paying in the money. Inland Revenue has more reason to be concerned about tying the number to real people in order to avoid tax frauds, and so on. There are varying levels of need in terms of identification, and it doesn't necessarily make sense to try to fulfill them all by attempting to devise a single, bulletproof ID system. And in the case of benefit fraud, although the Department of Work and Pensions has estimated total losses at #2 billion, or #7 billion, or vast numbers in between, it confesses it reckons ID-related benefit fraud amounts to a whole #50 million. What will you pay? No, really pay? David Blunkett has recently been pushing contorted piece of reasoning whereby he establishes that the cost of an ID card is in fact #4, rather than the large sums he will be charging. This implausible pitch hinges on the claim that most of the money would have to be spent in order to modernise the passport system anyway, but it kind of misses the point even if you were to accept that. If it is the state as a whole that requires something, then it is the state as whole that pays, and the money comes back through general taxation, right? Chancellor Gordon Brown refused to pay for it out of general taxation, as he does regarding much else, but if it had been an absolute necessity, then he couldn't have refused. Kick and scream for a long time, yes, but refuse, no. So one has one's doubts, and if one counter-argues that it's really the people travelling and driving who need the modernisations and should therefore pay, one still has to explain the others. The people who currently have to pay absolutely nothing for an ID card because they don't need to have one will have to pay their #4 in the form of a #35 payment in order to get an ID card. Of course, it's not compulsory. Until it is. And we could point to the essential weirdness of arriving at a situation where everybody in the country has to pay individually for something they have no choice but to buy. Isn't that a tax? And if it's not, then what's the point of taxes? Couldn't we just abolish them all and pay for everything by name? This hypothecation madness is however more properly a matter for New Labour's conscience than it is for The Register (capital T, emphasis), so we'll move on to the #3.1 billion. You can, with the aid of the tried and tested UK government IT project algorithm, double this and add ten per cent for luck. Some people already have, and we wouldn't put money on them being wrong. But what you cannot do is say why it will cost #3.1 billion (or at least #3.1 billion, if you insist). The home Office has been solemnly saying 3.1 for months now, but has not said how it arrived at this figure. This makes it remarkably difficult to assess whether it's going to be money well spent or not. As Ross Anderson said (along with much else worth reading (http://www.publications.parliament.uk/pa/cm200304/cmselect/cmhaff/uc130-iv/uc13002.htm)) in his evidence to the Home Affairs Committee, " If the thing remains covered by Official Secrets to the point that even Parliament does not know which path the Home Office is intending to take, then that is bad news." We now have an indication of the path the Home Office intends to take, but we do not have cost breakdowns and we have not been presented with alternatives, ranging from simple modernisation of the passport system up to universal ID megaproject, with relevant estimates. We are supposed to be being consulted, but we have not been given sufficient justification for the rejection of the lesser options to be able to make an informed judgment on the adoption of the maximalist one. It's difficult to conceive that any system at the minimal end of the scale could possibly cost as much as #3.1 billion. If it's the case that passports need to be upgraded in order to conform to the US requirement for ICAO standard biometrics, then it is simply necessary that it have a facial biometric. Although the European Commission envisages the harmonisation of ID documents in the EU using biometrics, and intends fingerprint to fulfill the main role here, it has not ordered the introduction of ID cards where they don't exist. Nor need fingerprints be on passports, visa and ID documents for third country nationals immediately. Says the Commission: "...it could be considered that in their implementation Member States should have more flexibility. The facial image should be introduced as the first biometric identifier for reasons of interoperability. The introduction of the compulsory fingerprints need not necessarily happen at the same time, as it has not been decided whether the VIS [Visa Information System] will include biometric data from its very beginning." So if the Commission's drive for a "coherent approach" stands, then we will have facial biometric and fingerprint on passports, but we don't have to put both of them in yet. We could anticipate the Commission in order to save expenditure on future revisions, but we could possibly do as Canada has so far - leave space for the print, pending a final decision and/or (in Canada's case) a satisfactory agreement with the US. So what would this cost? You would have to allow for the new passport production processes, and you'd need to spend money on sufficient biometric reader systems to support passport applications. The total would most certainly not be #3.1 billion. But ah, you say, you'd also need the readers at entry and exit points, the central database and the network connecting it all. This is quite possibly the conclusion the Home Office has jumped to, but it ain't necessarily the right conclusion. The equipment you need is determined by what it is that you propose to do with the system. The current requirement is for passports with a facial biometric, but there is no requirement for you to actually read that biometric. And actually, those countries which intend to read facial biometrics with a view to learning something useful from them will give up fairly swiftly, for reasons explained above; the United States' current collection of mugshots at entry points speaks of some kind of cryogenic mindset, collecting the database in the hope that scientific advancement will eventually cure it. Here, we could perfectly well have toed the ICAO line by including facial and just carrying on identifying people by looking at the picture. We could certainly (and being us, we surely would) keep the biometric data on a central database for reference, but there's absolutely no need for us to actually access this database from checking points. We could, perfectly validly, view the biometric simply as a strengthening of the integrity of the document, and use a combination of visual appearance, supporting information and common sense to tie the bearer to the document. This is not as strong as the theoretical strength of the #3.1 billion system we're not sure will actually work, but it's considerably stronger than what we have, and could be seen as a highly cost-effective reform of the passport system. And, as various scenarios put forward above indicate, it is via the strengthening of the document that the bulk of the general gains of the system can be achieved. Some countries, incidentally, take this position to the extent that they throw away the biometric after it's been included in the document. The biometric in the document ties the individual to the document, so you don't need to store the biometric any more, right? Summary So, what have we got? We have an overall strengthening of the integrity ID documents in the UK, and in the case of the passport this is an important gain, primarily from an immigration point of view, but also in situations where passport would be used to establish ID (e.g. banking). The major gain is to be made simply via the document, and does not hinge on an ability to check with a central database. A local check of biometric against document could strengthen the ID further, but in most cases this shouldn't be necessary - looks like person, probably is person, sure passport isn't forged, pass, person. ID-related health and benefit fraud are not sufficiently extensive for them to justify a universal rollout of ID cards. The existence of a single, solid database of people in the UK could prove useful in tidying up National Insurance, NHS and tax records, but that single database will not even begin to exist until 2013, and these record systems do not need the strength of ID proposed by the Home Office in order to function. Yes, they need tidying up and weeding, but they could at least as well be tidied up by other means - and the tidying ought to start a bit sooner than in ten years time. For the security services, the ID scheme is largely an administrative convenience. It will not of itself help catch criminals or terrorists, nor will it help significantly in finding them. As and when the hypothetical ring of steel exists, checking all UK ID as it comes in and out of the country, then the security services will have (theoretically - depends on how good they are at sharing) a record of a suspect with UK ID entering or leaving the country. But if it's someone they seriously suspect they've got that already, check? And they've been known to track them all the way through Spain to Gibraltar, too... The other agenda As you were so rightly thinking, we missed one in the summary - immigration. This however fits better as the primary driver of the other agenda, the one that isn't in the draft and the consultation documentation, but that is slowly beginning to be spilled out in interviews and Committee evidence. We don't propose to pass an opinion on who started it, but the public, the Daily Mail, the Government and the Home Office are now whipping each other up into some kind of circular frenzy about immigration. And the buck stops at Blunkett's Home Office. A brief, but by no means comprehensive, list of Blunkett's headaches here will be useful. He has large numbers of asylum applicants to be processed and supported while they await processing. He has overloaded application systems at embassies throughout the world, overloaded processing systems in the UK, scandals caused by people shorting out the processing systems in order to deal with the backlog. He has asylum seekers whove been rejected and overstayers in the country somewhere, he doesn't know where. He has people applying again and again until they get in (no, he doesn't know how many, otherwise they wouldn't, right?). And he has people-trafficking. This is widely perceived as a huge issue, but actually the numbers are estimated by the police as quite small, the main illegal immigration problem being assisted entry, where a passport is sent out of the country, altered, comes back with the illegal immigrant, and is then sent out once more. We barely scratch the surface, but you can understand why Blunkett might just be the teensiest bit tetchy. He needs a magic bullet to fix all of this, and the ID card is it. But how does it fix it? We're really better off looking at how he thinks it will fix it. In recent statements Blunkett has pinned a great deal of hope on his knowing who's coming in, who's going out and who's here. To the Home Affairs Committee on 4th May, for example, he said he would be aware of "who is coming in and out, those who are resident, and those who are engaged in activities around terrorism." Note that he's aware of the latter already, and that this awareness has nothing to do with the existence or non-existence of an ID card system - it's a security services surveillance matter. The broader importance is the faith he's putting in a complete and accurate audit of the UK population, and his most pressing motivation for wanting this is immigration. If for a moment we just pretend he's actually going to get this, we can see how at least some of the immigration headaches get nailed. It doesn't help with the application overload, because we still have to create an ID for new applicants (even the ones we turn down straight away). It should get the lid on multiple applications, because we'll catch the matching biometrics. It should seriously impede assisted entry, provided it turns out the passport can't be altered, and it could have a similar effect on forgeries. Eventually, granted that knowing who's coming in and out actually works, it should reduce the number of people who're in the UK somewhere, but who can't be found and thrown out. They will die off or find some way of legitimising themselves. Blunkett himself concedes that it will be possible to establish a false ID, but then you'll be stuck with it for the rest of your life. Which would probably fine from the point of view of an illegal immigrant in the UK. And there are all sorts of people who'd find having just the one strong British ID in addition to any others they have quite handy. One could even toy with the notion of Osama bin Laden having one in order to draw disablement benefit while he's holed up in some Afghan cave. He'd only do it the once and then he'd be stuck with it though, so that's OK by David. Blunkett's dream of 100 per cent knowledge of what's in the UK is however marred by exceptions. He can't insist on 100 per cent before compulsion comes in, and once it does arrive, the pool will continue to be muddied by people coming in on short stays (no ID registration required) then vanishing. The 'unpeople' who're already here aren't likely to turn themselves in, and someone with no legitimate ID is clearly not someone who's going to arrive at the police station to show ID within seven days. So how do you nick them? Well, you can do it via mechanisms the Home Office has specifically ruled out - making carrying ID compulsory, ethnically targeted stop and searches and the like, but we've ruled all that out, haven't we? So what it hinges on is the card really becoming the "key" to life in the UK, used "in daily transactions and travel." The more widespread its use, the more checkpoints there will be, and the fewer aspects of daily life that will be available to you without your using the card. It is currently possible to exist in the UK without a valid identity, but the more checkpoints there are, the narrower the options of the ID-less will be. So it's not just desirable from the Home Office's point of view that the British public love and use the card, it's absolutely vital. If they don't the whole thing doesn't work. So do you want this? It's a system that won't achieve most of its objectives, and those it will achieve will be achieved via massive overdesign (secure passport system? Here, take this networked database and personal information register to go with it). You get a personal ID card you don't need. You pay vastly more than you need to for the ID documents you do need. It only addresses the immigration problem (most of the British public sees immigration as a problem) if you pretend to love it and use it all the time, in all sorts of areas where you don't need it and it's inappropriate. And you get the free centralised database of your personal information anyway, providing a locus for any number of government and private databases of your personal information. Don't worry you've nothing to hide - even from your bank, other banks, loan sharks and double glazing salespeople, right? It costs #3.1 billion for all this cool stuff. At least. Go and tell the Home Office how much you support it, you've got until the 20th July, and you'll find a link to the consultation document below. If you happen to agree with any of this article, paraphrase it, don't just copy it. If you do they'll just mark you down as a petition signer and disenfranchise you, like they did with the Stand objectors in the previous "consultation." Coonsultation input should be sent to Robin Woodland, Legislation Consultant, Identity Cards Programme, Home Office, 3rd Floor, Allington Towers, 19 Allington Street, Londob SW1E 5EB. They can be faxed to +44 (0)20 7035 5386 or emailed to identitycards at homeoffice.gsi.gov.uk, with 'consultation response' in the subject line. All of this information is prominently displayed on page 42 of the consultation document. . Related stories: Draft bill and consultation (http://www.homeoffice.gov.uk/docs3/identitycardsconsult.pdf) Glitches in ID card kit frustrate Blunkett's pod people (http://www.theregister.co.uk/2004/05/05/id_pilot_glitches/) UK public wants ID cards, and thinks we'll screw up the IT (http://www.theregister.co.uk/2004/04/22/id_cards/) Fingerprints as ID - good, bad, ugly? (http://www.theregister.co.uk/2004/04/19/biometrics/) ID cards: a guide for technically-challenged PMs (http://www.theregister.co.uk/2004/04/05/uk_id_cards/) ) Copyright 2004 -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Wed May 5 12:06:15 2004 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 5 May 2004 21:06:15 +0200 Subject: Pd has flaked off Message-ID: <20040505190614.GZ25728@leitl.org> That nagscab Pd zombie will be back in no time, though. Maybe we could brainstorm a funky new name for it. http://www.crn.com/sections/BreakingNews/dailyarchives.asp?ArticleID=49936 Microsoft Shelves NGSCB Project As NX Moves To Center Stage After a year of tackling the Windows security nightmare, Microsoft has killed its Next-Generation Secure Computing Base (NGSCB) project and later this year plans to detail a revised security plan for Longhorn, the next major version of Windows, company executives said. On Tuesday, Microsoft executives confirmed that NGSCB will be canned. The project, dreamed up with Intel in 2002, was once code-named Palladium. "We're evaluating how these NGSCB capabilities should be integrated into Longhorn, but we don't know exactly how it'll be manifested. A lot of decisions have yet to be made," said Mario Juarez, product manager in Microsoft's Security and Technology Business Unit. "We're going to come out later this year with a complete story." Juarez said the project is being shelved because customers and ISV partners didn't want to rewrite their applications using the NGSCB API set. Though Microsoft plans to use the NGSCB "compartmentalizing" technology in future versions of Windows, the company is moving swiftly to support No Execute (NX) security technology in newer AMD and Intel processors. NX reduces memory buffer overruns that many hackers exploit to insert malicious code into Windows and allows developers to mark pages as nonexecutable. "Two years ago, we went public with something that was very, very far off in the future," Juarez said, noting that customer and ISV feedback and faster-than-expected chip security advancements led Microsoft back to the drawing board. "There's no tie between [NGSCB] and NX, but it is reflective of innovations in hardware we hadn't foreseen." At WinHEC 2004, for example, Microsoft product managers said Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 will exploit AMD's Enhanced Virus Protection or NX technology for 32-bit applications. Microsoft's 64-bit Windows XP and Windows Server 2003 for Extended Systems will also support the NX feature in Intel Itanium processors for clients due out in the second half. In addition, Microsoft will continue to support Intel's LaGrande security architecture, Juarez said. ISVs will have the flexibility to "NX-enable" their applications, said Richard Brunner, AMD Fellow and software architect, who presented the technology at WinHec 2004. "No Execute can be selectively disabled for a particular application," Brunner said. NX is one of several new hardware technologies that will be supported by Windows XP SP2, including iSCSI and Serial ATA. The NGSCB code won't be updated in the enhanced Longhorn developer's preview update, due out later this week, but in the future it will be used in some capacity, Juarez said. "The investment is high in this," he added. "It's in an important realm." Microsoft announced the NGSCB plans for Longhorn at WinHEC 2003 and released NGSCB code in the Longhorn Developer Preview software development kit last fall at the Redmond, Wash.-based company's Professional Developers Conference. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From rah at shipwright.com Thu May 6 05:17:04 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 6 May 2004 08:17:04 -0400 Subject: Book Review: Malicious Cryptography- Exposing Cryptovirology Message-ID: About.com Book Review: Malicious Cryptography >From Tony Bradley, CISSP, Your Guide to Internet/Network Security. Guide Rating - The Bottom Line Most people are familiar with malware- viruses, worms, Trojans, etc.- and most people are familiar, at least with the concept, of cryptography. However there are far fewer people that truly understand either of these technologies, and even fewer still who understand how the two can be combined to create the next generation of malicious code. Good reading, but a certain level of understanding of malware and cryptography is needed in order to follow the information in this book. Pros * Cutting edge look at new threats on the malware horizon * Informative without being boring * Appendices provide basics of viruses and PKI Cons * Solid understanding of cryptography and malware needed Description * Opening chapter provides engaging fictional look at the potential impact of malicious cryptography * Basics of viruses and PKI are provided in appendices, but this book is not for beginners * Cutting edge information on how cryptography might impact malware development Guide Review - Book Review: Malicious Cryptography Almost everyone (or should that be literally everyone) who has touched a computer keyboard is familiar with malware in some way. Not a day goes by it seems without news of the latest Netsky or Bagle variant. Many people remember the impact Codered, Nimda, SQL Slammer, MyDoom and other malware threats have had on them or the Internet as a whole over the past few years. A much smaller subset of people is familiar with cryptography. Some users may be aware that encryption is an option or they may have heard that they should encrypt their data or protect their email communications with encryption, but they don't "understand" cryptography. Those people probably shouldn't bother trying to read this book. Those who do understand cryptography- who know what MD5, Blowfish, RSA or 3DES mean and how they work- should probably read this book. Being on an intermediate level in cryptography myself I found some of the concepts and details required me to do some extra digging and research to understand, but I found the book to be informative and intriguing. The book seems to waiver in search of an audience- at times covering the information at a higher level that many network and security administrators can grasp and at other times delving into detail that only true cryptographers will follow- but the authors combine information about malware and cryptography in a way that experts from each can comprehend. Overall, this is a good book that I recommend- but not for beginners. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu May 6 05:31:21 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 6 May 2004 08:31:21 -0400 Subject: De Soto: A Hero Of Third World Capitalism Message-ID: The Wall Street Journal May 6, 2004 COMMENTARY De Soto: A Hero Of Third World Capitalism By JOHN BLUNDELL May 6, 2004 Hernando de Soto has been the target of several murder attempts -- an accolade few other economists can claim. The Peruvian's would-be murderers range from the drug barons who depend on lawlessness to prosper, to the deranged Marxist terrorists of "The Shining Path" gangs and, it seems, to several agencies of the Fujimori regime in Lima who did not like the veil on their corruptions being lifted. But Mr. de Soto has remained faithful to his mission -- to evangelize for the capitalist solution to so-called Third World misery: give them property, markets and laws. Here in the so-called First World we enjoy two great benefits from which people in the Third World are locked out -- private property rights and the rule of law. These make our growth, our markets and our society possible. Here we have defined property. I do not mean just real estate. Our lives are a pulsating penumbra of contractual relationships. At its most obvious we own a vehicle. We own, that is to say have secure possession of, many items of great value but often no more than paper claims upon third parties. . . . what are all shares and bonds but such abstractions identified with symbols on pages? Our property rights may get dented by burglars but almost never are they fully expropriated. If we find ourselves in disputes with others we resort to courts. In other words we live by what F.A. Hayek called "Rules of Just Conduct." So settled are these assumptions that it is a jolt to realize that in the most impoverished three quarters of mankind, people do not live in a psychological or material landscape where our familiar institutions work. Poverty is not the result of lack of assets. It is the inability of people to possess -- or trade -- the assets they do have. That's why Mr. de Soto's work is so important. And why he will be awarded the biennial $500,000 Milton Friedman Prize tonight by Washington's prestigious Cato Institute. Hernando de Soto is awarded his laurels for his intellectual achievement. His work has been explained in diverse articles and lectures and distilled into two fine books "The Other Path" (1989) and "The Mystery of Capital" (2000). Both are magisterial. Both are utterly subversive of the stale assumptions under which the Third World is most often discussed. But it would be wrong not to refer to Mr. de Soto's moral and physical courage. Having made a small fortune in business in Europe he could have retired at 38 and lived well in his native Peru. He says that returning to his homeland opened his imagination. Why were his compatriots so poor while the Europeans were so prosperous? One happy discovery Mr. de Soto has made is that the poor are often rather more wealthy than is seen in official statistics. If you live in Ecuador or Uganda or Vietnam you may not feature in national statistics. These are formal frauds concocted by the bureaucracies of the Third World State often to demonstrate they need yet more "aid." An Ecuadorian's straw hats, a Ugandan's sweet potatoes or a Vietnamese's shrimp harvests may not figure in any official inventory, yet they are the product of conscientious work supplying their local markets or, as we might say, "creating value." Every Third World city has its shanty towns. To the naive donor nations these are proof of poverty. Yet these places, bereft of services we regard as normal, are clearly a step up from the deeper poverty of their rural hinterlands. These shanty towns, it turns out, have subtle property rights and adjudications but of course no recourse to normal contract law. Brazilian companies will not run electricity or water or gas to such sprawls of population because the authorities will not permit them. Mr. de Soto's analysis is subtle. Often you cannot see the Third World's intangible webs of licenses, permits, consents, tariffs, levies and extortions. He offers no excuses to the World Bank and all the other well lubricated official aid agencies. He says in every case they connive at the barriers. They make matters worse and often preserve the worst of the agencies of these failing states. The people of the immiserated nations are just like the readers of The Wall Street Journal. They are as agile. They are as dexterous. They are as intelligent. They work the long hours. Yet their daily strivings seem to produce little. This is not because they are obtuse or stupid or misdirected. It is because they do not have the assurance and clarification of who owns what. Place a Harvard MBA in a favela next to Sao Paulo in Brazil and he would be lost. He would be lost because he could get no credit as no property rights are permitted by the State. Try being a financial wizard without any access to finance. Try selling shoes or furniture or beans. So, the people of the Third World do not need injections of "aid" or even well-meaning Peace Corps volunteers. They need property rights. I now see the entire Third World dilemma in a different light after encountering Hernando de Soto. I think he has changed the Peruvian perception of itself too. The enemy of the poor is really the tiny elite of these nations. They live a life of relative luxury because they have access to the sort of property rights we all enjoy. Try buying even a few dollars worth of IBM or Wal-Mart or BP if you live in a favela. No stockbroker will want to deal with you. No banker will open an account where no postman can deliver your mail. The bulk of the population is simply kept out of the extended order of the world's trading system. Try being a farmer if you have no tenancy let alone any freehold. So, my congratulations to Hernando de Soto. Here is capitalism as a noble ideal that will lift countless millions, rather than the parody of corporate greed we see from Enron and related betrayals of the law-abiding, trade enhancing ideal of the company. A market stall trader on a street corner in La Paz is the blood brother of a Carrefour or Marks & Spencer employee. John Blundell is director-general of the Institute of Economic Affairs in London, England. He served as a judge for the Milton Friedman Prize. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Thu May 6 07:21:38 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 06 May 2004 10:21:38 -0400 Subject: [IP] microsoft offers "whitelist" Message-ID: Well, I want a piece of this! What I want is a sort of $$$-barrier that I can raise or lower as my mood hits me. If a spammer (be it Citibank or "Do U Want a Bigger Pe-ni$" is willing to pre-pay above my barrier, then the spam hits my inbox (I make no claim that I'll read it, however....), and I get a few cents. I can raise or lower the barrier any way/time I want. Every now and then I may even make some purchase to encourage more spammers to send me money (as they exchange target email lists). -TD >From: "R. A. Hettinga" >To: e$@vmeng.com, cryptography at metzdowd.com, cypherpunks at al-qaeda.net >Subject: [IP] microsoft offers "whitelist" >Date: Wed, 5 May 2004 18:13:09 -0400 > >"A whitelist for my friends." Check. > >"All others pay cash." Next? Anybody get this? Anybody?? > >;-). > >Cheers, >RAH >------ >--- begin forwarded text > > >Date: Wed, 05 May 2004 09:26:10 -0400 >To: ip at v2.listbox.com >From: Dave Farber >Subject: [IP] microsoft offers "whitelist" >Sender: owner-ip at v2.listbox.com >Reply-To: dave at farber.net >List-ID: >List-Help: >List-Subscribe: , > > > >Microsoft offers anti-spam bypass >Hotmail, MSN operator adopts program that will allow marketers to bypass >filters by paying a bond. >May 5, 2004: 6:28 AM EDT > >WASHINGTON (Reuters) - Microsoft Corp. said Wednesday it has adopted an >e-mail "whitelist" program by IronPort Systems Inc. that will allow >legitimate marketers to thread the gauntlet of spam filters protecting its >in-boxes. > >Microsoft's Hotmail and MSN e-mail services, which together claim 170 >million regular users, will require marketers to put money up front if they >wish to ensure their messages aren't mistaken for unwanted spam. > >IronPort's "Bonded Sender" service guarantees that legitimate marketers who >post a cash bond and adhere to a set of guidelines will get their messages >delivered. > >"It's the exact opposite of blocking. It says, 'Hey you're a good guy, I'm >not going to run you through the metal detectors," said Tom Gillis, >IronPort's vice president for marketing. > >Such a "whitelist" approach requires the active cooperation of marketers -- >a much more likely prospect now that Microsoft has signed up, Gillis said. > >Unsolicited bulk messages now account for roughly two-thirds of all e-mail, >according to several estimates. > >Internet providers use filters to examine incoming messages and consult >"blacklists" to block traffic from computers known to send out spam. > >IronPort's approach rewards e-mail senders who agree to be held accountable >for their messages. > >Participating marketers must demonstrate a history of responsible e-mailing >and must provide an easy way for consumers to opt out of future mailings, >among other things. > >Those found to be engaging in abusive behavior forfeit a cash bond of up to >$20,000, Gillis said. > >Internet providers are considering other ways to make e-mail more reliable. >Both Microsoft and Yahoo Inc. (YHOO: Research, Estimates) are developing >authentication systems that could make it harder for spammers to >appropriate others' e-mail addresses. > >Other methods would make spamming less profitable by sucking up computing >power or requiring human input every time a message is sent. > >"When you add these up over time, it will be uneconomical to send out >spam," said Microsoft spam specialist George Webb. > >------------------------------------- >You are subscribed as rah at shipwright.com >To manage your subscription, go to > http://v2.listbox.com/member/?listname=ip > >Archives at: http://www.interesting-people.org/archives/interesting-people/ > >--- end forwarded text > > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' > _________________________________________________________________ Express yourself with the new version of MSN Messenger! Download today - it's FREE! http://messenger.msn.com/go/onm00200471ave/direct/01/ From rah at shipwright.com Thu May 6 07:25:16 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 6 May 2004 10:25:16 -0400 Subject: The Internet's Wilder Side Message-ID: Warning. Do not drink and read this at the same time. Your keyboard and screen are not safe. Cheers, RAH ------- The New York Times May 6, 2004 The Internet's Wilder Side By SETH SCHIESEL T was just another Wednesday on the sprawling Internet chat-room network known as I.R.C. In a room called Prime-Tyme-Movies, users offered free pirated downloads of "The Passion of the Christ'' and "Kill Bill Vol. 2.'' In the DDO-Matrix channel, illegal copies of Microsoft's Windows software and "Prince of Persia: The Sands of Time,'' an Xbox game, were ripe for downloading. In other chat rooms yesterday, whole albums of free MP3's were hawked with blaring capital letters. And in a far less obtrusive channel, a hacker may well have been checking his progress of hacking into the computers of unsuspecting Internet users. Even as much of the Internet has come to resemble a pleasant, well-policed suburb, a little-known neighborhood known as Internet Relay Chat remains the Wild West. While copyright holders and law enforcement agencies take aim at their adversaries on Web sites and peer-to-peer file-sharing networks like Napster, I.R.C. remains the place where people with something to hide go to do business. Probably no more than 500,000 people are using I.R.C. worldwide at any time, and many of them are engaged in legitimate activities, network administrators say. Yet that pirated copy of Microsoft Office or Norton Utilities that turns up on a home-burned CD-ROM may well have originated on I.R.C. And the Internet viruses and "denial of service'' attacks that periodically make news generally get their start there, too. This week, the network's chat rooms were abuzz with what seemed like informed chatter about the Sasser worm, which infected hundreds of thousands of computers over the weekend. "I.R.C. is where you are going to find your 'elite' level pirates,'' said John R. Wolfe, director for enforcement at the Business Software Alliance, a trade group that fights software piracy. "If they were only associating with each other and inbreeding, maybe we could coexist alongside them. But it doesn't work that way. What they're doing on I.R.C. has a way of permeating into mainstream piracy.'' Two weeks ago, the F.B.I., in conjunction with law enforcement agencies in 10 foreign countries, announced an operation called Fastlink, aimed at shutting down the activities of almost 100 people suspected of helping operate illegal software vaults on the Internet. The pirated copies of music, films, games and other software were generally distributed using a separate Internet file-transfer system, said a Justice Department spokesman, but the actual pirates generally used I.R.C. to communicate and coordinate with one another. "The groups targeted as part of Fastlink are alleged to have used I.R.C. to have committed their crimes, like almost all other warez groups,'' the spokesman, Michael Kulstad, said in a telephone interview. Warez, pronounced like wares, is techie slang for illegally copied software. When I.R.C. started in the 1980's, it was best known as a way for serious computer professionals worldwide to communicate in real time. It is still possible - though sometimes a bit difficult - to find mature technical discussions among the tens of thousands of I.R.C. chat rooms, known as channels, operating at any one time. There are also respectable I.R.C. systems and channels - some operated by universities or Internet service providers - for gamers seeking opponents or those who want to talk about sports or hobbies. Still, I.R.C. perhaps most closely resembles the cantina scene in "Star Wars'': a louche hangout of digital smugglers, pirates, curiosity seekers and the people who love them (or hunt them). There seem to be I.R.C. channels dedicated to every sexual fetish, and I.R.C. users speculate that terrorists also use the networks to communicate in relative obscurity. Yet I.R.C. has its advocates, who point to its legitimate uses. "I.R.C. is where all of the kids come on and go nuts,'' William A. Bierman, a college student in Hawaii who helps develop I.R.C. server software and who is known online as billy-jon, said in a telephone interview. "All of the attention I.R.C. has gotten over the years has been because it's a haven for criminals, which is a very one-sided view. "The whole idea behind I.R.C. is freedom of speech. There is really no structure on the Internet for policing I.R.C., and there are intentionally no rules. Obviously you're not allowed to hack the Pentagon, but there are no rules like 'You can't say this' or 'You can't do that.' " It is almost impossible to determine exactly how many people use I.R.C. and what they use it for, because it takes only some basic technical know-how to run an I.R.C. server. Because it is generally a text-only medium, it does not require high-capacity Internet connections, making it relatively easy to run a private I.R.C. server from home. Some Internet experts believe that child pornography rings sometimes use their own private, password-protected I.R.C. servers. Particularly wary users can try to hide their identity by logging in to I.R.C. servers only through intermediary computers. There are, however, scores of public I.R.C. networks, like DALnet, EFNet and Undernet. Each typically ties together dozens of individual chat servers that may handle thousands of individual users each. "We're seeing progressively more and more people coming onto the network every year,'' said Rob Mosher, known online as nyt (for knight), who runs a server in the EFNet network. "As more and more people get broadband, they are moving away from AOL and they still want to have chat.'' For end users, using I.R.C. is relatively simple. First, the user downloads an I.R.C. client program (in the same way that Internet Explorer is a Web client program and Eudora is an e-mail client program). There are a number of I.R.C. clients available, but perhaps the most popular is a Windows shareware program known as mIRC (www.mirc.com). When users run the I.R.C. program, they can choose among dozens of public networks. Within a given network, it does not really matter which individual server one uses. Alternately, if users know the Internet address of a private server, they can type in that address. Once logged in to a public server, the user can generate a list of thousands of available channels. On an unmoderated network, the most popular channels are often dedicated to trading music, films and software. That is because in addition to supporting text-only chat rooms, I.R.C. allows a user to send a file directly to another user without clogging the main server. That capability has a lot of legitimate uses for transferring big files that would be rejected by an e-mail system. Want to send your brother across the country a digital copy of your home movie without burning a disc and putting it in the mailbox? The file-transfer capability in I.R.C. may be the most convenient way. Naturally, that file-transfer capability also has a lot of less legitimate uses. Advanced I.R.C. pirates automate the distribution of illegally copied material so that when a user sends a private message, the requested file is sent automatically. It is fairly common on I.R.C. for such a system to send out hundreds or even thousands of copies of the same file (like a music album or a pirated copy of Windows) over a few weeks. An official from the Recording Industry Association of America said that some hackers even obtain albums that have been recorded but not yet released. "Quite often, once they get their hands on a prerelease, they will use I.R.C. as the first distribution before it goes out into the wider Internet,'' Brad A. Buckles, the association's executive vice president for antipiracy efforts, said in a telephone interview. But perhaps the most disruptive use of I.R.C. is as a haven and communications medium for those who release viruses or try to disable Web sites and other Internet servers. In some ways, the biggest problem is Microsoft Windows itself. Windows has holes that can allow a hacker to install almost anything on a computer that lacks a protective program or device called a firewall. Users' vulnerability can be compounded if they have not installed the latest patches from Microsoft. Hackers scan through millions of possible Internet addresses looking for those unprotected computers and then use them to initiate coordinated "denial of service'' attacks, which flood the target machine (say, a Web site) with thousands or millions of spurious requests. In all of the noise, legitimate users find the target site unavailable. How can a hacker direct his army of compromised drones to the target of the day? Through I.R.C. "Each time it breaks into a new computer and turns it into a drone, the program copies itself and proceeds to keep scanning, and so very quickly you can have a very large number of drones,'' Mr. Bierman said, adding that a worm may well include a small custom-made I.R.C. client. "Then all of the drones connect to I.R.C. and go into one channel made especially for them. Then the runner can give commands to all of those drones.'' Chris Behrens, an I.R.C. software developer in Arizona known online as Comstud, said: "It's amazing how many machines at home are hacked or have been exploited in some way. We have seen 10,000 hacked machines connect to I.R.C. at one time, and they all go park themselves in a channel somewhere so someone can come along and tell them who to attack.'' Mr. Bierman and other I.R.C. developers and administrators said that they were contacted by federal law enforcement officials fairly often. Mr. Bierman said that he sometimes cooperated in helping the government track down specific people using I.R.C. to wage major attacks. He added, however, that he had refused government officials' requests to build a back door into his I.R.C. software that would allow agents to monitor I.R.C. more easily. "Basically the F.B.I. is interested in the best way to monitor the traffic,'' Mr. Bierman said. Mr. Kulstad of the Justice Department declined to comment on its specific contacts with the I.R.C. community. Mr. Bierman and other I.R.C. administrators said that in addition to their free-speech concerns, they were also reluctant to confront hackers, because angry hackers often turn their drones against I.R.C. servers themselves. Mr. Mosher echoed other I.R.C. administrators in saying that attempts to regulate the shady dealings online were doomed to failure. "Look, if we find one channel and close it, they move to another,'' he said. "It's been like this for years. You can't really stop it.'' -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From DaveHowe at gmx.co.uk Thu May 6 03:02:50 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Thu, 6 May 2004 11:02:50 +0100 Subject: Everything you never wanted to know about the UK ID card References: Message-ID: <017401c43351$5def2de0$c71121c2@exchange.sharpuk.co.uk> R. A. Hettinga wrote: > >. And employee checks? Here comes the > stick. Employers don't at the moment have to check immigration status > when they hire someone, so why would they? Indeed, why would they > care? But under the provisions of the Asylum and Immigration Act > 1996 the secretary of state can make orders requiring eligibility > checks by employers. This will be considered "closer to the > date of implementation" of the ID card scheme. Slightly out of date then - they have *already* forced this though. check out this piece for further info: http://www.workplacelaw.net/display.php?resource_id=4384 oddly, I can't find any (recent) enabling legislation for this (or commons debate), so it could simply be that way because they have decided it will be... From jbone at place.org Thu May 6 12:29:13 2004 From: jbone at place.org (Contempt for Meatheads) Date: Thu, 6 May 2004 14:29:13 -0500 Subject: [FoRK] How To Attack Scale-Free Networks Message-ID: Great new bits up on Global Guerillas: http://globalguerrillas.typepad.com/globalguerrillas/2004/05/ scalefree_terro.html HOW TO ATTACK SCALE-FREE NETWORKS Scale-free networks are everywhere. The can be seen in airline traffic routes, connections between actors in Hollywood, weblog links, sexual relationships, and terrorist networks. So what exactly is a scale-free network? A scale-free network is one that obeys a power law distribution in the number of connections between nodes on the network. Some few nodes exhibit extremely high connectivity (essentially scale-free) while the vast majority are relatively poorly connected. The reason that scale-free networks emerge, as opposed to evenly distributed random networks, is due to these factors: * Rapid growth confers preference to early entrants. The longer a node has been in place the greater the number of links to it. First mover advantage is very important. * In an environment of too much information people link to nodes that are easier to find. This preferential linking reinforces itself by making the easier to find nodes even more easy to find. * The greater the capacity of the hub (bandwidth, work ethic, etc.) the faster its growth. The Strength and Weaknesses of Scale-Free Networks The proliferation of scale-free networks and our increasing dependence on them (particularly given their prevalence in energy, transportation, and communications systems) begs the question: how reliable are these networks? Here's some insight into this: * Scale-free networks are extremely tolerant of random failures. In a random network, a small number of random failures can collapse the network. A scale-free network can absorb random failures up to 80% of its nodes before it collapses. The reason for this is the inhomogeneity of the nodes on the network -- failures are much more likely to occur on relatively small nodes. * Scale-free networks are extremely vulnerable to intentional attacks on their hubs. Attacks that simultaneously eliminate as few as 5-15% of a scale-free network's hubs can collapse the network. Simultaneity of an attack on hubs is important. Scale-free networks can heal themselves rapidly if an insufficient number of hubs necessary for a systemic collapse are removed. * Scale-free networks are extremely vulnerable to epidemics. In random networks, epidemics need to surpass a critical threshold (a number of nodes infected) before it propogates system-wide. Below the threshold, the epidemic dies out. Above the threshold, the epidemic spreads exponentially. Recent evidence indicates that the threshold for epidemics on scale-free networks is zero. What this means for Counter-terrorists Given the vulnerability of scale-free networks to intentional disruption, what does this mean for counter-terrorist planners (which I hope, but doubt, they are thinking about)? This theory has strong implications for defense as well as offense. Here's what it means: * Eliminating terrorist scale-free network hubs will likely not be effective. Non-state terrorist networks are not only scale-free they also exhibit small world properties (see "TERRORIST CELLS" for more). This means that while large hubs still dominate the network, the presence of tight clusters (cells), continues to provide local connectivity when the hubs are removed. This implies that the attack on al Qaeda's Afghanistan training camps (the location of multiple hubs) did not collapse its network in any meaningful way. Rather, it atomized the network into anonymous clusters of connectivity until the hubs could reassert their priority again. Additionally, many of these clusters, even without the global connectivity provided by the hubs, will still be able to conduct attacks if they are of sufficient size and complexity (a variety of skill sets). A better approach may be to observe the hubs covertly to assertain the location of local clusters that need to be shut down. * Critical terrorist social network hubs cannot be identified based on the number of links alone. Hubs vary in value depending on multiple vectors such as depth of connections (strong face-to-face social history is extremely important for trust development in covert networks -- see MAPPING TERRORIST NETWORKS for more), frequency of contact (which may indicate the individual is a conduit for information flow rather than an resource), and duration of links (which is tied to the importance of that individuals skill set to ongoing operations of cells they connect to). Analysis of the network along each of vectors can make for better decision making. * Defense against attacks on hubs can be achieved in ways other than physical defense. These methods include: increasing the capacity of all hubs to absorb the taffic of failed hubs (a kind of surge protection), limiting or decreasing the maximum number of connections to any one hub (reduction in criticality), and increasing the cross connectivity of the network (local pooling of resources). Posted by John Robb on 07.05.2004 at 09:50 AM | Permalink _______________________________________________ FoRK mailing list http://xent.com/mailman/listinfo/fork ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From eugen at leitl.org Thu May 6 12:44:37 2004 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 6 May 2004 21:44:37 +0200 Subject: [FoRK] How To Attack Scale-Free Networks (fwd from jbone@place.org) Message-ID: <20040506194437.GK25728@leitl.org> ----- Forwarded message from Contempt for Meatheads ----- From rah at shipwright.com Thu May 6 19:39:51 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 6 May 2004 22:39:51 -0400 Subject: E-Voting Commission Gets Earful Message-ID: Wired News E-Voting Commission Gets Earful By Michael Grebb? Story location: http://www.wired.com/news/evote/0,2645,63349,00.html 02:00 AM May. 06, 2004 PT WASHINGTON -- Passions ran high Wednesday at the first public hearing of the Election Assistance Commission, where activists and manufacturers of electronic voting machines clashed over whether new e-voting systems should include a voter-verifiable paper trail that auditors could use to recount votes if necessary. The newly formed commission, which is just beginning to oversee the certification of voting systems and the standardization of elections across the country, held its first meeting to examine the state of elections and voting systems. The commissioners were collecting testimony from special-interest groups, election officials, computer scientists and voting-machine makers. But the commission's chairman said he didn't expect the bipartisan panel would issue national standards requiring paper receipts when it makes preliminary recommendations next week, followed by more detailed guidelines next month. "We will not decide on what machines people will buy," said the chairman, Republican DeForest B. Soaries Jr., saying it wasn't the panel's role to tell states what to do. "We will say, if California wants to have a backup paper system, what national standards it should follow." At least 20 states are considering legislation to require a paper record of every vote cast after rushing to get ATM-like voting machines to replace paper ballots in the wake of Florida's fiasco with hanging chads in the 2000 presidential election. About 50 million people, or 29 percent of voters, are expected to vote electronically in November's election. Representatives from the machine makers tried to convince commissioners that paperless e-voting systems are not only safe and accurate, but more so than paper-based systems. Mark Radke, director of marketing at Diebold Election Systems, said Diebold's touch-screen voting systems experienced "zero security problems" during the November 2002 elections, pointing out that its "voice guidance" audio feature allowed blind voters "to vote in private for the very first time." (With paper-only systems, blind voters historically have needed to recite their ballot choices to a poll worker or friend, who would then mark the ballot for them.) Radke also said Diebold's machines outperformed other systems during the California recall elections in October. He claimed that under-counted votes were the lowest on Diebold touch screens, at 0.73 percent, compared with 2.86 percent for optical-scan systems, 4.6 percent for other electronic systems and 6.32 percent for paper-only systems. Alfie Charles, spokesman for Sequoia Voting Systems, said the "sensationalized concerns" of paper-trail advocates aren't grounded in reality. "The evidence is pretty clear," he said. "Electronic systems help prevent disenfranchisement." Several panelists also pointed out that the pool of people able to hack into an e-voting system is far smaller than those able to steal ballots, stuff the ballot box or punch holes in voting cards to change or nullify votes. Under that theory, electronic systems would increase security. "We would reduce the number of people capable of committing fraud," Charles said. But Avi Rubin, a Johns Hopkins University computer scientist who helped author a report last July about security vulnerabilities in Diebold's touch-screen voting system, warned that paperless systems could allow savvy intruders to rig an election. He said corporations supporting a particular presidential candidate who is friendly to their needs would have billions at stake to make sure their candidate won. "We've got very well-funded and bad-intentioned adversaries to worry about," he said. Rubin said while paper trails are needed for the November election, "in the long, long term we should explore other cryptographic options and other electronic techniques" to someday run secure, paperless elections. At a press conference and rally outside the hearing, a crowd of supporters cheered when California Secretary of State Kevin Shelley took the podium. On Friday, Shelley banned the use of one model of Diebold's voting machines in four California counties, and decertified all touch-screen systems unless counties that own them implement 23 security requirements. At least one county is filing suit against Shelley for his actions, and others may follow. Supervisors in Riverside County voted unanimously Tuesday to sue Shelley, California's top election official, to remove the ban on their machines, saying his ruling would harm disabled and visually impaired voters who have been able to vote unassisted for the first time using touch-screen machines that guide them through the ballot with audio directions. Shelley charged that Diebold aggressively marketed its TSx system to voting officials in the four counties, even though the systems were not fully tested, qualified by federal officials or certified at the state level. Diebold finally finished federal testing of the TSx on April 21. Still, Shelley told supporters that he worries most about unsecured systems vulnerable to hackers. "We have seen that a bunch of high-school students can hack in and change thousands of votes," he said. "We cannot have that." He said he had received several reports of high-school hackers attempting to penetrate e-voting systems, but didn't give specific examples. One of his representatives also cited an incident in which touch-screen systems went down in a few jurisdictions during the October recall election. Elderly poll workers at one location didn't know what to do, so they asked some teenagers who happened to be there to reboot the machines for them -- an obvious opportunity to commit mischief under the right circumstances. Several witnesses at the hearing, including Shelley, recommended better training for poll workers, who may need basic computer skills to fix technical problems on Election Day. Brit Williams, a computer science professor and election expert at Kennesaw State University near Atlanta, advocated adopting a single national standard for voting software to ensure security and ease training for poll workers. Other commissioners seemed worried that poll workers would become too reliant on vendors to fix Election Day snafus. Some experts have said that the most likely hacking scenario for machines would be inside jobs from system programmers or the vendors themselves. But Denise Lamb, director of elections in New Mexico, told the panel that any polling place that experienced a severe software or hardware problem would most likely shut down rather than call in a vendor to fix the problem. For minor glitches, she said most vendors provide telephone support. Activists outside the hearing, however, were not reassured. "This is a high-stakes election, and we have to get it right," said Linda Schade, director of Campaign for Verifiable Voting in Maryland, a group that advocates a voter-verified paper trail for electronic systems rather than "rickety, backward new voting machines." The group has already sued the state of Maryland in an effort to decertify the Diebold touch-screen machines that officials implemented statewide last year. Rep. Rush Holt (D-New Jersey) took the podium to drum up support for his Voter Confidence and Increased Accessibility Act (HR2239), which would require all voting machines to produce a paper record. "(Paperless e-voting machines) are in principle unverifiable," he said. "Your intentions cannot be recovered." As Holt wrapped up his comments, Jim Dickson, spokesman for the American Association of People With Disabilities, stepped forward and complained that Holt's bill would threaten to undo protections for disabled voters contained in the Help America Vote Act of 2002. Dickson, who is blind, said that voting with assistance can be a humiliating experience, particularly when the poll worker helping you doesn't agree with your choices. "They have said, 'You're voting for who?'" he said, mimicking the sarcastic voice of a poll worker. He charged that Holt's bill -- by not setting a deadline for new e-voting machines to accommodate disabled voters -- would put off those protections indefinitely. Holt quickly clarified that his bill wouldn't take away such protections. While the sides squared off in Washington, D.C., senators in California approved a bill to ban all e-voting in the state in November. The bipartisan bill passed the state Senate Committee on Elections and Reapportionment with a 3-1 vote and will now go to the Senate floor. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu May 6 19:44:07 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 6 May 2004 22:44:07 -0400 Subject: AuP: 'Al-Qaeda' offers gold for deaths Message-ID: The BBC Thursday, 6 May, 2004, 21:52 GMT 22:52 UK 'Al-Qaeda' offers gold for deaths Rewards of gold are said to be on offer for the assassinations of top US and UN officials, according to a message purportedly from Osama Bin Laden. The statement said 10kg (22lb) of gold would be given to anyone killing the US Iraq administrator Paul Bremer or senior military officers. The same - worth about $125,000 - was offered for UN chief Kofi Annan or his Iraq envoy Lakhdar Brahimi. The message was published on a website known to be used by Islamist militants. It was claimed that the statement was the transcript of an audio recording by the al-Qaeda leader. The authenticity of the statement has not been verified, but observers say it used language similar to previous Bin Laden statements, laden with Koranic verse. But they add that he has never before offered rewards for missions which he considers to be a religious duty. The US has offered a $27m bounty for the capture or killing of Bin Laden. "We in al-Qaeda organisation will guarantee, God willing, 10,000 grams of gold to whoever kills the occupier Bremer, or the American chief commander or his deputy in Iraq," the purported transcript read. Smaller rewards of 1kg of gold were offered for the deaths of ordinary Americans and Britons, and half that was pledged for the killings of citizens of Japan and Italy, who were called "slaves" of the UN Security Council. The website offered various links to hear the original audio statement, but users said they could not get them to work - possibly because of the number of people trying. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jya at pipeline.com Fri May 7 06:39:03 2004 From: jya at pipeline.com (John Young) Date: Fri, 07 May 2004 06:39:03 -0700 Subject: Acoustic Cryptanalysis Message-ID: http://www.wisdom.weizmann.ac.il/~tromer/acoustic/ Acoustic Cryptanalysis: On nosy people and noisy machines Adi Shamir and Eran Tromer A powerful method for extracting information from supposedly secure systems is side-channel attacks, i.e., cryptanalytic techniques that rely on information unintentionally leaked by computing devices. Most attention has been focused on electromagnetic emanations, power consumption and, recently, diffuse visible light from CRT displays. The oldest eavesdropping channel, namely acoustic emanations, has received little attention. The following demonstrates some preliminary results in the analysis of acoustic emanations from personal computers, showing them to be a surprisingly rich source of information on CPU activity. May 7, 2004 From krissmith50 at advisorsquare.com Fri May 7 05:44:44 2004 From: krissmith50 at advisorsquare.com (Megan Alston) Date: Fri, 07 May 2004 06:44:44 -0600 Subject: Last chance for lower rates Message-ID: <601z976y.4777580@hotmail.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 582 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: polymerase.0.gif Type: image/gif Size: 7817 bytes Desc: not available URL: From mv at cdc.gov Fri May 7 08:27:12 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 07 May 2004 08:27:12 -0700 Subject: No stinkin' constitution here Message-ID: <409BAAD0.94290E6F@cdc.gov> "Material-witness warrants are used by the government to hold people suspected of having direct knowledge about a crime or to give agents more time to investigate." http://www.latimes.com/news/nationworld/world/la-na-madrid7may07,1,303922.story?coll=la-home-headlines ALOHA, Ore.  A Portland lawyer was detained Thursday by the FBI after federal officials linked his fingerprint to bomb-related evidence associated with the Madrid railway attacks that killed 191 people in March, a federal law enforcement official said. The arrest of Brandon Mayfield, 37, raises the possibility of a U.S. connection to the March 11 bombings, which Spanish authorities have blamed on Islamic extremists. The former Army officer, a Muslim convert, was held on a material-witness warrant after the FBI searched his home in the Portland suburb of Aloha. Mayfield's arrest was first reported Thursday on Newsweek magazine's website. He has not been charged with any crime, and the federal official stressed that the investigation was continuing and is in many ways preliminary. Spanish officials cautioned earlier this week that they did not consider the fingerprint evidence to be conclusive. Material-witness warrants are used by the government to hold people suspected of having direct knowledge about a crime or to give agents more time to investigate. From mv at cdc.gov Fri May 7 08:38:20 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 07 May 2004 08:38:20 -0700 Subject: AP is back... Message-ID: <409BAD6C.351215E6@cdc.gov> We in al Qaeda organization are committed to a prize of 10,000 grams of gold to whoever kills Bremer, his deputy, the commander of American forces or his deputy in Iraq," the voice said. Bin Laden also offers 1kg of gold for killing a US soldier or civilians, and 500 grams for killing an allied civilian or soldier. Terrorists in Fallujah claim they'll give $15 million each for the heads of Defense Secretary Donald Rumsfeld, Lt. Gen. Ricardo Sanchez and Brig. Gen. Mark Kimmit. ------- How do you declare this on your 1040? Can Americans involved in friendly-fire incidents collect? From rah at shipwright.com Fri May 7 06:23:10 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 7 May 2004 09:23:10 -0400 Subject: Explosive Debate: Should U.S. Check Up On Model Rockets? Message-ID: The Wall Street Journal May 7, 2004 PAGE ONE Explosive Debate: Should U.S. Check Up On Model Rockets? Under 9/11 Law, ATF Keeps Tabs on Propellant Buyers; Feds Visit Al's Hobby Shop By ROBERT BLOCK Staff Reporter of THE WALL STREET JOURNAL May 7, 2004; Page A1 ELMHURST, Ill. -- Al's Hobby Shop in this leafy corner of suburban Chicago is always packed with mothers looking for Cub Scout badges, teenagers ogling imported slot cars and grown men playing with model trains. But to federal law-enforcement officials, Al's is also a possible terrorist supply depot. And so, last October, a special agent from the Bureau of Alcohol, Tobacco, Firearms and Explosives was sent to Al's from Washington to buy $1,700 in model rocket motors. "The guy told me that the government wanted to do some tests," recalls Tim Lehr, who sold the agent 40 motors containing almost 60 pounds of propellant. "He wouldn't say what the tests were for, but I could guess: The government wanted to ruin my hobby." Since the passage of the initial post-9/11 antiterrorism laws in October 2001, hobby rocketry has been struggling to avoid regulation that enthusiasts say will destroy their sport, deter youngsters from pursuing an interest in science and waste the nation's limited law-enforcement resources. The Department of Justice says that federal agents need to keep an eye on who is buying model rockets because the toys are potentially dangerous and could be adapted by terrorists to attack airplanes and American soldiers. At the heart of the problem is a long-running dispute between hobbyists and the ATF, which is part of the Justice Department, over how to legally classify the chemicals used to propel rockets. Ammonium perchlorate composite propellant, better known as APCP, is a rubbery mixture of resins, powdered metals and salts that ignites at 500 degrees Fahrenheit and burns like a road flare on steroids. It's the same fuel that the National Aeronautics and Space Administration uses in the solid rocket boosters on the space shuttle. For hobby rockets, APCP comes in the form of pellets wrapped in cardboard about an inch in diameter and three inches long. The cylinders, which start at $12.50 apiece and can go up into the hundreds of dollars, can be stacked in reusable aluminum casings to power larger rockets. Rocketeers have always maintained that APCP doesn't detonate, it deflagrates. That is, it burns intensely at a controlled rate. Since 1971, however, the ATF has branded APCP as a "low explosive" subject to regulation and licensing by the bureau. In practice, the ATF largely ignored the rocketeers as long as they weren't selling or buying APCP across state lines. With new fears about national security after 9/11, President Bush signed the Safe Explosives Act, an antiterrorism law contained in the bill that created the Department of Homeland Security. In effect for a year, the law now requires permits for all purchases of rocket motors and all explosives, including APCP. Suddenly, hobbyists who had been freely purchasing such motors for years had to be fingerprinted and to submit to background checks. They had to pay $25 for ATF low-explosive-user permits to purchase more than 2.5 ounces of APCP and allow local and federal inspectors onto their property anytime to check for proper storage of the propellant. The government insists it is trying to balance civil liberties with homeland safety. But federal investigators say that since terrorists showed they could level skyscrapers with boxcutters, no potentially suspicious activity can be ignored. "Most of the people involved in these activities are harmless fanatics and nerds," says one federal law-enforcement official. "But since 9/11, we have a responsibility to make sure the nerds are not terrorists." Other hobbyist have also come under federal scrutiny, including bird watchers on the Canadian border and operators of radio-controlled airplanes. But this does little to console the rocketeers. Terry McCreary, associate professor of analytical chemistry at Murray State University in western Kentucky and a hobby-rocket guru, says sport rocketry helps kids by interesting them in wonders of chemistry, physics, astronomy and aerodynamics. "If you look deeply into the background of our top mathematicians and scientists, you will find a kid with a model rocket." Pointing at a troop of about 15 Boy Scouts at a recent launch in The Plains, Va., Doug Pratt, who runs his own hobby-rocket business out of his basement in Herndon, asked: "Does that look like a group of terrorists to you?" Faced with the prospect of being fingerprinted and having agents poking around their past, many rocketeers are leaving the hobby. The rocket club at Kettering University in Michigan has closed down because of the new regulatory requirements. Looking for help, rocket groups have turned to Republican Sen. Mike Enzi of Wyoming, an avid fan of hobby rockets and model airplanes. In May last year, Senator Enzi sponsored a bill to exempt hobby rockets from government regulation. The Department of Justice, which oversees the ATF, then wrote him a letter saying that "large rocket motors could be adapted by terrorists for use in surface-to-air missiles capable of intercepting commercial and military airplanes at cruise level and for use in 'light antitank' weapons capable of hitting targets from a range of nearly five miles." Mr. Enzi wrote back to Attorney General Ashcroft, asking to see the results of the tests that led his department to its conclusions. Within weeks, an agent from the ATF was sent to Al's Hobby Shop outside Chicago to buy the first rocket motors for testing. Over the past six months, according to ATF officials, agents and private contractors have been working at Air Force bases in Utah and Florida firing model rockets at drones, vehicles and simulated crowds of people. The tests are classified. Some rocketeers have hit upon another solution: They make their own fuel. They get together on weekends with pizza, beer and jars of precursor chemicals for "cooking parties" in their homes and apartments or in the back rooms of their businesses. "It's legal and completely safe," says Jerry O'Sullivan, an insurance agent who cooks fuel with his friends in suburban Washington. Mr. O'Sullivan, who is a member of the Maryland Delaware Rocketry Association Inc., is taking advantage of a loophole in explosives legislation exempting anyone who mixes an explosive for his own "personal" use from having to get a permit. The exemption was created mainly for farmers who mix fertilizers and fuel oil to blast their own irrigation ditches. One oddity of the government crackdown is the focus on rockets and not guidance systems. "The secret is in the guidance systems," says Arthur "Trip" Barber, a former captain of a U.S. navy guided missile destroyer, who is now vice president of the National Association of Rocketry. "I can build a rocket overnight but I couldn't build a guidance system in a lifetime." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Fri May 7 09:04:51 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 07 May 2004 12:04:51 -0400 Subject: AP is back... Message-ID: "Terrorists in Fallujah claim they'll give $15 million each for the heads of Defense Secretary Donald Rumsfeld, Lt. Gen. Ricardo Sanchez and Brig. Gen. Mark Kimmit." Well, does the actual HEAD have to be delivered? That might reduce the options considerably... -TD >From: "Major Variola (ret)" >To: "cypherpunks at al-qaeda.net" >Subject: AP is back... >Date: Fri, 07 May 2004 08:38:20 -0700 > >We in al Qaeda organization are committed to a prize of 10,000 grams of >gold to whoever kills Bremer, >his deputy, the commander of American forces or his deputy in Iraq," the >voice said. > >Bin Laden also offers 1kg of gold for killing a US >soldier or civilians, and 500 grams for killing an allied >civilian or soldier. > >Terrorists in Fallujah claim they'll >give $15 million each for the heads of >Defense Secretary Donald Rumsfeld, Lt. Gen. >Ricardo Sanchez and Brig. Gen. Mark Kimmit. > > >------- >How do you declare this on your 1040? >Can Americans involved in friendly-fire incidents collect? > > > _________________________________________________________________ Check out the coupons and bargains on MSN Offers! http://youroffers.msn.com From rah at shipwright.com Fri May 7 11:55:46 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 7 May 2004 14:55:46 -0400 Subject: When It Comes to Selling Virtual Property, PayPal Isn't Always Your Pal Message-ID: PBS: I, Cringely -- The Pulpit MAY 6, 2004 PayAcquaintance When It Comes to Selling Virtual Property, PayPal Isn't Always Your Pal By Robert X. Cringely Games are make believe, their rules have to be only internally consistent, not consistent with any laws of man or nature. And that is probably the reason we like them, because in the game, whether played in my garden or in your computer, we can be warriors or wizards, men or mice, we can carry on our belts the scalps of our enemies and nobody is really hurt, no laws are broken. But games are also big business, which means they inevitably intersect with the real world. And when that point of intersection is through PayPal, some game players believe they are being robbed. This story was brought to my attention by players of EverQuest, Sony's incredibly successful and incredibly complex fantasy role-playing game, but I am sure it applies to similar games. Understand, I am not a gamer, and have not a chromosome of gamer DNA in me, so if you are a gamer and feel that I am mischaracterizing an activity that occupies, say, a third of your waking hours, just pity me and hold the complaints, okay? EverQuest and most other multiplayer online games like it are subscription-based. You pay Sony a monthly fee to be allowed to be a character in the game. Some of your character attributes are personal choices made when you set up the account, but many are earned, given, or even just discovered as you make your way through the many levels of the game, gaining powers and weapons and even money. Yes, money. The currency in EverQuest is platinum, and it can be used to buy many things, including sometimes buying your way out of trouble. Sony's view of its game is that everything takes place in the server and nothing in the real world. Characters can give things or sell things to each other in the game (weapons, magical abilities, platinum, etc.), but in Sony's view, it is all supposed to take place in the game. Avid gamers, however, came to see a real market in these things, selling them primarily to players who wanted to buy their way higher in the game. So there developed a secondary market in virtual goods, first on eBay, then on specialized game auction sites, and there are online stores where you can buy this stuff outright. Sony doesn't specifically allow it, but Sony also doesn't do much to prevent it, so the practice is widespread. The arbitrage opportunity here is based on skill and knowledge of the game. If I am some kind of EverQuest god having made it the old fashion way to the top of the game, it is much easier for me to acquire these goodies than it might be for a beginner. Or maybe I have found a bug in the program that allows me to exploit over and over again some action that yields platinum, for example. Once I have enough valuable stuff worth selling, I would typically give it to a second character (not my most powerful performer -- I need to keep him/her/it apparently untainted by commercialism). Then I find a buyer through an auction site, or I just sell the stuff to a wholesaler like Internet Gaming Entertainment, the Big Kahuna in the buying and selling of this stuff. How the actual transfer of goods takes place is very interesting. Once a deal is struck, the characters of the buyer and seller have to meet at an agreed place in the game where the hand over (no hands are actually involved of course) takes place. Either one character just gives this big load of platinum to the other or they give it in exchange for some game item of much less value. This latter technique is the pure play because it complies best with Sony rules that allow bad bargaining and character stupidity. "Manhattan for $24 in beads? Sure!" Meanwhile, back in the real world, real money is changing hands, typically through PayPal transfers. The transfer is done first, then the property is exchanged. Only it doesn't always work that way. Sometimes the buyer retracts the payment saying that a transfer never took place at all. After all, there is no receipt. Sounds a bit like the Diebold e-voting scandal, eh? PayPal yanks the money back out of the seller's account EVEN IF IT HAS ALREADY BEEN TRANSFERRED TO A BANK ACCOUNT. One minute the money is there, the next minute it isn't, and the seller has almost no recourse at all. The specific event that led to this column was the failed sale of $2,300 in platinum by a group of EverQuest fanatics who wanted to use the money to pay their way to a big EverQuest convention. It is their contention (not mine, I'm just the reporter here, remember) that the bad guy in this deal is either Jonathan Yantis or an associate of his. Jonathan Yantis runs Yantis Enterprises, which was until recently the big competitor to IGE for the buying and selling of this stuff that isn't real. Yantis is in San Diego, IGE is in Florida, and earlier this year they merged with IGE buying Yantis, though the web sites (they are both in this week's links) remain separate. The players who came to me sold their platinum through a game-specific auction site. The deal went forward exactly as described above, and they suddenly had no platinum and no money. Wily hackers that they are, they tracked the mail records of the only trail that did exist, the e-mails arranging the exchange, and claim to have found that the buyer's IP address was from the same range used by Yantis Enterprises. Further, they explored the qualifications of the "PayPal Verified" buyer and claim that most of the positive feedback came from Jonathan Yantis. Finally, they claim that the day after the transaction, the Yantis price to sell platinum on their EverQuest server suddenly dropped as though there was suddenly a larger supply acquired at little or no cost. These players are fervent and angry and they have some real data so what happens now? Not much, and that is probably the real topic of this column. Yantis Enterprises has no telephone number and doesn't respond to e-mail from me. IGE also has no telephone number but they do have a PR firm that doesn't call me back. These are companies apparently doing millions per year in business, yet they effectively don't have a physical existence. PayPal certainly has a physical existence and they DO return my calls and tried hard to be helpful, but the story there isn't very encouraging, either. For one thing, PayPal can't figure out how to handle payments for such virtual goods, so they rely on the good will of the buyers and sellers involved. If a buyer backs out, PayPal has no recourse but to reverse the charge (called a chargeback) or take the loss itself, which it is unwilling to do. This applies to game goods, but it also applies to ANY virtual goods, so if you are planning to sell software or music or video this way, you might have to think a bit harder. PayPal is not built to reliably support a peer-to-peer economy. What about feedback? Isn't the great enforcement mechanism of eBay and PayPal supposed to be feedback from other users? Here is where it gets REALLY interesting. The essence of feedback is that you can run, but you can't hide, and PayPal enforces that by limiting each user to a single account. But how do they make that stick? They don't. PayPal asked ME to help them find Jonathan Yantis, for example. Here is a guy who has participated in more than 10,000 PayPal transfers and they don't know how to reach him. That 10,000 plus PayPal number is a big part of his marketing. But PayPal also told me that part of their difficulty finding him is that they have DOZENS of accounts under the name Jonathan Yantis. Their assumption is that these are all different people. So I went to the People Search section of Yahoo and looked for everyone in America named J, Jonathan, John, or Jack Yantis and found 35 people. Say there are another 35 with unlisted numbers, that's 70 people, tops. If there are 300 million Americans and PayPal has 40 million users then no more than 14 of those users ought to be named J, Jonathan, John, or Jack Yantis. So it is easy to have multiple PayPal accounts and if you have multiple accounts you can give yourself lots of positive feedback, so the system can be played. I am not saying that Jonathan Yantis or IGE did any of this. I'm just reporting what I was told and what I discovered. I can't understand why someone would threaten a 10,000 plus PayPal score by trying to corner the EverQuest platinum market. I'm also quite concerned over the lack of safety measures PayPal has in place to protect buyers and sellers. I DO see here a wonderful business opportunity, though, for someone to come up with a reliable way to handle payments for virtual goods. That would be worth its weight in gold, 'er platinum. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From wmo at rebma.pro-ns.net Sat May 8 22:30:27 2004 From: wmo at rebma.pro-ns.net (Bill O'Hanlon) Date: Sun, 9 May 2004 00:30:27 -0500 Subject: No stinkin' constitution here In-Reply-To: <409BAAD0.94290E6F@cdc.gov> References: <409BAAD0.94290E6F@cdc.gov> Message-ID: <20040509053027.GA989@rebma.pro-ns.net> On Fri, May 07, 2004 at 08:27:12AM -0700, Major Variola (ret) wrote: > > The former > Army > officer, a > Muslim Your whitespace cryptosystem sucks. From adam at cypherspace.org Sun May 9 03:04:31 2004 From: adam at cypherspace.org (Adam Back) Date: Sun, 9 May 2004 06:04:31 -0400 Subject: Brands' private credentials In-Reply-To: References: Message-ID: <20040509100431.GA24611@bitchcake.off.net> [copied to cpunks as cryptography seems to have a multi-week lag these days]. OK, now having read: > http://isrl.cs.byu.edu/HiddenCredentials.html > http://isrl.cs.byu.edu/pubs/wpes03.pdf and seeing that it is a completely different proposal essentially being an application of IBE, and extension of the idea that one has multiple "identities" encoding attributes. (The usual attribute this approach is used for is time-period of receipt .. eg month of receipt so the sender knows which key to encrypt with). On Wed, Apr 28, 2004 at 07:54:50PM +0000, Jason Holt wrote: > properties to Brands', and even does some things that his doesn't. so here is one major problem with using IBE: everyone in the system has to trust the IBE server! > I feel a little presumptuous mentioning it in the context of the > other systems, which have a much more esteemed set of authors and > are much more developed, but I'm also pretty confident in its > simplicity. One claim is that the system should hide sensitive attributes from disclosure during a showing protocol. So the example given an AIDs patient could authenticate to an AIDS db server without revealing to an outside observer whether he is an AIDs patient or an authorised doctor. However can't one achieve the same thing with encryption: eg an SSL connection and conventional authentication? Outside of this, the usual approach to this is to authenticate the server first, then authenticate the client so the client's privacy is preserved. Further more there seems to be no blinding at issue time. So to obtain a credential you would have to identify yourself to the CA / IBE identity server, show paper credentials, typically involving True Name credentials, and come away with a private key. So it is proposed in the paper the credential would be issued with a pseudonym. However the CA can maintain a mapping between True Name and pseudonym. However whenever you show the credential the event is traceable back to you by collision with the CA. > Note that most anonymous credential systems are encumbered by > patents. I would not say your Hidden Credential system _is_ an anonymous credential system. There is no blinding in the system period. All is gated via a "trust-me" CA that in this case happens to be an IBE server, so providing the communication pattern advantages of an IBE system. What it enables is essentially an offline server assisted oblivious encryption where you can send someone a message they can only decrypt if they happen to have an attribute. You could call this a credential system kind of where the showing protcool is the verifier sends you a challenge, and the shower decrypts the challenge and sends the result back. In particular I don't see any way to implement an anonymous epayment system using Hidden Credentials. As I understand it is simply not possible as the system has no inherent cryptographic anonymity? Adam From adam at cypherspace.org Sun May 9 04:07:47 2004 From: adam at cypherspace.org (Adam Back) Date: Sun, 9 May 2004 07:07:47 -0400 Subject: anonymous IRC project needs new home... Message-ID: <20040509110747.GA25766@bitchcake.off.net> The anonymous IRC project (IIP -- http://www.invisiblenet.net/iip/) provides encrypted anonymous IRC chat. Haven't looked in the protocol in detail to see how they get their anonymity, but the guy seemed aware of Chaum etc and they have crypto protocols document up there. They have resource problems in continuing to run it, and so have announced end-of-life for the project, but source etc is available, and they are calling for interest in taking over the project. Anyone with a bit of bandwidth and interest in preserving anonymity of IRC want to help them out? (The way I first heard about the project is that they use hashcash to throttle nym registration abuse -- before that people were creating 1000s of handles through it.) Adam From Poindexter at SAFe-mail.net Sun May 9 08:16:02 2004 From: Poindexter at SAFe-mail.net (Poindexter at SAFe-mail.net) Date: Sun, 9 May 2004 11:16:02 -0400 Subject: anonymous IRC project needs new home... Message-ID: At 07:07 AM 5/9/2004 -0400, Adam Back wrote: >The anonymous IRC project (IIP -- http://www.invisiblenet.net/iip/) provides encrypted anonymous IRC chat. > >Haven't looked in the protocol in detail to see how they get their anonymity, but the guy seemed aware of Chaum etc and they have crypto protocols document up there. > >They have resource problems in continuing to run it, and so have announced end-of-life for the project, but source etc is available, and they are calling for interest in taking over the project. > >Anyone with a bit of bandwidth and interest in preserving anonymity of IRC want to help them out? Despite supposedly being an "open source" project, "nop", the lead developers/project manager, has kept some of the source/procedures necessary to run iip rather closed (e.g., the server configuration and the source code for the public relay 'harvester'). There were quite a few iip users who expressed interest in helping out or taking over when iip's problems first became painful about six-nine months ago. Now many iip users may have left, and a non-public project with much grander ambitions and truly open source is well along in development (spurred on in good part because of nop's lack of communication with the iip community). This call for help may be a bit too late. From n1rgs at gemcomsoftware.com Sun May 9 17:03:10 2004 From: n1rgs at gemcomsoftware.com (Tabatha Carmichael) Date: Sun, 09 May 2004 18:03:10 -0600 Subject: Low mortagge ratee approvall Message-ID: <554e812u.0647528@msn.com> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 578 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: shay.7.gif Type: image/gif Size: 7817 bytes Desc: not available URL: From eugen at leitl.org Sun May 9 13:36:40 2004 From: eugen at leitl.org (Eugen Leitl) Date: Sun, 9 May 2004 22:36:40 +0200 Subject: Can Skype be wiretapped by the authorities? (fwd from em@em.no-ip.com) Message-ID: <20040509203640.GT25728@leitl.org> ----- Forwarded message from Enzo Michelangeli ----- From shaddack at ns.arachne.cz Sun May 9 14:49:40 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Sun, 9 May 2004 23:49:40 +0200 (CEST) Subject: Can Skype be wiretapped by the authorities? (fwd from em@em.no-ip.com) In-Reply-To: <20040509203640.GT25728@leitl.org> References: <20040509203640.GT25728@leitl.org> Message-ID: <0405092343230.-1297076784@somehost.domainz.com> On Sun, 9 May 2004, Eugen Leitl wrote: > Not only that: NATted agents cannot be "called" unless they first register > with some reflector on the open Internet. And centralized reflectors are, > again, easy to attack, and also expensive to operate, as the bandwidth > requirements are substantial (all the traffic flows through them): see > e.g. John Walker's analysis of the reasons that led him to abandon > SpeakFreely at http://www.fourmilab.ch/speakfree/ . > > Thomas Shaddack suggested to leverage on Jabber, but: > > 1. Jabber uses TCP as transport, and therefore can't be efficiently used > as transport for telephony, i.e. using encapsulation of the voice packets > in the Jabber protocol in order to traverse NAT devices. Oh! There is a little misunderstanding here! I proposed using Jabber for the presence/location/directory thing, and for negotiation between the clients about what method to use, if they can do direct peer-to-peer call or have to use a reflector (and what one), what cipher and key to use, etc. - the Jabber protocol is rather unsuitable for VoIP. > 2. Jabber is based on a client-server paradigm similar to e-mail. Running > a Jabber server requires an always-on machine with its own domain name; > and, although dynamic DNS can help, the model again tend to be > hierarchical, easy to attack etc. That pretty much rules it out also for > session initiation, directory/presence etc. That's true - but it can be implemented with relative ease, with lots of infrastructure already existing. Next generation of the system then can be built atop this. > The beauty of Skype, encryption aside, is that it's based on an overlay > network solely based on P2P servents, relies (if their FAQ tells the > truth) upon NO central registry for presence and directory services, and > each client that runs non-NATted can transparently act as reflector > supporting NATted users. Plus, all this (including, besides voice, > text-based instant messaging) works with zero configuration with an > idiotproof UI. But it's closed-source and so can't be fully trusted :( From kmself at ix.netcom.com Mon May 10 01:23:07 2004 From: kmself at ix.netcom.com (Karsten M. Self) Date: Mon, 10 May 2004 01:23:07 -0700 Subject: [linux-elitists] Two on RFID from Politech: Hack the tech, & Gilmore's dystopia Message-ID: RFID has been in the news and play recently. I even heard a somewhat informed discussion on KQED's "California XXX" Saturday. The first article covers John Gilmore's dystopian view of RFID. Imagine being able to create weapons which indipendently target specific IDs. This sort of activity is hard to hack. It's also a partial _current_ reality: - OBL was tracked, according to reports, via his satellite phone, until he became aware of this, and stopped using same (possibly even sending it on a distracting separate track from himself for a time). - More locally, militia movements which had used anonymous phone cards to make "untraceable" phone calls instead were tracked on the basis of traffic analysis. While a given card wasn't allocated to an individual, it was identifiable by account, and could be flagged for monitoring if it called other numbers of known interest. I'm sure that states such as, say, Israel, would have a significant interest in munitions having characteristics described by Gilmore. The second covers a "hacking the system" concept. I'd considered something similar myself, though different in approach. Rather than finding RFID chips and "redistributing" them, why not create programmable RFID broadcasters which could spoof other chips, and distribute these. The idea being to pollute any RFID detectors with a vast spew of superfluous data. There are a couple of implications here which are pretty clear. Many of us carry a set of identifyable broadcast appliances already, and this will increase. These signatures are difficult to mask. The more likely response will be to find these signatures, and to the extent they're broadcastable, clone them and distribute them more widely (specific seeding). This will make the specific signatures less reliable for either legitimate or illegitimate use. At the same time, legitimate business uses of RFID monitoring will probably be highly specific in their focus on data interest. There's simply going to be too much data floating around, most of it not interesting, to be able to work with reasonably. This would be further encouraged by seeding of noise data closely resembling legitimate keys. Predictability of RFID sequences, and known legit or covert use of data will be key in determining both utility and countermeasure activities concerning RFID. ----- Forwarded message from Declan McCullagh ----- Date: Fri, 30 Apr 2004 00:24:45 -0400 From: Declan McCullagh To: politech at politechbot.com Subject: John Gilmore's horrific, dystopian view of an RFID world [priv] [I always learn something from John Gilmore, and this is no exception. Although parts of his dystopia are already true: I travel with a cell phone, 802.1x devices, and Bluetooth devices that broadcast my identity (to a sufficiently savvy adversary) even more efficiently than an RFID tag would... --Declan] -------- Original Message -------- Subject: Re: [Politech] Computerworld falls for RFID "sniper rifle" hoax? Date: Wed, 28 Apr 2004 13:21:35 -0700 From: John Gilmore To: Declan McCullagh CC: politech at politechbot.com References: <408F2D74.8040301 at well.com> Nice hoax. But the opposite is more likely to come true. Rather than shooting RFID chips into people, people with RFID chips already in or on them will be shot. People with RFID chips in their clothing, books, bags, or bodies could be targeted by "smart projectiles" that will zero in on that particular Smart. Today's "smart bombs" already self-guide toward laser-identified or RF-identified or heat-identified targets. The technical challenges involved in guiding a missile toward an RFID chip would probably relate to the speed of the missile compared to the range at which the RFID chip can be made to respond and the agility with which the missile can change course. Such a missile could probably more easily be designed to *arm* or *trigger* its explosion when a particular RFID chip is in range. That way, if fired at innocents, it would be a dud that would only cause minimal damage, but if fired at the right person, it would blow up. But we need not get so science-fiction about it. Rather than bring the mountain to Mohammed, let's let Mohammed come to the mountain. Let's see what this technology would do for an everyday practice of today's freedom fighters who are defending their country by opposing one of the US Government's current wars of occupation. In order to comply with government labeling mandates resulting from the huge Firestone tire recall, Michelin has announced that it plans to put RFID chips in every tire it sells to car makers (and eventually in every tire they sell). Similar plans are afoot for many other automotive and personal products. Imagine being able to bury an explosive in a roadway -- that would only go off when a particular car drove over it. You could bury these bombs months in advance, in any or every major or minor roadway. You could change the targeting whenever you liked (e.g. via driving a radio-equipped car over it and transmitting new instructions to it). You could give it a whole list of cars that it would explode for, or a set of cars and dates. If you put such bombs throughout a metropolitan area, a car could drive through the area for months without triggering anything -- taking evasive routes, etc. But on the appointed day, each the bombs surrounding the area would know to go off when that same car passed. Without the responsible parties having to visit the sites later than days or weeks beforehand (making them hard to catch or deter). Such explosives would be detectable by their radio emissions -- RFID pings. But in a world where RFID pings are being transmitted by everything around you, including every cellphone and doorframe and cash register and ATM machine and camera and car and computer and palmtop and parking meter and cop car ... you won't even notice. Places with "congestion pricing" like central London, or any toll road anywhere, would even have plenty of active RFID readers buried in the roadway already. And I'm sure the cops anywhere would love to have them for tracking where everybody is driving -- individually. Welcome to automated personal death. Courtesy of RFID and leading shortsighted global corporations, with government encouragement. John ----- End forwarded message ----- And item #2: hacking the system. ----- Forwarded message from Declan McCullagh ----- Date: Wed, 05 May 2004 00:41:47 -0400 From: Declan McCullagh To: politech at politechbot.com Subject: Hack the tech: a possible counter-RFID strategy [priv] -------- Original Message -------- Subject: A possible counter-RFID strategy Date: Mon, 3 May 2004 07:57:30 -0400 From: Rich Kulawiec To: Declan McCullagh (An edit of something I sent to the folks at nocards.org last summer) Having followed the recent RFID-related messages on Politech, I thought I'd send this along. First, a small historical diversion: back in the 1980's, there were rumors that the NSA had a complete Usenet feed going into its data centers. In reaction, Usenet article authors began to include what were called "NSA fodder" in the headers and bodies of their articles; text strings like: Moscow nuke Iran Kremlin secret spy CIA transmission were put there to (at least in theory) cause the text-analysis programs and perhaps the human beings analyzing the incoming data at the NSA to work a bit harder. Nobody (I hope) took this very seriously, but it does illustrate an interesting point about approaches to frustrating unwanted data collection, and that is that there are two ways to do that: 1. Deny the data to the collectors. 2. Give them all the data they could possibly hope for... but fill it with so much noise that it's useless. In the case of RFID tags, so many people are all over their deployment that approach #1 may now be effectively impossible. Fine. Let them knock themselves out putting RFID tags on and in everything and tracking them and accumulating all the data, and spending lots and lots of money and time setting all that up. Meanwhile, let's try approach #2. After all, there's no reason why you and I can't have our own RFID scanners, and locate the tags that we happen to find in our possession, now is there? And if I felt like, oh, removing the tag from my new shirt and sticking it in a city bus seat, or extracting the tag from a new lawn sprinkler and putting it in on a shopping cart back at the store where I bought it, well, why not? Now imagine the consequences if 20 million people did the same. We could even have little exchanges where we throw all our tags in a pile and randomly take some away to play with -- the point being that then not even *we* know what happened to them. I find it very satisfying to think that someone trying to figure out where my bicycle helmet is at the moment will actually be tracking a Walmart (rushing headlong toward adoption of RFID) manager's car that happened to parked somewhere nearby when I felt like transplanting the RFID tag. RFID tags from all kinds of things could be randomly planted everywhere: in an airplane seat, in a newspaper at the library, in a copy of a rented video, EVERYWHERE. Some could be transplanted to similar items; others to completely different ones. And so on. I'm not suggesting that anyone abandon the fight against the intrusive and abusive uses of RFID by any means; I'm just suggesting that one possible countermeasure to make whatever deployment goes forward far less effective than its backers hope is to cause their RFID trackers to record huge amounts of completely useless data. [1] This is relatively easy to do, and could actually be turned into a rather amusing exercise in competitive ingenuity. [2] But more seriously, if a sufficient number of people participate, and thus a sufficient number of RFID tags are pressed into service generating bogus data, it will discredit them and devalue their usefulness, thus discouraging their further adoption and undercutting attempts to rely on them for some of their more Orwellian possible uses. It's a shame that something like this is necessary: but given the total lack of respect for privacy and any semblance of self-restraint on the part of governments and corporations, it is. --Rsk [1] Most importantly, "useless data" that will be very difficult to distinguish from useful data. Every communications engineer learns that separating signal from noise is relatively easy when they have very different properties, but much harder when they're the same. Hence the need to transplant at least some RFID tags to similar items, thus generating bogus but hard-to-spot-as-bogus data. [2] "I'd like to thank you for coming to testify before our committee today, Mr. Ashton, and as my first question, I'd like you to explain why the Senate's RFID scanner indicates that you walked in here with a cheese grater, a copy of the latest Harry Potter video, a forklift, and the latest issue of 'Motorcycle Babes' on your person." ----- End forwarded message ----- -- Karsten M. Self http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? Kerry '04 http://www.johnkerry.com/ _______________________________________________ linux-elitists http://zgp.org/mailman/listinfo/linux-elitists ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From jason at lunkwill.org Sun May 9 19:42:04 2004 From: jason at lunkwill.org (Jason Holt) Date: Mon, 10 May 2004 02:42:04 +0000 (UTC) Subject: Brands' private credentials In-Reply-To: <20040509100431.GA24611@bitchcake.off.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 9 May 2004, Adam Back wrote: > and seeing that it is a completely different proposal essentially > being an application of IBE, and extension of the idea that one has > multiple "identities" encoding attributes. (The usual attribute this > approach is used for is time-period of receipt .. eg month of receipt > so the sender knows which key to encrypt with). Right, good summary. > One claim is that the system should hide sensitive attributes from > disclosure during a showing protocol. So the example given an AIDs > patient could authenticate to an AIDS db server without revealing to > an outside observer whether he is an AIDs patient or an authorised > doctor. > > However can't one achieve the same thing with encryption: eg an SSL > connection and conventional authentication? How would you use SSL to prove fulfillment without revealing how? You could get the CA to issue you a "patient or doctor" SSL cert, likewise for every possible combination of things somebody might ask you for, but that's not very practical. Presumably this is why the other systems also allow proof of expressions without revealing all the attributes you used to do so. > Outside of this, the usual approach to this is to authenticate the > server first, then authenticate the client so the client's privacy is > preserved. If you can trust the server to do so. Firstly, hidden credentials limit what the server learns, so you don't *have* to trust the server as much. But secondly, they also solve the problem which shifts to the server when it goes first: now the server has to reveal attributes to a complete stranger. For sensitive systems, it's easy to get circular dependencies where neither side wants to go first. Hidden credentials let you enforce the policy in the ciphertext: "if you can read this, let's talk. if not, I didn't want to talk to you anyway (and you won't learn why)". (Incidentally, two other similar systems came out at about the same time as mine, both geared less toward extreme policy/credential paranoia and more toward resolving such circular dependencies: OSBE (Li, Du, Boneh) and Secret Handshakes (Balfanz et al)). > Further more there seems to be no blinding at issue time. So to > obtain a credential you would have to identify yourself to the CA / > IBE identity server, show paper credentials, typically involving True > Name credentials, and come away with a private key. So it is proposed > in the paper the credential would be issued with a pseudonym. However > the CA can maintain a mapping between True Name and pseudonym. > > However whenever you show the credential the event is traceable back > to you by collision with the CA. Right, that is a big consideration with my system; CAs can be nosy. Of course, any CA will want you to show paper credentials or some other real-world proof that they should give you a credential. But you're right that the Chaum/Brands/L&C family do have a big advantage in limiting the risks of big-brother CAs once they've issued it to you. > I would not say your Hidden Credential system _is_ an anonymous > credential system. There is no blinding in the system period. All is > gated via a "trust-me" CA that in this case happens to be an IBE > server, so providing the communication pattern advantages of an IBE > system. If your definition requires anonymity wrt the CA, then you're right. My system lets folks: * authenticate based on attributes rather than identity * access resources without the server even knowing whether they fulfill the policy * hide policies from people who don't fulfill them So it's definitely in the realm of other privacy systems. We could define a new term just to exclude my system from the others, but at this point I don't think naming confusion is any worse for my system; they all have lots of different nonorthogonal features. I have to write a survey paper for my Ph.D. requirements, and I've been thinking I should write a big feature table as part of it. > In particular I don't see any way to implement an anonymous epayment > system using Hidden Credentials. As I understand it is simply not I've never really considered it as a payment system. It's geared more toward systems which use extremely sensitive resources, and their corresponding sensitive policies and credentials. -J -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAnuwCnwLgjivV2NERAs/lAKC2B9R0EQJY+fgh46QpjkdmsdjbMwCgziHw VRCNzAhIdnIImHMyu7Lpvwk= =wpJ0 -----END PGP SIGNATURE----- From adam at cypherspace.org Mon May 10 02:35:28 2004 From: adam at cypherspace.org (Adam Back) Date: Mon, 10 May 2004 05:35:28 -0400 Subject: Brands' private credentials In-Reply-To: References: <20040509100431.GA24611@bitchcake.off.net> Message-ID: <20040510093528.GB13170@bitchcake.off.net> On Mon, May 10, 2004 at 02:42:04AM +0000, Jason Holt wrote: > > However can't one achieve the same thing with encryption: eg an SSL > > connection and conventional authentication? > > How would you use SSL to prove fulfillment without revealing how? > You could get the CA to issue you a "patient or doctor" SSL cert, Well SSL was just to convince you that you were talking to the right server ("you have reached the AIDs db server"). After that I was presuming you use a signature to convince the server that you are authorised. Your comment however was that this would necessarily leak to the server whether you were a doctor or an AIDs patient. However from what I understood from your paper so does your scheme, from section 5.1: P = (P1 or P2) is encoded HC_E(R,p) = {HC_E(R,P1),HC_E(R,P2)} With Hidden Credentials, the messages are in the other direction: the server would send something encrypted for your pseudonym with P1 = AIDs patient, and P2 = Doctor attributes. However the server could mark the encrypted values by encoding different challenge response values in each of them, right? (Think you would need something like Bert Jaap-Koops Binding cryptography where you can verify externally to encryption that the contained encrypted value is the same to prevent that; or some other proof that they are the same.) Another approach to hiding membership is one of the techniques proposed for non-transferable signatures, where you use construct: RSA-sig_A(x),RSA-sig_B(y) and verification is x xor y = hash(message). Where the sender is proving he is one of A and B without revealing which one. (One of the values is an existential forgery, where you choose a z value first, raise it to the power e, and claim z is a signature on x= z^e mod n; then you use private key for B (or A) to compute the real signature on the xor of that and the hash of the message). You can extend it to moer than two potential signers if desired. > > Outside of this, the usual approach to this is to authenticate the > > server first, then authenticate the client so the client's privacy is > > preserved. > > If you can trust the server to do so. Firstly, hidden credentials limit what > the server learns, so you don't *have* to trust the server as much. But > secondly, they also solve the problem which shifts to the server when it goes > first: OK so the fact that the server is the AIDs db server is itself secret. Probably better example is dissident's server or something where there is some incentive to keep the identity of the server secret. So you want bi-directional anonymity. It's true that the usual protocols can not provide both at once; SSL provides neither, the anonymous IP v2 protocol I designed at ZKS had client anonymity (don't reveal pseudonym until authenticate server, and yet want to authenticate channel with pseudonym). This type of bi-directional anonymity pretty much is going to need something like the attribute based encryption model you're using. However it would be nice/interesting if one could do that end-2-end secure without needing to trust a CA server. > My system lets folks: > > * access resources without the server even knowing whether they fulfill the > policy this one is a feature auth based systems aren't likely to be able to fullfil, you can say this because the server doesn't know if you're able to decrypt or not > So it's definitely in the realm of other privacy systems. We could > define a new term just to exclude my system from the others, but at > this point I don't think naming confusion is any worse for my > system; they all have lots of different nonorthogonal features. I think it would be fair to call it anonymity system, just that the trust model includes a trusted server. There are lots of things possible with a trusted server, even with symmetric crypto (KDCs). Adam From adam at cypherspace.org Mon May 10 03:02:51 2004 From: adam at cypherspace.org (Adam Back) Date: Mon, 10 May 2004 06:02:51 -0400 Subject: blinding & BF IBE CA assisted credential system (Re: chaum's patent expiry?) In-Reply-To: References: <20040509091559.GA24140@bitchcake.off.net> Message-ID: <20040510100251.GA13618@bitchcake.off.net> On Mon, May 10, 2004 at 03:03:56AM +0000, Jason Holt wrote: > [...] Actually, now that you mention Chaum, I'll have to look into > blind signatures with the B&F IBE (issuing is just a scalar*point > multiply on a curve). I think you mean so that the CA/IBE server even though he learns pseudonyms private key, does not learn the linkage between true name and pseudonym. (At any time during a show protocol whether the private key issuing protocol is blinded or not the IBE server can compute the pseudonyms private key). Seems like an incremental improvement yes. > That could be a way to get CA anonymity for hidden credentials - > just do vanilla cut and choose on blinded pseudonymous credential > strings, then use a client/server protocol with perfect forward > secrecy so he can't listen in. Note PFS does not make end-2-end secure against an adversary who can compute the correspondents private keys, as vulnerable to MITM. Could say invulnerable to passive eavesdropper. However you might have an opening here for a new security model combining features of Hidden Credentials with a kind of MITM resistance via anonymity. What I mean is HC allows 2 parties to communicate, and they know who they are communicating with. The CA colluding MITM however we'll say does not apriori, so he has to brute force try all psuedonym, attribute combinations until he gets the right one. Well still not desirable security margin, but some extra difficulty for the MITM. Adam From DaveHowe at gmx.co.uk Mon May 10 03:04:25 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Mon, 10 May 2004 11:04:25 +0100 Subject: Accoustic Cryptoanalysis for RSA? Message-ID: <00e101c43676$32463800$c71121c2@exchange.sharpuk.co.uk> opinions? http://www.wisdom.weizmann.ac.il/~tromer/acoustic/ From hdiwan at mac.com Mon May 10 11:14:49 2004 From: hdiwan at mac.com (Hasan Diwan) Date: Mon, 10 May 2004 11:14:49 -0700 Subject: Can Skype be wiretapped by the authorities? (fwd from em@em.no-ip.com) In-Reply-To: <20040509203640.GT25728@leitl.org> References: <20040509203640.GT25728@leitl.org> Message-ID: AES is the American Encryption Standard, formerly known as Rijndael. Does anyone really think the US Government would be so daft as to adopt an algorithm they don't know how to break? On May 9, 2004, at 1:36 PM, Eugen Leitl wrote: > ----- Forwarded message from Enzo Michelangeli ----- > > From: "Enzo Michelangeli" > Date: Thu, 29 Apr 2004 20:01:57 +0800 > To: > Cc: "Axel H Horns" > Subject: Re: Can Skype be wiretapped by the authorities? > X-Mailer: Microsoft Outlook Express 6.00.2800.1409 > > ----- Original Message ----- > From: "Axel H Horns" > To: > Sent: Wednesday, April 28, 2004 4:49 AM > Subject: Can Skype be wiretapped by the authorities? > > >> Is something known about the details of the crypto protocol within >> Skype? How reliable is the encryption? >> >> See e.g. >> >> http://www.financialcryptography.com/mt/archives/000076.html >> >> Can Skype be wiretapped by the authorities? With collaboration of the >> Skype operator? Without? > > What do you mean with "operator"? AFAIK, the system is fully > peer-to-peer > (http://www.skype.com/skype_p2pexplained.html ). > > Regarding the crypto, at http://www.skype.com/help_faq.html#Technical > they > say: > > What type of encryption is used? > > Skype uses AES (Advanced Encryption Standard) - also known as Rijndel > - which is also used by U.S. Government organizations to protect > sensitive, information. Skype uses 256-bit encryption, which has a > total of 1.1 x 1077 possible keys, in order to actively encrypt the > data in each Skype call or instant message. Skype uses 1536 to 2048 > bit RSA to negotiate symmetric AES keys. User public keys are > certified by Skype server at login. > > OK, so "Rijndael" is misspelled and the RSA-based key exchange does not > provide forward secrecy, but apart from that it doesn't smell like > snake > oil. Not too bad, at least. > > BUT, unfortunately, the implementation is closed source, so there are > no > guarantees that the software is not GAKked. And yes, definitely an > opensource (and multiplatform) alternative would be a cool thing to > have. > A message I posted a while ago to the list p2p-hackers was reposted by > Eugene Leitl to cypherpunks > (http://www.mail-archive.com/cypherpunks at minder.net/msg81814.html ) but > the couple of followups it elicited didn't seem to center the issues I > raised. I didn't reply then because I'm not a subscriber of cypherpunks > any longer, so I'd like to take this occasion for doing it here now: > > Major Variola (ret) commented (indented lines, followed by my comment): > [...] >> Skype claims to use RSA-based key exchange, which is good for >> multi-party conferencing but does not preserve forward secrecy. >> Maybe some variant of ephemeral D-H authenticated by RSA >> signatures, with transparent renegotiation every time someone >> joins the conference, could do the job better. > > RSA (ie persistant keys) may be an option but MUST NOT be > required, for secrecy reasons as mentioned. (At worst RSA keys > can be used once, then discarded. Lots of primes out there :-) > > Well, I don't see why RSA signatures (only for authentication of the > key > exchange) could endanger forward secrecy. > > Also, this is *voice*, ie biometric auth, > so public-key-web-o-trust verislime scam is > unnecessary at best. > > It's not only voice, it's also IM-style text chat. And even with voice, > biometric authentication becomes awkward to use with conference calls. > > [...] >> One could always implement a brand new >> network, using Distributed Hash Table algorithms such as Chord or >> Kademlia, > > We don't give a flying fuck as to which shiny new algorithm you use, > although were we a graph theory wonk, we might care. > > The issue here is that DHT algorithms allow to implement a fully > distributed directory, which means one much more resistant to attacks > (especially from institutional attackers) than implementations based on > centralized servers (see, in a related fild, the different destinies of > Napster and its distributed successors such as Overnet or the less > efficient Gnutella). Still, a full search takes O(log(n)) steps, making > them practical for implementing directory/presence services. > > [...] >> but it would be much easier to rely from the very beginning upon >> a large number of nodes (at least for directory and presence >> functionality, if not for the reflectors which require specific >> UDP code). > > What the NAT world (yawn) needs is free registry services > exploitable by any protocol. Those NAT-users with RSA-clue can > sign their registry entry. > > Not only that: NATted agents cannot be "called" unless they first > register > with some reflector on the open Internet. And centralized reflectors > are, > again, easy to attack, and also expensive to operate, as the bandwidth > requirements are substantial (all the traffic flows through them): see > e.g. John Walker's analysis of the reasons that led him to abandon > SpeakFreely at http://www.fourmilab.ch/speakfree/ . > > Thomas Shaddack suggested to leverage on Jabber, but: > > 1. Jabber uses TCP as transport, and therefore can't be efficiently > used > as transport for telephony, i.e. using encapsulation of the voice > packets > in the Jabber protocol in order to traverse NAT devices. > > 2. Jabber is based on a client-server paradigm similar to e-mail. > Running > a Jabber server requires an always-on machine with its own domain name; > and, although dynamic DNS can help, the model again tend to be > hierarchical, easy to attack etc. That pretty much rules it out also > for > session initiation, directory/presence etc. > > The beauty of Skype, encryption aside, is that it's based on an overlay > network solely based on P2P servents, relies (if their FAQ tells the > truth) upon NO central registry for presence and directory services, > and > each client that runs non-NATted can transparently act as reflector > supporting NATted users. Plus, all this (including, besides voice, > text-based instant messaging) works with zero configuration with an > idiotproof UI. > > Enzo > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to > majordomo at metzdowd.com > > ----- End forwarded message ----- > -- > Eugen* Leitl leitl > ______________________________________________________________ > ICBM: 48.07078, 11.61144 http://www.leitl.org > 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > http://moleculardevices.org http://nanomachines.net > Hasan Diwan {http://ibn.com/~hdiwan} OpenPGP Fingerprint: 275D 0E84 550C D92A 4A56 732C 8528 2579 E6E9 4842 [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s] From brian.dunbar at plexus.com Mon May 10 11:40:51 2004 From: brian.dunbar at plexus.com (Brian Dunbar) Date: Mon, 10 May 2004 13:40:51 -0500 Subject: Can Skype be wiretapped by the authorities? (fwd from In-Reply-To: <20040510183014.GF15626@acm.jhu.edu> References: <20040509203640.GT25728@leitl.org> <20040510183014.GF15626@acm.jhu.edu> Message-ID: <8FFE548E-A2B1-11D8-B502-0003939F949C@plexus.com> On May 10, 2004, at 1:30 PM, Jack Lloyd wrote: > Like it matters. Do you really think that the government would really > allow > Intel and AMD to sell CPUs that didn't have tiny transmitters in them? > Your CPU > is actually transmitting every instruction it executes to the > satellites. That's a subtle bit of humor, right? ~brian From lloyd at randombit.net Mon May 10 11:30:14 2004 From: lloyd at randombit.net (Jack Lloyd) Date: Mon, 10 May 2004 14:30:14 -0400 Subject: Can Skype be wiretapped by the authorities? (fwd from em@em.no-ip.com) In-Reply-To: References: <20040509203640.GT25728@leitl.org> Message-ID: <20040510183014.GF15626@acm.jhu.edu> Like it matters. Do you really think that the government would really allow Intel and AMD to sell CPUs that didn't have tiny transmitters in them? Your CPU is actually transmitting every instruction it executes to the satellites. On Mon, May 10, 2004 at 11:14:49AM -0700, Hasan Diwan wrote: > AES is the American Encryption Standard, formerly known as > Rijndael. Does anyone really think the US Government would be so daft > as to adopt an algorithm they don't know how to break? > On May 9, 2004, at 1:36 PM, Eugen Leitl wrote: > > > ----- Forwarded message from Enzo Michelangeli ----- > > > > From: "Enzo Michelangeli" > > Date: Thu, 29 Apr 2004 20:01:57 +0800 > > To: > > Cc: "Axel H Horns" > > Subject: Re: Can Skype be wiretapped by the authorities? > > X-Mailer: Microsoft Outlook Express 6.00.2800.1409 > > > > ----- Original Message ----- > > From: "Axel H Horns" > > To: > > Sent: Wednesday, April 28, 2004 4:49 AM > > Subject: Can Skype be wiretapped by the authorities? > > > > > >> Is something known about the details of the crypto protocol within > >> Skype? How reliable is the encryption? > >> > >> See e.g. > >> > >> http://www.financialcryptography.com/mt/archives/000076.html > >> > >> Can Skype be wiretapped by the authorities? With collaboration of the > >> Skype operator? Without? > > > > What do you mean with "operator"? AFAIK, the system is fully > > peer-to-peer > > (http://www.skype.com/skype_p2pexplained.html ). > > > > Regarding the crypto, at http://www.skype.com/help_faq.html#Technical > > they > > say: > > > > What type of encryption is used? > > > > Skype uses AES (Advanced Encryption Standard) - also known as Rijndel > > - which is also used by U.S. Government organizations to protect > > sensitive, information. Skype uses 256-bit encryption, which has a > > total of 1.1 x 1077 possible keys, in order to actively encrypt the > > data in each Skype call or instant message. Skype uses 1536 to 2048 > > bit RSA to negotiate symmetric AES keys. User public keys are > > certified by Skype server at login. > > > > OK, so "Rijndael" is misspelled and the RSA-based key exchange does not > > provide forward secrecy, but apart from that it doesn't smell like > > snake > > oil. Not too bad, at least. > > > > BUT, unfortunately, the implementation is closed source, so there are > > no > > guarantees that the software is not GAKked. And yes, definitely an > > opensource (and multiplatform) alternative would be a cool thing to > > have. > > A message I posted a while ago to the list p2p-hackers was reposted by > > Eugene Leitl to cypherpunks > > (http://www.mail-archive.com/cypherpunks at minder.net/msg81814.html ) but > > the couple of followups it elicited didn't seem to center the issues I > > raised. I didn't reply then because I'm not a subscriber of cypherpunks > > any longer, so I'd like to take this occasion for doing it here now: > > > > Major Variola (ret) commented (indented lines, followed by my comment): > > [...] > >> Skype claims to use RSA-based key exchange, which is good for > >> multi-party conferencing but does not preserve forward secrecy. > >> Maybe some variant of ephemeral D-H authenticated by RSA > >> signatures, with transparent renegotiation every time someone > >> joins the conference, could do the job better. > > > > RSA (ie persistant keys) may be an option but MUST NOT be > > required, for secrecy reasons as mentioned. (At worst RSA keys > > can be used once, then discarded. Lots of primes out there :-) > > > > Well, I don't see why RSA signatures (only for authentication of the > > key > > exchange) could endanger forward secrecy. > > > > Also, this is *voice*, ie biometric auth, > > so public-key-web-o-trust verislime scam is > > unnecessary at best. > > > > It's not only voice, it's also IM-style text chat. And even with voice, > > biometric authentication becomes awkward to use with conference calls. > > > > [...] > >> One could always implement a brand new > >> network, using Distributed Hash Table algorithms such as Chord or > >> Kademlia, > > > > We don't give a flying fuck as to which shiny new algorithm you use, > > although were we a graph theory wonk, we might care. > > > > The issue here is that DHT algorithms allow to implement a fully > > distributed directory, which means one much more resistant to attacks > > (especially from institutional attackers) than implementations based on > > centralized servers (see, in a related fild, the different destinies of > > Napster and its distributed successors such as Overnet or the less > > efficient Gnutella). Still, a full search takes O(log(n)) steps, making > > them practical for implementing directory/presence services. > > > > [...] > >> but it would be much easier to rely from the very beginning upon > >> a large number of nodes (at least for directory and presence > >> functionality, if not for the reflectors which require specific > >> UDP code). > > > > What the NAT world (yawn) needs is free registry services > > exploitable by any protocol. Those NAT-users with RSA-clue can > > sign their registry entry. > > > > Not only that: NATted agents cannot be "called" unless they first > > register > > with some reflector on the open Internet. And centralized reflectors > > are, > > again, easy to attack, and also expensive to operate, as the bandwidth > > requirements are substantial (all the traffic flows through them): see > > e.g. John Walker's analysis of the reasons that led him to abandon > > SpeakFreely at http://www.fourmilab.ch/speakfree/ . > > > > Thomas Shaddack suggested to leverage on Jabber, but: > > > > 1. Jabber uses TCP as transport, and therefore can't be efficiently > > used > > as transport for telephony, i.e. using encapsulation of the voice > > packets > > in the Jabber protocol in order to traverse NAT devices. > > > > 2. Jabber is based on a client-server paradigm similar to e-mail. > > Running > > a Jabber server requires an always-on machine with its own domain name; > > and, although dynamic DNS can help, the model again tend to be > > hierarchical, easy to attack etc. That pretty much rules it out also > > for > > session initiation, directory/presence etc. > > > > The beauty of Skype, encryption aside, is that it's based on an overlay > > network solely based on P2P servents, relies (if their FAQ tells the > > truth) upon NO central registry for presence and directory services, > > and > > each client that runs non-NATted can transparently act as reflector > > supporting NATted users. Plus, all this (including, besides voice, > > text-based instant messaging) works with zero configuration with an > > idiotproof UI. > > > > Enzo > > > > --------------------------------------------------------------------- > > The Cryptography Mailing List > > Unsubscribe by sending "unsubscribe cryptography" to > > majordomo at metzdowd.com > > > > ----- End forwarded message ----- > > -- > > Eugen* Leitl leitl > > ______________________________________________________________ > > ICBM: 48.07078, 11.61144 http://www.leitl.org > > 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > > http://moleculardevices.org http://nanomachines.net > > > Hasan Diwan {http://ibn.com/~hdiwan} > OpenPGP Fingerprint: 275D 0E84 550C D92A 4A56 732C 8528 2579 E6E9 4842 > > [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s] From camera_lumina at hotmail.com Mon May 10 11:31:18 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 10 May 2004 14:31:18 -0400 Subject: SASSER Worm Dude Message-ID: "HANOVER, Germany -- German police have arrested an 18-year-old man suspected of creating the Sasser computer worm, believed to be one of the Internet's most costly outbreaks of sabotage." Note the language...an "18 year old MAN" and "sabotage"... So a HS kid, living with his parents, is able to write a worm that takes out millions and millions of computers throughout the world running the latest MS OS. Uh....shouldn't we arrest Bill Gates first? -TD _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar  get it now! http://toolbar.msn.com/go/onm00200415ave/direct/01/ From roy at rant-central.com Mon May 10 12:23:45 2004 From: roy at rant-central.com (Roy M. Silvernail) Date: Mon, 10 May 2004 15:23:45 -0400 Subject: SASSER Worm Dude In-Reply-To: References: Message-ID: <1084217024.15147.5.camel@localhost> On Mon, 2004-05-10 at 14:31, Tyler Durden wrote: > Note the language...an "18 year old MAN" and "sabotage"... Eh? The USian secfor has been using that style of hyperbole since Freeh. Germany is playing catch-up. > So a HS kid, living with his parents, is able to write a worm that takes out > millions and millions of computers throughout the world running the latest > MS OS. Uh....shouldn't we arrest Bill Gates first? Hmmm... there *is* that thing about maintaining an attractive nusiance, no? -- Roy M. Silvernail is roy at rant-central.com, and you're not Never Forget: It's Only 1's and 0's! SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com From jya at pipeline.com Mon May 10 17:09:07 2004 From: jya at pipeline.com (John Young) Date: Mon, 10 May 2004 17:09:07 -0700 Subject: Can Skype be wiretapped by the authorities? (fwd from em@em.no-ip.com) In-Reply-To: <8FFE548E-A2B1-11D8-B502-0003939F949C@plexus.com> References: <20040510183014.GF15626@acm.jhu.edu> <20040509203640.GT25728@leitl.org> <20040510183014.GF15626@acm.jhu.edu> Message-ID: Brian Dunbar wrote: >> Like it matters. Do you really think that the government would really >> allow Intel and AMD to sell CPUs that didn't have tiny transmitters in them? >> Your CPU is actually transmitting every instruction it executes to the >> satellites. > >That's a subtle bit of humor, right? Whenever this truth is repeated, first revealed here in 1992 by a person who worked at Intel in its early days when it was desperate for government contracts, it is taken to be humorous. The detailed description of the chip broadcasting technology was once retrievable from the cypherpunks archives but the earliest archives have disappeared, possibly with the intent of erasing information on this very topic. The original anonymous explained that Intel was going to be withdrawn as a public company and do only black work for governments, not only the US. That that is likely to have happened except that a public shell was allowed to continue and succeed as a cover -- early investors were induced to keep this quiet with bountiful payouts, among them former Intel employees. What remains of this story on the Internet is a bowderlized version of the original truth, sometimes commingled with Tempest apochryphia -- Tempest the fountain head of dissimulation about electromagnetic transmitting technology more fancifully described than told the truth about. As a corollary AMD is an illusory chip fabricator, set up and fed by Intel to give the appearance of competition. There are others to delude foreign customers into trusting their homegrown. From adam at cypherspace.org Mon May 10 14:54:59 2004 From: adam at cypherspace.org (Adam Back) Date: Mon, 10 May 2004 17:54:59 -0400 Subject: more hiddencredentials comments (Re: Brands' private credentials) In-Reply-To: References: <20040510093528.GB13170@bitchcake.off.net> Message-ID: <20040510215459.GA22670@bitchcake.off.net> On Mon, May 10, 2004 at 08:02:12PM +0000, Jason Holt wrote: > Adam Back wrote: > > [...] However the server could mark the encrypted values by encoding > > different challenge response values in each of them, right? > > Yep, that'd be a problem in that case. In the most recent (unpublished) > paper, I addressed that by using R as the key for a ciphertext+MAC on the > actual message. OK that sounds like it should work. Another approach that occurs is you could just take the plaintext, and encrypt it for the other attributes (which you don't have)? It's usually not too challenging to make stuff deterministic and retain security. Eg. any nonces, randomizing values can be taken from PRMG seeded with seed also sent in the msg. Particularly that is much less constraining on the crypto system than what Bert-Jaap Koops had to do to get binding crypto to work with elgamal variant. > In either case, though, you can't just trust that the server > encrypted against "patient OR doctor" unless you have both creds and > can verify that they each recover the secret. The above approach should fix that also right? > (And you're right, the AIDS example is not very compelling. The > slides give a better one about FBI agents, but I'm still looking for > other examples of super-sensitive transactions where HCs would fit) dissident computing I think Ross Anderson calls it. People trying to operate pseudonymously and perhaps hiding the function of their servers in a cover service. > Hugo Krawczyk gave a great talk at Crypto about the going-first problem in > IPSec, which is where I got the phrase. He has a nice compromise in letting > the user pick who goes first, but for some situations I think hidden > credentials really would hit the spot. Unless it's signifcantly less efficient, I'd say use it all the time. > > I think it would be fair to call it anonymity system, just that the > > trust model includes a trusted server. There are lots of things > > possible with a trusted server, even with symmetric crypto (KDCs). > > Yeah, although I think most of them would require an on-line trusted > server. But that just makes all sorts of things way too easy to be > interesting. :) Yes. But you could explore public key based without IBE. You may have to use IBE as a sub-protocol, but I think ideally want to avoid the IBE server being able to decrypt stuff. Sacrificing the IBE communication pattern wouldn't seem like a big deal. Hmm well IBE is has a useful side-effect in pseudonymity systems because it also has the side-effect of saving the privacy problems in first obtaining the other parties key. Other way to counteract that is to always include the psuedonym public key with the pseudonym name (which works for mailto: style URLs or whatever that are electronically distributed, but not for offline distributed). Btw one other positive side-effect of IBE is the server can't impersonate by issuing another certificate in a pseudonyms name because there is definitionally only one certificate. I was thinking particularly if you super-encrypt with the psuedonym's (standard CA) public key as well as the IBE public key you get the best of both feature sets. btw#2 You could probably come up with a way to prevent a standard (non IBE) CA from issuing multiple certs. eg. if he does that and someone puts two certs together they learn CA private key, ala Brands credential kind of offline double spending protection. Kind of a cryptographically enforced version of the policy enforced uniqueness of serial numbers in X.509 certs. And we change the policy to one cert per pseudonym (kind of sudden death if you lose the private key, but hey just don't do that; we'd have no other way to authenticate you to get a new cert in the same psuedonyms name anyway, so you may just as well backup your pseudonym private key). Adam From adam at cypherspace.org Mon May 10 15:24:31 2004 From: adam at cypherspace.org (Adam Back) Date: Mon, 10 May 2004 18:24:31 -0400 Subject: blinding & BF IBE CA assisted credential system (Re: chaum's patent expiry?) In-Reply-To: References: <20040510100251.GA13618@bitchcake.off.net> Message-ID: <20040510222431.GA26225@bitchcake.off.net> But if I understand that is only half of the picture. The recipient's IBE CA will still be able to decrypt, tho the sender's IBE CA may not as he does not have ability to compute pseudonym private keys for the other IBE CA. If you make it PFS, then that changes to the recipient's IBE CA can get away with active MITM rather than passive eavesdropping. An aside is that PKI for Psuedonym's is an interesting question. The pseudonym can't exactly go and be certified by someone else as an introducer without revealing generally identifying things about the network of trust. But ignoring this presuming that the identities were not subject to MITM from day one, and could build up a kind of WoT despite lack of out-of-band way to check info to base WoT signatures on. It would still be interesting to defend the pseudonym against MITM colluding with IBE CA that at some point after the pseudonym has transferred keys without insertion of a MITM from. This problem of addressing the who goes first problem for pseudonymous communicants appears somewhat related to Public Key Steganography where there is a similar scenario and threat model. (Anderson and Petitcolas"On The Limits of Steganography" http://www.petitcolas.net/fabien/publications/jsac98-limsteg.pdf). They also cite a "Prisoners' problem" which might be something you could extend involving a warden who is eavesdropping and prisoners who will be penalized if he can detect and identify communicants. My earlier comment: | Btw one other positive side-effect of IBE is the server can't | impersonate by issuing another certificate in a pseudonyms name | because there is definitionally only one certificate. may not be that useful a distinction as the IBE CA server also gets your private key, so he doesn't _need_ to generate a certificate impersonating you as a conventional rogue CA would. But if we could make the binding from pseudonym to the pseudonym's non-IBE public key strictly first come first served, so that the IBE CA's attemt to claim his later released non-IBE public key is the correct one would be detectable. Either secure time-stamping, extending the psuedonym name to include fingerprint as self-authenticator would allow this. Adam On Mon, May 10, 2004 at 06:45:56PM +0000, Jason Holt wrote: > Well, he can always generate private keys for any pseudonym, just as in cash > systems where the bank can always issue bank notes. Here's what I'm > suggesting, where "b" is a blinding function and n1... are random nyms: > [...] > (Alice generates random nonce na) > HC_E(na, "Bob:agent", FBI)---> > > (Bob generates random nb) > <---HC_E(nb, "Alice:member", NRA) > > Both generate session keys from Hash(na,nb). > The FBI can *always* impersonate an agent, because, well, they're > the CA and they can make up pseudonymous agents all day long. But in > this protocol, I believe they wouldn't be able to be a MITM and/or > just eavesdrop on Alice&Bob. > That's because Bob only wants to talk to NRA members, and the FBI can't > impersonate that. > > Now, this is for an interactive session, rather than just sending a single > request/response round like I discuss in the paper. But even then, policies > are always respected. Just change "na" to "request" and "nb" to "response". > Alice's policy is respected whether she talks to FBI-authorized-Bob or > FBI-authorized-FBI, and the FBI doesn't get to read Bob's NRA-Alice-only > repsonse. > > -J From dmarti at zgp.org Mon May 10 18:29:00 2004 From: dmarti at zgp.org (Don Marti) Date: Mon, 10 May 2004 18:29:00 -0700 Subject: [linux-elitists] Two on RFID from Politech: Hack the tech, & Gilmore's dystopia Message-ID: begin Donnie Barnes quotation of Mon, May 10, 2004 at 08:24:19PM -0400: > Of course, we can choose to not buy those tires. At least until all > tires have them. In the TREAD Act of November 1, 2000, Congress required the National Highway Traffic Safety Administration (NHTSA) to develop a rule requiring all new motor vehicles to be equipped with a warning system to indicate to the operator when a tire is significantly underinflated. http://www-nrd.nhtsa.dot.gov/vrtc/ca/tpms.htm Each sensor had a unique digital identification code so that the particular tire with low pressure could be identified on the driver's display. The digital identification code also prevented signals from other vehicles' sensors from being analyzed by the TPMS. http://www-nrd.nhtsa.dot.gov/vrtc/ca/capubs/tpms.pdf -- Don Marti http://zgp.org/~dmarti Learn Linux and free software dmarti at zgp.org from the experts in California, USA http://freedomtechnologycenter.org/ _______________________________________________ linux-elitists http://zgp.org/mailman/listinfo/linux-elitists ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From bill.stewart at pobox.com Mon May 10 18:44:07 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Mon, 10 May 2004 18:44:07 -0700 Subject: Can Skype be wiretapped by the authorities? (fwd from em@em.no-ip.com) In-Reply-To: References: <20040510183014.GF15626@acm.jhu.edu> <20040509203640.GT25728@leitl.org> <20040510183014.GF15626@acm.jhu.edu> Message-ID: <6.0.3.0.0.20040510184205.037d2cc0@pop.idiom.com> > >> Like it matters. Do you really think that the government would really > >> allow Intel and AMD to sell CPUs that didn't have tiny transmitters in > them? > >> Your CPU is actually transmitting every instruction it executes to the > satellites. That's why you keep your CPU under your tin-foil hat, isn't it? Certainly works for me... Bill Stewart bill.stewart at pobox.com From jason at lunkwill.org Mon May 10 11:45:56 2004 From: jason at lunkwill.org (Jason Holt) Date: Mon, 10 May 2004 18:45:56 +0000 (UTC) Subject: blinding & BF IBE CA assisted credential system (Re: chaum's patent expiry?) In-Reply-To: <20040510100251.GA13618@bitchcake.off.net> Message-ID: On Mon, 10 May 2004, Adam Back wrote: > On Mon, May 10, 2004 at 03:03:56AM +0000, Jason Holt wrote: > > [...] Actually, now that you mention Chaum, I'll have to look into > > blind signatures with the B&F IBE (issuing is just a scalar*point > > multiply on a curve). > > I think you mean so that the CA/IBE server even though he learns > pseudonyms private key, does not learn the linkage between true name > and pseudonym. (At any time during a show protocol whether the > private key issuing protocol is blinded or not the IBE server can > compute the pseudonyms private key). Well, he can always generate private keys for any pseudonym, just as in cash systems where the bank can always issue bank notes. Here's what I'm suggesting, where "b" is a blinding function and n1... are random nyms: Issuing: Alice FBI TTP b(n1,"agent")----> b(n2,"agent")----> b(n3,"agent")----> <---cut & choose: n1,n3 (n1,"agent")-----> (n3,"agent")-----> <---sig(b(n2,"agent")) (Alice unblinds and now has a credential for nym n2) So it's vanilla Chaum-style blinded credentials. The FBI signs Alice's agent cred without learning the nym. Alice can use the nym, and the server can ask the FBI the attributes (agent? chief? secretary?) of the person with the nym, but the FBI won't know. The FBI could eavesdrop on Alice's connection and generate whatever creds are necessary to read the resource Bob sends her, but that's why I was talking about building it in a protocol with PFS. But now that I think of it, PFS isn't really necessary at all for Alice&Bob to have a conversation where their policies are respected: Alice Bob (Alice generates random nonce na) HC_E(na, "Bob:agent", FBI)---> (Bob generates random nb) <---HC_E(nb, "Alice:member", NRA) Both generate session keys from Hash(na,nb). So, Alice wants to connect iff Bob's FBI, and Bob wants to talk iff Alice is in the NRA, where "Alice" and "Bob" are random pseudonyms. Thus they send their random nonces na and nb encrypted against those creds (HC_E is a hidden cred encrypt), then use those nonces for the session keys. The FBI can *always* impersonate an agent, because, well, they're the CA and they can make up pseudonymous agents all day long. But in this protocol, I believe they wouldn't be able to be a MITM and/or just eavesdrop on Alice&Bob. That's because Bob only wants to talk to NRA members, and the FBI can't impersonate that. Now, this is for an interactive session, rather than just sending a single request/response round like I discuss in the paper. But even then, policies are always respected. Just change "na" to "request" and "nb" to "response". Alice's policy is respected whether she talks to FBI-authorized-Bob or FBI-authorized-FBI, and the FBI doesn't get to read Bob's NRA-Alice-only repsonse. -J From adam at cypherspace.org Mon May 10 15:59:40 2004 From: adam at cypherspace.org (Adam Back) Date: Mon, 10 May 2004 18:59:40 -0400 Subject: more hiddencredentials comments (Re: Brands' private credentials) In-Reply-To: References: <20040510215459.GA22670@bitchcake.off.net> Message-ID: <20040510225940.GA26810@bitchcake.off.net> Gap may be I'm misunderstanding something about the HC approach. We have: P = (P1 or P2) is encoded HC_E(R,p) = {HC_E(R,P1),HC_E(R,P2)} so one problem is marking, the server sends you different R values: {HC_E(R,P1),HC_E(R',P2)} so you described one way to fix that by using symmetric crypto (where it is difficult to get a message to decrypt 2 different ways with different keys and get other than line noise out of the 2nd key). But next problem you mentioned, server could simply lie and send you {HC_E(R,P1),R2} for random value R2 now if you reply he knows you have property P1. So I was suggesting that after you decrypt HC_E(R,P1) you encrypt it again to check if R2 == HC_E(R,P2) which you should be able to do if you know P2, you have R (because you just decrypted it), and if you tweak the crypto system so that there is no non-deterministic aspect such as OAEP, randomization factors etc. > > Unless it's signifcantly less efficient, I'd say use it all the time. > > Well, I wouldn't complain. :) (Although pairings are quite slow, on > the order of hundreds of milliseconds.) Hilarie Orman presented it > at an IETF meeting to what was reportedly a lukewarm response, and > they also raised the patent issue. Dan Boneh is sensitive to the > issue of patented crypto, and was quite considerate when I asked > about it, but www.voltage.com still has the same vague statement in > their FAQ about how they're not going to be evil with the patent, so > it's still up in the air whether IBE will be useful in IETF > standards. If one were not explicitly interested in the IBE communication pattern, and to avoid the patents in IETF protocol problems, I would think one could do something without IBE. eg. you mentioned earlier the problem of issuing one cert per attribute permutation. Instead how about you issue one cert per attribute to psuedonym plus attribute. In the case where you are not due the attribute, you just don't learn the corresponding private key. One problem with this is you have to avoid the server learning the private key for the one you don't. Now it might be possible eg. with Elgamal / DH to make an efficient non-interactive ZKP that convinces you that the server chose the private key fairly (and so does not know any corresponding private key). But another way to side-step the issue is to have the CA issue you two certs per attribute. You choose the private key for one it chooses the private key for the other. Data is encrypted with both keys. In the case of you not being due the attribute the CA does not give you the private key it generated. You could probably use some of the key gen stuff from multi-party signatures (where multiple parties are involved and each holds a private key fragment), however they tend to be inefficient I think so above is probably simple and efficient enough. Adam From jason at lunkwill.org Mon May 10 13:02:12 2004 From: jason at lunkwill.org (Jason Holt) Date: Mon, 10 May 2004 20:02:12 +0000 (UTC) Subject: Brands' private credentials In-Reply-To: <20040510093528.GB13170@bitchcake.off.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 10 May 2004, Adam Back wrote: > After that I was presuming you use a signature to convince the server > that you are authorised. Your comment however was that this would > necessarily leak to the server whether you were a doctor or an AIDs > patient. > > However from what I understood from your paper so does your scheme, > from section 5.1: > > P = (P1 or P2) is encoded HC_E(R,p) = {HC_E(R,P1),HC_E(R,P2)} > > With Hidden Credentials, the messages are in the other direction: the > server would send something encrypted for your pseudonym with P1 = > AIDs patient, and P2 = Doctor attributes. However the server could > mark the encrypted values by encoding different challenge response > values in each of them, right? Yep, that'd be a problem in that case. In the most recent (unpublished) paper, I addressed that by using R as the key for a ciphertext+MAC on the actual message. So the server would have to find two R's that both satisfy the MAC but produce different ciphertexts in order to learn anything from the response. In either case, though, you can't just trust that the server encrypted against "patient OR doctor" unless you have both creds and can verify that they each recover the secret. They might be lying about the "doctor" part, and really sending against "patient OR nonexistant", in which case your response reveals that you're a patient. That's why we recommend that your response (if any) include the policy for the creds you used in decryption. So if Alice is responding to a message she decrypted with her "patient" cred, which she only (implicitly) discloses to Medicare, and the response itself is only for AIDS clinics, she should encrypt against "Medicare AND AIDS_clinic". (And you're right, the AIDS example is not very compelling. The slides give a better one about FBI agents, but I'm still looking for other examples of super-sensitive transactions where HCs would fit) > Another approach to hiding membership is one of the techniques > proposed for non-transferable signatures, where you use construct: > > RSA-sig_A(x),RSA-sig_B(y) and verification is x xor y = hash(message). > > Where the sender is proving he is one of A and B without revealing > which one. (One of the values is an existential forgery, where you That's very slick. I'll check it out. > OK so the fact that the server is the AIDs db server is itself secret. > Probably better example is dissident's server or something where there > is some incentive to keep the identity of the server secret. So you > want bi-directional anonymity. It's true that the usual protocols can > not provide both at once; SSL provides neither, the anonymous IP v2 > protocol I designed at ZKS had client anonymity (don't reveal > pseudonym until authenticate server, and yet want to authenticate > channel with pseudonym). This type of bi-directional anonymity pretty > much is going to need something like the attribute based encryption > model you're using. Hugo Krawczyk gave a great talk at Crypto about the going-first problem in IPSec, which is where I got the phrase. He has a nice compromise in letting the user pick who goes first, but for some situations I think hidden credentials really would hit the spot. > I think it would be fair to call it anonymity system, just that the > trust model includes a trusted server. There are lots of things > possible with a trusted server, even with symmetric crypto (KDCs). Yeah, although I think most of them would require an on-line trusted server. But that just makes all sorts of things way too easy to be interesting. :) -J -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAn9/HnwLgjivV2NERAkBUAJwLhH7lZBtd/boI6Edn3JWA+eStDQCdEFZi GI4rzGoiscp0Ze/+iKweu08= =eX/X -----END PGP SIGNATURE----- From jason at lunkwill.org Mon May 10 15:37:15 2004 From: jason at lunkwill.org (Jason Holt) Date: Mon, 10 May 2004 22:37:15 +0000 (UTC) Subject: more hiddencredentials comments (Re: Brands' private credentials) In-Reply-To: <20040510215459.GA22670@bitchcake.off.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 10 May 2004, Adam Back wrote: > OK that sounds like it should work. Another approach that occurs is > you could just take the plaintext, and encrypt it for the other > attributes (which you don't have)? It's usually not too challenging > to make stuff deterministic and retain security. Eg. any nonces, > randomizing values can be taken from PRMG seeded with seed also sent > in the msg. Particularly that is much less constraining on the crypto > system than what Bert-Jaap Koops had to do to get binding crypto to > work with elgamal variant. > > > In either case, though, you can't just trust that the server > > encrypted against "patient OR doctor" unless you have both creds and > > can verify that they each recover the secret. > > The above approach should fix that also right? I don't quite get what you're suggesting. Could you give a more concrete example? > > Hugo Krawczyk gave a great talk at Crypto about the going-first problem in > > IPSec, which is where I got the phrase. He has a nice compromise in letting > > the user pick who goes first, but for some situations I think hidden > > credentials really would hit the spot. > > Unless it's signifcantly less efficient, I'd say use it all the time. Well, I wouldn't complain. :) (Although pairings are quite slow, on the order of hundreds of milliseconds.) Hilarie Orman presented it at an IETF meeting to what was reportedly a lukewarm response, and they also raised the patent issue. Dan Boneh is sensitive to the issue of patented crypto, and was quite considerate when I asked about it, but www.voltage.com still has the same vague statement in their FAQ about how they're not going to be evil with the patent, so it's still up in the air whether IBE will be useful in IETF standards. -J -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAoAQfnwLgjivV2NERAtVcAKC8vQ6wxHeZ5Z3L4zcWPvZL7WKRqACgvB6y 8GxvXfFyewCuAA0FSAjdKoY= =ukVn -----END PGP SIGNATURE----- From justin-cypherpunks at soze.net Mon May 10 18:09:39 2004 From: justin-cypherpunks at soze.net (Justin) Date: Tue, 11 May 2004 01:09:39 +0000 Subject: Can Skype be wiretapped by the authorities? (fwd from em@em.no-ip.com) In-Reply-To: References: <20040510183014.GF15626@acm.jhu.edu> <20040509203640.GT25728@leitl.org> <20040510183014.GF15626@acm.jhu.edu> Message-ID: <20040511010939.GE19070@dreams.soze.net> John Young (2004-05-11 00:09Z) wrote: > Brian Dunbar wrote: > >> Like it matters. Do you really think that the government would really > >> allow Intel and AMD to sell CPUs that didn't have tiny transmitters in > them? > >> Your CPU is actually transmitting every instruction it executes to the > >> satellites. > > > >That's a subtle bit of humor, right? > > Whenever this truth is repeated, first revealed here in 1992 by a person > who worked at Intel in its early days when it was desperate for government > contracts, it is taken to be humorous. > ... > What remains of this story on the Internet is a bowderlized version of > the original truth, sometimes commingled with Tempest apochryphia -- Truth like this? ----Forwarded---- >From cypherpunks at MHonArc.venona Wed Dec 17 23:17:14 2003 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 18 Feb 93 10:50:25 PST To: cypherpunks at toad.com Subject: Re: Trapdoors Message-ID: <9302181848.AA20187 at netcom.netcom.com> MIME-Version: 1.0 Content-Type: text/plain >How do we know the proposed legislation wasn't just a smoke >screen? Isn't it possible that the Feds have already compromised >Intel or MicroSoft? Is there some way to be sure that the new >486 chip running your computer isn't recording each PGP or RSA >private key you generate? Sandy has discovered the deep dark secret of crypto! I worked for Intel from 1974 to 1986 and can confirm this to be the case. Every crypto key is secretly recorded by Intel microprocessors. Motorola processors do not yet record keys, which I why use a Macintosh. The specific instruction is the so-called "NSA instruction" which John Gilmore identified some time ago. Sun Microsystems was ordered by the NSA to redesign their chips to capture keys, which is why the SPARC processor was introduced. SPARC stands for "Sun Processor Allowing Remote Capture." Once the keys have been captured and stored on the user's hard disk (notice how the drives occasionally turn on a night?), they are forwarded to the NSA and National Surveillance Organization by "screen saver" programs, like "After Dark," which were actually written by the Berkeley Microsystems cut-out operation of the NSO. Real hackers don't use cutesy screen saver programs. This new automated system is much more convenient than the previous system, where the FBI and NSO had to break into homes and offices in order to retrieve the keys the Intel processors had recorded. ----End---- -- "Not your decision to make." "Yes. But it's the right decision, and I made it for my daughter." - Bill, Beatrix; Kill Bill Vol. 2 From ben at algroup.co.uk Tue May 11 03:45:37 2004 From: ben at algroup.co.uk (Ben Laurie) Date: Tue, 11 May 2004 11:45:37 +0100 Subject: Brands' private credentials In-Reply-To: <20040510093528.GB13170@bitchcake.off.net> References: <20040509100431.GA24611@bitchcake.off.net> <20040510093528.GB13170@bitchcake.off.net> Message-ID: <40A0AED1.3050809@algroup.co.uk> Adam Back wrote: > On Mon, May 10, 2004 at 02:42:04AM +0000, Jason Holt wrote: > Another approach to hiding membership is one of the techniques > proposed for non-transferable signatures, where you use construct: > > RSA-sig_A(x),RSA-sig_B(y) and verification is x xor y = hash(message). > > Where the sender is proving he is one of A and B without revealing > which one. (One of the values is an existential forgery, where you > choose a z value first, raise it to the power e, and claim z is a > signature on x= z^e mod n; then you use private key for B (or A) to > compute the real signature on the xor of that and the hash of the > message). You can extend it to moer than two potential signers if > desired. There is code for this in openssl (not sure if its the same technique, its described as a ring signature). One of the more amusing aspects is it was posted anonymously and signed by a group of likely-looking candidates. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff From DaveHowe at gmx.co.uk Tue May 11 04:47:49 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Tue, 11 May 2004 12:47:49 +0100 Subject: SASSER Worm Dude References: Message-ID: <020101c4374d$cad0af60$c71121c2@exchange.sharpuk.co.uk> Tyler Durden wrote: > "HANOVER, Germany -- German police have arrested an 18-year-old man > suspected of creating the Sasser computer worm, believed to be one of > the Internet's most costly outbreaks of sabotage." > Note the language...an "18 year old MAN" and "sabotage"... > So a HS kid, living with his parents, is able to write a worm that > takes out millions and millions of computers throughout the world > running the latest MS OS. Uh....shouldn't we arrest Bill Gates first? I think you are thinking in terms of the American age scale - In england (and over most of europe although obviously it varies), 18 is old enough to marry without parental permission, be served in a bar, drive, and be a practicing homosexual. At 16 you can have hetrosexual relationships, marry with parental permission, work (and pay taxes) and rent property in your own name (you can *own* property from 12) Most schooling ends at 16, college 18, university (assuming a 3 year course) 21. I would assume a german at 18 is either at university or considered of employable age - well into majority. So legally, "man" is ok - obviously, this is a shallow typical Skript Kiddie who probably still lives with his parents, but legally that isn't the case. From eugen at leitl.org Tue May 11 06:09:43 2004 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 11 May 2004 15:09:43 +0200 Subject: [linux-elitists] Two on RFID from Politech: Hack the tech, & Gilmore's dystopia (fwd from kmself@ix.netcom.com) Message-ID: <20040511130943.GP25728@leitl.org> ----- Forwarded message from "Karsten M. Self" ----- From rah at shipwright.com Tue May 11 15:21:39 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 11 May 2004 18:21:39 -0400 Subject: Wikipedia project: Crypto Message-ID: --- begin forwarded text From rah at shipwright.com Tue May 11 15:38:29 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 11 May 2004 18:38:29 -0400 Subject: Sierra Wireless Embeds Certicom's movian VPN Client in new Voq Professional Phone Message-ID: Yahoo! Press Release Source: Certicom Corp. Sierra Wireless Embeds Certicom's movianVPN Client in new Voq Professional Phone(TM) Tuesday May 11, 7:02 am ET New smart phone to provide business users with secure e-mail capabilities while leveraging existing security infrastructure MISSISSAUGA, ON, May 11 /PRNewswire-FirstCall/ - Certicom Corp. (TSX: CIC - News), the authority for strong, efficient cryptography, today announced that Sierra Wireless (NASDAQ: SWIR - TSX: SW) has embedded movianVPN(TM) by Certicom into its VoqMail(TM) Professional Edition (VoqMail Pro) wireless e-mail solution, offered for the new Voq Professional Phone(TM). As an embedded feature that supports multiple VPN gateways, the solution is designed to offer IT managers minimal administration and a better return on their existing security infrastructure investment. Based on the Microsoft Windows Mobile(TM) software for Smartphones, the Voq Professional Phone was developed specifically for enterprise users and mobile professionals. The product is designed to offer vital business applications, such as e-mail, and strong security for sensitive and confidential information. A key feature of the Voq Professional Phone is the ease with which the movianVPN client can be integrated into an enterprise's existing security infrastructure and its minimal impact on performance and battery life of the phone. By making security an integral part of VoqMail Pro and its VoqManager desktop IT provisioning tool, and not a separate add-on, Sierra Wireless has created a turn-key enterprise and business data access solution that saves time and effort by eliminating the need for IT managers to work with third parties to buy and configure software and policies for each device. "Voq was developed specifically for the needs of the business professional, and the IT Managers that support them. During development we recognized that a key requirement of the enterprise was the ability to integrate a VPN client without comprising the end user experience or increasing the burden on IT administrators," said Andrew Harries, senior vice president of marketing for Sierra Wireless. "Working with our partners, we believe we have succeeded in building a powerful product that provides a strong, user- and IT-friendly solution." For over 15 years, Certicom has focused on developing and providing security for constrained environments. This expertise has resulted in a wireless VPN client that is one-tenth the size of desktop versions but with equivalent functionality. It provides strong security, including confidentiality, integrity and authentication from handheld devices to the corporate network. movianVPN, an award-winning wireless VPN client, meets the IPSec standard to provide secure access to the corporate network via wireless handhelds. movianVPN fits with existing infrastructure by supporting more than a dozen gateways, including those from Cisco, Netscreen and Nortel and the three leading operating systems - Microsoft Windows Mobile, Palm OS and Symbian OS - including the various versions of the platforms. "The combination of Sierra Wireless' deep experience in the wireless market and their diligence in developing the Voq Professional Phone to meet specific end user requirements has resulted in a Smartphone that addresses today's needs of the enterprise. They have optimized the user experience while focusing on process, security, and power management," said Roy Pereira, vice-president of marketing and product management at Certicom. "We believe the Voq Professional Phone will become a real success story in the mobile market." Sierra Wireless announced the VoqMail Personal and Professional Edition software on February 11, 2004, introducing an always-there(TM) e-mail experience and providing easy-to-use, cost-efficient, and secure access to corporate e-mail. For more information, visit http://www.voq.net/site/news_events/news_20040211.voq About Sierra Wireless Sierra Wireless is a leader in delivering highly differentiated wireless solutions that enable our customers to improve their productivity and lifestyle. Sierra Wireless develops and markets the AirCard, the industry-leading wireless PC card line for portable computers; embedded modules for OEM wireless applications; the MP line of rugged vehicle-mounted connectivity solutions; and Voq, a line of mobile phones with easy-to-use, secure software solutions for mobile professionals. For more information about Sierra Wireless please visit www.sierrawireless.com. About Voq The Voq Professional Phone(TM) is a new class of mobile phone that offers a flip-open QWERTY thumbpad and easy-to-use software solutions for business users, including secure, serverless, always-there e-mail. Based on the Microsoft Windows Mobile(TM) 2003 software for Smartphone, the Voq Professional Phone incorporates the best features of your current mobile phone, a messaging device, and a PDA - in one. For more information about Voq Professional Phone or VoqMail email solutions, please visit www.voq.com About Certicom Certicom Corp. (TSX:CIC - News) is the authority for strong, efficient cryptography required by software vendors and device manufacturers to embed security in their products. Adopted by the US Government's National Security Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC) provide the most security per bit of any known public key scheme, making it ideal for constrained environments. Certicom products and services are currently licensed to more than 300 customers including Motorola, Oracle, Research In Motion, Terayon, Texas Instruments and XM Radio. Founded in 1985, Certicom is headquartered in Mississauga, ON, Canada, with offices in Ottawa, ON; Reston, VA; San Mateo, CA; and London, England. Visit www.certicom.com. Certicom, Security Builder, Security Builder Crypto, Security Builder SSL, Security Builder PKI, Security Builder GSE, movianVPN, movianCrypt and movianMail are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders. Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer's products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom's financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jason at lunkwill.org Tue May 11 14:10:35 2004 From: jason at lunkwill.org (Jason Holt) Date: Tue, 11 May 2004 21:10:35 +0000 (UTC) Subject: who goes 1st problem In-Reply-To: <20040511193825.GA16834@bitchcake.off.net> Message-ID: [Adam and I are taking this discussion off-list to spare your inboxes, but this message seemed particularly relevant. Perhaps we'll come back later if we come up with anything we think will be of general interest.] -J On Tue, 11 May 2004, Adam Back wrote: > Anyway the who goes 1st problem definition has my interest piqued: I > am thinking this would be a very practically useful network protocol > for privacy, if one could find a patent-free end-2-end secure (no > server trust), efficient solution. Another desirable feature I think > is to not use too much funky crypto, people are justifiably nervous > about putting experimental crypto into standards, even if it has > security proofs until some peer review has happened. Agreed. Ninghui Li's RSA OSBEs might be the answer; they're not quite as elegant as the IBE version, but they work with blinded RSA signatures, and so should be patent-free by next year, assuming Ninghui doesn't seek any patents. Section 4 of his PODC paper describes the RSA implementation. He also has a new paper which does neat things with commitments that I haven't wrapped my mind around yet. Actually, we might also consider contacting Dan Boneh at some point; he seems to be interested in the proliferation of IBE, and might be sympathetic to the needs of the IETF to have free standards, especially considering the exposure it'd get for his system. However, we need to define just what we need to accomplish. Since my lab works in trust negotiation, we think in terms of policies a lot, whereas SSL just assumes you know what certs you want to send to whom. But let's assume the SSL model for simplicity. The second issue, now that I think of it in this context, would be how you actually get your certs to the other guy. Hidden credentials, as Ninghui pointed out, assume you have some means for creating the other guy's cert, eg., a template "(nym):Senior_Agent:(current year)" producing "Bob:Senior_Agent:2004". The OSBE paper, OTOH, assumes we're going to exchange our certificates, just without the CA signatures. Then I can send you messages you can only read if you really do have a signature on that cert. But I've always thought that was problematic, since why would honest people bother to connect then use fake certs? The attacker doesn't need to see the signature - he believes you. So honest users would need to regularly give out fake certs so they can hide their legit behavior among the fake connects. Will Winsborough also suggests this with the notion of ACK policies - you *always* give people something they ask for, so they can't tell what you have and what you don't. So maybe what we really want is some sort of fair exchange or something, where I can show you my valid certs as you show me the valid certs of your own. If one side is guessable, we've discussed this sort of thing with hidden creds: E("Hi Bob, since you're a senior agent, you can see my agent credential: 'Alice:Denver field office agent (apprentice):2004", "Bob:Senior_Agent:2004") E("Hi Bob, since you're a BYU alumnus, you can see my BYU credential: 'Alice:Senior:computer science:3.96 gpa:2004", "Bob:Senior_Agent:2004") etc. So that's an open problem. But let's assume guessable-certs, since that's the only way I know how to really keep certs and policies safe for now. The OSBE-RSA math still works. So we're good so far, except that the RSA approach is interactive. Section 4 says that in the RSA scheme, Alice sends her cert /and blinded signature/ to Bob (which may or may not be bogus), and then Bob can send back an encrypted message. (In HC and IBE-OSBEs, Bob doesn't need the blinded signature to use as a public key). But maybe Robert's improved secret sharing scheme from the new HC paper can give us some ideas: 1. Alice sends blinded signatures for each of her relevant certs, not revealing which signature goes with each cert, and not revealing the cert contents. 2. Bob generates the contents of each of Alice's certs relevant to his policy, and simply generates each possible combination of hash-of-cert-contents and blinded-signature. One from each row will be a match-up between contents and signature, and Alice will have to figure out which. Unfortunately, this requires n^2 multiplies and exponentiations. -J From adam at cypherspace.org Wed May 12 04:20:33 2004 From: adam at cypherspace.org (Adam Back) Date: Wed, 12 May 2004 07:20:33 -0400 Subject: who goes 1st problem In-Reply-To: References: <20040511193825.GA16834@bitchcake.off.net> Message-ID: <20040512112033.GA1651@bitchcake.off.net> On Tue, May 11, 2004 at 09:10:35PM +0000, Jason Holt wrote: > [...] issue [...] would be how you actually get your certs to the > other guy. Hidden credentials, as Ninghui pointed out, assume you > have some means for creating the other guy's cert, > [...] > The OSBE paper, OTOH, assumes we're going to exchange our > certificates, just without the CA signatures. Then I can send you > messages you can only read if you really do have a signature on that > cert. I think this is ok. Would suggest you remove the nym field, have one-use credentials (to avoid linkability across provers), and only reveal separate nym cert after have satisfied policy. > But I've always thought that was problematic, since why would honest > people bother to connect then use fake certs? Again ok. You send either fake cert, or real cert for as many attributes as the CA issues. You may not even know what some of the attributes that the CA issues are, all you know is the number of them. You use and / or connectives between them (using k xor r, k; or r, r respectively) but using OBSE algorithm (xor refers to improved HC scheme by HC authors in http://eprint.iacr.org/2004/109/). > The attacker doesn't need to see the signature - he believes you. > So honest users would need to regularly give out fake certs so they > can hide their legit behavior among the fake connects. Yes, that works, but is defined required part of protocol; that way optimal cover (within limits of partial policy concealment) is given for sensitive attributes, policies etc. > But maybe Robert's improved secret sharing scheme from the new HC paper can > give us some ideas: > > 1. Alice sends blinded signatures for each of her relevant certs, not > revealing which signature goes with each cert, and not revealing the cert > contents. Sounds same as above. > 2. Bob generates the contents of each of Alice's certs relevant to > his policy, and simply generates each possible combination of > hash-of-cert-contents and blinded-signature. One from each row will > be a match-up between contents and signature, and Alice will have to > figure out which. Unfortunately, this requires n^2 multiplies and > exponentiations. That's true. Think there is a trade-off between degree of concealment, and amount of permutations prover has to try. You could perhaps define an ordering of attributes safely, followed by dealing with unordered undeclared attributes. Other thought perhaps a FPGA like layout where all possible connectives patterns are represented, might allow to specify arbitrary boolean formulae with and / or connectives with full policy concealment but less space and time efficient. (Calling it prover is kind of odd I find when the prover convinces only himselfhe satisfies policy by default and optionally chooses whether to disclose that to verifier. And "the prover" is the passive entity receiving encrypted comms, which is back-to-front to usual prover-verifier comms pattern. Maybe sender and recipient is better.) Adam From eugen at leitl.org Tue May 11 23:51:55 2004 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 12 May 2004 08:51:55 +0200 Subject: [linux-elitists] Two on RFID from Politech: Hack the tech, & Gilmore's dystopia (fwd from dmarti@zgp.org) Message-ID: <20040512065155.GB25728@leitl.org> ----- Forwarded message from Don Marti ----- From mv at cdc.gov Wed May 12 10:47:36 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 12 May 2004 10:47:36 -0700 Subject: We're jamming, we're jamming, we hope you like jammin too Message-ID: <40A26338.D63189C1@cdc.gov> At 03:09 PM 5/11/04 +0200, Eugen Leitl wrote: >The second covers a "hacking the system" concept. I'd considered >something similar myself, though different in approach. Rather than >finding RFID chips and "redistributing" them, why not create >programmable RFID broadcasters which could spoof other chips, and >distribute these. The idea being to pollute any RFID detectors with a >vast spew of superfluous data. RFID jamming should be very easy and a quite amusing DoS attack on commercial targets. Easy because its not frequency hopping, low power, and relatively low frequency. Particularly cute would be transmitting sex-toy codes intermittently. ASK any Elmer you happen to see, what's the best jamming, RFID.. (With apologies to the tuna industry and those too young to know the jingle. Or to know the RF double meanings.) From brian.dunbar at plexus.com Wed May 12 11:15:37 2004 From: brian.dunbar at plexus.com (Brian Dunbar) Date: Wed, 12 May 2004 13:15:37 -0500 Subject: We're jamming, we're jamming, we hope you like jammin too In-Reply-To: <40A26338.D63189C1@cdc.gov> References: <40A26338.D63189C1@cdc.gov> Message-ID: <5E666E6A-A440-11D8-91CB-0003939F949C@plexus.com> On May 12, 2004, at 12:47 PM, Major Variola (ret) wrote: > At 03:09 PM 5/11/04 +0200, Eugen Leitl wrote: >> The second covers a "hacking the system" concept. I'd considered >> something similar myself, though different in approach. Rather than >> finding RFID chips and "redistributing" them, why not create >> programmable RFID broadcasters which could spoof other chips, and >> distribute these. The idea being to pollute any RFID detectors with a >> vast spew of superfluous data. > > RFID jamming should be very easy and a quite amusing DoS attack > on commercial targets. Easy because its not frequency hopping, low > power, and relatively low frequency. Particularly cute would be > transmitting sex-toy codes intermittently. > > ASK any Elmer you happen to see, > what's the best jamming, RFID.. > > (With apologies to the tuna industry and those too young to > know the jingle. Or to know the RF double meanings.) > I remember the tune (grin). Ah, childhood. Would RFID jamming really be effective? RFID scanners work when the chip passes the scanner - when a pallet passes a door for instance - at which point the scanner 'knows' that chips Abe, Bill, Charlie passed point Delta. To get the jammer to work it would have to be run past the scanner - I don't see how an RFID jammer planted in (say) the changing room at Wal-Mart would be an effective DoS? It's possible I'm ill-informed or just unclear on the concept. ~brian From mv at cdc.gov Wed May 12 13:55:06 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 12 May 2004 13:55:06 -0700 Subject: We're jamming, we're jamming, we hope you like jammin too Message-ID: <40A28F2A.378288A@cdc.gov> >> ASK any Elmer you happen to see, >> what's the best jamming, RFID.. >> (With apologies to the tuna industry and those too young to >> know the jingle. Or to know the RF double meanings.) >Interesting cultural reference that goes entirely above my head with a >cute swooshing sound. >Care to explain, please? :) I hope the subject line was not too obscure, mon. ASK = amplitude shift keying, which I believe is the RFID modulation Elmer = guru/wizard/elder in HAMspeak Jingle: Ask any mermaid you happen to see, what's the best tuna? Chicken of the sea. Ie, fish in cans. Sorry Charlie. Charlie don't surf, but that's because tuna cans don't give enough forward gain. Tying knots in the cultural web, MV From ptrei at rsasecurity.com Wed May 12 11:30:22 2004 From: ptrei at rsasecurity.com (Trei, Peter) Date: Wed, 12 May 2004 14:30:22 -0400 Subject: We're jamming, we're jamming, we hope you like jammin too Message-ID: You might want to look at the work RSA Labs is doing on 'blocker tags'. These are special tags which leverage the mechanism used to disambiguate the presence of multiple tags to make it look as if you are carrying 2^n (n usually 128) different tags at once. They propose a protocol to make them only block tags for items which have undergone sale to their final owner, but the idea could be applied to all tags. http://www.rsasecurity.com/rsalabs/rfid/index.asp Peter Trei Full Disclosure: I work for RSA > -----Original Message----- > From: owner-cypherpunks at minder.net > [mailto:owner-cypherpunks at minder.net]On Behalf Of Major Variola (ret) > Sent: Wednesday, May 12, 2004 1:48 PM > To: cypherpunks at al-qaeda.net > Subject: We're jamming, we're jamming, we hope you like jammin too > > > At 03:09 PM 5/11/04 +0200, Eugen Leitl wrote: > >The second covers a "hacking the system" concept. I'd considered > >something similar myself, though different in approach. Rather than > >finding RFID chips and "redistributing" them, why not create > >programmable RFID broadcasters which could spoof other chips, and > >distribute these. The idea being to pollute any RFID > detectors with a > >vast spew of superfluous data. > > RFID jamming should be very easy and a quite amusing DoS attack > on commercial targets. Easy because its not frequency hopping, low > power, and relatively low frequency. Particularly cute would be > transmitting sex-toy codes intermittently. > > ASK any Elmer you happen to see, > what's the best jamming, RFID.. > > (With apologies to the tuna industry and those too young to > know the jingle. Or to know the RF double meanings.) From rah at shipwright.com Wed May 12 11:36:21 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 12 May 2004 14:36:21 -0400 Subject: Illuminating Blacked-Out Words Message-ID: The New York Times May 10, 2004 Illuminating Blacked-Out Words By JOHN MARKOFF European researchers at a security conference in Switzerland last week demonstrated computer-based techniques that can identify blacked-out words and phrases in confidential documents. The researchers showed their software at the conference, the Eurocrypt, by analyzing a presidential briefing memorandum released in April to the commission investigating the Sept. 11 attacks. After analyzing the document, they said they had high confidence the word "Egyptian" had been blacked out in a passage describing the source of an intelligence report stating that Osama Bin Ladin was planning an attack in the United States. The researchers, David Naccache, the director of an information security lab for Gemplus S.A., a Luxembourg-based maker of banking and security cards, and Claire Whelan, a computer science graduate student at Dublin City University in Ireland, also applied the technique to a confidential Defense Department memorandum on Iraqi military use of Hughes helicopters. They said that although the name of a country had been blacked out in that memorandum, their software showed that it was highly likely the document named South Korea as having helped the Iraqis. The challenge of identifying blacked-out words came to Mr. Naccache as he watched television news on Easter weekend, he said in a telephone interview last Friday. "The pictures of the blacked-out words appeared on my screen, and it piqued my interest as a cryptographer," he said. He then discussed possible solutions to the problem with Ms. Whelan, whom he is supervising as a graduate adviser, and she quickly designed a series of software programs to use in analyzing the documents. Although Mr. Naccache is the director of Gemplus, a large information security laboratory, he said that the research was done independently from his work there. The technique he and Ms. Whelan developed involves first using a program to realign the document, which had been placed on a copying machine at a slight angle. They determined that the document had been tilted by about half a degree. By realigning the document it was possible to use another program Ms. Whelan had written to determine that it had been formatted in the Arial font. Next, they found the number of pixels that had been blacked out in the sentence: "An Egyptian Islamic Jihad (EIJ) operative told an xxxxxxxx service at the same time that Bin Ladin was planning to exploit the operative's access to the US to mount a terrorist strike." They then used a computer to determine the pixel length of words in the dictionary when written in the Arial font. The program rejected all of the words that were not within three pixels of the length of the word that was probably under the blackened-out area in the document. The software then reduced the number of possible words to just 7 from 1,530 by using semantic guidelines, including the grammatical context. The researchers selected the word "Egyptian" from the seven possible words, rejecting "Ukrainian" and "Ugandan," because those countries would be less likely to have such information. After the presentation at Eurocrypt, the researchers discussed possible measures that government agencies could take to make identifying blacked-out words more difficult, Mr. Naccache said in the phone interview. One possibility, he said, would be for agencies to use optical character recognition technology to rescan documents and alter fonts. In January, the State Department required that its documents use a more modern font, Times New Roman, instead of Courier, Mr. Naccache said. Because Courier is a monospace font, in which all letters are of the same width, it is harder to decipher with the computer technique. There is no indication that the State Department knew that. Experts on the Freedom of Information Act said they feared the computer technique might be used as an excuse by government agencies to release even more restricted versions of documents. "They have exposed a technique that may now become less and less useful as a result," said Steven Aftergood, a senior research analyst at the Federation of American Scientists, of the research project. "We care because there are all kinds of things withheld by government agencies improperly." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Wed May 12 10:38:43 2004 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 12 May 2004 19:38:43 +0200 Subject: SASSER Worm Dude In-Reply-To: References: Message-ID: <20040512173842.GO25728@leitl.org> On Mon, May 10, 2004 at 02:31:18PM -0400, Tyler Durden wrote: > So a HS kid, living with his parents, is able to write a worm that takes > out millions and millions of computers throughout the world running the > latest MS OS. Uh....shouldn't we arrest Bill Gates first? The decision is rational, because people are irrational, ignorant, and hence populistic gestures have a large payoff (and some deterrence to boot). Establishing liability for generic software is unprecedented, will take huge resources, time, and has low probability to succeed. So let's lock up the kid, and his buds. The professionals will thank you, too, for it keeps them out of the limelight due to the distraction, and increases the vulnerability exploitability shelf life. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From shaddack at ns.arachne.cz Wed May 12 11:51:05 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Wed, 12 May 2004 20:51:05 +0200 (CEST) Subject: We're jamming, we're jamming, we hope you like jammin too In-Reply-To: <40A26338.D63189C1@cdc.gov> References: <40A26338.D63189C1@cdc.gov> Message-ID: <0405122042300.-1252033056@somehost.domainz.com> > RFID jamming should be very easy and a quite amusing DoS attack > on commercial targets. Easy because its not frequency hopping, low > power, and relatively low frequency. Particularly cute would be > transmitting sex-toy codes intermittently. Considering the transmitting powers of the tags, an active battery-powered transmitter with a suitable antenna could have rather long range. A small circuit with a battery could be magnetically attached to a car of a selected "victim" and switched on after a delay, resulting in a mobile jamming platform. Parking lots in front of the stores, where there is often a direct line of sight between the cash registers and the cars, are especially suitable for this kind of attack. > ASK any Elmer you happen to see, > what's the best jamming, RFID.. > (With apologies to the tuna industry and those too young to > know the jingle. Or to know the RF double meanings.) Interesting cultural reference that goes entirely above my head with a cute swooshing sound. Care to explain, please? :) For personal defense, I came up with a similar, smaller-range and lower-power idea: --------- Micropower RFID jammer Very-low power passive/active jammer of passive RFID tags Radiofrequency tags bring a wide variety of privacy-related concerns. A semi-passive jammer may be an option to alleviate some of them. The tags are powered from the electromagnetic field the reader irradiates them with, then they transmit back on another frequency. The transmission takes some time, I guess few milliseconds, and is detectable by a nearby receiver. The tags are made in two kinds: "plain", and more advanced collision-resistant ones. The first kind transmits blindly whenever powered, repeating its signature over and over, which causes two tags within the field of one reader to jam each other, as their responses get mixed together. The second, more expensive kind, uses algorithms to avoid the situation when two tags transmit at the same time, overlapping their responses and making them difficult to recognize; most often detecting another tag transmitting, and then going silent for random amount of time. This behavior makes it possible to design a micropower jammer. The device shall listen on the frequencies both the readers and the tags transmit on. When the tag read attempt is detected, the device owner may be alerted - by a LED, a sound, a vibration. Then when the device detects the tag's attempt to answer, it broadcasts pulses looking like the answer of another tag, forcing a collision and a misread into every answer. The tiny power required for occassional transmitting of few very short pulses makes the device unlikely to cause other kinds of trouble, while additionaly making it less easy to be detected if declared illegal than "continuous" jammers. From s.schear at comcast.net Wed May 12 21:06:30 2004 From: s.schear at comcast.net (Steve Schear) Date: Wed, 12 May 2004 21:06:30 -0700 Subject: We're jamming, we're jamming, we hope you like jammin too In-Reply-To: <40A28634.8040606@sun.com> References: <40A26338.D63189C1@cdc.gov> <40A26338.D63189C1@cdc.gov> Message-ID: <5.2.1.1.0.20040512210229.04cf8310@mail.comcast.net> At 06:16 AM 5/13/2004 +1000, Ian Farquhar wrote: >I would almost bet money that the commercial interests currently >evaluating RFID tags will push for a legislative ban on RFID jamming. > >And I'll bet they get it too. I really won't matter what they prohibit, it will get out into the market anyway if its cheap enough to manufacture and there is sufficient demand. Cellular jammers, which should be much more expensive to make than those for RFID, are a good example. AFAIK they are illegal for the average citizen to posses one, yet they are as close as your browser to purchase. steve From Ian.Farquhar at Sun.COM Wed May 12 13:16:52 2004 From: Ian.Farquhar at Sun.COM (Ian Farquhar) Date: Thu, 13 May 2004 06:16:52 +1000 Subject: We're jamming, we're jamming, we hope you like jammin too In-Reply-To: <40A26338.D63189C1@cdc.gov> References: <40A26338.D63189C1@cdc.gov> Message-ID: <40A28634.8040606@sun.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Major Variola (ret) wrote: | RFID jamming should be very easy and a quite amusing DoS attack | on commercial targets. Easy because its not frequency hopping, low | power, and relatively low frequency. Particularly cute would be | transmitting sex-toy codes intermittently. I would almost bet money that the commercial interests currently evaluating RFID tags will push for a legislative ban on RFID jamming. And I'll bet they get it too. Ian. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAooY0SVC5oflyiAIRApAQAKCSflfED0AYd25kF6oUJZ8cffm7GACgj73q JrFT7ErGpPnGdSZMLFJgPd0= =PrA0 -----END PGP SIGNATURE----- From rah at shipwright.com Thu May 13 05:39:42 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 13 May 2004 08:39:42 -0400 Subject: Chinese youths trash Internet café Message-ID: The Register Chinese youths trash Internet cafi By Tim Richardson (tim.richardson at theregister.co.uk) Published Wednesday 12th May 2004 11:40 GMT Staff at a Chinese Internet cafe have resigned after they were beaten up last week by a gang of 16 teenagers barred from entering the cybercafe. The gang of youths beat one worker with bins and fire extinguishers before trashing the Internet cafi. Earlier they threatened to beat up anyone who "dared to check identity cards" after being refused entry to the cybercafe. The attack is the latest in as series of assaults at an Internet chain in Xi'an, capital of Shaanxi Province in northwest China, and follows a recent Government crackdown to prevent minors from entering cybercafes. The Chinese Government is concerned the Net can corrupt the minds of youngsters. But the clampdown has only sought to enrage some whippersnappers, who, in one attack, even slashed bicycle tyres, according to Xinhuanet. In a separate incident, two cybercafe workers in Shanghai were killed over an argument about the use of computers. According to AP, around ten men chased the two workers before stabbing them to death. China has shut down more than 8,600 cybercafes over the last couple of months over fears that they can affect the "mental health of teenagers" while spreading "unhealthy online information". As part of China's bid to protect youngsters, authorities also ruled that Internet cafes are not to operate in residential areas or within 200 metres of primary and high schools. . -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From sunder at sunder.net Thu May 13 06:32:40 2004 From: sunder at sunder.net (Sunder) Date: Thu, 13 May 2004 09:32:40 -0400 (edt) Subject: Shoulder surfing for passwords by ear Message-ID: Hmmm, sounds like we now need keystroke sound jammers. Shouldn't be too hard to implement if you have a good random noise generator, but it could get annoying if you play white/pink noise while a password prompt pops up. Of course, there's still the issue of the pinhole camera in the ceiling tiles aimed at your keyboard, but that's old hat. :) I wonder if different users hit the keys in a different enough way to make any difference... http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci963348,00.html 'Whispering keyboards' could be next attack trend By Niall McKay, Contributing Writer 11 May 2004 | SearchSecurity.com OAKLAND -- Listen to this: Eavesdroppers can decipher what is typed by simply listening to the sound of a keystroke, according to a scientist at this week's IEEE Symposium of Security and Privacy in Oakland, Calif. Each key on computer keyboards, telephones and even ATM machines makes a unique sound as each key is depressed and released, according to a paper entitled "Keyboard Acoustic Emanations" presented Monday by IBM research scientist Dmitri Asonov. All that is needed is about $200 worth of microphones and sound processing and PC neural networking software. Today's keyboard, telephone keypads, ATM machines and even door locks have a rubber membrane underneath the keys. "This membrane acts like a drum, and each key hits the drum in a different location and produces a unique frequency or sound that the neural networking software can decipher," said Asonov. From rah at shipwright.com Thu May 13 06:36:34 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 13 May 2004 09:36:34 -0400 Subject: Google Mail: Virtue Lies in the In-Box Message-ID: The New York Times May 13, 2004 STATE OF THE ART Google Mail: Virtue Lies in the In-Box By DAVID POGUE S Google's white-hot initial stock offering hogs the headlines, its rivals can only gnash their teeth and wonder: How did a couple of Stanford Ph.D. dropouts build an outrageously profitable billion-dollar-a-year company in only five years? Part of the answer is great Web-search technology. But another part is the company's motto: "Don't Be Evil." That credo explains why Google's home page is practically empty, because ads and graphics would slow dial-up modems. It also explains why Google's ads are clearly labeled and separate from search results. Slipping paid-placement links into your search results, as MSN and Yahoo do, would be evil. So six weeks ago, when Google described Gmail, the free e-mail service it is testing, the prevailing public reaction was shock. The company said that its software would place ads in your incoming messages, relevant to their contents. It appeared to many people that Google had gone way beyond evil into Big Brother land. What could be more sinister than snooping through private correspondence looking for advertising opportunities? Privacy advocates went ballistic. The Electronic Privacy Information Center called for Gmail to be shut down, describing it as "an unprecedented invasion into the sanctity of private communications." And a California state senator, Liz Figueroa, offered a bill that would make it illegal to scan the contents of incoming e-mail. (Never mind that such a bill would make it illegal for children's e-mail services to filter out pornographic material.) Those reactions, as it turns out, are a tad overblown. In fact, no human ever looks at the Gmail e-mail. Computers do the scanning - dumbly, robotically and with no understanding the words - just the way your current e-mail provider scans your messages for spam and viruses. The same kind of software also reads every word you type into Google or any other search page, tracks your shopping on Amazon, and so on. Besides, if you're that kind of private, Gmail is the least of your worries. You'd better make sure that the people at credit-card companies, mail-order outfits and phone companies aren't sitting in back rooms giggling at your monthly statements. Heck, how do you know that your current e-mail providers - or the administrators of the Internet computers that pass mail along - aren't taking an occasional peek? Still, you feel what you feel. If Gmail creeps you out, just don't sign up. That would be a shame, though, because you'd be missing a wonderful thing. Even in its current, early state, available only to a few thousand testers, Gmail appears destined to become one of the most useful Internet services since Google itself. Like Yahoo Mail and Hotmail, Gmail is a free, Web-based e-mail program, which means that you will be able to check or send e-mail from any computer on the Internet, wherever you go. Even if you already have a traditional e-mail account, a Web mail account makes a great backup. But otherwise, you wouldn't even peg Gmail as being from the same planet as Yahoo and Hotmail. The most important difference is the amount of storage: one gigabyte. That's 250 times the amount you get on a free Yahoo account, 500 times the amount on Hotmail. One gigabyte changes everything. You no longer live in terror that somebody will send you a photo, thereby exceeding your two-megabyte limit and making all subsequent messages bounce back to their senders. You're no longer neurotic about checking your mail twice a day just to keep the in-box cleaned out. You can let years' worth of e-mail pile up, complete with file attachments (maximum size: 10 megabytes each). One gigabyte means that Gmail can be a handy personal transfer disk. Send files to yourself and then retrieve them when you get to the office. Keep important pictures or documents in your Gmail account all the time, ready to forward when friends request them. In fact, Google argues that with so much storage, you should get out of the habit of deleting messages. Why risk throwing away something that you might need again someday? An Archive button moves a message out of the in-box, but it remains searchable. Actually deleting a message involves fussing with a pop-up menu. Of course, if you're going to keep all your e-mail around forever, you'd better have some pretty good tools for managing it. Fortunately, if anyone can tame a vast pile of data, it's Google. Its famous search command works brilliantly on your own e-mail, plucking one message out of 5,000 in a fraction of a second. Each message offers a hollow star icon that turns yellow when you click on it, to signify anything you like: "Deal with this," "Those darned in-laws," or whatever. Each row also displays the first line of the message in light-gray type, which is a time-saving bit of X-ray vision. Gmail doesn't have the usual mail folders. Instead, you can flag messages with labels of your own choosing. The advantage here is that you can apply different labels to a single message, in effect filing it under several categories at once. An extremely easy-to-use filter feature lets you flag incoming messages with certain labels automatically according to who sends them, what's in their subject line and so on. Yet another clever organizational feature is "conversations," known to computer geeks as threading. Back-and-forth messages on a single topic, even among several participants, appear as one entry in your in-box. When opened, the exchanges appear like file-folder tabs, which you can expand or collapse individually or all at once. And now, about those ads. They turn out to be a maximum of three text-only four-line affairs, clearly labeled and way off the to the right, just as on Google itself. In my e-mail, a message about Earth Day contained an ad for a computer-recycling company. A question about music players had two ads for stores selling the Apple iPod. In a press release for a computer show, a Linuxworld link appeared. You sometimes get Releated Links beneath the ads, too. Google doesn't get money for these; it offers them just to be friendly, and they can sometimes be useful indeed. For example, in a message about a coming family vacation, sent from my wife downstairs (yes, we're that sort of family), Google offered a link to a Web site of restaurant reviews in the resort town we were considering. Ads appear in fewer than half of my messages; in fact, they seem to appear primarily when a capitalized brand name appears in the message. If your correspondence is mostly personal stuff ("Miss you guys. How did Casey's toe surgery go? Went out to the new vegetarian steakhouse yesterday - great."), you may not see many at all. The ads are so subtle, so easily ignored, that it's hard to imagine anyone preferring the big, blinking, slow-loading graphic ads that appear every time you check for messages at the Hotmail and Yahoo Mail sites. Even more refreshing, Gmail doesn't turn you into an unpaid billboard for Yahoo or Microsoft (Hotmail's owner) by stamping ads on at the bottom of every outgoing message, no matter how sensitive the topic. Other Gmail features include an excellent spelling checker, a built-in address book, auto-complete for addresses, the ability to specify a Reply To address (a different e-mail address for replies to your messages), indicators (>>) that denote messages sent only to you, in-message photo display, online help and one-key shortcuts (C for Compose, R for reply, and so on) that let power users cruise through entire e-mail sessions without ever touching the mouse. The automatic spam-removal feature is adequate for the moment, but once thousands of people begin to use the Report Spam button, Google plans to harness the cumulative intelligence of its customers to refine its spam filters in innovative ways. Finally, Google promises that it won't shut down your account until you go nine months without using it. (Hotmail and Yahoo delete all your mail and recycle your address after only 30 days). Now that's not being evil. Google hasn't said when, exactly, Gmail's testing period will end and the service will go live. That's just as well, because there are a few items that should still be on its To Do list: compatibility with Apple's Safari browser (at the moment, it works on on the Mac, Windows and Linux versions of Mozilla, Firefox and Netscape 7.1, plus Internet Explorer for Windows ), for example, and a signature feature that stamps your name on each outgoing message. It would be nice if you could use regular e-mail readers like Outlook Express to check your Gmail, as you can withHotmail. A certain audience will miss the ability to format outgoing messages with fonts, styles and colors, too. Otherwise, Gmail is infinitely cleaner, faster, more useful, more efficient, less commercial and less limiting than other Web-based e-mail services. Once Gmail goes live, Hotmail and Yahoo won't know what hit them. The only population likely not to be delighted by Gmail are those still uncomfortable with those computer-generated ads. Those people are free to ignore or even bad-mouth Gmail, but they shouldn't try to stop Google from offering Gmail to the rest of us. We know a good thing when we see it. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From lloyd at randombit.net Thu May 13 11:21:31 2004 From: lloyd at randombit.net (Jack Lloyd) Date: Thu, 13 May 2004 14:21:31 -0400 Subject: Shoulder surfing for passwords by ear In-Reply-To: References: Message-ID: <20040513182131.GB2858@acm.jhu.edu> On Thu, May 13, 2004 at 09:32:40AM -0400, Sunder wrote: > http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci963348,00.html > > 'Whispering keyboards' could be next attack trend > By Niall McKay, Contributing Writer > 11 May 2004 | SearchSecurity.com > > > OAKLAND -- Listen to this: Eavesdroppers can decipher what is typed by > simply listening to the sound of a keystroke, according to a scientist at > this week's IEEE Symposium of Security and Privacy in Oakland, Calif. [...] > Today's keyboard, telephone keypads, ATM machines and even door locks have > a rubber membrane underneath the keys. > > "This membrane acts like a drum, and each key hits the drum in a different > location and produces a unique frequency or sound that the neural > networking software can decipher," said Asonov. I wonder if my Model M keyboards (which have individual electrical/mechanical switches under each key) are vulnerable to this attack. It is pretty noisy, I can imagine that the noise of each key's switch is sufficiently different (due to wear, etc) that it would still work with modifications. -J From rah at shipwright.com Thu May 13 16:21:27 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 13 May 2004 19:21:27 -0400 Subject: New puzzle for war code breakers Message-ID: The BBC Tuesday, 11 May, 2004, 09:50 GMT 10:50 UK New puzzle for war code breakers Experts from Bletchley Park are trying to crack a 250-year-old code rumoured to point the way to the Holy Grail. Specialists from the Buckinghamshire code-breaking centre hope to decipher words etched on a garden ornament at Shugborough in Staffordshire. The Shepherd's Monument in the grounds of the stately home displays an inscription that has never been solved. Second World War veterans using the celebrated Enigma machine are joining Bletchley's current team of experts. 'Unusual challenge' The code breakers are at Shugborough, the ancestral home of the Earls of Lichfield, on Tuesday. Christine Large, Bletchley Park's director, said: "This is such an unusual challenge that my colleagues and collaborators, who include veteran code breakers and modern day decoding experts from Bletchley Park's 'offspring' GCHQ, cannot resist." Shugborough's general manager, Richard Kemp, said: "The Anson family, who built the estate, commissioned the monument but it had unproven connections with the Knights Templars. "The inscription is rumoured to indicate the location of the Holy Grail, which must rank as one of the world's great mysteries." It is estimated that work carried out at The National Codes Centre at Bletchley Park in Milton Keynes helped to shorten the Second World War by two years. The site is now a popular tourist attraction. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Thu May 13 12:23:32 2004 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 13 May 2004 21:23:32 +0200 Subject: Shoulder surfing for passwords by ear In-Reply-To: <20040513182131.GB2858@acm.jhu.edu> References: <20040513182131.GB2858@acm.jhu.edu> Message-ID: <20040513192332.GC25728@leitl.org> On Thu, May 13, 2004 at 02:21:31PM -0400, Jack Lloyd wrote: > I wonder if my Model M keyboards (which have individual electrical/mechanical Heh. Another http://modelm.org fan. But, given the Bluetooth alternatives or http://www.securityfocus.com/news/241 acoustic attack in the privacy of your home should be the least of your worries. > switches under each key) are vulnerable to this attack. It is pretty noisy, I > can imagine that the noise of each key's switch is sufficiently different (due > to wear, etc) that it would still work with modifications. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From mv at cdc.gov Fri May 14 08:05:41 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Fri, 14 May 2004 08:05:41 -0700 Subject: Terrorism law applied to youth group Message-ID: <40A4E045.88672AAF@cdc.gov> Indictment against violent Bronx gang includes terrorism charges By Associated Press Friday, May 14, 2004 NEW YORK - Nineteen members of a street gang accused of menacing their neighborhood have been indicted on murder and other charges as acts of terror, believed to be the first use of the state's anti-terrorism law against a gang. http://news.bostonherald.com/national/view.bg?articleid=27881 From rah at shipwright.com Fri May 14 06:45:27 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 14 May 2004 09:45:27 -0400 Subject: Regulators Fine Riggs $25 Million Message-ID: The New York Times May 14, 2004 Regulators Fine Riggs $25 Million By TIMOTHY L. O'BRIEN ederal regulators fined the Riggs National Corporation, the parent company of Riggs Bank, $25 million yesterday for failing to report suspicious activity, the largest penalty ever assessed against a domestic bank in connection with money laundering. The fine stems from Riggs's failure over at least the last two years to actively monitor suspect financial transfers through Saudi Arabian and Equatorial Guinean accounts held by the bank. The accounts are still being scrutinized as possible conduits for terrorist funds or for the proceeds of graft. Riggs, based in Washington, "did not collect or maintain sufficient information about its foreign private banking customers," regulators noted in a consent order signed by the bank. "As a result, the bank failed to identify approximately one-third of the accounts related to the country of Saudi Arabia and an unacceptably high number of accounts related to the country of Equatorial Guinea." "The bank omitted disclosure of several bank accounts in response to requests" from regulators, the consent order also noted. A spokesman for the Saudi Arabian Embassy has denied any involvement by Saudi officials in terrorist financing activities through Riggs. The Equatorial Guinean Embassy has not returned calls seeking comment. It is possible that additional fines may be levied against individual executives or directors at Riggs, as well as two former directors, according to two people briefed on the matter. The moves are the latest troubles for a storied institution that manages bank accounts for most of Washington's foreign embassies as well as American embassies and consulates overseas. Riggs agreed to pay the penalty without admitting or denying any wrongdoing, according to the consent order. A spokesman said last night that the regulatory environment since the Sept. 11, 2001, attacks has required all banks to act much more diligently in monitoring accounts. Regulators cited the bank for failure to comply with the Bank Secrecy Act, a law governing anti-money-laundering requirements. "The bank's management was ineffective in overseeing the bank's day-to-day compliance with the B.S.A. laws and its regulations, as evidenced by the numerous and substantial deficiencies in the program," the consent order said. A severe penalty had been expected against Riggs after it first disclosed in a securities filing in March that regulators were considering fining the bank for lax practices in combating money laundering. Federal regulators and investigators, as well as two Congressional committees, are investigating the bank's accounts. "Riggs Bank deserves every penny of this huge fine," said Senator Charles E. Grassley of Iowa, chairman of the Senate Finance Committee, which is examining the Riggs accounts. "When banks look the other way, they put our national security at risk. Whether it's through incompetence, negligence or greed, they are allowing terrorists to funnel their blood money through the system." "This fine is a shot across the bow for the board of directors, who should have taken more care to find out what was wrong with Riggs and get it fixed," Mr. Grassley added. "I'm not satisfied they've been held to account." The Financial Crimes Enforcement Network, an investigative arm of the Treasury Department, and the Office of the Comptroller of the Currency, a regulatory arm of the same agency, each imposed $25 million penalties against Riggs, but the bank will be allowed to pay them concurrently. The consent order stated that Riggs failed to report suspect transactions involving the withdrawal of tens of millions of dollars in cash and international drafts from accounts controlled by the Saudi Arabian Embassy and by Saudi Arabian officials. Accounts controlled by Prince Bandar bin Sultan, Saudi Arabia's ambassador to the United States, have been scrutinized in the investigation, according to federal investigators involved in the inquiry. The consent order also stated that Riggs had similar monitoring lapses involving the Equatorial Guinean accounts, including "millions of dollars deposited into a private investment company owned" by an official of that country. The order also cited "hundreds of thousands of dollars transferred from an account of the country of Equatorial Guinea to the personal account of a government official of the country" and more than $1 million transferred from an Equatorial Guinean account to a private investment company owned by Simon P. Kareri, a former senior Riggs manager. Mr. Kareri is the subject of a federal grand jury hearing examining possible criminal fraud. Mr. Kareri's lawyer has previously declined to comment on the hearing. He could not be reached for comment yesterday evening. Another major banking regulator, the Federal Reserve, is expected to designate Riggs and one of its Miami banking subsidiaries as being in "troubled condition," a move that will severely curtail the bank's autonomy, according to three people briefed on the matter. Among other things, the designation means that the bank must secure regulatory approval before naming new executives or directors. The Comptroller of the Currency already formally designated Riggs as a troubled institution last month. Riggs said last month that it planned to exit most of its embassy and international banking operations. Riggs also indicated in a securities filing last month that Joe L. Allbritton, its former chief executive and its biggest shareholder, would not stand for re-election to the board. Mr. Allbritton, who took control of the bank in 1981, is a vice chairman. Neither Mr. Allbritton nor Riggs has been charged with wrongdoing by federal law enforcement officials who are scrutinizing the bank's accounts. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From blueeskimo at phreaker.net Fri May 14 07:17:37 2004 From: blueeskimo at phreaker.net (Adam) Date: Fri, 14 May 2004 10:17:37 -0400 Subject: Regulators Fine Riggs $25 Million In-Reply-To: References: Message-ID: <20040514101737.59b0531a.blueeskimo@phreaker.net> On Fri, 14 May 2004 09:45:27 -0400 "R. A. Hettinga" wrote: > d=print&position=> As awful as this is, you left out one important detail .. Check when Riggs' (RIGS) stock price was at a 5-year high .. http://custom.marketwatch.com/custom/nyt-com/html-companyprofile.asp?sid=4110&time=4yr&uf=0&x=42&y=8 Suspicious? -- Adam "satyam, shivam, sundaram" From sw-office at wolfram.com Fri May 14 11:34:54 2004 From: sw-office at wolfram.com (Stephen Wolfram) Date: Fri, 14 May 2004 13:34:54 -0500 (CDT) Subject: NKS: Two Years Later Message-ID: <20040514183454.69BA117BE5@mercury.wolfram.com> Today marks the second anniversary of the release of A NEW KIND OF SCIENCE. And I'm very happy to be able to report that NKS is continuing to develop extremely well. A wonderful community is forming around the ideas of NKS. The pace of research and applications is steadily building--with an average of about one new paper now appearing every day (http://www.wolframscience.com/reference/bibliography.html). NKS classes and courses are being taught. And several times each week we hear about an ambitious new initiative based on NKS--in technology, or art, or business or somewhere else. We're trying to do our part to help. Earlier this year we released the online version of the complete book (http://www.wolframscience.com/nksonline). We launched the NKS Forum (http://forum.wolframscience.com). We just sponsored the second annual conference: NKS 2004 (http://www.wolframscience.com/conference/2004). And we're working hard to make http://www.wolframscience.com the best possible reference source and meeting place for the NKS community. At the end of June, I'm looking forward to our second NKS Summer School (http://www.wolframscience.com/summerschool/2004)--where I hope we'll educate another outstanding group of NKS pioneers. (We're still accepting applications this week at http://www.wolframscience.com/summerschool/application.cgi). And later this year we'll be starting an R&D fellowship program at our new facility near Boston. It's been exciting to see everything that's been happening with NKS over the past year. But it's now clearer than ever that this is just the beginning. Much of what's being done so far on NKS has focused on specific models, and specific conceptual conclusions. But ultimately the real power of NKS comes from its core: the basic science of "pure NKS"--and its methodology of systematically exploring and understanding what's out there in the computational universe. New methodologies generally spread slowly. But pure NKS is definitely gaining momentum. And this year we'll be announcing a major initiative that I think will be an important step in moving it forward. Years from now, pure NKS will no doubt be a mature field like physics or mathematics--with its own complete infrastructure for research, education and applications. But for now it is still wide open, and full of terrific opportunities for professionals, students and amateurs alike. I hope you've been able to spend time on NKS. It's always great to hear what people are doing with NKS, and I hope you'll let us know if you have something to share. -- Stephen Wolfram From kelsey.j at ix.netcom.com Fri May 14 13:45:22 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Fri, 14 May 2004 16:45:22 -0400 Subject: Can Skype be wiretapped by the authorities? (fwd from em@em.no-ip.com) In-Reply-To: <8FFE548E-A2B1-11D8-B502-0003939F949C@plexus.com> References: <20040510183014.GF15626@acm.jhu.edu> <20040509203640.GT25728@leitl.org> <20040510183014.GF15626@acm.jhu.edu> Message-ID: <5.2.0.9.0.20040514164259.0471a920@pop.ix.netcom.com> At 01:40 PM 5/10/04 -0500, Brian Dunbar wrote: >On May 10, 2004, at 1:30 PM, Jack Lloyd wrote: > >>Like it matters. Do you really think that the government would really allow >>Intel and AMD to sell CPUs that didn't have tiny transmitters in them? >>Your CPU >>is actually transmitting every instruction it executes to the satellites. > >That's a subtle bit of humor, right? Actually, pretty much all unshielded computer hardware effectively has a transmitter in it. Google for "side-channel attacks" "DPA" and "TEMPEST" for more info. That's not a matter of transmitting to the satellites, but it may be a matter of transmitting to the van parked outside your house.... >~~brian --John Kelsey, kelsey.j at ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 From kelsey.j at ix.netcom.com Fri May 14 13:49:26 2004 From: kelsey.j at ix.netcom.com (John Kelsey) Date: Fri, 14 May 2004 16:49:26 -0400 Subject: SASSER Worm Dude In-Reply-To: <020101c4374d$cad0af60$c71121c2@exchange.sharpuk.co.uk> References: Message-ID: <5.2.0.9.0.20040514164633.047199d0@pop.ix.netcom.com> At 12:47 PM 5/11/04 +0100, Dave Howe wrote: ... >I think you are thinking in terms of the American age scale - In england >(and over most of europe although obviously it varies), 18 is old enough >to marry without parental permission, be served in a bar, drive, and be a >practicing homosexual. At 16 you can have hetrosexual relationships, >marry with parental permission, work (and pay taxes) and rent property in >your own name (you can *own* property from 12) Everywhere in the US, you can go to jail for criminal acts when you're 18. It's not clear why writing a computer worm is any different in that regard than fraud or theft. I think that's generally true. In some states, much younger people have been sentenced to death. --John Kelsey, kelsey.j at ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 From rah at shipwright.com Fri May 14 14:30:04 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 14 May 2004 17:30:04 -0400 Subject: In a Road That's All Eyes, the Driver Finds an Ally Message-ID: The New York Times May 13, 2004 WHAT'S NEXT In a Road That's All Eyes, the Driver Finds an Ally By IAN AUSTEN BOUT 12 years ago, Martin Dicks was trapped in dense fog during a harrowing four-hour commute to his job as a firefighter in central London. "Virtually all I could see on the road was a cat's-eye reflector every now and then," Mr. Dicks said, recalling his trip down one of Britain's major highways. "I figured that if I could make the cat's-eyes more visible, I could probably save more lives than I could in the fire service." A back injury forced Mr. Dicks out of the fire department shortly afterward, giving him the time to pursue that goal. His training as an electrical engineer provided the necessary skills. Now, after perfecting illuminated markers that are embedded in the road surface to guide motorists through bad weather or warn of dangerous conditions, Mr. Dicks's company, Astucia Traffic Management Systems, is going a step further. Its latest creation is an embedded stud equipped with a camera that catches speeders, monitors traffic for criminals or stolen cars and even checks for bald tires on the fly. "Nobody knows it's a camera or a speed trap," Mr. Dicks said of his latest creation. Mr. Dicks's original idea was quite simple in concept. He wanted to create an illuminated road marker containing its own power source, a solar cell. At night or in bad weather, light from approaching vehicles would generate enough power to light up the marker, which consisted of light-emitting diodes. An illuminated marker would be more visible than a plain reflector, and the idea was that a car passing over the markers would cause them to stay illuminated long enough so that they would provide a warning trail of lights for any vehicles close behind. The trouble, at first, was the technology available in the early 1990's. Photovoltaic cells were not as efficient as they are today. And at the time, Mr. Dicks recalled, "the concept of a white L.E.D. was nowhere." Working mostly with family members at first, Mr. Dicks produced a prototype marker within two years. He dodged the white L.E.D. problem by combining the glow from red, green and blue arrays. The group not only overcame the limitations of solar cells, but also managed to engineer markers that turned red to warn when the gap between two cars was dangerously small. Mr. Dicks said the technology both impressed and alarmed British government highway officials. "They were frightened about everyone using the product on roads from one end of the country to the other," he said. "They thought it would make their budgets disappear." The first markers cost roughly twice the price of conventional embedded road studs. As a result, their use was restricted at first to especially fog-prone or dangerous sections of roads as well as crosswalks, including some in the United States. Mr. Dicks was not the only person with a desire to illuminate to road markers. After a friend struck and killed a pedestrian in 1991 at a crosswalk in Santa Rosa, Calif., Michael Harrison developed a system that uses flashing L.E.D.'s in the road surface to make crosswalks more visible. The company he founded in 1994, LightGuard Systems, now has about 700 installations in the United States. A study of 100 illuminated crosswalks by Katz, Okitsu & Associates, a traffic engineering firm based in Southern California, estimates that adding the blinking L.E.D.'s to crosswalks can reduce pedestrian accidents by 80 percent. The original Astucia markers were glued onto the road surface. That left them vulnerable to snowplow blades and to constant pounding from car and truck tires. Mr. Dicks wanted to put the markers into holes drilled into the road surface. The key, he said, was finding self-healing resins for the top lenses that would be flush with the surface and subjected to much wear and tear. "It's like running your fingernail on a rubber sheet," he said of the plastics' behavior. "The mark it leaves goes away." Advances in solar-panel technology also allowed Astucia to develop markers that could store electricity all day and then constantly illuminate particularly dangerous sections of roads at night. Other features followed. Optical systems inside the casing are able to monitor the atmosphere for fog. Electrical resistance detectors can check for standing water. The addition of a thermometer allows the marker to predict ice. But getting high-resolution digital cameras into the flush-mounted housings was a more difficult task. It ultimately required the development of a special series of lenses that in effect allowed the camera to look upward and forward from its subsurface location. The cameras (the system can use either normal or infrared sensors) provide remarkably detailed images, according to Mr. Dicks. "You can clearly see everything underneath a vehicle, although I'm not sure why you'd want to do that," he said. The police, however, are likely to be interested in seeing the license plates of vehicles traveling above the speed limit or through red lights. To that end, Astucia has developed a system that is operating on a highway in Scotland. It employs three embedded cameras to give front, rear and side views of passing vehicles. Other embedded sensors project two infrared beams over the road that are used to time traffic and determine its speed. The images and the speed data travel under the road by cable to a computer. It in turn relays the data by satellite to Astucia's offices. The system is currently being used to monitor traffic slowdowns. When it detects them, it turns on illuminated markers farther up the road as a warning. Mr. Dicks said that its speed measurements were accurate within 0.5 percent, well within the tolerances demanded for traffic enforcement. Similarly, he said, the systems can be combined with optical character recognition software to automatically track stolen vehicles or cars believed to be used by suspected criminals or terrorists. The United States branch of Astucia began demonstrating the camera system - which costs about $50,000 for a package of three cameras, sensors and supporting electronics - to police and highway officials less than a month ago. John Kerridge, the subsidiary's president, reported considerable interest in the system for both traffic and broader law enforcement. But he added that public resistance could be one obstacle to its adoption. "We all break the law regarding speeding," Mr. Kerridge said. "The system may leave a bad taste in motorists' mouths at the beginning. But when their insurance starts going down and stolen vehicles start getting recovered, the benefits will overcome that." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri May 14 17:39:02 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 14 May 2004 20:39:02 -0400 Subject: On the Road Again, But Now the Boss Is Sitting Beside You Message-ID: The Wall Street Journal May 14, 2004 PAGE ONE On the Road Again, But Now the Boss Is Sitting Beside You Workers Chafe as Businesses Embrace GPS Trackers; A Cop Caught Napping By CHARLES FORELLE Staff Reporter of THE WALL STREET JOURNAL May 14, 2004; Page A1 After hearing complaints that police officers in Clinton Township, N.J., were doing a lot of loafing, Sgt. John Kuczynski sprang into action. Without telling the patrolmen, the internal-affairs officer installed a global-positioning-system tracking device behind the front grills of several patrol cars in the spring and summer of 2001. Then he used a laptop to keep track of each car's precise movements on detailed maps. Sgt. Kuczynski soon netted five officers loitering over meals or hanging out in parking lots. Their log books indicated they were patrolling the townships' streets or watching for speeders on its three highways. Four of the officers pleaded guilty that year to charges of filing false records and were barred from working in New Jersey law enforcement. A fifth, Barry Krejdovski, a then-28-year-old officer who was literally caught napping on the job, disputed the charges. He was convicted in November on the records violation and a more serious charge that was later set aside. Three of the officers who pleaded guilty are suing the town to get their jobs back. As employers increasingly turn to GPS technology to keep track of their fleets, more workers are balking at having the boss constantly looking over their shoulders. Independent snowplow drivers in Massachusetts staged a demonstration at the state capitol last year after they were required by the state to carry GPS-enabled cellphones. Washington state garbage collectors are protesting the installation of the devices on their trucks. And Teamsters union officials are watching closely to make sure the devices aren't used to punish employees. Developed in the 1970s for military use, GPS relies on a cluster of satellites orbiting 12,500 miles above Earth. The satellites emit coded signals, which a ground-based receiver can pick up to triangulate its own position. GPS trackers remained expensive niche products through much of the 1990s largely because they were difficult to use and it was expensive to relay location data from a moving truck back to a company's home base. Now, thanks to the spread of cheap cellular-phone service, the devices can send the information as easily as a commuter can make a call from the road. Without clear limits on when the devices can be used to track workers, employers are testing the boundaries of GPS. That's especially frustrating to independent-minded workers such as truckers, who have long treasured their freedom from close supervision. Many of those workers are accustomed to being paid for specific performance -- getting a shipment from one place to another, for instance -- and chafe at the idea of having their routes closely tracked. In King County, Wash., the municipal government is installing GPS receivers on the roughly 200 tractors and trailers that haul solid waste between landfills and transfer stations. Theresa Jennings, the county's solid-waste director, says the primary purpose of the system is to improve efficiency. Supervisors, for example, can automatically determine which trailers of trash have been waiting longest at depots. But last year, Teamsters Local 174 filed an unfair-labor-practice charge with the state's public-employee commission, arguing that the installation needs to be subject to collective bargaining. The union contended that drivers have been told they could be in trouble if the tracker reports they are straying from their routes. The union missed a filing date to provide more information, and the charge was dismissed, though the union says it will refile if a driver is disciplined. That hasn't yet happened, and the union has sought written assurance from the county that it won't. George Raffle, the union organizer who was responsible for the filing, says trucks follow set routes, so there's no need to use the GPS devices for routing. A driver might exercise his judgment to avoid a traffic jam or slick roads, but a supervisor might see that as an unauthorized detour to a side road, Mr. Raffle says. The trackers "don't take into account all the unknown factors: road conditions, weather conditions, what's the load," he says. Ms. Jennings says that the county doesn't as yet plan to use GPS tracking to punish drivers, and so no bargaining is necessary to install the trackers. The national Teamsters union is closely watching a plan by United Parcel Service Inc. to include GPS capabilities on its next generation of delivery scanners -- the electronic tablets that store delivery data. A Teamsters spokesman said the union isn't necessarily against the use of tracking technology but stressed that safeguards need to be in place to "ensure that it doesn't result in an invasion of privacy or is used to "get" an employee." UPS officials say the company is as much as two years away from actually using GPS on the scanners. They say that the company would use the technology to improve customer service -- for example, to quickly reroute packages in transit -- and not driver discipline. UPS already has GPS devices on its tractor-trailer trucks, which haul packages between warehouses. Last December, snowplow operators in Massachusetts marched outside the state capitol to protest a new requirement that they carry cellphones with GPS receivers. As independent contractors paid by the hour, they feared the highway department would use the tracking data to unfairly squeeze their payments. Satellite tracking equipment, they complained, could wrongly label a plower stuck in a traffic jam as napping by the side of the road. The Massachusetts highway department said that it is confident the devices can accurately track plowers. After hundreds of plowers packed a rowdy legislative hearing at Boston's State House, the highway department partially backed down. The compromise: Drivers began carrying the GPS phones but are being paid according to the old-fashioned paper timesheets they submit. The contract runs until the end of the year. In Mecklenburg County, N.C., a sprawling district encompassing the Charlotte metropolitan area, officials say a new GPS-enabled dispatch and routing system has shaved 10% off the time it takes ambulances to respond to emergency calls. The system automatically tells 911 dispatchers which ambulance is closest to the call and provides the best route to an address. The system, based on software from California vendor ESRI Inc., also captures historical data about travel speeds, allowing dispatchers to route ambulances around potential rush-hour trouble spots. Sabby Nayar, a marketing manager for MapInfo Corp., a Troy, N.Y., maker of mapping software, says the benefit of GPS trackers on police cruisers is obvious. "If the officer is injured, you know where he is, and you know where his car is," Mr. Nayar says. In Clinton Township, the devices were installed specifically to check up on the officers. Some of the officers were missing for hours at a time, sometimes on daytime shifts, but Mr. Krejdovski was unaccounted for less than two hours in the middle of the night. According to Mr. Krejdovski's activity logs, he checked a residence, a cemetery and a cluster of car dealerships in the early morning hours. But the GPS showed his cruiser, unmoving, for much of that time in a McDonald's parking lot, overlooking a car wash and a Japanese restaurant nestled at the intersection of two highways. The three officers who are suing the town to get their jobs back claim that idling was a department-wide practice in the two-dozen-member force. The activity reports used to build the town's case against them were simply "busy sheets," intended to demonstrate that the officer was on duty, not precise records of his movements, one officer testified at Mr. Krejdovski's trial. They also claim they were deliberately singled out for the tracking because superiors wanted a pretext to get rid of them. The township's attorney declines to comment on the case. Sgt. Kuczynski, the internal-affairs officer, said in an interview that his tracking program "may appear to be extreme" but that the department had a "systemic" absence problem. Mr. Krejdovski, now 31, declined to comment on the case. He testified at his trial that his GPS-tracked nap occurred because he was exhausted from a stomach virus, compounded by the flu medication he was taking. He admitted that he waited until shortly before the end of his shift at 7 a.m. to fill out most of his reports and that they were sloppy and incorrect. "I was just trying to guesstimate at what time I had gone through those areas," he said on the witness stand. Testimony established that his reports deviated from his actual location, as determined by the GPS, for about 76 minutes. Mr. Krejdovski's lawyer, Walter Lesnevich, argued that his client was a young cop who made a mistake and was unfairly swept up in a dragnet aimed at catching more-serious offenders. When he was tracked another night, Mr. Krejdovski's log matched up with the GPS tracker. The jury convicted Mr. Krejdovski on both charges he faced. New Jersey Superior Court Judge Victor Ashrafi was not so convinced. He set aside the jury's verdict on the official misconduct charge -- which would have carried jail time -- and sentenced Mr. Krejdovski to probation and community service. His conviction means he will never be able to work in law enforcement again. The nap, the judge ruled, "did not result in any actual damage or loss to the public, other than the loss of Officer Krejdovski's services during a period of fewer than 90 minutes." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri May 14 17:39:48 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 14 May 2004 20:39:48 -0400 Subject: Wyoming agent develops touted porn tracking software Message-ID: USA Today Wyoming agent develops touted porn tracking software By Sarah Cooke, Associated Press CHEYENNE, Wyo. - A Wyoming law enforcement agent was credited Friday with developing software that weeds out child pornography in file-sharing networks, resulting in at least 1,000 investigations and 65 arrests nationwide. The software, written last year by Division of Criminal Investigation special agent Flint Waters, cracks down on the growing use of "peer-to-peer" or P2P networks. The networks allow users to connect computers directly with one another to exchange files. Officials say they provide greater anonymity than traditional Internet servers that are easier to track. They can also be much quicker and easier to access. "This problem was so widespread that it was clearly easier for a child to obtain these images than it would be for them to buy a magazine depicting adult pornography," Attorney General Pat Crank said Friday. After testing the software last fall, Waters and other DCI officials offered it free of charge to local, state, national and even international law enforcement agencies. The results surprised even the most veteran officers. Images of children as young as 7 years old were being trafficked worldwide through file-sharing networks easily accessible to children, such as Kazaa. Some images took as little as 14 seconds to load. "We hit everyone from 13-year-olds to 55-year-olds with active molests on children," Waters said. Charges against the 65 people arrested so far have included possession and distribution of child pornography and sexual abuse of children. The 1,000 investigations have involved more than 350 searches of computers and other property, officials said. Specific cases include Jimmy Richard Morrison, a California man who faces federal pornography distribution charges in Wyoming alleging he was a P2P client named "Pedokiller." Morrison, of Modesto, Calif., told authorities he used the P2P networks because police were known to be examining Internet chat rooms for child pornography activity, Waters said. "This guy had pictures of two of his victims on an ID card around his neck," Waters said. To date, more than 3,100 computers have been identified exchanging child pornography. Of these, nearly 2,000 were discovered by Wyoming DCI special agents. "Law enforcement has a new tool to combat the targeting of our children for sexual exploitation," Gov. Dave Freudenthal said. "As a governor, and even more so as a parent, I am extraordinarily grateful for the work Special Agent Waters and the Wyoming DCI have done. Their dedication means that purveyors and users of child pornography might have fewer places to hide." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat May 15 13:53:20 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 15 May 2004 16:53:20 -0400 Subject: Bring Us Your Small, Unloved Start-Ups Message-ID: The New York Times May 15, 2004 Bring Us Your Small, Unloved Start-Ups By GARY RIVLIN ilicon Valley is littered with hundreds of former start-ups trapped inside larger technology companies that are no longer happy with the ventures they snapped up in the acquisitions frenzy of the 1990's. Now a pair of Silicon Valley-based venture capitalists have opened an unusual $250 million fund intended to buy and rehabilitate such companies, which Terry Garnett, one of the two founders, calls "the orphaned and the unloved." In some cases, the best candidate for running the newly freed company may turn out to be its original creator. "We've heard from a number of founders," Mr. Garnett said, "who told us, 'Gosh, we sold our business four years ago, and now our baby has been all screwed up and we want it back.' '' The new fund, called Garnett & Helfrich Capital, is expected to occupy a long-needed niche within the technology universe's constellation of venture partnerships and private equity groups. Other entities, like Francisco Partners and Silver Lake Partners, specialize in technology buyouts, but they usually focus on deals priced in the hundreds of millions. Garnett & Helfrich intends to concentrate on deals, generally under $50 million, too small for these multibillion-dollar firms. Traditional venture capital outfits occasionally participate in these kinds of deals, sometimes called carve-outs, but only sporadically and often in partnership with others. "There aren't a lot of venture guys doing tech carve-outs, and none are specializing in it," said Allan Thygesen, a managing director in the Carlyle Group's American-based venture capital fund. "It's sort of a forgotten area." Venture capitalists, Mr. Thygesen and others said, are by temperament far more interested in untested, fledgling companies that stir hopes of striking it rich with a new idea rather than those already freighted with baggage. Mr. Garnett was in his prior job as a general partner at Venrock Associates, the venture arm of the Rockefeller family, when he experienced what he described as his "aha" moment. Along with a partner from Doll Capital Management, he was poised to invest in a new software company that would cloak e-mail messages and instant messaging from everyone but the intended recipient. But then Mr. Garnett and his fellow venture capitalist learned that Network Associates, the computer security company, was looking to sell a unit called PGP, which stands for Pretty Good Privacy, with a similar product already on the market. PGP was a proven technology with a sizable customer base. It was also one of more than 40 companies Network Associates bought over three years starting in 1997 - and one of many acquisitions it was actively seeking to shed after hiring a new chief executive at the start of 2001. Venrock and Doll Capital purchased PGP in August 2002 for "significantly less" than the $36 million Network Associates paid for it five years earlier, said Phillip Dunkelberger, the company's original chief executive and once again in charge of PGP. "That was a real proof of concept for me," Mr. Garnett said. "We were able to recast the product and be cash-flow positive six months after buying it." In February 2003, Mr. Garnett and David Helfrich, then a general partner at ComVentures, met for breakfast at Il Fornaio, a popular restaurant in Palo Alto. The two knew each other casually but had grown closer through their daughters, who enjoyed riding horseback in Woodside, Calif. There Mr. Garnett told Mr. Helfrich about PGP. "I knew I was in trouble after I didn't sleep a wink that night," Mr. Helfrich said. Four months after that first breakfast, the two gave notice at their respective firms. That summer, Grove Street Advisors, which makes venture capital investments on behalf of large institutions and wealthy individuals, became the new fund's first investor. The fund's largest investor is the Harvard Management Company, the university's investment arm. "It's quite unique what the two of them are doing," said Catherine A. Crockett, a founder and general partner at Grove Street. The firm is expecting to do one or two deals a year, and six to eight for the life of the fund, because each will require a great deal of time. Mr. Garnett is a former senior executive at Oracle, the big maker of database software that runs large business systems for many major corporations. Mr. Helfrich was a member of the founding team at Copper Mountain Networks, a maker of equipment for high-speed Internet connections, and his risumi includes turns at the 3Com Corporation and Ascend Communications, two other computer networking equipment makers. Certainly the pool of potential orphans is large. From 1999 to 2001, an average of 3,500 mergers and acquisitions (excluding telecommunications deals) took place each year in the American technology community, according to Thomson Financial. That compares with roughly 500 a year in the early 1990's, and 1,500 or so a year in the mid-1990's. "I have absolutely no doubt these guys face a tremendous supply of deal opportunities," said Roger McNamee, a co-founder of Silver Lake Partners. Whether that will translate into attractive profits for the fund's two founders and its investors is another question. "There's typically a high degree of difficulty in these kind of deals," Mr. Thygesen of Carlyle said. Pricing is one issue, Mr. Thygesen said; typically there are no audited numbers associated with a single product or unit inside a larger company. "Another risk is that you're taking on people who haven't been out there hustling, groveling for a living," Mr. Thygesen said. "They're not necessarily entrepreneurs." Should an investment team choose well, though, "there's the potential for a very high value creation," he added. Both Mr. Garnett and Mr. Helfrich said that they intended in most cases to bring in new management to run the company and they see plenty of available executives in waiting. "Nowadays, it's hard to attract a great management team, especially a great C.E.O., to a start-up," Mr. Helfrich said. "It takes two or three years to get a product out, there are three or four rounds of financing to raise, and the success ratio of start-ups is pretty low." The companies they intend to finance, by contrast, will already have an existing business in place. "It's a lot easier to build a company from $50 million in revenues to $100 million,'' Mr. Helfrich said, "than take something from scratch and build it up to $10 million or $20 million." -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat May 15 14:54:31 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 15 May 2004 17:54:31 -0400 Subject: #331: 05-14-04 DEPARTMENTS OF JUSTICE, HOMELAND SECURITY ANNOUNCE CHILD PORNOGRAPHY FILE-SHARING CRACKDOWN Message-ID: FOR IMMEDIATE RELEASE FRIDAY, MAY 14, 2004 WWW.USDOJ.GOV CRM (202) 514-2008 TDD (202) 514-1888 DEPARTMENTS OF JUSTICE, HOMELAND SECURITY ANNOUNCE CHILD PORNOGRAPHY FILE-SHARING CRACKDOWN Law Enforcement Initiative Targets Child Pornography Over Peer-To-Peer Networks WASHINGTON, D.C. - The Department of Justice, the Federal Bureau of Investigation, the Department of Homeland Securityms U.S. Immigration and Customs Enforcement, and the Internet Crimes Against Children (ICAC) Task Forces today announced a national law enforcement initiative aimed at combating the growing volume of illegal child pornography distributed through peer-to-peer (P2P) file trafficking computer networks. Attorney General John Ashcroft, Assistant Attorneys General Christopher A. Wray of the Criminal Division and Deborah Daniels of the Office of Justice Programs, Department of Homeland Security Assistant Secretary for Immigration and Customs Enforcement Michael J. Garcia, FBI Deputy Assistant Director Keith Lourdeau, Office of Juvenile Justice and Delinquency Prevention Administrator J. Robert Flores and Sgt. Scott Christensen of the Nebraska State Patrol announced the initiative at a news conference this afternoon in Washington. The law enforcement operation, which began in the Fall of 2003, has already resulted in the execution of hundreds of searches nationwide, and the identification of thousands of suspect computers used to access the child pornography. The FBI, ICE and the ICACs have opened more than 1,000 domestic investigations into the distribution and possession of child pornography and conducted more than 350 searches. More than 65 individuals have been arrested and charged with crimes to date as a result of this law enforcement effort, with coordination by the Child Exploitation and Obscenity Section of the Criminal Division at the Department of Justice and U.S. Attorneysm Offices across the country. These cases have charged not only offenses related to the possession and distribution of child pornography, but also sexual abuse of children. Further, the investigations have identified several individuals who have previously been convicted of sex offenses and several registered sex offenders. lNo one should be able to avoid prosecution for contributing to the abuse and exploitation of the nationms children,n said Attorney General Ashcroft. lThe Department of Justice stands side-by-side with our partners in the law enforcement community to pursue those who victimize our children under the perceived, but false, cloak of anonymity that the peer-to-peer networks provide.n lThis aggressive, multi-jurisdictional enforcement action will help bring justice to those who exploit our children,n said Assistant Attorney General Wray. lThis is an impressive demonstration of how law enforcement can effectively address the problem of technology being used to commit illicit and abhorrent crimes against children.n lThe men and women of state and local law enforcement who comprise the 39 Internet Crimes Against Children task forces are to be commended for their efforts that have resulted in over 50 arrests nationwide,n said Deborah Daniels, Assistant Attorney General for the Office of Justice Programs. lThe unprecedented cooperation of law enforcement to track the sale and trade of child pornography over the Internet has made this country a safer place for our children.n lTodayms announcement sends a clear message that the digital environment will not offer sanctity to those pedophiles who lurk in peer-to-peer networks. We will identify you. We will pursue you. We will bring you to justice,n said FBI Director Robert Mueller. lTodayms announcement also raises public awareness to the inherent risks associated with file-sharing networks. Parents must know that access to these networks is free and exposure to child pornography is often a frightening reality.n lICE will use its technical expertise and its legal authorities to target those who would purchase child pornography over the internet or trade in those despicable images," said Michael J. Garcia, Department of Homeland Security Assistant Secretary for Immigration and Customs Enforcement. lBy partnering with our colleagues at the Department of Justice and in local and state law enforcement, we will uncover these transactions and bring the offenders out of the anonymity of cyberspace and into a court of law.n lAs individuals we have a responsibility to provide love and guidance to our children; as a society, we have a collective duty to defend our children from predators who would stalk them,n said J. Robert Flores, Administrator for the Office of Juvenile Justice and Delinquency Prevention. lThe Internet Crimes Against Children task forces were developed to prevent child abuse and punish abusers and this joint effort between local and federal law enforcement will send a strong message to those who would exploit our children.n The multi-agency, multi-jurisdictional P2P initiative, combining the resources of federal, state and local law enforcement, is part of an ongoing effort to keep pace with emerging technologies that are being used to commit, facilitate and even hide crimes. Unlike traditional computer networks, which employ the use of a server to exchange files, peer-to-peer networks allow users to connect their computers directly to one another, without the use of a central server. Once a user installs a peer-to-peer software application on his or her computer, he or she can directly access and search the files designated for distribution on any of the computers that are using the network at that moment in time, and then download desired files to his or her computer. Investigators and agents from the participating agencies used several techniques - including undercover work - to infiltrate the P2P networks and identify those who have distributed and taken possession of child pornography images. Several cases illustrate the scope of the P2P law enforcement operation: * Investigators in California, working with the Wyoming Attorney Generalms Office, Division of Criminal Investigation, identified a P2P client named Pedokiller. Jimmy Richard Morrison, a 40-year-old male from Modesto, California, allegedly had countless images of underage girls on the wall of his bedroom. A search of his computer revealed thousands of images of child pornography, along with photos and videos from actual victims. Morrison admitted knowingly distributing images of child pornography, and when asked why he used the P2P network to distribute images, he replied, lBecause the cops are in the chat rooms.n Morrison was indicted in the Federal District Court of Wyoming for distribution of child pornography, and also charged with other criminal offenses in the Eastern District of California. The suspect is in custody in California pending trial. * Following a P2P investigation by the Nebraska State Patrol, Jeremiah Zalesky of Lincoln, Nebraska, was arrested on state charges of sexually assaulting a child after evidence developed that Zalesky allegedly molested the young daughter of a couple with whom he had been staying. A subsequent search of his computer found 10 images of child pornography. * An FBI investigation in New York led to the identification of a subject who allegedly distributed, received and possessed child pornography using P2P networks. The investigation also found that the subject, Matthew Fling, allegedly molested two girls, ages 6 and 8, during the past four years. An examination of the subjectms computer revealed hundreds of child pornographic images and movies. In February 2004, Fling was indicted in the Northern District of New York on federal charges child pornography charges, and he was arrested in March 2004. State Police officials are handling the sexual abuse allegations. * Earlier this week, a federal grand jury in Houston, Texas, indicted 28-year-old Stephen Alan Gardner on charges of distributing images of child pornography from his home computer, and possession of child pornography. According to court documents, a file containing movies depicting children being sexually assaulted had been made available for sharing from a computer at Gardnerms home using a P2P software program. Gardner is currently being held without bond in the Harris County, Texas, jail on charges filed in the state of Colorado involving the sexual assault of a six-year-old child. * During the course of a multi-state investigation, ICE agents in Arizona received child pornography from a peer-to-peer application user who they later identified as 19-year-old Marlon Winston. During the investigation, Winston indicated that he started using peer-to-peer applications to access music, but later moved on to images and movies of child pornography. Winston used simple search terms to find the materials, and noted that his habit grew by ljust clickingn image after image. Winston was arrested in December 2003, and pleaded guilty to child pornography charges in February of this year. On May 12, 2004, Winston was sentenced to 37 months in prison and three years' supervised release. Winston will be required to register as a sex offender upon his release from prison. Individuals arrested and charged in connection with this initiative are, of course, presumed innocent until proven guilty in a court of law. The maximum federal sentence for the distribution of child pornography is 20 years in prison. The PROTECT Act, enacted on April 30, 2003, also created a mandatory minimum sentence of five years in prison for this crime. If an individual committed a prior sex abuse offense, the mandatory minimum is 15 years in prison and the statutory maximum is 40 years. The following is a brief rundown of the roles played by various agencies in the P2P operation: Internet Crimes Against Children Task Forces In 1998, the Office of Juvenile Justice and Delinquency Prevention (OJJDP) of the Department of Justice funded ICAC Task Forces in jurisdictions all over the country. There are 39 task forces comprised of more than 175 law enforcement agencies. The 39 ICAC Task Forces conducted an undercover investigation code-named lOperation Peerlessn to investigate the distribution of child pornography over the Internet. Undercover operations have identified more than 3,000 computers worldwide sharing child pornography using the P2P networks. To date, ICACs efforts have resulted in the execution of more than 196 search warrants, and 50 arrests. U.S. Immigration and Customs Enforcement, Department of Homeland Security In September 2003, investigators at the ICE Cyber Crime Center in Virginia initiated a P2P operation known as lOperation Peer Pursuitn to target individuals who exchange child pornography images over the Internet using P2P networks. Working with investigators in ICE offices nationwide, ICACs and other law enforcement agencies, ICE investigators have opened 213 cases, identified 46 foreign leads, executed 72 search warrants and arrested 10 individuals responsible for trading tens of thousands of images of child pornography. Operation Peer Pursuit is an outgrowth of Operation Predator, ICEms comprehensive, nationwide initiative designed to protect young people from pedophiles, human traffickers and other predatory criminals. Since its inception in July 2003, Operation Predator has resulted in the arrest of more than 2,600 child sex predators nationwide. The Federal Bureau of Investigation As part of the FBIms P2P operation, codenamed lPeer Pressure,n FBI agents and prosecutors from the Child Exploitation and Obscenity Section of the Justice Department developed a protocol for investigating the distribution of images of child pornography through P2P networks. Agents, acting in an undercover capacity, were able to successfully conduct 166 on-line sessions in P2P networks, targeting individuals who were openly offering multiple child pornography images. Of the 106 subjects identified as a result of the FBI investigation, 32 were determined to have had access to children, three were registered sex offenders and 23 had criminal histories. Most importantly, FBI agents identified and rescued eight children who had been molested. The FBI operation has led to 103 searches to date, the arrest of seven subjects and nine indictments. The Child Exploitation and Obscenity Section of the Criminal Division, U.S. Attorneysm Offices Through the coordinated efforts of the Child Exploitation and Obscenity Section of the Criminal Division and 29 U.S. Attorneysm Offices across the country, more than a dozen defendants have been charged with federal crimes related to child pornography trafficking over P2P networks. For further information about the P2P operations, please contact the following offices: * Department of Justice, Office of Public Affairs, (202) 514-2007 * Office of Justice Programs, for information about ICAC, Office of Communications, (202) 307-0703 * Federal Bureau of Investigation, Office of Public Affairs, (202) 324-3691 * Department of Homeland Securityms Immigration and Customs Enforcement, (202) 514-2648 ### 04-331 -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat May 15 18:34:31 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 15 May 2004 21:34:31 -0400 Subject: Curb electronic surveillance abuses Message-ID: Newsday.com: WARRANTS PROVIDE GUARANTEES Curb electronic surveillance abuses As technological monitoring grows more prevalent, court supervision is crucial BY BRUCE SCHNEIER Bruce Schneier is chief technical officer of Counterpane Internet Security Inc. in Mountain View, Calif. He is the author of "Beyond Fear: Thinking Sensibly About Security in an Uncertain World." May 10, 2004 Years ago, surveillance meant trench-coated detectives following people down streets. Today's detectives are more likely to be sitting in front of a computer, and the surveillance is electronic. It's cheaper, easier and safer. But it's also much more prone to abuse. In the world of cheap and easy surveillance, a warrant provides citizens with vital security against a more powerful police. Warrants are guaranteed by the Fourth Amendment and are required before the police can search your home or eavesdrop on your telephone calls. But what other forms of search and surveillance are covered by warrants is still unclear. An unusual and significant case recently heard in Nassau County's courts dealt with one piece of the question: Is a warrant required before the police can attach an electronic tracking device to someone's car? It has always been possible for the police to tail a suspect, and wireless tracking is decades old. The only difference is that it's now much easier and cheaper to use the technology. Surveillance will continue to become cheaper and easier - and less intrusive. In the Nassau case, the police hid a tracking device on a car used by a burglary suspect, Richard D. Lacey. After Lacey's arrest, his lawyer sought to suppress evidence gathered by the tracking device on the grounds that the police did not obtain a warrant authorizing use of the device and that Lacey's privacy was violated. It was believed to be the first such challenge in New York State and one of only a handful in the nation. A judge ruled Thursday that the police should have obtained a warrant. But he declined to suppress the evidence - saying the car belonged to Lacey's wife, not to him, and Lacey therefore had no expectation of privacy. More and more, we are living in a society where we are all tracked automatically all of the time. If the car used by Lacey had been outfitted with the OnStar system, he could have been tracked through that. We can all be tracked by our cell phones. E-ZPass tracks cars at tunnels and bridges. Security cameras record us. Our purchases are tracked by banks and credit card companies, our telephone calls by phone companies, our Internet surfing habits by Web site operators. The Department of Justice claims that it needs these, and other, search powers to combat terrorism. A provision slipped into an appropriations bill allows the FBI to obtain personal financial information from banks, insurance companies, travel agencies, real estate agents, stockbrokers, the U.S. Postal Service, jewelry stores, casinos and car dealerships without a warrant. Starting this year, the U.S. government is photographing and fingerprinting foreign visitors coming into this country from all but 27 other countries. CAPPS II (Computer Assisted Passenger Prescreening System) will probe the backgrounds of all passengers boarding flights. Over New Year's, the FBI collected the names of 260,000 people staying at Las Vegas hotels. More and more, the "Big Brother is watching you" style of surveillance is becoming a reality. Unfortunately, the debate often gets mischaracterized as a question about how much privacy we need to give up in order to be secure. People ask: "Should we use this new surveillance technology to catch terrorists and criminals, or should we favor privacy and ban its use?" This is the wrong question. We know that new technology gives law enforcement new search techniques, and makes existing techniques cheaper and easier. We know that we are all safer when the police can use them. And the Fourth Amendment already allows even the most intrusive searches: The police can search your home and person. What we need are corresponding mechanisms to prevent abuse. This is the proper question: "Should we allow law enforcement to use new technology without any judicial oversight, or should we demand that they be overseen and accountable?" And the Fourth Amendment already provides for this in its requirement of a warrant. The search warrant - a technologically neutral legal requirement - basically says that before the police open the mail, listen in on the phone call or search the bit stream for key words, a "neutral and detached magistrate" reviews the basis for the search and takes responsibility for the outcome. The key is independent judicial oversight; the warrant process is itself a security measure protecting us from abuse and making us more secure. Much of the rhetoric on the "security" side of the debate cloaks one of its real aims: increasing law enforcement powers by decreasing its oversight and accountability. It's a very dangerous road to take, and one that will make us all less secure. The more surveillance technologies that require a warrant before use, the safer we all are. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sat May 15 18:41:18 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sat, 15 May 2004 21:41:18 -0400 Subject: The Doghouse: IQ Networks (Re: CRYPTO-GRAM, May 15, 2004) In-Reply-To: <4.2.2.20040515034042.00b32c90@127.0.0.1> References: <4.2.2.20040515034042.00b32c90@127.0.0.1> Message-ID: At 3:46 AM -0500 5/15/04, Bruce Schneier wrote: > The Doghouse: IQ Networks > > > >In general, the Doghouse is a showcase for stupid security companies or >products. Snake-oil cryptography, nonsense computer security, that >sort of thing. But this month we have something different: a company >committing out-and-out fraud. > >IQ Networks claims to have an impressive advisory board: Ross Anderson, >Mihir Bellare, Steve Bellovin, Shafi Goldwasser, Peter Gutmann, Doug >Stinson, Ron Rivest, and Markus Kuhn. Unfortunately, none of these >people had ever heard of the company. Nor did they agree to have >content of theirs on the site. They also claim to be involved with the >Honeynet Project -- none of the Honeynet guys had ever heard of them -- >and Password Safe: I've never heard of them, either. > >They have an impressive customer list. I'll bet anything that all of >them are fabrications, too. Oh; they're under investigation by SANS >for pirating SANS training material. > >The rest of the site is also amusing, with a lot of generic security >gobbledygook and not a whole lot of information. The company claims to >do pretty much anything. > >Would you buy your security services from a company that lies about, >um, everything? > > >Website: > > >Customer list (hard to find, and will probably be deleted soon): > > >Peter Gutmann sent this link to me a few weeks ago, and has challenged >the company about their use of his name. In response, the company has >pulled their list of technical advisors from its website. It forgot, >however, to pull the list from the Spanish website. > >Look quickly, I expect it will be gone soon. > >You can also look them up on archive.org, which has saved the company's >list of advisors (also in Spanish) from 2003. (This website is great >for finding old versions of webpages, or webpages that are no longer >around.) >tml> or -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Sun May 16 05:48:03 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Sun, 16 May 2004 08:48:03 -0400 Subject: Card Seem at Risk? Try a Stunt Double Message-ID: The New York Times May 16, 2004 SPENDING Card Seem at Risk? Try a Stunt Double By JENNIFER BAYOT FTER days of searching the Internet, Gen Tanabe of Palo Alto, Calif., found the rare 19th-century memoir he wanted to buy for his father for Christmas last year. But he had no intention of giving the Web site his credit card number. "The site looked like it might have been run by a teenager in a back room," said Mr. Tanabe, who writes books about college planning and financial aid. "I didn't know how secure it was, or what they would do" with the number. Online vendors typically encrypt credit card numbers at their Web sites, but the numbers must be decoded later to receive payment. And they are often stored in databases that may be vulnerable to hackers or dishonest employees long after the purchase. What if there was a way to fool those who would try to fool us, so that purchases could be made online without any danger of card numbers falling into the wrong hands? A few companies are trying such a plan: think of it as the stunt-double approach to online shopping. Anyone with a credit card from Citibank, MBNA or Discover can request a temporary account number for use when buying online, by telephone or mail order. The temporary numbers are linked to customers' real accounts, but they generally expire after one use, unless the cardholder requests otherwise - for example, by placing a spending limit on the number. Cardholders can get these numbers in one of two ways, depending on their issuer. They can download software that generates such numbers upon request or upon detecting that a cardholder is at the checkout page of an online retailer. Or, in the case of Citibank, which is owned by Citigroup, they can also register online, then revisit the company's site each time they want a new number. To avoid giving his real card number to that small online bookstore, Mr. Tanabe, 32, used a temporary number to buy the present for his father. "I probably wouldn't have bought it otherwise," he said. The temporary numbers can also prevent retailers from renewing purchases like magazine subscriptions or gym memberships without issuing reminders. Many customers forget that vendors may automatically charge their customers' credit cards for such recurring fees. Fraud remains a big concern for many online shoppers. In a survey of 12,000 consumers at the end of 2003, Forrester Research, based in Cambridge, Mass., found that about two-thirds were "very or extremely concerned" about the theft of their credit card numbers during online activity. Chris Hoofnagle, a lawyer for the Electronic Privacy Information Center in Washington, says such temporary numbers ease those worries. Mr. Hoofnagle says he has used them himself, to prevent online retailers from keeping his card number in their files. "If the company stores your credit card number, that database just becomes a honey pot" for hackers, he said. The temporary numbers, he said, also make him more comfortable buying from newer or unfamiliar vendors. The free service has been available for more than a year, but few people seem to know about it. "I think if you interview 100 consumers, you'll find 100 consumers who've never heard of it," said John Gould, director of consumer lending and bank cards for the TowerGroup, a research company based in Needham, Mass., that was acquired recently by MasterCard. Industry analysts say consumers tend to rely on other protections - including the card companies' promise not to charge them for fraudulent transactions. Last month, in fact, American Express stopped offering its temporary-numbers program, called Private Payments, saying that other safety features already offered plenty of fraud protection. Some consumers may think that their credit card accounts are safe because retailers encrypt their card data at the time of purchase. Though the numbers may then be safe in transit, retailers must still decode the numbers to collect payment. Mr. Gould says it is impossible to ensure that all retailers take the next step: encrypting the numbers again, according to rules set by the card networks. "This is too big a territory to patrol; in the U.S. alone, you've got over 400,000 merchants online," he said. "You've always got the issue of the merchant who is careless. But the real problem is, you've got the merchant who's a fraudster, whose intent is to steal your information." ANALYSTS also suggest that the card issuers have done little to promote the feature because customers pay nothing for it. But the companies say that the numbers are still relatively new and need time to catch on, especially because their use requires some effort. "And since it's not being offered by every issuer, you just don't have the repetition or frequency to get people talking about it," said Steve Furman, director of marketing e-commerce at Discover Card. Although many consumers say they worry about fraud risks, some may not want to bother with temporary account numbers. "Consumers will tell you one thing and do another," said James F. McCarthy, senior vice president for emerging products at Visa. "There is only so much they will do to protect themselves." Citibank refers to its temporary numbers as virtual account numbers; information is available at www.citibank.com/us/cards/tour/ cb/shp_van.htm. Discover, meanwhile, calls them single-use numbers and offers them on its Deskshop page (www2.discovercard.com /deskshop). MBNA customers can create the numbers through the company's online ShopSafe program (www.mbnashopsafe.com). The companies have tried to make the numbers easier to use. A cardholder can now charge monthly phone bills and other recurring payments to the same disposable number, rather than entering a new one each time. Similarly, a cardholder can register a number with a favorite merchant for continued use only with that merchant. "You'll never need to reveal your actual credit card number again," said Amy Radin, executive vice president for the e-business unit of Citi Cards, a division of Citigroup. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From cyphunk at bsd.org.il Sun May 16 03:47:00 2004 From: cyphunk at bsd.org.il (Nathan Fain) Date: Sun, 16 May 2004 12:47:00 +0200 Subject: GoodIdea||BadIdea: Ayers Island Challenge? Message-ID: <40A746A4.7090301@bsd.org.il> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://www.wired.com/news/privacy/0,1848,63316,00.html "This is going to push the envelope on a lot of fronts," said George Markowsky, president of Ayers Island LLC. "The goal is to detect anyone coming onto the island at any point, and to follow them if they exhibit suspicious behavior." When an envelope is pushed, especially in this case, it does so ALL fronts. The scenario is that *Man creates best-of surveillance and Good-vs-Evil differential/profiling system* with the reaction from this being *Evil changes to look more like Good*. Leaders and people alike often don't see validity in the second. Now don't get me wrong, I want the Ayers Island project to happen. I believe the work put in to this island and the boundaries it will push have already been pushed and are essential if not inevitable to happen in a more public manner. I'm just trying to find a way to use this to remind people of the forgotten effects. So, I'm curious if anyone would want to work together in building a simple online forum for chronicling the eventual subversion of their profiling system? The objective would be to track vulnerabilities in the methods used to determine "suspicious behavior" more so than technical vulnerabilities (such as, say, the fence system.) It would not be directly involved with any activity itself. Example content might be a story from someone that found a way to roam with a false ID, or no ID at all... or footage of reverse surveillance (see: http://wearcam.org/acm_mm96.htm ) fain://nathan http://cypherpoet.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3-nr1 (Windows XP) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFAp0ahveagdEkPM4ARAt2TAKCP/rB5ORnqId+dIAXlB1ivng1ljgCfdKSe qObiGrp0/K4ID/fkPW+jjKw= =j1JH -----END PGP SIGNATURE----- From shaddack at ns.arachne.cz Sun May 16 17:34:13 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Mon, 17 May 2004 02:34:13 +0200 (CEST) Subject: Diffie-Hellman question Message-ID: <0405170225070.-1252017356@somehost.domainz.com> I have a standard implementation of OpenSSL, with Diffie-Hellman prime in the SSL certificate. The DH cipher suite is enabled. Is it safe to keep one prime there forever, or should I rather periodically regenerate it? Why? If yes, what's some sane period to do so: day, week, month? If the adversary has a log of a passively intercepted DHE-RSA-AES256-SHA secured SSL communication, presuming the ephemeral key was correctly generated and disposed of after the transaction, will the eventual physical retrieval of the DH prime (and the rest of the certificate) allow him to decode the captured log? I am rather inexperienced in this area, don't want to make a mistake, and generation of 2048-bit primes is CPU-hungry enough to not decide to just throw it in without a good reason. From rah at shipwright.com Mon May 17 09:02:40 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 17 May 2004 12:02:40 -0400 Subject: US to Collaborate With Interpol On Passport Data Message-ID: US to Collaborate With Interpol On Passport Data This Day (Lagos) NEWS May 16, 2004 Posted to the web May 17, 2004 By Nneoma Ukeje-Eloagu Washington DC US Department of State weekend announced a new programme that would contribute substantially to worldwide travel document security and ability to impede the movement of terrorists and other criminals. To accomplish this, America is joining many other countries in providing current information on issued passports reported lost or stolen to the Interpol, lost and stolen document database which is available to border authorities worldwide. A statement from the department explained that under the programme, issued US passports, reported lost or stolen, are immediately invalidated, added to an electronic database, and may not be used for travel. However to protect the original passport holder's privacy, the name and biographical data from the passport would not be given to Interpol. Only the passport number, country of issuance and document type would be provided to Interpol. During the processing of travelers' documents at ports of entry, if a hit occurs against the Interpol database, the hit would be verified with US authorities before action is taken against the bearer of such a passport, the department further explained. Travel document fraud, including the fraudulent application and use of the US passport, represents a serious and growing threat to US national security and it is believe this new program is a significant step in the direction of curbing not only terrorism, but also identity theft and other types of identity fraud US citizens are encouraged to notify the department of the loss or theft of their passport at the earliest possible moment as a measure of preventing misuse of the document and identity theft. It said US citizens could obtain information on how to report a passport lost or stolen by consulting the Department's Bureau of Consular Affairs website http://travel.state.gov while US citizens traveling or residing abroad should contact the nearest Embassy or Consulate abroad to report loss or theft of their passport. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Mon May 17 11:32:34 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Mon, 17 May 2004 14:32:34 -0400 Subject: EU seeks quantum cryptography response to Echelon Message-ID: Network World Fusion EU seeks quantum cryptography response to Echelon By Philip Willan IDG News Service, 05/17/04 The European Union is to invest $11 million ($13 million) over the next four years to develop a secure communication system based on quantum cryptography, using physical laws governing the universe on the smallest scale to create and distribute unbreakable encryption keys, project coordinators said Monday. If successful, the project would produce the cryptographer's holy grail -- absolutely unbreakable code -- and thwart the eavesdropping efforts of espionage systems such as Echelon, which intercepts electronic messages on behalf of the intelligence services of the U.S., the U.K., Canada, New Zealand and Australia. "The aim is to produce a communication system that cannot be intercepted by anyone, and that includes Echelon," said Sergio Cova, a professor from the electronics department of Milan Polytechnic and one of the project's coordinators. "We are talking about a system that requires significant technological innovations. We have to prove that it is workable, which is not the case at the moment." Major improvements in geographic range and speed of data transmission will be required before the system becomes a commercial reality, Cova said. "The report of the European Parliament on Echelon recommends using quantum cryptography as a solution to electronic eavesdropping. This is an effort to cope with Echelon," said Christian Monyk, the director of quantum technologies at the Austrian company ARC Seibersdorf Research and overall coordinator of the project. Economic espionage has caused serious harm to European companies in the past, Monyk said. "With this project we will be making an essential contribution to the economic independence of Europe." Quantum cryptography takes advantage of the physical properties of light particles, known as photons, to create and transmit binary messages. The angle of vibration of a photon as it travels through space -- its polarization -- can be used to represent a zero or a one under a system first devised by scientists Charles Bennett and Gilles Brassard in 1984. It has the advantage that any attempt to intercept the photons is liable to interfere with their polarization and can therefore be detected by those operating the system, the project coordinators said. An intercepted key would therefore be discarded and a new one created for use in its place. The new system, known as SECOQC (Secure Communication based on Quantum Cryptography), is intended for use by the secure generation and exchange of encryption keys, rather than for the actual exchange of data, Monyk said. "The encrypted data would then be transmitted by normal methods," he said. Messages encrypted using quantum mechanics can currently be transmitted over optical fibers for tens of kilometers. The European project intends to extend that range by combining quantum physics with other technologies, Monyk said. "The important thing about this project is that it is not based solely on quantum cryptography but on a combination with all the other components that are necessary to achieve an economic application," he said. "We are taking a really broad approach to quantum cryptography, which other countries haven't done." Experts in quantum physics, cryptography, software and network development from universities, research institutes and private companies in Austria, Belgium, Britain, Canada, the Czech Republic, Denmark, France, Germany, Italy, Russia, Sweden and Switzerland will be contributing to the project, Monyk said. In 18 months project participants will assess progress on a number of alternative solutions and decide which technologies are the most promising and merit further development, project coordinators said. SECOQC aims to have a workable technology ready in four years, but will probably require three to four years of work beyond that before commercial use, Monyk said. Cova was more cautious: "This is the equivalent of the first flight of the Wright brothers, so it is too early to be talking already about supersonic transatlantic travel." The technological challenges facing the project include the creation of sensors capable of recording the arrival of photons at high speed and photon generators that produce a single photon at a time, Cova said. "If two or three photons are released simultaneously they become vulnerable to interception," he said. Monyk believes there will be a global market of several million users once a workable solution has been developed. A political decision will have to be taken as to who those users will be in order to prevent terrorists and criminals from taking advantage of the completely secure communication network, he said. "In my view it should not be limited to senior government officials and the military, but made available to all users who need really secure communications," Monyk said. Banks, insurance companies and law firms could be potential clients, Monyk said, and a decision will have to be made as to whether and how a key could be made available to law enforcement authorities under exceptional circumstances. "It won't be up to us to decide who uses our results," said Milan Polytechnic's Cova. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From justin at soze.net Mon May 17 10:27:08 2004 From: justin at soze.net (Justin) Date: Mon, 17 May 2004 17:27:08 +0000 Subject: Iraq developments Message-ID: <20040517172708.GA22563@dreams.soze.net> Politics in action... acting president of the Iraqi council is assassinated; coalition finds "small amounts of" sarin released from an exploding shell in Iraq. What's next, we steal all their remaining chemical weapons and bring them and our military home? -- "Not your decision to make." "Yes. But it's the right decision, and I made it for my daughter." - Bill, Beatrix; Kill Bill Vol. 2 From DaveHowe at gmx.co.uk Mon May 17 09:37:08 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Mon, 17 May 2004 17:37:08 +0100 Subject: Vulnerability in the WinZip implimentation of AES? Message-ID: <002801c43c2d$356f0680$c71121c2@exchange.sharpuk.co.uk> http://www.cse.ucsd.edu/users/tkohno/papers/WinZip/ Abstract: WinZip is a popular compression utility for Microsoft Windows computers, the latest version of which is advertised as having "easy-to-use AES encryption to protect your sensitive data." We exhibit several attacks against WinZip's new encryption method, dubbed "AE-2" or "Advanced Encryption, version two." We then discuss secure alternatives. Since at a high level the underlying WinZip encryption method appears secure (the core is exactly Encrypt-then-Authenticate using AES-CTR and HMAC-SHA1), and since one of our attacks was made possible because of the way that WinZip Computing, Inc.~decided to fix a different security problem with its previous encryption method AE-1, our attacks further underscore the subtlety of designing cryptographically secure software. From jtrjtrjtr2001 at yahoo.com Mon May 17 21:29:51 2004 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Mon, 17 May 2004 21:29:51 -0700 (PDT) Subject: Diffie-Hellman question In-Reply-To: <0405170225070.-1252017356@somehost.domainz.com> Message-ID: <20040518042951.84946.qmail@web21207.mail.yahoo.com> hi, In Diffie Hellman key exchange we choose a large prime in Fp. The prime is publicly known,so is g,preferably a generator in Fp*. The reason that you might need to change the prime frequently is only if you donot choose g(element of)Fp to be a generator in Fp or the prime field be too small. If the attacker knows the prime factorization of p-1, where p-1=q_1*q_2*...*q_n,he can compute which of g^((p-1)/q_i)== 1 mod p and determine the order of g. If it has a lower order, the attack is easier. If you choose g of maximum order in Fp, then you will have maximum security. > physical retrieval of the DH prime (and the rest of > the certificate) allow > him to decode the captured log? The diffie-hellman key exchange works under the assumption that knowing only g^a and g^b, it is computationaly infeasible for the attacker to calculate g^(ab) and breaking it is conjenctured to be as hard as the discrete log problem. Sarath. __________________________________ Do you Yahoo!? SBC Yahoo! - Internet access at a great low price. http://promo.yahoo.com/sbc/ From richard at highwayman.com Mon May 17 15:15:46 2004 From: richard at highwayman.com (Richard Clayton) Date: Mon, 17 May 2004 23:15:46 +0100 Subject: [Asrg] 3. Proof-of-work analysis Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I hope this is useful: I'm in the Security Group of the Computer Laboratory at the University of Cambridge. Ben Laurie (yes, that Ben Laurie) and I have recently been doing some sums on proof-of-work / client puzzles / hashcash methods of imposing economic constraints upon the sending of spam... Ben wanted to know how big a proof was needed for a practical scheme he was considering -- and I told him it wasn't going to work. We then carefully worked through all the calculations, using the best data that we could obtain -- and we did indeed come to the conclusion that proof-of-work is not a viable proposal :( The paper we wrote about this was presented last week in Minneapolis at the (academic, peer-reviewed) "Third Annual Workshop on Economics and Information Security" (WEAS04) We've doubtless duplicated the figures on the back of many an envelope, but it is clearly useful to have the analysis in the formal literature where our assumptions and figures can be considered and possibly even improved upon by others. Paper: http://www.cl.cam.ac.uk/~rnc1/proofwork.pdf Slides from talk: http://www.cl.cam.ac.uk/~rnc1/talks/040514-ProofWork.pdf Abstract: A frequently proposed method of reducing unsolicited bulk email ("spam") is for senders to pay for each email they send. Proof- of-work schemes avoid charging real money by requiring senders to demonstrate that they have expended processing time in solving a cryptographic puzzle. We attempt to determine how difficult that puzzle should be so as to be effective in preventing spam. We analyse this both from an economic perspective, "how can we stop it being cost-effective to send spam", and from a security perspective, "spammers can access insecure end-user machines and will steal processing cycles to solve puzzles". Both analyses lead to similar values of puzzle difficulty. Unfortunately, real- world data from a large ISP shows that these difficulty levels would mean that significant numbers of senders of legitimate email would be unable to continue their current levels of activity. We conclude that proof-of-work will not be a solution to the problem of spam. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- For the avoidance of doubt, the type of scheme we believe we have shown is not viable is one where all email (except "mailing list" email) carries a "proof-of-work" along with it. It may be that it is still sensible to consider composite schemes where puzzles are only solved per sending host or where receivers use puzzles to admit senders into whitelists... ... however, we would consider it incumbent on any proposer of such a scheme to do similar calculations to ours before putting it forward. [ off-topic for here, but we also suspect that a number of proof- of-work schemes in peer-to-peer networks would fall to our type of real-world analysis :( people tend to use client puzzles as a kind of "magic fairy dust" to scatter over systems when they get stuck in their design :( ] - -- richard Richard Clayton They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. Benjamin Franklin -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBQKk5khfnRQV/feRLEQIcyACcCrGw1ZZIHV+qP7AZy9M8XJU4920AnjcW M35kvXsj8cv/ujtY9xpf79av =wEUV -----END PGP SIGNATURE----- _______________________________________________ Asrg mailing list Asrg at ietf.org https://www1.ietf.org/mailman/listinfo/asrg --- end forwarded text --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jtrjtrjtr2001 at yahoo.com Tue May 18 02:48:25 2004 From: jtrjtrjtr2001 at yahoo.com (Sarad AV) Date: Tue, 18 May 2004 02:48:25 -0700 (PDT) Subject: Diffie-Hellman question In-Reply-To: Message-ID: <20040518094825.81889.qmail@web21202.mail.yahoo.com> If your > prime is 2000 bits, > then that should be safe for the foreseeable future, > unless quantum > computers turn out to be practical for breaking > moduli of this size. Discrete Logarithms in GF(2^607)have been calculated over polynomial basis. http://listserv.nodak.edu/scripts/wa.exe?A2=ind0202&L=nmbrthry&F=&S=&P=2568 Sarath. __________________________________ Do you Yahoo!? SBC Yahoo! - Internet access at a great low price. http://promo.yahoo.com/sbc/ From rsw at jfet.org Tue May 18 02:18:06 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Tue, 18 May 2004 05:18:06 -0400 Subject: al-qaeda.net node downtime Message-ID: <20040518091806.GA1934@jfet.org> I'm moving from Massachusetts to Texas, and unfortunately that means that my machine's connectivity will be in a state of flux for a while. Unless someone has a machine with a (fast, static) connection on which they want to let me host the node temporarily, al-qaeda.net will be down for some (unspecified, but hopefully not too long) time while I move. If you do have a place to put the node (I believe measl at mfn.org once offered such a machine, but perhaps things have changed), let me know within the next day or two and I'll move everything over before I leave. -- Riad Wahby rsw at jfet.org MIT VI-2 M.Eng From cripto at ecn.org Mon May 17 22:45:42 2004 From: cripto at ecn.org (Anonymous) Date: Tue, 18 May 2004 07:45:42 +0200 (CEST) Subject: Reusable hashcash for spam prevention Message-ID: <46b4a65fcf0000e0905b4e2b8cb78597@ecn.org> Recently someone proposed a system which combined ecash and hashcash for email postage. The effect is to get a form of reusable hashcash. Here is some analysis. There are already proposals and even some working code for hashcash email postage. See http://www.camram.org/. This is intended as an anti-spam measure. The idea is that to send email, the sender has to create a "proof of work" token, something which takes a relatively long time to compute but which can be checked quickly. The simplest proposal is a hash collision, as suggested by Adam Back at http://www.hashcash.org/. Spam filter software could be configured so that email containing a valid hashcash token would be presumptively viewed as non-spam. Most non-spammers have low volumes of outgoing mail and so they can generate the necessary hashcash at mail sending time, introducing only a modest delay. Spammers however rely on being able to send enormous volumes of email practically for free, so having to expend potentially several minutes of CPU time for each outgoing email would make their actions unprofitable. The alternative being proposed here is to let there be a way of exchanging hashcash tokens for ecash-like tokens at one or more trusted servers. These ecash tokens would not actually be "cash" any more than is hashcash, i.e. they would not have a specific monetary value, nor would the ecash servers exchange ecash tokens for cash. Rather, ecash tokens would be exchangeable only for other such tokens, and they could also be "purchased" with hashcash. These ecash tokens would then be used as a sort of postage stamp, instead of the straight hashcash tokens in Camram. There is not a particularly strong need for the ecash tokens to be blinded or unlinkable, since the value of them is so low. The servers just need a way to distinguish good and unspent ecash from bad or spent ecash. However if they are used and reused for email postage, allowing linkable tokens would show who was sending mail to whom, infringing email privacy. Hence it would be desirable for the tokens to be unlinkable, which will be possible after the Chaum patent expires in 2005. This is not a crypto anarchy system which would bring down the government and usher in a cypherpunk utopia. The value of these cash tokens would be small, pennies at best. However it represents an adaptation of ecash technology for a useful purpose and it would potentially introduce a limited form of cash-like tokens into widespread use. This system has pros and cons in terms of spam resistance, versus the straight hashcash approach. The biggest difference is that this system allows for effective reuse of tokens. You receive a token in an incoming email, you exchange it at the server for a new one (validating it in the process), and you use the new one to send out a message. Reuse is not possible with straight hashcash, because if people could reuse them, then people could double-spend them. If hashcash reuse were allowed, a spammer could generate a single hashcash token and put identical copies in all of his outgoing email. In order to prevent reuse, hashcash tokens must include enough information embedded in the hash collision to make them unique for a particular message. Typically this would include the recipient's email address, date/time information, and possibly even a message body hash. Hashcash verification involves checking not only the mathematical validity of the collision, but that these embedded fields are correct, as well. The implication of this requirement is that the hashcash token cannot be generated in advance, but must be created at the time the mail is sent. This reduces the acceptable amount of time required for a typical user to create it. If hashcash could be precomputed overnight, it might be okay to take even an hour to produce a token. But if it has to be done at mail sending time, only a much lower time limit will be acceptable. As a result, the size of hashcash collisions has to be set low enough for end users to generate a token in no more than a few seconds or minutes at most. And this increases the chance that spammers may be able to incorporate economies of scale and generate hashcash fast enough to make spamming still be economical. Some analyses suggest exactly this possibility - see for instance http://www.dtc.umn.edu/weis2004/clayton.pdf. Making hashcash reusable by exchanging it for ecash tokens would fix this problem. Instead of the hashcash including information within it to prevent double use, this would be handled by validating the ecash or hashcash at the server to make sure it had not been used before. Now, this means that the spam filter must make an Internet access to check validity, which was not necessary with straight hashcash. However, most spam filters today make many Internet accesses, to check black lists and other communal resources intended to fight spam. Adding a check to validate an ecash token would not change the basic functionality of the spam filter, or materially slow down its operation. Preventing reuse via this method means that hashcash will no longer have to embed the destination and mail-sending times as it does now. This will allow hashcash to be precomputed, and therefore much larger computation thresholds will be acceptable for widespread use. These larger thresholds will make the spammers' jobs that much harder. Another reason why a larger threshold will work is because people will have other ways of getting ecash tokens besides computing hashcash. The most obvious would be reusing tokens in incoming email. Anyone who gets about as many (non-spam) emails as he sends, which is probably the case for most people, would have little or no need to compute hashcash tokens. Spammers, however, send vastly more email than they receive, hence they would not be able to benefit from this shortcut. Switching from hashcash to ecash allows a single hashcash token to be the foundation for the ecash used to send many pieces of email, sequentially. This is another advantage of ecash: it is far less wasteful of compute resources. Hashcash is thrown away after each use. Ecash is conserved and reused. Eventually we may find that our computer cycles are important and valuable enough that wasting several minutes of computation on every outgoing email is unacceptable. In the long run we need something more like ecash than hashcash for email postage. If this system became widespread, it's likely that there will be another way of getting ecash tokens. You will be able to buy them. I proposed above that the ecash server would not be in the business of buying and selling, only exchange. But that wouldn't stop other people from selling ecash tokens. Initially this might be done on a small scale via eBay and Paypal, just like people sell virtual gold and armor from Everquest. Later companies could spring up which would sell tokens on a larger scale, all major credit cards accepted. The reason for such markets is that some people would have a need for many ecash tokens, and others would have a surplus of such tokens. People with extra tokens would include those who receive a lot of email; students and researchers who have access to unused server farms where they can generate many coins during off hours; and pirates who have broken into end user computers and commandeered them to compute coins, without the owners even knowing it. People who want to buy tokens would include legitimate businesses with opt-in email lists, and spammers. It may appear that this system will degenerate into one where hackers break into systems and generate coins, which are then sold to spammers. We would get the worst situation possible, where computer thieves have even more incentive than they do today to attack systems (since they will be able to make money at it), and spammers are still as much of a problem as ever. However, I don't see this outcome as likely. First, even if such a market appeared, the spammers wouldn't be getting their tokens for free. They'd still have to pay to get them from the computer hackers. Even a modest fee would enormously increase the per-message cost for the spammers, who are often sending tens of thousands of messages at a time. Spam is not going to be made profitable by such a market. And second, once people start to realize that their unused computer cycles are at least slightly valuable, they are more likely to take steps to protect them. Grad students who misuse server farms to generate stamps are going to get in trouble, once the Uni realizes that this is theft of something valuable. End user break-ins will be more noticeable if the system is busy all the time generating stamps, and owners will have more motivation to police their systems and keep them updated if they know they could be losing money. (I also believe that we will have much more secure end-user machines in a year or two with the next generation of software, which will make this even less of an issue.) What we are likely to see is that commercial email advertising will continue, but not in the form of the absurd, scatter-shot spam we see today, with ads for medications carefully misspelled to evade filters. For email advertising to be effective in the future, response rates must rise, which means it will be crafted and targeted. Your spam email will be on subjects that interest you, it will be legible and literate, and won't be such an annoyance. That seems like an acceptable balance between freedom of communication and efficient use of email. If we do see ecash postage being bought and sold for small sums, then it could evolve into a micropayment architecture good for other purposes as well. You're not going to be able to efficiently pay someone thousands of dollars for some illicit activity using two-penny stamps. But maybe you could send a few dozen stamps to a starving musician each time you download one of his songs, and that could make a difference for him if all his fans did that. There are other issues to consider, which are also discussed in the hashcash proposals. Over time the threshold for postage needs to be raised, as Moore's Law makes stamp generation cheaper. And users would have to instruct their spam filters to white-list any email lists they sign up for (a process which should be automated) as mailing list exploders wouldn't generate stamps for each subscriber. The biggest problem, of course, is belling the cat: convincing spam filter makers to include hashcash and/or ecash as a filtering mechanism, and providing options to include it in outgoing email. There is an IRTF (related to the IETF, the technical governing body of the Internet) task force studying anti-spam technology, http://asrg.sp.am/, and maybe someone could propose these ideas there for comment. It might be possible to write plugins based on the Camram work that could be used as a proof of concept. The technical implementation is not the hard part. The real work is in deciding whether this technology would accomplish our goals, and then convincing people that it is worthwhile installing it. Given that the spam problem shows no sign of abating, hopefully it will be possible to make progress on this issue. From cripto at ecn.org Mon May 17 23:01:12 2004 From: cripto at ecn.org (Anonymous) Date: Tue, 18 May 2004 08:01:12 +0200 (CEST) Subject: Diffie-Hellman question Message-ID: Thomas Shaddack writes: > I have a standard implementation of OpenSSL, with Diffie-Hellman prime in > the SSL certificate. The DH cipher suite is enabled. > > Is it safe to keep one prime there forever, or should I rather > periodically regenerate it? Why? If yes, what's some sane period to do so: > day, week, month? > > If the adversary has a log of a passively intercepted DHE-RSA-AES256-SHA > secured SSL communication, presuming the ephemeral key was correctly > generated and disposed of after the transaction, will the eventual > physical retrieval of the DH prime (and the rest of the certificate) allow > him to decode the captured log? The DH prime is not secret, and will not in general allow an adversary to decode the message. Only the private parts of the ephemeral DH keys used by the two sides are secret, and they are destroyed after use. The only theoretical concern is that if the DH prime were small enough, an adversary at some time in the future might be able to break the DH key exchange by calculating discrete logs mod the prime. To within a few orders of magnitude, this is thought to be equally as difficult as breaking an RSA modulus of the same size. If your prime is 2000 bits, then that should be safe for the foreseeable future, unless quantum computers turn out to be practical for breaking moduli of this size. In the unlikely event that it becomes possible to break the DH exchange by attacking the DH prime in this manner, then all key exchanges that were done using that prime would be broken (assuming they were recorded for later analysis and attack). The main work of the break is directed towards the prime itself. Once that is done, there is little additional work to break a key exchange which used that prime. This is the only reason you might want to think about changing DH primes occasionally, so that if some super technology of the future were able to attack even your 2000 bit prime, at least they'd have to run their program a few times rather than just once. But really, that's not much of a security gain, as you're only increasing the attacker's costs by a relatively small factor. And at this point the attack would have to be viewed as extremely speculative anyway. So there's not much reason to change your prime. This is unlike the case with RSA moduli, where you not only have this very hypothetical risk of a future technology breakthrough to allow factoring, but you also have to face the genuine threat that the private key will be exposed or stolen. Once that happens, all past messages encrypted with the key will be revealed. There are good reasons to change RSA moduli regularly for this reason (of course, most people don't do it anyway, because of our poor key management tools). But with DH primes, that is not a concern, as there is no long-term secret to be lost. All you have to worry about is a discrete log breakthrough, and that's not something to lose any sleep over. From rah at shipwright.com Tue May 18 08:17:30 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 18 May 2004 11:17:30 -0400 Subject: Reusable hashcash for spam prevention Message-ID: --- begin forwarded text From rah at shipwright.com Tue May 18 08:18:03 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 18 May 2004 11:18:03 -0400 Subject: Reusable hashcash for spam prevention Message-ID: --- begin forwarded text From fm at st-kilda.org Tue May 18 06:41:16 2004 From: fm at st-kilda.org (Fearghas McKay) Date: Tue, 18 May 2004 14:41:16 +0100 Subject: Reusable hashcash for spam prevention Message-ID: This was posted on the ASRG list - the IRTF Anti Spam Research Group list, which at first reading indicates that the future for Hashcash/Camram may be limited. Eric Johansson the camram developer has some different numbers which he has just run that I will dig out and forward. f --- begin forwarded text From fm at st-kilda.org Tue May 18 06:41:31 2004 From: fm at st-kilda.org (Fearghas McKay) Date: Tue, 18 May 2004 14:41:31 +0100 Subject: Reusable hashcash for spam prevention Message-ID: and the data that Eric S. Johansson got: -=-=- forwarded text -=-=- this is frustrating. I have run through the exact same calculations and come up with a very different answer. The answers I came up with the show that at worst case, spammers with zombies would almost have enough horsepower to generate enough stamps. one of the difficult aspects of this is that I have not been able to get hard numbers on the number of zombies (it varies by an order of magnitude at least depending on the source) as I said at my MIT anti-spam conference talk, I do agree that proof of work stamps are not a panacea but they are an important component in the "drug cocktail" used to attack spam. that's why I tried very hard to build camram to be able to incorporate other anti-stamp techniques or work in conjunction with them. Another impression of a shortcoming is that they mix and match economic models. I need to go through in greater detail to find out if they have found something I missed. I do know that the cost of a PC and its operation are insignificant to the rate limiting effect of stamp generation. they also did not seem to account for different degrees of cost of doing business. Proof of work stamps will take out the low-end spammers first allowing us to concentrate efforts on higher end, better financed spammers. Fewer targets, easier to hit. They did not account for automatic inflation of postage rates when stamped Spam appears or the addition of a second tier of stamps (i.e. signatures for familiar entities/mailing lists. the problem with impact on low-end machines is important if you always generate stamps. However, for extreme low-end machines (PalmPilot and cellphones) you can always defer the computational load to a for fee service such as the ISP handling your e-mail for the device. With the rest of the low-end machines, stamped generation just takes longer, and background and once you have white listed the entity, you never need to send them a stamp again. on eco damage caused by stamp generation, again, the transition between stamps and white lists based on stamp activity illuminate that problem. It's only commercial entities who want to send you advertising unsolicited that would incur such damage. On the other hand, kill a couple of SUVs and you can generate many more stamps without worry. ;-) on zombies: I think it might be useful if the anti-spam folks spent some time developing zombie hunters and worked with various service providers to identify and shut off those machines. Additionally, ISPs should send Microsoft an invoice for every machine found and repaired. Get enough people together, you could have a substantial lawsuit. After all, the real culprit in the zombie problem is not the owner of the PC. Yes they were stupid, yes they ran something they shouldn't have, but the system should not have failed quite so easily! so am I discouraged? A little bit. I'm going to continue but it's one more naysayer I'm going to have to build arguments against. -=-=- end forwarded text -=-=- --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Tue May 18 12:38:44 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 18 May 2004 15:38:44 -0400 Subject: EU seeks quantum cryptography response to Echelon Message-ID: Boondoggle. A solution in search of a problem: "Monyk believes there will be a global market of several million users once a workable solution has been developed. A political decision will have to be taken as to who those users will be in order to prevent terrorists and criminals from taking advantage of the completely secure communication network, he said." Silliness itself, at this point. Practical quantum cryptography at this point is limited to transmission. The moment it goes O/E, it's as vulnerable as any other data. And terrorists aren't going to bother splicing fiber. Of course, primitive quantum storage (with error correcting codes!) is possible and done in laboratories, but we're talking tens of bits here. It'll be a decade before quantum storage is practical, and that's only IF someone can find a convincing reason to start developing it. -TD >From: "R. A. Hettinga" >To: cryptography at metzdowd.com, cypherpunks at al-qaeda.net >Subject: EU seeks quantum cryptography response to Echelon >Date: Mon, 17 May 2004 14:32:34 -0400 > > > >Network World Fusion > > >EU seeks quantum cryptography response to Echelon > >By Philip Willan >IDG News Service, 05/17/04 > >The European Union is to invest $11 million ($13 million) over the next >four years to develop a secure communication system based on quantum >cryptography, using physical laws governing the universe on the smallest >scale to create and distribute unbreakable encryption keys, project >coordinators said Monday. > > If successful, the project would produce the cryptographer's holy grail >-- >absolutely unbreakable code -- and thwart the eavesdropping efforts of >espionage systems such as Echelon, which intercepts electronic messages on >behalf of the intelligence services of the U.S., the U.K., Canada, New >Zealand and Australia. > > "The aim is to produce a communication system that cannot be intercepted >by anyone, and that includes Echelon," said Sergio Cova, a professor from >the electronics department of Milan Polytechnic and one of the project's >coordinators. "We are talking about a system that requires significant >technological innovations. We have to prove that it is workable, which is >not the case at the moment." Major improvements in geographic range and >speed of data transmission will be required before the system becomes a >commercial reality, Cova said. > > "The report of the European Parliament on Echelon recommends using >quantum >cryptography as a solution to electronic eavesdropping. This is an effort >to cope with Echelon," said Christian Monyk, the director of quantum >technologies at the Austrian company ARC Seibersdorf Research and overall >coordinator of the project. Economic espionage has caused serious harm to >European companies in the past, Monyk said. "With this project we will be >making an essential contribution to the economic independence of Europe." > > Quantum cryptography takes advantage of the physical properties of light >particles, known as photons, to create and transmit binary messages. The >angle of vibration of a photon as it travels through space -- its >polarization -- can be used to represent a zero or a one under a system >first devised by scientists Charles Bennett and Gilles Brassard in 1984. It >has the advantage that any attempt to intercept the photons is liable to >interfere with their polarization and can therefore be detected by those >operating the system, the project coordinators said. An intercepted key >would therefore be discarded and a new one created for use in its place. > > The new system, known as SECOQC (Secure Communication based on Quantum >Cryptography), is intended for use by the secure generation and exchange of >encryption keys, rather than for the actual exchange of data, Monyk said. > > "The encrypted data would then be transmitted by normal methods," he >said. >Messages encrypted using quantum mechanics can currently be transmitted >over optical fibers for tens of kilometers. The European project intends to >extend that range by combining quantum physics with other technologies, >Monyk said. "The important thing about this project is that it is not based >solely on quantum cryptography but on a combination with all the other >components that are necessary to achieve an economic application," he said. >"We are taking a really broad approach to quantum cryptography, which other >countries haven't done." > > Experts in quantum physics, cryptography, software and network >development >from universities, research institutes and private companies in Austria, >Belgium, Britain, Canada, the Czech Republic, Denmark, France, Germany, >Italy, Russia, Sweden and Switzerland will be contributing to the project, >Monyk said. > > In 18 months project participants will assess progress on a number of >alternative solutions and decide which technologies are the most promising >and merit further development, project coordinators said. SECOQC aims to >have a workable technology ready in four years, but will probably require >three to four years of work beyond that before commercial use, Monyk said. > > Cova was more cautious: "This is the equivalent of the first flight of >the >Wright brothers, so it is too early to be talking already about supersonic >transatlantic travel." > > The technological challenges facing the project include the creation of >sensors capable of recording the arrival of photons at high speed and >photon generators that produce a single photon at a time, Cova said. "If >two or three photons are released simultaneously they become vulnerable to >interception," he said. > > Monyk believes there will be a global market of several million users >once >a workable solution has been developed. A political decision will have to >be taken as to who those users will be in order to prevent terrorists and >criminals from taking advantage of the completely secure communication >network, he said. > > "In my view it should not be limited to senior government officials and >the military, but made available to all users who need really secure >communications," Monyk said. Banks, insurance companies and law firms could >be potential clients, Monyk said, and a decision will have to be made as to >whether and how a key could be made available to law enforcement >authorities under exceptional circumstances. "It won't be up to us to >decide who uses our results," said Milan Polytechnic's Cova. > > > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' > _________________________________________________________________ MSN Toolbar provides one-click access to Hotmail from any Web page  FREE download! http://toolbar.msn.click-url.com/go/onm00200413ave/direct/01/ From rah at shipwright.com Tue May 18 12:49:05 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 18 May 2004 15:49:05 -0400 Subject: IRS May Help DOD Find Reservists Message-ID: Military Insider Newsletter IRS May Help DOD Find Reservists Fort Worth Star-Telegram May 18, 2004 FORT WORTH, Texas - The Defense Department, strapped for troops for missions in Iraq and Afghanistan, has proposed to Congress that it tap the Internal Revenue Service to locate out-of-touch reservists. The unusual measure, which the Pentagon said has been examined by lawyers, would allow the IRS to pass on addresses for tens of thousands of former military members who still face recall into the active duty. The proposal has largely escaped attention amid all the other crises of government, and it is likely to face opposition from privacy rights activists who see information held by the IRS as inviolate. For it to become practice, Congress and President Bush would have to approve the proposal, which would involve amending the tax code. Ari Schwartz, an associate director of the Center for Democracy and Technology in Washington, said granting access to any IRS data would open the door to more requests from other arms of the government. Just a few years ago, Congress strengthened the privacy provisions of the tax code, he said. "There are other ways to solve the problem they have, without putting the tax information at risk," Schwartz said. "We would hope that those members who worked only four or five years ago on strengthening tax-privacy laws would stand up and say this is a bad idea." Lt. Col. Bob Stone, a spokesman for the assistant defense secretary for reserve affairs, said the proposal was developed several years ago and is unconnected to the Army's current shortage of troops. Part or all of nine of the Army's 10 active-duty divisions are deployed to Iraq or Afghanistan, and 167,000 members of the reserves or National Guard are on active duty, with thousands more on alert for mobilization. Unknown to most Americans, though, is the existence of the Individual Ready Reserve, which has more than 280,000 members. The IRR is a distinctly different animal than the drilling reserves or National Guard. Those in the IRR are people who have completed their active-duty tours but are subject to involuntary recall for a certain number of years. For example, a soldier who serves four years on active duty remains in the IRR for another four years. During that time, however, they receive no pay, do not drill with a unit and are otherwise completely civilian. The problem for the Pentagon is that the whereabouts of 50,200 of those veterans are unknown to the Army, Navy, Marine Corps and Air Force. The largest number - 40,700 - are former Army GIs. Because Texas sends more people into the service than almost any other state, it's a good bet many are in the Lone Star State. "While the military today is comprised of an all-volunteer force, every individual who volunteers for service in the armed forces voluntarily accepts an eight-year military service obligation," Stone said. The troops are required to keep the services' updated on their residences, but many do not. Thirty-four percent of former Army soldiers cannot be tracked. The unknowns in the other services are in the single digit percentages. "One of the difficulties that the military services confront is keeping addresses current," Stone said. The Defense Department has called on members of the IRR before. About 7,000 people have been recalled since 9-11, Stone said. Approximately 30,000 were recalled for service during the buildup for the Persian Gulf War in 1990 and 1991, he said. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From bill.stewart at pobox.com Tue May 18 16:11:41 2004 From: bill.stewart at pobox.com (Bill Stewart) Date: Tue, 18 May 2004 16:11:41 -0700 Subject: IRS May Help DOD Find Reservists In-Reply-To: References: Message-ID: <6.0.3.0.0.20040518155726.0422e838@pop.idiom.com> At 12:49 PM 5/18/2004, R. A. Hettinga wrote: > >Military Insider Newsletter > > IRS May Help DOD Find Reservists > Fort Worth Star-Telegram > May 18, 2004 > > FORT WORTH, Texas - The Defense Department, strapped for troops for >missions in Iraq and Afghanistan, has proposed to Congress that it tap the >Internal Revenue Service to locate out-of-touch reservists. > > The unusual measure, which the Pentagon said has been examined by lawyers, >would allow the IRS to pass on addresses for tens of thousands of former >military members who still face recall into the active duty. Wow! It was "EXAMINED BY LAWYERS!" That's almost as reassuring as saying it was "Generated by a Computer"! (OK, these days it really _is_ better when the Pentagon says something was examined by their JAG corps rather than decided by the political appointees running the Pentagon...) They don't even say if it's DoD lawyers or IRS lawyers or other lawyers. There's a wide range in the types of methods they could use to find this information, some of which are the camel's nose in the tent and others of which are half the camel, but all of which are pretty much bad. I suppose the DoD could hand the IRS a list of names+SSNs and ask them to deliver the mail without any feedback to the DoD, but if the project has only been approved by "lawyers" and not by anybody with a clue about information technology or privacy protection, it's a bad bad idea. I get occasional junk snailmail as a veteran, trying to sell me something or other that veterans are apparently suckers for. I'm *not* a veteran (I was 1H in the last draft lottery), and I'm assuming that they're sending me the information because I'm male and the right age group, rather than because some database actually _does_ think I'm a veteran, but I'd really rather not have the IRS telling the Army where I live just in case they might think that. It's bad enough if they're acting on real information, but there are all kinds of other problems that can happen with bad info, such as them looking for a previous resident of this address, or getting mixed up with nearby addresses (my neighbor was Navy.) I'm also not thrilled with the DMV telling my local police the address of my neighbor's legality-challenged son, and getting it wrong, which led to the police pounding on my door at 6am with a warrant. From blueeskimo at phreaker.net Tue May 18 19:12:12 2004 From: blueeskimo at phreaker.net (Adam) Date: Tue, 18 May 2004 22:12:12 -0400 Subject: al-qaeda.net node downtime In-Reply-To: <20040518091806.GA1934@jfet.org> References: <20040518091806.GA1934@jfet.org> Message-ID: <20040518221212.15917fa9.blueeskimo@phreaker.net> On Tue, 18 May 2004 05:18:06 -0400 "Riad S. Wahby" wrote: > I'm moving from Massachusetts to Texas, and unfortunately that means > that my machine's connectivity will be in a state of flux for a while. > Unless someone has a machine with a (fast, static) connection on which > they want to let me host the node temporarily, al-qaeda.net will be > down > for some (unspecified, but hopefully not too long) time while I move. > > If you do have a place to put the node (I believe measl at mfn.org once > offered such a machine, but perhaps things have changed), let me know > within the next day or two and I'll move everything over before I > leave. > > -- > Riad Wahby > rsw at jfet.org > MIT VI-2 M.Eng How ironic, I moved from Texas to Massachusetts .. You must be insane to go to TX -- Adam "satyam, shivam, sundaram" From declan at well.com Tue May 18 19:31:27 2004 From: declan at well.com (Declan McCullagh) Date: Tue, 18 May 2004 22:31:27 -0400 Subject: [Politech] Here's someone who actually likes political spam [sp] Message-ID: [One quibble: I got a russospam sent to an address that I've never used. So it's not always sent to a "real address." --Declan] -------- Original Message -------- Subject: Re: [Politech] Weekly column: Political spam, the new national pastime? [sp] Date: Tue, 18 May 2004 20:17:00 -0400 (EDT) From: Dean Anderson To: Declan McCullagh I'd rather have the email than the postal mail. 1) I can more easily quote it in email. If you are for the candiate or against, this is a good thing. 2) I can save it and search it. Nothing helps keep a politican honest than their old promises. 3) It is more cheaply stored. 4) Of course, there's always Sanford Wallace's old 'save trees' benefit. I don't really know what the problem is with political email. This isn't truly unsolicited in the sense of broadcast to bogus addresses, which is a bane to ISPs. Rather, it is broadcast to a list of real addresses. I think the anti-spam radicals must be succeeding in getting people conditioned against getting email. This is a good segue into noting that in January, 56% of the bulk emailers fully complied with CAN-SPAM, and 90something percent partially complied. I haven't seen more recent statistics, but there have also been some suits against real commerical operators who haven't complied with CAN-SPAM. So why is almost none of the spam compliant in my email box? Could it be that someone is just sending abuse in the hopes that it will annoy people? (I think the answer is yes) But, I read a book recently on "Crypto-virology", which presented the premise that by sending a lot of email from one infected host to another and encrypting or encoding it at each hop, it was possible to create an anonymous communication system that the author called a "mix-net". It went on to describe the utility of mix-nets in extortion and information theft via virus infection. Whether this non-commercial junk mail represents a mix-net or not I think is a testable hypotheses. One just needs to go back through the viruses that have been released or captured sending junk mail, and see if they resend messages after some encyption steps. If they do, then a mix-net is possible. If they don't, then this is just so much hypothesizing. But assuming that this 'mix-net' theory is true, then it certainly means that we need to have much more attention from law enforcement on viruses and virus operators. Not only will this halt extortion and information theft, but it will halt the deluge of junk email that isn't a real commercial offer. My expectation has been that these non-commerical messages coming from viruses are just anti-spammers trying to annoy people into banning spam. Many of these messages appear at first glance to be commercial, and appear unlikely to be coded. But some messages contain random words and character strings. It had been supposed that this is to confuse Bayesian anti-spam filters, though I doubt it, because bayesian filters shouldn't be confused--they are trying to distinguish wanted from unwanted, not spam from non-spam. But there is some increasing portion of spam that could be suspected as containing coded messages in the random words and characters. But this is somewhat academic, though interesting. In either case, it is imperative to have more law enforcement attention on viruses and virus operators. There really isn't any question of that. And that is the road to spam solutions. Just ignore what the anti-spammers tell you. Dean Anderson CEO Av8 Internet, Inc On Tue, 18 May 2004, Declan McCullagh wrote: > > > http://news.com.com/2010-1028-5213287.html?tag=nefd.acpro > > Political spam as national pastime > May 17, 2004, 4:00 AM PT > By Declan McCullagh > > Aaron Russo wants your vote so badly, he's willing to spam you for it. > > Last week, Russo, a Hollywood producer who is running for president as a > Libertarian Party candidate, fired off thousands of unsolicited e-mail > messages announcing his campaign and asking recipients to "help support > Russo financially" with "automatic monthly contributions." > > Russo, whose films include "The Rose" and "Trading Places," is not > alone. Political spam has become a thoroughly nonpartisan communications > technique, with Democrats, Republicans and third parties alike turning > to bulk e-mail in numbers that are still small but steadily increasing. > Two percent of all spam is political, according to statistics compiled > by antispam vendor Brightmail. > > Since Jan. 1, a federal law has regulated spam. But if you look at the > law's fine print, you'll find a telling exemption: Our elected > representatives made sure the restrictions don't apply to them. As a > result, the Can-Spam Act covers only e-mail promoting "a commercial > product or service," which lets political spammers off the hook. > > [...remainder snipped...] > _______________________________________________ _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue May 18 20:00:31 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 18 May 2004 23:00:31 -0400 Subject: 'Taxi! Fly Me To Cleveland' Message-ID: Geodesic Air Travel is here. I flew out of Albuquerque last week with one of the guys from Eclipse Aviation. Okay. We were on the same plane. I was in steerage. He wasn't. :-). Cheers, RAH ------- The Wall Street Journal May 19, 2004 THE MIDDLE SEAT By SCOTT MCCARTNEY 'Taxi! Fly Me To Cleveland' New Four-Passenger Jets Spur Plans for Cab-Like Air Service; Memories of People Express May 19, 2004 Perhaps as soon as next year, travelers will have a new alternative to flying commercial airlines or buying their own jet. Using a new generation of small jets that are currently in flight testing, several entrepreneurs are trying to launch "air taxi" services. The goal is to let corporate travelers bypass crowded airports and fly into smaller, local airports, at half of the current cost of chartering a jet. The most advanced air-taxi effort is coming from the man who brought the bus to air travel. Donald C. Burr -- founder of People Express Airlines back in the 1980s -- plans to launch iFly Air Taxi Inc. service next year. He has teamed up with son, Cameron, as well as his onetime nemesis, Robert L. Crandall. The former chief executive of AMR Corp. and its American Airlines, Mr. Crandall once helped run Mr. Burr's People Express out of business. Venture capitalists and aircraft manufacturers say other groups are also developing plans for air-taxi service, but none has come forward publicly yet or has had to make a Securities and Exchange Commission filing as iFly did March 29. Air taxis are also envisioned as a growing part of the nation's air-transport system in a futuristic blueprint being developed by a government task force that will report to the White House later this year. One reason for optimism that now is the right time for air taxis: The arrival of a new generation of four-passenger "micro jets" that can operate more cheaply than conventional jets. These aircraft typically are much lighter than conventional private jets, and are powered by a new generation of small, fuel-efficient engines. None of the planes are in service yet. Manufacturers are accepting advance orders, which so far are being placed by a mixture of private individuals and hopeful air-taxi operators. The new planes have the potential to revolutionize transportation. Currently, chartering private jets is extremely expensive, costing $7,000 or more for a 500-mile hop, round-trip. Fractional ownership (where you buy a "share" of an aircraft that entitles you to use it periodically) is no bargain either. Corporate-owned jets, while sometimes economical for shuttling groups of executives, are often viewed as overly expensive perks. Air-taxi service would be different, in theory at least. Mr. Burr says he can provide rides for $3 to $4 a mile, on average -- which works out to be a bit more expensive than most first-class tickets. A trip to Cleveland from Teterboro, N.J., for example, might cost $1,000 to $1,400 on average. By comparison, an unrestricted first class ticket on Continental Airlines from Newark, N.J., to Cleveland costs $1,338. iFly is expected to announce an order for Adam Aircraft jets soon. The Adam A700, which at $2 million is half of the price of the cheapest Cessna Citation jet right now, began flight tests in July 2003. The Adam jet is one of a half-dozen new aircraft like this in development. Honda Motor Co. has been conducting test flights of its HondaJet in North Carolina; Toyota Motor Corp. is also working on a jet. Eclipse Aviation Corp., run by a former software executive with considerable financial backing, says it has orders for more than 2,000 jets. Other heavy hitters are working on the most important aspect, the engines. General Electric Co. is working on the Honda jet; Pratt & Whitney, a unit of United Technologies Corp., is testing a new engine that will power the Eclipse jet; and Williams International is shrinking an engine currently used on Citation jets for the micro-jet class. It powers the Adam Aircraft jet. Corporate aviation has a solid safety record, with an accident rate per flight-hour about on par with commuter airlines, according to National Transportation Safety Board figures. Air-taxi operations also claim to offer convenience, since travelers would arrive and depart at small airports, park just a short walk from the plane, and could choose their own departure times. And taking a taxi would avoid security lines and reduce the chances of lost luggage. "It's a highly simplified charter operation," Mr. Crandall says. "We hope to run it like a limousine service." Much like airline tickets, iFly will be priced so that peak periods are more expensive than off-peak times. In addition the third and fourth seats on a "taxi" flight will be a lot cheaper than the first or second seats sold. This time, he says he intends to grow slowly. The lack of technology and aggressive growth ultimately cratered People Express, which was bought out by Continental in 1987. iFly, which has raised $6.3 million, plans to start service with two to three planes based in the New York area. It eventually hopes divide the country into as many as 13 regions, and have about 75 to 100 planes serving each region. Success may well depend on how well the company's computer systems can manage the planes, maximizing taxi fares each day while minimizing costs. The Burrs have spent three years trying to pull together a plan. Raising money was tough until big companies like GE, Pratt & Whitney, Honda and Toyota started investing in micro-jets. The National Aeronautics and Space Administration has also helped advance the air-taxi concept through a project called Small Aircraft Transportation System that has pushed research on ways to relieve airport and highway congestion, and at the same time change travel patterns and boost small communities. "We have an abundance of airspace, we just don't know how to use it well," said Bruce Holmes, associate director in the airspace programs office at NASA Langley Research Center. Dr. Holmes is also part of a congressionally mandated task force drafting a blueprint for the "Next Generation Transportation System," which has been modeling different scenarios for what transportation will be like in 2025 and beyond. The task force's report is due at the White House in December, and it will endorse air-cab or air-limo services. There are a flock of unanswered questions about air-taxi service, including the issue of whether more planes in the sky will add to congestion, or will, in fact, relieve congestion. What seems clear is that transportation in the future will take many forms, and that our choices in the future may well be better than the ones we have today. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Tue May 18 20:07:16 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Tue, 18 May 2004 23:07:16 -0400 Subject: [Politech] Here's someone who actually likes political spam [sp] Message-ID: --- begin forwarded text From adam at cypherspace.org Tue May 18 15:49:11 2004 From: adam at cypherspace.org (Adam Back) Date: Tue, 18 May 2004 23:49:11 +0100 Subject: 3. Proof-of-work analysis In-Reply-To: References: Message-ID: <40AA92E7.4090907@cypherspace.org> Here's a forward of parts of an email I sent to Richard with comments on his and Ben's paper (sent me a pre-print off-list a couple of weeks ago): One obvious comment is that the calculations do not take account of the CAMRAM approach of charging for introductions only. You mention this in the final para of conclusions as another possible. My presumption tho don't have hard stats to measure the effect is that much of email is to-and-fro between existing correspondents. So if I were only to incur the cost of creating a stamp at time of sending to a new recipient, I could bear a higher cost without running into limits. However the types of levels of cost envisaged are aesthetically unpleasing; I'd say 15 seconds is not very noticeable 15 mins is noticeable and 1.5 hrs is definately noticeable. Of course your other point that we don't know how spammers will adapt is valid. My presumption is that spam would continue apace, the best you could hope for would be that it is more targetted, that there are financial incentives in place to make it worth while buying demographics data. (After all when you consider the cost of sending junk paper mail is way higher, printing plus postage, and yet we still receive plenty of that). Also as you observe if the cost of spamming goes up, perhaps they'll just charge more. We don't know how elastic the demand curve is. Profitability, success rates etc are one part of it. There is an interplay also: if quantity goes down, perhaps the success rate on the remaining goes up. Another theory is that a sizeable chunk of spam is just a ponzi scheme: the person paying does not make money, but a lot of dummy's keep paying for it anyway. Another potential problem with proof-of-work on introductions only, is that if the introduction is fully automated without recipient opt-in, spammers could also benefit from this amortized cost. So I would say something like the sender sent a proof-of-work, and the recipient took some positive action, like replying, filing otherwise than junk or such should be the minimum to get white-listed. On the ebiz web site problem, I think these guys present a problem for the whole approach. An ebiz site will want to send lots of mail to apparent new recipients (no introductions only saving), a popular ebiz site may need to send lots of mail. Well it is ebiz so perhaps they just pass the cost on to the consumer and buy some more servers. Another possibility is the user has to opt-in by pre-white-listing them, however the integration to achieve this is currently missing and would seem a difficult piece of automation to retrofit. One of the distinguishing characteristics of a spammer is the imbalance between mail sent and mail received. Unfortunately I do not see a convenient way to penalize people who fall into this category. Also because of network effect concerns my current hashcash deployment is to use it as a way to reduce false positives, rather than directly requiring hashcash. Well over time this could come to the same thing, but it gives it a gentle start, so we'll see how long it is before the 1st genuine spam with hashcash attached. CAMRAM's approach is distinct and is literally going straight for the objective of bouncing mail without some kind of proof (hashcash or reverse-turing, or short term ability to reply to email challenge-response). Adam Richard Clayton wrote: > [...] Ben Laurie) and I have recently > been doing some sums on proof-of-work / client puzzles / hashcash > methods of imposing economic constraints upon the sending of spam... > > Ben wanted to know how big a proof was needed for a practical scheme > he was considering -- and I told him it wasn't going to work. We then > carefully worked through all the calculations, using the best data > that we could obtain -- and we did indeed come to the conclusion that > proof-of-work is not a viable proposal :( > Paper: > > http://www.cl.cam.ac.uk/~rnc1/proofwork.pdf From zenadsl6186 at zen.co.uk Tue May 18 16:22:14 2004 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Wed, 19 May 2004 00:22:14 +0100 Subject: Diffie-Hellman question In-Reply-To: <0405170225070.-1252017356@somehost.domainz.com> Message-ID: Thomas Shaddack wrote: > > I have a standard implementation of OpenSSL, with Diffie-Hellman prime in > the SSL certificate. The DH cipher suite is enabled. > > Is it safe to keep one prime there forever, or should I rather > periodically regenerate it? Why? If yes, what's some sane period to do so: > day, week, month? No need. Kinda. The best known discreet logarithm attacks are such that if they succeed in the attack then they can easily apply their solution to anything encrypted with the same prime. A shared prime attracts attacks. Widely used primes can become a big target. These attacks are generally supposed to be beyond capability for the next X zillion years though. Or perhaps for ten years. This might seem garubonsendese in the naive ""it's safe' or 'it's not safe"" crypto paradigm. However, that isn't how crypto works. Cryptanalysis (the revealing of plaintext against the wishes of the encryptor) is an economic activity. No-one will bother putting in enough resources to break your 2k-bit modexp-based crypto unless they think it worthwhile. But if your prime is shared with several other people who are sending nuclear secrets, then your prime might become subject to attack. > If the adversary has a log of a passively intercepted DHE-RSA-AES256-SHA > secured SSL communication, presuming the ephemeral key was correctly > generated and disposed of after the transaction, will the eventual > physical retrieval of the DH prime (and the rest of the certificate) allow > him to decode the captured log? The prime is public - anyone can know it - so it's retrieval won't affect anything. The question I think you are asking is "if the secret key is retrieved, will I lose forward security", to which the answer is "yes". For long-term forward secrecy you need to change the public key every every day or so. Use a long-term key to sign the daily keys. PGP does this. Once you have deleted the day's public key, you are OK (but see belaw!). The ephemeral keys cannot (or should not) be retrive(able)d. (below!) Or perhaps the question you were asking was "if finding DL's mod _this prime_ becomes possible, will I lose forward security?", in which case the answer is "yer fukked" - as are we all - if one prime gets broken, they all will, sooner or later. -- Peter Fairbrother (Who is right now composing a talk about the uses of modexp in crypto, for those far more knowledgeable than I) From isn at c4i.org Wed May 19 05:20:30 2004 From: isn at c4i.org (InfoSec News) Date: Wed, 19 May 2004 07:20:30 -0500 (CDT) Subject: [ISN] Safe and insecure Message-ID: http://www.salon.com/tech/feature/2004/05/18/safe_and_insecure/index.html By Micah Joel May 18, 2004 Last week, I turned off all the security features of my wireless router. I removed WEP encryption, disabled MAC address filtering and made sure the SSID was being broadcast loud and clear. Now, anyone with a wireless card and a sniffer who happens by can use my connection to access the Internet. And with DHCP logging turned off, there's really no way to know who's using it. What's wrong with me? Haven't I heard about how malicious wardrivers can use my connection from across the street to stage their hacking operations? How my neighbors can steal my bandwidth so they don't have to pay for their own? How I'm exposing my home network to attacks from the inside? Yup. So why am I doing this? In a word, privacy. By making my Internet connection available to any and all who happen upon it, I have no way to be certain what kinds of songs, movies and pictures will be downloaded by other people using my IP address. And more important, my ISP has no way to be certain if it's me. In mid-April, Comcast sent letters to some of its subscribers claiming that their IP addresses had been used to download copyrighted movies. Since Comcast is not likely to improve customer satisfaction and retention with this strategy, it's probable the letter was a result of pressure from the Motion Picture Association of America or one of its members. And to Comcast's credit, it stopped short of direct accusation; instead it gives users an out. Says the letter, "If you believe in good faith that the allegedly infringing works have been removed or blocked by mistake or misidentification, then you may send a counter notification to Comcast." That's good enough for me. I've already composed my reply in case I receive one of these letters someday. "Dear Comcast, I am so sorry. I had no idea that copyrighted works were being downloaded via my IP address; I have a wireless router at home and it's possible that someone may have been using my connection at the time. I will do my best to secure this notoriously vulnerable technology, but I can make no guarantee that hackers will not exploit my network in the future." If it ever comes down to a lawsuit, who can be certain that I was the offender? And can the victim of hacking be held responsible for the hacker's crimes? If that were the case, we'd all be liable for the Blaster worm's denial of service attacks against Microsoft last year. Don't get me wrong. I'm not deliberately opening my network to hackers and miscreants bent on downloading copyrighted material. I'm simply choosing not to secure it. That's no different from the millions of people who haven't installed anti-virus software and the millions more who don't keep theirs up to date. Yes, their vulnerabilities allow viruses to spread more quickly, but that's their choice, right? What about the security of my home network? A determined hacker may be able to crack my passwords or exploit weaknesses in the operating system that I never even thought of, but how is that different from before? There's no system that's completely secure, so whether hackers are inside or outside my firewall will make little difference. I'm willing to trade a little security for privacy. It feels strange to be opening up my network after years of vigorously protecting it, and it's not without a tinge of anxiety that I do so. But there's also a sense of liberation, of sticking it to the Man, that's undeniable, as well as an odd sense of community. It seems there's safety in numbers after all, even among strangers. - - - - - - - - - - - - About the writer Micah Joel is a systems engineer for a software company, an award-winning tech presenter and an early adopter of home wireless. _________________________________________ ISN mailing list Sponsored by: OSVDB.org --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mv at cdc.gov Wed May 19 10:08:16 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 19 May 2004 10:08:16 -0700 Subject: al-qaeda.net node downtime Message-ID: <40AB9480.9EF2FE0F@cdc.gov> At 05:18 AM 5/18/04 -0400, Riad S. Wahby wrote: >I'm moving from Massachusetts to Texas, and unfortunately that means Congrats on being able to exercise your 2nd amendment rights a little bit more.. From mv at cdc.gov Wed May 19 10:27:12 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 19 May 2004 10:27:12 -0700 Subject: Modexp Message-ID: <40AB98F0.24B5D345@cdc.gov> At 12:22 AM 5/19/04 +0100, Peter Fairbrother wrote: > >Peter Fairbrother >(Who is right now composing a talk about the uses of modexp in crypto, for >those far more knowledgeable than I) Modexp is Prometheus send from Olympia to let us speak between ourselves. Modexp has many implementation subtleties. Modexp performs what, in a block cipher, would be called mixing, by using multiplication. (e.g., The IDEA block cipher uses multiplication for this.) Modexp is stirring dye into water by turning the cranks of an eggbeater a certain number of times, and then getting the dye back to its original position by reversing the motion a different, but related, number of times. DH is ephemeral, where "identity" is merely a communication endpoint constant for the session. RSA lets you release (not necessarily publish in the phone book sense) *persistant* authenticators for persistant "identities". So you can assure that an endpoint is the "same" across sessions across time. Modexp is the core of it all. "All is number" -Pythagoras From mv at cdc.gov Wed May 19 10:37:12 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 19 May 2004 10:37:12 -0700 Subject: IRS May Help DOD Find Reservists Message-ID: <40AB9B48.AFB3D278@cdc.gov> At 04:11 PM 5/18/04 -0700, Bill Stewart wrote: >At 12:49 PM 5/18/2004, R. A. Hettinga wrote: >> >> FORT WORTH, Texas - The Defense Department, strapped for troops for >>missions in Iraq and Afghanistan, has proposed to Congress that it tap the >>Internal Revenue Service to locate out-of-touch reservists. >> > >Wow! It was "EXAMINED BY LAWYERS!" That's almost as reassuring as >saying it was "Generated by a Computer"! :-) >There's a wide range in the types of methods they could use >to find this information, some of which are the camel's nose in the tent >and others of which are half the camel, but all of which are pretty much bad. On the positive side, the inconvenience to the now pudgy, middle-class vets will increase resistance to the colonialism. >I'm *not* a veteran (I was 1H in the last draft lottery), Perhaps you were in those BZ experiments and have forgotten.. >address of my neighbor's legality-challenged son, and getting it wrong, >which led to the police pounding on my door at 6am with a warrant. Good thing that claymore was being rewired, eh? :-) From mv at cdc.gov Wed May 19 10:39:42 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 19 May 2004 10:39:42 -0700 Subject: ID Pass? But I Am Mayor.. Message-ID: <40AB9BDE.7F0BDA40@cdc.gov> At 11:47 AM 5/19/04 -0400, R. A. Hettinga wrote: >Bournemouth-born Mrs Rey, 47, said: "I'd have thought going in my robes, >wearing my chains and going with the mace-bearer would be enough." I don't think that wearing your S & M gear reduces your security risk... From rah at shipwright.com Wed May 19 08:47:38 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 19 May 2004 11:47:38 -0400 Subject: ID Pass? But I Am Mayor.. Message-ID: ID PASS? BUT I AM MAYOR.. By Geoffrey Lakeman SELF-important mayor Anne Rey refused to open a police conference in her town - because she had to wear a security pass. Home Secretary David Blunkett will wear official ID at the meeting in Bournemouth, Dorset. But councillor Rey was "insulted" when asked for a passport photo for her pass, and said wearing her robes should be enough. Clive Chamberlain of the Dorset Police Federation, which is hosting the Police Federation Conference at Bournemouth International Centre, said: "She's being very silly. "The Home Secretary will be wearing a pass and when the Prime Minister comes to conferences he wears a pass too. "I don't know who she thinks she is. Her stance will embarrass the people of Bournemouth." Bournemouth-born Mrs Rey, 47, said: "I'd have thought going in my robes, wearing my chains and going with the mace-bearer would be enough." Deputy mayor David Baldwin, who will wear ID, will open the event. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "Several times a week, to enter a TV studio say, or to board a plane, I have to produce a tiny picture of my face." -- Christopher Hitchens From rah at shipwright.com Wed May 19 08:49:26 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 19 May 2004 11:49:26 -0400 Subject: VIA Reveals Details of Next Generation C5J Esther Processor Core With Advanced Features For Securing E-Commerce Transactions Message-ID: LinuxElectrons - VIA Reveals Details of Next Generation C5J Esther Processor Core With Advanced Features For Securing E-Commerce Transactions Wednesday, May 19 2004 @ 09:05 AM Contributed by: ByteEnable San Jose, CA -- VIA Technologies, Inc, a leading innovator and developer of silicon chip technologies and PC platform solutions, has revealed details of the ultra power efficient VIA C5J "Esther" processor core manufactured with IBM's advanced 90nm SOI process and optimized for information security and e-commerce transactions. With its ultra low power consumption, the VIA C5J Esther core targets smart digital devices that extend the reach of x86 architecture further into the consumer electronics, embedded and mobile fields than current processor performance and thermal limitations allow. The new core is based on IBM's advanced 90nm SOI manufacturing process, providing a significant boost in processor speed within the same thermal bracket as current VIA processors, and reducing maximum power consumption to a mere 3.5W at 1GHz. Designed to be coupled with a range of feature rich chipsets from VIA, the C5J Esther core will enable unprecedented performance of demanding applications, such as high compression video streaming and data encryption/decryption, from miniature, fanless devices. The new C5J Esther core provides world-class security for e-commerce transactions by accelerating RSA encryption and Secure Hashing (SHA-1 and SHA-256), together with support for execution (NX) protection for countering email worms/viruses. Other performance enhancing features include a new faster Front Side Bus (FSB) of up to 800MHz, SSE2/SSE3 multimedia instructions, and a larger L2 cache. "Our approach to processor design allows small, fanless devices to carry out the most demanding security operations while simultaneously processing today's increasingly sophisticated digital entertainment applications," said Glenn Henry, President, Centaur Technology. "The new architecture of the C5J Esther core will allow us to ramp up processor speeds to 2GHz and above within the same thermal design points as previous cores, opening up new markets for our processors and extending the reach of the x86 architecture into new device categories." More of the World's Most Advanced On-Die x86 Processor Security Features The C5J Esther core extends the VIA PadLock Hardware Security Suite to include execution (NX) protection, Montgomery Multiplier support for RSA encryption and secure Hash (SHA-1 and SHA-256) algorithms in addition to the VIA PadLock RNG and VIA PadLock ACE that are featured in the current VIA C5P Nehemiah processor core. These hardware-based building blocks effortlessly carry out operations within security programs and help to improve overall system performance. "It's great to see a CPU vendor provide hardware support for the most important needs of crypto," said Phil Zimmermann, creator of PGP 1.0. "It's always been hard to find a good entropy source for random number generation on an unmanned server, a fast AES implementation for on-the-fly disk encryption, and hardware support for fast public key operations for a server to handle a high traffic workload from remote users. I wish all CPU vendors would do this." Execution (NX) protection prevents malicious code associated with worms or viruses from executing and propagating from memory. The VIA C5J Esther core's NX feature marks memory with an attribute that indicates that code should not be executed from that memory, helping to prevent damage or propagation of malicious code within x86 devices. Execution (NX) protection is an important new hardware-based feature that will be supported in the Microsoft. Windows. XP Service Pack 2. The RSA algorithm is the most widely used public-key cryptography system today and is increasingly important to e-commerce transactions that require exchanging confidential information with websites or checking access privileges. The major challenge facing public-key cryptography is that it requires large amounts of processing power, posing a critical problem for low power consumer electronics and embedded devices that cannot afford to halt in the middle of a video stream or transaction while it does the heavy lifting required by security programs. The VIA C5J Esther core features a dedicated x86 instruction that performs Montgomery Multiplication, an operation used to speed-up RSA cryptography, reducing the workload on the processor and helping to improve overall system performance during e-commerce transactions. Secure Hash Algorithms are used in cryptography to provide digital signatures that enable the recipient to verify the authenticity of the origin of the message. The VIA C5P Esther core provides two Secure Hash functions (SHA-1 and SHA-256) that assist in the creation and verification of digital signatures through algorithms that are embedded in the processor die. "The addition of hardware acceleration for SHA-1 hashing and large-integer operations for public-key cryptography make VIA processors an excellent choice for the implementation of security protocols such as IPsec, SSL/TLS, and SSH, since they eliminate the often heavy CPU overhead normally imposed by the crypto portions of these protocols," said Doctor Peter Gutmann of the University of Auckland and author of "CryptLib". "This removes the need to use the expensive external crypto-processors that are often required to achieve acceptable performance under load." "I am delighted to see that VIA's impressive on-chip AES capability is being further extended to provide execution (NX) protection, SHA hashing and support for public key cryptography using Montgomery Multiplication," said Dr. Brian Gladman, a leading information security specialist from Worcester, United Kingdom. "This will put VIA processors in a leading position for building secure applications offering high throughput and low CPU security overheads." More information, programmers guides and independent third party evaluations of the VIA PadLock Hardware Security Suite are available from the VIA PadLock Hardware Security Suite website. IBM's 90nm SOI Process The VIA C5J Esther core is being produced with IBM's groundbreaking silicon manufacturing technologies that include copper interconnects, silicon-on-insulator (SOI) and low-k dielectric insulation, together with its advanced 90-nanometer (nm) process. These advanced manufacturing technologies are designed to reduce power consumption and allow processor speeds of 2GHz and beyond within the same thermal envelope as current VIA processors. IBM's 90nm manufacturing process provides greater scope for power saving and performance enhancements by decreasing the internal distances traveled by electronic signals within the processor. The low-k dielectric technique, introduced by IBM, is a new method of building microchips that can deliver boosts in computing speed and performance of up to a 30 percent by facilitating the faster movement of electronic signals through the chip. Similarly, IBM's SOI CMOS technology limits transistor leakage, further increasing performance by an estimated 20-35% while reducing power consumption. The C5J Esther processor core is designed by Centaur Technology, a wholly owned subsidiary of VIA Technologies, Inc., and being manufactured by IBM at their state-of-the-art 300mm (12 inch) foundry in East Fishkill, N.Y. VIA at Embedded Processor Forum 2004 VIA is staging various live demonstrations of the VIA PadLock Hardware Security Suite at the Embedded Processor Forum in the Empire Room on Tuesday and Wednesday, 18th and 19th May, including a new AES encryption benchmark tool that compares software-based encryption to hardware-based encryption using the VIA Padlock ACE. Also on display will be the soon to be released VIA EPIA SP12000 Mini-ITX mainboard demonstrating high compression rate MPEG-4 and MPEG-2 digital video playback. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Wed May 19 09:06:38 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 19 May 2004 12:06:38 -0400 Subject: [ISN] Safe and insecure Message-ID: --- begin forwarded text From mv at cdc.gov Wed May 19 12:11:55 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Wed, 19 May 2004 12:11:55 -0700 Subject: [ISN] Safe and insecure Message-ID: <40ABB17B.D309406@cdc.gov> At 12:06 PM 5/19/04 -0400, R. A. Hettinga wrote: >--- begin forwarded text > >http://www.salon.com/tech/feature/2004/05/18/safe_and_insecure/index.html > >By Micah Joel >May 18, 2004 > >Last week, I turned off all the security features of my wireless >router. I removed WEP encryption, disabled MAC address filtering and >So why am I doing this? In a word, privacy. By making my Internet Plausible deniability its called. There's also the 802.11b freenet movements, a serious experiment/implementation of free access. (Some perhaps are facetious but some are real.) You could fly a flag of the warchalking symbol. Or put a decal on your window. As evidence of your freenet intent. Practically, you could buy another AP, set it up "secure", and use that for your own access. Not a bad recycling of old .11b-only APs, setting up free hotspots. Interference should be small, even if your parallel, secured AP system (which probably supports more modern cards/protocols/bands) has to drop down to the same .11b that your freenet uses. Its also a bit of a honeypot and sniffer. Its like putting an extension of your phone on the street, limited to free local calls only, but obviously capable of recording all calls. (A rather interesting art/experiment..) Could lead to trouble before the trial though. Like being an anon email endpoint. YMMV. IANAL. From camera_lumina at hotmail.com Wed May 19 10:37:02 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 19 May 2004 13:37:02 -0400 Subject: EU seeks quantum cryptography response to Echelon Message-ID: Thomas Shaddack wrote... > >There are quite many important activities that don't require storage of >the transported data. > >For example, very very few people record their phone calls. > Storage wasn't my point per se. My point was that quantum cryptography only becomes unsnoopable* when it's in the optical form. With current optical fiber technologies this would limit the useful bandwidth distance product to short distances (ie, 10s of Km for key exchanges). After that, the signal must go O/E and then it's just the same as any normal digital signal. Where Quantum Crypto might have application is in small metro area deployments, like downtown NYC or the DC Beltway, and where people are completely totally balls-to-the-wall paranoid about security (ie, they assume an attacker is willing to tap into their fiber and has all of the test sets needed to pull out a useful packet exchange--that ain't no pimply-face DoS script bunny, and hell it ain't Al Qaeda either). Of course, to extend quantum protection beyond mere transport you'd need all sorts of quantum logic gates and processors (in addition to storage), but don't look for that in our lifetimes. -TD *: With quantum crypto it is of course possible to 'eavesdrop', depending on the coding, but that will cause the eavesdropper to quickly be revealed. _________________________________________________________________ Express yourself with the new version of MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From ptrei at rsasecurity.com Wed May 19 10:59:56 2004 From: ptrei at rsasecurity.com (Trei, Peter) Date: Wed, 19 May 2004 13:59:56 -0400 Subject: EU seeks quantum cryptography response to Echelon Message-ID: Tom Shaddack wrote: > On Tue, 18 May 2004, Tyler Durden wrote: > > > "Monyk believes there will be a global market of several > million users once > > a workable solution has been developed. A political > decision will have to > > be taken as to who those users will be in order to prevent > terrorists and > > criminals from taking advantage of the completely secure > communication > > network, he said." > > Hope the technology hits the streets fast enough after getting on the > market. Monyk apparently doesn't believe that people who > don't have the > money to buy the Official Approval have no right to access to this > technology. Actually, I read this as the sort of puffery we more often see from the snake-oil vendors; "Our proprietary Auto Generated One Time Pad (TM) crypto is soooo strong that the government may ban it - get it while you can!" Peter From rabbi at abditum.com Wed May 19 16:22:12 2004 From: rabbi at abditum.com (Len Sassaman) Date: Wed, 19 May 2004 16:22:12 -0700 (PDT) Subject: Mixmaster Protocol Draft (revision) Message-ID: An updated version of the Mixmaster Protocol Specification has been published: http://www.ietf.org/internet-drafts/draft-sassaman-mixmaster-01.txt I'd like this to be the last revision, so if you have any comments on it (or if you've raised issues in the past that you don't see addressed), please let me know. Comment should be emailed to: mixmaster-devel at lists.sourceforge.net Thanks, Len _______________________________________________ NymIP-res-group mailing list NymIP-res-group at nymip.org http://www.nymip.org/mailman/listinfo/nymip-res-group --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From mbaugher at cisco.com Wed May 19 16:38:32 2004 From: mbaugher at cisco.com (Mark Baugher) Date: Wed, 19 May 2004 16:38:32 -0700 Subject: [Asrg] Re: 3. Proof-of-work analysis In-Reply-To: <16555.55647.93366.968530@world.std.com> References: <40AA92E7.4090907@cypherspace.org> <16555.55647.93366.968530@world.std.com> Message-ID: <6.0.0.22.2.20040519163600.03b1e2a8@mira-sjc5-6.cisco.com> At 03:02 PM 5/19/2004, Barry Shein wrote: >I'm still amazed that anyone takes this proof-of-work/hashcash stuff >seriously. I think it's grounded in some well-accepted DoS defence principles that are found in cookie protocols like Photuris and ISAKMP. Mark >At best it's the "War Games" approach, let's make the server play >tic-tac-toe with itself to avoid nuclear holocaust, or the Bill >Shatner logical paradox that makes the robot's head blow up. > >The Sphinx's riddle also comes to mind, works better for supernatural >beings however. > >I realize the defense of the dumbest ideas is always that any >criticism can be represented as rudeness, ``how rude of you not to see >the brilliance of my ideas!'', so one goes on and on anyhow but I >wonder if there's any way to disabuse this nonsense once and for all, >particularly in the minds of those who think it's a good idea? > >In the words of someone famous whose name I'll leave out of this: This >idea isn't right, why, it isn't even wrong! > > >-- > -Barry Shein > >Software Tool & Die | bzs at TheWorld.com | http://www.TheWorld.com >Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD >The World | Public Access Internet | Since 1989 *oo* > >_______________________________________________ >Asrg mailing list >Asrg at ietf.org >https://www1.ietf.org/mailman/listinfo/asrg From shamrock at cypherpunks.to Wed May 19 15:54:38 2004 From: shamrock at cypherpunks.to (Shamrock) Date: Wed, 19 May 2004 16:54:38 -0600 Subject: New changes Message-ID: [demime 1.01d removed an attachment of type application/octet-stream which had a name of Readme.com] From bzs at world.std.com Wed May 19 15:02:07 2004 From: bzs at world.std.com (Barry Shein) Date: Wed, 19 May 2004 18:02:07 -0400 Subject: [Asrg] Re: 3. Proof-of-work analysis In-Reply-To: <40AA92E7.4090907@cypherspace.org> References: <40AA92E7.4090907@cypherspace.org> Message-ID: <16555.55647.93366.968530@world.std.com> I'm still amazed that anyone takes this proof-of-work/hashcash stuff seriously. At best it's the "War Games" approach, let's make the server play tic-tac-toe with itself to avoid nuclear holocaust, or the Bill Shatner logical paradox that makes the robot's head blow up. The Sphinx's riddle also comes to mind, works better for supernatural beings however. I realize the defense of the dumbest ideas is always that any criticism can be represented as rudeness, ``how rude of you not to see the brilliance of my ideas!'', so one goes on and on anyhow but I wonder if there's any way to disabuse this nonsense once and for all, particularly in the minds of those who think it's a good idea? In the words of someone famous whose name I'll leave out of this: This idea isn't right, why, it isn't even wrong! -- -Barry Shein Software Tool & Die | bzs at TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD The World | Public Access Internet | Since 1989 *oo* From shaddack at ns.arachne.cz Wed May 19 09:35:44 2004 From: shaddack at ns.arachne.cz (Thomas Shaddack) Date: Wed, 19 May 2004 18:35:44 +0200 (CEST) Subject: EU seeks quantum cryptography response to Echelon In-Reply-To: References: Message-ID: <0405191830310.-1335726656@somehost.domainz.com> On Tue, 18 May 2004, Tyler Durden wrote: > "Monyk believes there will be a global market of several million users once > a workable solution has been developed. A political decision will have to > be taken as to who those users will be in order to prevent terrorists and > criminals from taking advantage of the completely secure communication > network, he said." Hope the technology hits the streets fast enough after getting on the market. Monyk apparently doesn't believe that people who don't have the money to buy the Official Approval have no right to access to this technology. > Silliness itself, at this point. Practical quantum cryptography at this > point is limited to transmission. The moment it goes O/E, it's as vulnerable > as any other data. And terrorists aren't going to bother splicing fiber. There are quite many important activities that don't require storage of the transported data. For example, very very few people record their phone calls. From rah at shipwright.com Wed May 19 16:59:06 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Wed, 19 May 2004 19:59:06 -0400 Subject: Mixmaster Protocol Draft (revision) Message-ID: --- begin forwarded text From lynn.wheeler at firstdata.com Wed May 19 20:26:31 2004 From: lynn.wheeler at firstdata.com (lynn.wheeler at firstdata.com) Date: Wed, 19 May 2004 21:26:31 -0600 Subject: Yahoo releases internet standard draft for using DNS as public key server Message-ID: yahoo draft internet standard for using DNS as a public key server http://www.ietf.org/internet-drafts/draft-delany-domainkeys-base-00.txt misc past news refs: http://docs.yahoo.com/docs/pr/release1143.html http://blogs.ittoolbox.com/linux/technologist/archives/000241.asp http://www.computerweekly.com/Article127082.htm http://zdnet.com.com/2100-1104_2-5164279.html http://www.ecommercetimes.com/perl/story/32995.html a few past threads on using DNS as a public key server http://www.garlic.com/~lynn/aadsmore.htm#pkiart2 Public Key Infrastructure: An Artifact... http://www.garlic.com/~lynn/aepay4.htm#comcert2 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay4.htm#comcert4 Merchant Comfort Certificates http://www.garlic.com/~lynn/aepay6.htm#gaopki4 GAO: Government faces obstacles in PKI security adoption http://www.garlic.com/~lynn/aadsm8.htm#softpki2 Software for PKI http://www.garlic.com/~lynn/aadsm8.htm#softpki10 Software for PKI http://www.garlic.com/~lynn/aadsm8.htm#softpki11 Software for PKI http://www.garlic.com/~lynn/aadsm8.htm#softpki12 Software for PKI http://www.garlic.com/~lynn/aadsm8.htm#softpki14 DNSSEC (RE: Software for PKI) http://www.garlic.com/~lynn/aadsm8.htm#softpki16 DNSSEC (RE: Software for PKI) http://www.garlic.com/~lynn/aadsm9.htm#cfppki5 CFP: PKI research workshop http://www.garlic.com/~lynn/aadsm15.htm#28 SSL, client certs, and MITM (was WYTM?) http://www.garlic.com/~lynn/aepay10.htm#31 some certification & authentication landscape summary from recent threads http://www.garlic.com/~lynn/aepay10.htm#81 SSL certs & baby steps http://www.garlic.com/~lynn/aepay10.htm#82 SSL certs & baby steps (addenda) http://www.garlic.com/~lynn/aepay11.htm#37 Who's afraid of Mallory Wolf? http://www.garlic.com/~lynn/2000e.html#40 Why trust root CAs ? http://www.garlic.com/~lynn/2001c.html#8 Server authentication http://www.garlic.com/~lynn/2001c.html#9 Server authentication http://www.garlic.com/~lynn/2001d.html#36 solicit advice on purchase of digital certificate http://www.garlic.com/~lynn/2001d.html#41 solicit advice on purchase of digital certificate http://www.garlic.com/~lynn/2001e.html#26 Can I create my own SSL key? http://www.garlic.com/~lynn/2001e.html#40 Can I create my own SSL key? http://www.garlic.com/~lynn/2001e.html#46 Can I create my own SSL key? http://www.garlic.com/~lynn/2001g.html#2 Root certificates http://www.garlic.com/~lynn/2001g.html#19 Root certificates http://www.garlic.com/~lynn/2001h.html#3 PKI/Digital signature doesn't work http://www.garlic.com/~lynn/2001m.html#37 CA Certificate Built Into Browser Confuse Me http://www.garlic.com/~lynn/2001n.html#57 Certificate Authentication Issues in IE and Verisign http://www.garlic.com/~lynn/2002e.html#56 PKI and Relying Parties http://www.garlic.com/~lynn/2002m.html#64 SSL certificate modification http://www.garlic.com/~lynn/2002m.html#65 SSL certificate modification http://www.garlic.com/~lynn/2002p.html#18 Cirtificate Authorities 'CAs', how curruptable are they to http://www.garlic.com/~lynn/2002p.html#19 Cirtificate Authorities 'CAs', how curruptable are they to http://www.garlic.com/~lynn/2003l.html#36 Proposal for a new PKI model (At least I hope it's new) http://www.garlic.com/~lynn/2003l.html#43 Proposal for a new PKI model (At least I hope it's new) http://www.garlic.com/~lynn/2003l.html#51 Proposal for a new PKI model (At least I hope it's new) http://www.garlic.com/~lynn/2003l.html#53 Proposal for a new PKI model (At least I hope it's new) http://www.garlic.com/~lynn/2003l.html#60 Proposal for a new PKI model (At least I hope it's new) -- Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rsw at jfet.org Wed May 19 21:28:02 2004 From: rsw at jfet.org (Riad S. Wahby) Date: Thu, 20 May 2004 00:28:02 -0400 Subject: al-qaeda.net node downtime In-Reply-To: <40AB9480.9EF2FE0F@cdc.gov> References: <40AB9480.9EF2FE0F@cdc.gov> Message-ID: <20040520042802.GA1025@jfet.org> "Major Variola (ret)" wrote: > Congrats on being able to exercise your 2nd amendment rights a little > bit more.. Thanks :-) I've been missing my AK, which I had to leave back in Iowa when I moved out here to the land without guns. -- Riad Wahby rsw at jfet.org MIT VI-2 M.Eng From arma at mit.edu Wed May 19 23:24:46 2004 From: arma at mit.edu (Roger Dingledine) Date: Thu, 20 May 2004 02:24:46 -0400 Subject: [p2p-hackers] Onion Routing Economy Message-ID: On Thu, May 20, 2004 at 06:26:44AM +0200, Johan F?nge wrote: > What papers and ideas are there on the economy aspect of Onion Routing? Check out "Using Payments to Promote Cooperation in Anonymity Protocols" by Figueiredo et al, ftp://gaia.cs.umass.edu/pub/Anon_Incentive_03-31.pdf for a pretty good introduction to the problem. There are a lot of unsolved problems here though. For example: One could imagine a payment protocol where the initiator delivers to node i+1 a coin which is only valuable to node i, and if all is going well then i+1 hands the coin to i. But what about paying the last node in the path? External sites (e.g. webservers) don't know about your protocol. So either you don't pay the last hop, in which case there's no incentive for anybody to honor that, or you give him the money and hope for the best, which again isn't so good incentive-wise. This is critical because of another sort of free-riding on systems like onion routing: many users would prefer to run middleman nodes (relaying traffic only inside the network, and allowing nothing to exit from their node). Another issue to consider is collusion. If nodes work together, can they take your money without providing service? An incentive/payment scheme should at the least tolerate some amount of this, especially in the context of Sybil attacks: http://freehaven.net/anonbib/#sybil Does the payment system enable the adversary to attract more traffic by performing well? See "Reliable MIX Cascade Networks through Reputation" for more details around this issue: http://freehaven.net/anonbib/#casc-rep Rather than explicitly trying to reward good behavior, you might also consider implicit incentives. For example, running a node (and relaying traffic) can provide *better anonymity* for a user, so he should want to do it, and the most plausible cover traffic is actual other traffic. See "On the Economics of Anonymity", http://freehaven.net/anonbib/#econymics Another area to look at is the token-based incentive scheme in GNUnet -- http://freehaven.net/anonbib/topic.html#ebe2003 and http://freehaven.net/anonbib/#bennett:pet2003 >How can one stop the flooding/spamming of the network with junk? How can >one stop people from using too much resources? How can one create >incentive to give and not lie? > >I've though about it some myself, and I'm curious as to whether i've >reinvented part of the wheel. > >The basic idea is: > > You pay for your packets in bandwidth, by contributing to the system. > > When passing on a packet you receive credits from the originator. > Prioritize credited transfer. (Credits could possibly be the > "guaranteed" transfer of an amount of data.) After having "payed" for > one package to be passed on by a node, you pay a node, possibly the > same, and have it sponsor the continued transfer of the node, by trading > bandwidth with it. (You pay the sponsor by forwarding something, and the > sponsor then pays the forwarder of your package, by forwarding something > from the forwarder.) There's a lot still to be worked out here. How do you make sure the guy you just paid gets the guys later in the path to perform well? Is "credit" local (relative to just you) or global (I do something for Janet, then get to use Jane's resources)? If global, how do I tell people that somebody has performed well/poorly without revealing that I just used them? Do I choose nodes for my paths based on my view of peoples' credit, so an adversary who tracks my perspective could guess which paths are mine based on which nodes are in the path? (Or worse, he could influence my view of the network so I'm likely to pick nodes that nobody else picks, making me even more partitioned.) How do you distinguish between somebody who's legitimately down sometimes and somebody who provides selective service (relays some traffic, but always just takes Jane's money and ignores her)? What incentive do nodes have to pass traffic *back*? Most requests in Tor (the deployed second-generation onion routing system, see http://freehaven.net/tor/) send a few bytes forward and get many bytes in return. If the credits are local, here's another attack: the adversary shows up and uses your node, then gives you a token so you can use his. He's just bought the right to relay some of your traffic. Depending on the design, either you get to choose the later hops in the path, in which case you'll probably have to pay for them too (meaning you'll have gathered tokens for them -- and how did you do that? Some nice guy showed up and used your node, then gave you a token to use him back), or the adversary gets to choose your next hop, and we all know where that leads (cf http://freehaven.net/anonbib/#morphmix:wpes2002). I've written a bit more discussion about these topics in http://freehaven.net/anonbib/#rep-anon, including some questions about reputation and currency in section 6. It might sound like I'm trying to convince you this is an impossible problem. But I actually think we're getting closer to finding some sort of halfway-decent incentive scheme in the next couple of years. I figure the first step is to understand it well enough to figure out which parts we can ignore. Maybe enumerating the problems will drive somebody to show me how easy it is? :) --Roger _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From gabe at neutraldomain.org Thu May 20 02:47:57 2004 From: gabe at neutraldomain.org (Gabriel Rocha) Date: Thu, 20 May 2004 02:47:57 -0700 Subject: [David_Heinrich@urmc.rochester.edu: [mises] praxeology and game theory] Message-ID: <20040520094757.GA40626@cthulhu.neutraldomain.org> possibly of interest to some here... ----- Forwarded message from Pro-Choice ----- From David_Heinrich at urmc.rochester.edu Wed May 19 20:18:25 2004 From: David_Heinrich at urmc.rochester.edu (Pro-Choice) Date: Thu, 20 May 2004 03:18:25 -0000 Subject: [mises] praxeology and game theory Message-ID: Today, in Managerial Economics, the professor talked about Game Theory. The subject made me hark back to "Austrian Economics and Game Theory: a Stocktaking" at http://tinyurl.com/2vyna. I also thought of *The Games Economists Play*, by Murphy, at http://tinyurl.com/2vgoq. I see some interesting elements of value in game theory. Fundamentally, it appears to be strongly influenced by praxeology, human action, as is indicated in the basic Prisoner's Dilemna. Furthermore, though Murphy notes that game theory has been used to justify state intervention (because the Nash-equilibrium is not the optimum cooperation), there are also those who have used game theory to argue against State intervention. See *The Possibility of Cooperation* by Michael Taylor. Anyways, a cruel alternative to prisoner's dilemna occured to me in the class. This was not really my own creation, but I remembered it from Baldur's Gate II. * If both push their buttons, both die. * If neither push their buttons, both die. * If one of them pushes their button, but the other doesn't, the one who did not push the button dies. * Each of them has one hour to decide whether or not to push the button * Neither of them can see whether the other is about to or has pushed his or her button Obviously, this is a one-shot "game", so we need not considder repeated games. The following outcome table emerges (in each cell, the first listed outcome is what happens to A, the second listed one is what happens to B, given the inputs, which are the row and column headers: A --------------------------------------------- | | Push | Don't Push | |-------------|------------|----------------| | Push | D,D | D,L | B |-------------|------------|----------------| | Don't Push | L,D | D,D | --------------------------------------------- (clearly, this is a game that you don't want to play) At first, it appears that there are only three possible outcomes (I will not differentiate between them both dying from them both pushing, or them both dying from them both not pushing): D,D: A dies, B dies D,L: A dies, B lives L,D: A lives, B dies -------------------------- The Game Theorist Analysis -------------------------- The game theorist analysis, I would guess, would go as follows. A would prefer that A lives, B that B lives. A's analysis of the situation would go something like this: If A does not push the button, A will most certainly die, whether B pushes the button or not. However, if A pushes the button, he will live if B does not push the button, though he will die if B also pushes the button. It is at least conceivable to A -- albeit unlikely -- that if he pushes the button, he will survive. B's analysis proceeds in exactly the same manner. Thus, if each wishes for himself to live, both A and B will push the button. The Nash equilibrium is that they would both push the button, and thus that they should both die. In short, if they each picks the strategy that they see as allowing for the possibility that their-selves could live, they both will die. According to this standard line of game theory reasoning, it is impossible that either of them could live. -------------------------------------------------- Possible Psychological Ordinal Preference-Rankings -------------------------------------------------- In the following, I will list possible ordinal preference rankings for A and B in a list, with the most preferred outcome at the top of the list, progressively going towards less preferred outcomes. This seems to be simple, but in fact the list becomes rather long once you realize that it is perfeclty *possible* that A could prefer D,D, or that A could be indifferent between the three outcomes, or between two ofthe outcomes. In the case where there is indifference between two or three outcomes, they are listed side-by-side In the case where A is indifferent between two or three outcomes, that indifference cannot explain why he either pushes a button or does not push a button. I am aware that preference can only be revealed through action, and that indifference *cannot* be illustrated by action. These ordinal preferences I am listing are not all praxeological preferences, because action can only illustrate preference, not indifference. They are, rather, preferences from a prior psychological point of view. Praxeological ordinal rankings can only be revealed via action. This is an exhaustive list of all possible ordinal rankings. If I am either A or B, I know which ranking I prefer: 1 2 3 4 5 6 D,L D,L L,D L,D D,D D,D L,D D,D D,D D,L D,L L,D D,D L,D D,L D,D L,D D,L 7 8 9 D,L L,D D,D L,D D,D D,D D,L D,L L,D 10 11 12 L,D D,D D,D D,L D,L L,D D,L L,D D,D 13 D,D D,L L,D Immediately, a problem with game-theory is apparent. It goes beyond economics and into psychology. From all I've heard, game theory seems to concern itself only with one possibility: A would want to live, and B would want to live. This cannot be an acceptable assumption. -------------------------------------------------- Possible Psychological Ordinal Preference-Rankings -------------------------------------------------- >From a praxeologically significant standpoint, ordinal preference rankings can only be revealed through action. However, in this case, it can only be deduced what one *does not* prefer based on one's button pushing: If A pushes the button, what can we deduce? Not much, unless we make certain assumptions. Strictly speaking, if A pushes the button, all that we can deduce is that his highest valued outcome was *not* D,L -- that he dies and B lives. There are two possible reasons why A pushed the button: (1) he preferred that both of them should die (D,D); or (2) he preferred that he should live and B should die (L,D). Thus, from the following actions by A or B, in this case, we can only deduce what they do not prefer: A pushes button: Does not prefer D,L A does not push button: Does not prefer L,D B pushes button: Does not prefer L,D B does not push button: Does not prefer D,L --------------------------------- Some Problems with Game Theorists --------------------------------- It seems to me that game theorists -- not game theory itself -- have some problems from the start. Namely, they go beyond economics and into psychology, making assumptions which can hardly be assumed to be univeral. The game theorist would assume that A would want the L,D outcome and B would want the D,L outcome. However, why does that need to be so? Let's consider one possible preference which everyone seems to reject off-hand: D,D. Let's say that A and B were married. It is possible to think that both, then, would place the highest value on outcome D,D, as both know that neither would want to live without the other. Once we accept that the fact that it is possible that A and B may have any of the listed 13 value scales, the normal game theory analysis is completely exploded, and this seemingly "simple" example becomes unbelievably complex. http://groups.yahoo.com/group/mises Sponsor: www.mises.org Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/mises/ <*> To unsubscribe from this group, send an email to: mises-unsubscribe at yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ ----- End forwarded message ----- -- Churchill, Winston Leonard Spencer --On the eve of Britain's entry into World War II: "If you will not fight for right when you can easily win without bloodshed; if you will not fight when your victory will be sure and not too costly; you may come to the moment when you will have to fight with all odds against you and only a precarious chance of survival. There may be even a worse fate. You may have to fight when there is no hope of victory, because it is better to perish than to live as slaves. From David_Heinrich at urmc.rochester.edu Wed May 19 20:18:25 2004 From: David_Heinrich at urmc.rochester.edu (Pro-Choice) Date: Thu, 20 May 2004 03:18:25 -0000 Subject: [mises] praxeology and game theory Message-ID: Today, in Managerial Economics, the professor talked about Game Theory. The subject made me hark back to "Austrian Economics and Game Theory: a Stocktaking" at http://tinyurl.com/2vyna. I also thought of *The Games Economists Play*, by Murphy, at http://tinyurl.com/2vgoq. I see some interesting elements of value in game theory. Fundamentally, it appears to be strongly influenced by praxeology, human action, as is indicated in the basic Prisoner's Dilemna. Furthermore, though Murphy notes that game theory has been used to justify state intervention (because the Nash-equilibrium is not the optimum cooperation), there are also those who have used game theory to argue against State intervention. See *The Possibility of Cooperation* by Michael Taylor. Anyways, a cruel alternative to prisoner's dilemna occured to me in the class. This was not really my own creation, but I remembered it from Baldur's Gate II. * If both push their buttons, both die. * If neither push their buttons, both die. * If one of them pushes their button, but the other doesn't, the one who did not push the button dies. * Each of them has one hour to decide whether or not to push the button * Neither of them can see whether the other is about to or has pushed his or her button Obviously, this is a one-shot "game", so we need not considder repeated games. The following outcome table emerges (in each cell, the first listed outcome is what happens to A, the second listed one is what happens to B, given the inputs, which are the row and column headers: A --------------------------------------------- | | Push | Don't Push | |-------------|------------|----------------| | Push | D,D | D,L | B |-------------|------------|----------------| | Don't Push | L,D | D,D | --------------------------------------------- (clearly, this is a game that you don't want to play) At first, it appears that there are only three possible outcomes (I will not differentiate between them both dying from them both pushing, or them both dying from them both not pushing): D,D: A dies, B dies D,L: A dies, B lives L,D: A lives, B dies -------------------------- The Game Theorist Analysis -------------------------- The game theorist analysis, I would guess, would go as follows. A would prefer that A lives, B that B lives. A's analysis of the situation would go something like this: If A does not push the button, A will most certainly die, whether B pushes the button or not. However, if A pushes the button, he will live if B does not push the button, though he will die if B also pushes the button. It is at least conceivable to A -- albeit unlikely -- that if he pushes the button, he will survive. B's analysis proceeds in exactly the same manner. Thus, if each wishes for himself to live, both A and B will push the button. The Nash equilibrium is that they would both push the button, and thus that they should both die. In short, if they each picks the strategy that they see as allowing for the possibility that their-selves could live, they both will die. According to this standard line of game theory reasoning, it is impossible that either of them could live. -------------------------------------------------- Possible Psychological Ordinal Preference-Rankings -------------------------------------------------- In the following, I will list possible ordinal preference rankings for A and B in a list, with the most preferred outcome at the top of the list, progressively going towards less preferred outcomes. This seems to be simple, but in fact the list becomes rather long once you realize that it is perfeclty *possible* that A could prefer D,D, or that A could be indifferent between the three outcomes, or between two ofthe outcomes. In the case where there is indifference between two or three outcomes, they are listed side-by-side In the case where A is indifferent between two or three outcomes, that indifference cannot explain why he either pushes a button or does not push a button. I am aware that preference can only be revealed through action, and that indifference *cannot* be illustrated by action. These ordinal preferences I am listing are not all praxeological preferences, because action can only illustrate preference, not indifference. They are, rather, preferences from a prior psychological point of view. Praxeological ordinal rankings can only be revealed via action. This is an exhaustive list of all possible ordinal rankings. If I am either A or B, I know which ranking I prefer: 1 2 3 4 5 6 D,L D,L L,D L,D D,D D,D L,D D,D D,D D,L D,L L,D D,D L,D D,L D,D L,D D,L 7 8 9 D,L L,D D,D L,D D,D D,D D,L D,L L,D 10 11 12 L,D D,D D,D D,L D,L L,D D,L L,D D,D 13 D,D D,L L,D Immediately, a problem with game-theory is apparent. It goes beyond economics and into psychology. From all I've heard, game theory seems to concern itself only with one possibility: A would want to live, and B would want to live. This cannot be an acceptable assumption. -------------------------------------------------- Possible Psychological Ordinal Preference-Rankings -------------------------------------------------- >From a praxeologically significant standpoint, ordinal preference rankings can only be revealed through action. However, in this case, it can only be deduced what one *does not* prefer based on one's button pushing: If A pushes the button, what can we deduce? Not much, unless we make certain assumptions. Strictly speaking, if A pushes the button, all that we can deduce is that his highest valued outcome was *not* D,L -- that he dies and B lives. There are two possible reasons why A pushed the button: (1) he preferred that both of them should die (D,D); or (2) he preferred that he should live and B should die (L,D). Thus, from the following actions by A or B, in this case, we can only deduce what they do not prefer: A pushes button: Does not prefer D,L A does not push button: Does not prefer L,D B pushes button: Does not prefer L,D B does not push button: Does not prefer D,L --------------------------------- Some Problems with Game Theorists --------------------------------- It seems to me that game theorists -- not game theory itself -- have some problems from the start. Namely, they go beyond economics and into psychology, making assumptions which can hardly be assumed to be univeral. The game theorist would assume that A would want the L,D outcome and B would want the D,L outcome. However, why does that need to be so? Let's consider one possible preference which everyone seems to reject off-hand: D,D. Let's say that A and B were married. It is possible to think that both, then, would place the highest value on outcome D,D, as both know that neither would want to live without the other. Once we accept that the fact that it is possible that A and B may have any of the listed 13 value scales, the normal game theory analysis is completely exploded, and this seemingly "simple" example becomes unbelievably complex. http://groups.yahoo.com/group/mises Sponsor: www.mises.org Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/mises/ <*> To unsubscribe from this group, send an email to: mises-unsubscribe at yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ ----- End forwarded message ----- -- Churchill, Winston Leonard Spencer --On the eve of Britain's entry into World War II: "If you will not fight for right when you can easily win without bloodshed; if you will not fight when your victory will be sure and not too costly; you may come to the moment when you will have to fight with all odds against you and only a precarious chance of survival. There may be even a worse fate. You may have to fight when there is no hope of victory, because it is better to perish than to live as slaves. From gabe at seul.org Thu May 20 07:34:07 2004 From: gabe at seul.org (Gabriel Rocha) Date: Thu, 20 May 2004 07:34:07 -0700 Subject: [David_Heinrich@urmc.rochester.edu: [mises] praxeology and game theory] Message-ID: <20040520143407.GB40626@cthulhu.neutraldomain.org> Possibly of interest to some here... ----- Forwarded message from Pro-Choice ----- From mv at cdc.gov Thu May 20 09:02:13 2004 From: mv at cdc.gov (Major Variola (ret)) Date: Thu, 20 May 2004 09:02:13 -0700 Subject: Science: throttling computer viruses Message-ID: <40ACD684.CB13ABB9@cdc.gov> Gist: they can spread too fast to deal with unless you throttle all connections. Science, Vol 304, Issue 5670, 527-529 , 23 April 2004 COMPUTER SCIENCE: Technological Networks and the Spread of Computer Viruses Justin Balthrop, Stephanie Forrest, M. E. J. Newman, Matthew M. Williamson* Computer viruses and worms are an increasing problem throughout the world. By some estimates 2003 was the worst year yet: Viruses halted or hindered operations at numerous businesses and other organizations, disrupted cash-dispensing machines, delayed airline flights, and even affected emergency call centers. The Sobig virus alone is said to have caused more than $30 billion in damage (1). And most experts agree that the damage could easily have been much worse. For example, Staniford et al. describe a worm that could infect the entire Internet in about 30 s (2). A worm of this scale and speed could bring the entire network to a halt, or worse. The term virus refers to malicious software that requires help from computer users to spread to other computers. E-mail viruses, for instance, require someone to read an e-mail message or open an attached file in order to spread. The term worm refers to infections that spread without user intervention. Because they spread unaided, worms can often spread much faster than viruses. Computer infections such as viruses and worms spread over networks of contacts between computers, with different types of networks being exploited by different types of infections. The structure of contact networks affects the rate and extent of spreading of computer infections, just as it does for human diseases (3-7); understanding this structure is thus a key element in the control of infection. Both traditional and network-based epidemiological models have been applied to computer contagion (3-5). Recent work has emphasized the effects of a network's degree distribution. A network consists of nodes or vertices connected by lines or edges, and the number of edges connected to a vertex is called its degree. Of particular interest are scale-free networks, in which the degree distribution follows a power law, where the fraction pk of vertices with degree k falls off with increasing k as k- for some constant . This structure has been reported for several technological networks, including the Internet (8) and the World Wide Web (9, 10). Infections spreading over scale-free networks are highly resilient to control strategies based on randomly vaccinating or otherwise disabling vertices. This is bad news for traditional computer virus prevention efforts, which use roughly this strategy. On the other hand, targeted vaccination, in which one immunizes the highest degree vertices, can be very effective (11, 12). These results rely crucially on the assumption that the degree distribution follows a power law, and also that the contact pattern is static. Many technological networks relevant to the spread of viruses, however, are not scale-free. Vaccination strategies focusing on highly connected network nodes are unlikely to be effective in such cases. Furthermore, network topology is not necessarily constant. In many cases the topology depends on the replication mechanism used by a virus and can be manipulated by virus writers to circumvent particular control strategies that we attempt. If, for instance, targeted vaccination strategies were found to be effective against viruses spreading over scale-free networks, viruses might be rewritten so as to change the structure of the network to some non-scale-free form instead. To make these ideas more concrete, we consider four illustrative networks, each of which is vulnerable to attack: (A) the network of possible connections between computers using the Internet Protocol (IP), (B) a network of shared administrator accounts for desktop computers, (C) a network of e-mail address books, and (D) a network of e-mail messages passed between users. In network A, each computer has a 32-bit IP address and there is a routing infrastructure that supports communication between any two addresses. We consider the network in which the nodes are IP addresses and two nodes are connected if communication is possible between the corresponding computers. Many epidemics spread over such an IP network. Notable examples include the Nimda and SQLSlammer worms. Network B is a product of the common operating system feature that allows computer system administrators to read and write data on the disks of networked machines. Some worms, including Nimda and Bugbear, can spread by copying themselves from disk to disk over this network. Network C has nodes representing users and a connection from user i to user j if j's e-mail address appears in i's address book. Many e-mail viruses use address books to spread (for example, ILoveYou). A closely related network is network D, in which the nodes represent computer users, and two users are connected if they have recently exchanged e-mail. Viruses such as Klez spread over this network. Degree distributions have been measured for examples of each of the four networks (see the figure). In network A, all vertices have the same degree, so the distribution has a single peak at this value (blue histogram). In network B, the distribution consists of four discrete peaks, presumably corresponding to different classes of computers, administrators, or administration strategies (red histogram). Infectious connections. (Left) Degree distributions for the IP (blue) and administrator (red) networks. The administrator network data were collected on a system of 518 users of 382 machines at a large corporation. Computers in this network are connected if any user has administrative privileges on both computers. (Right) Cumulative degree distributions for the e-mail address book (blue) and e-mail traffic (red) networks. The e-mail address book data were collected from a large university (7). The e-mail traffic data were collected for complete e-mail activity of a large corporate department over a 4-month period (18). The two e-mail networks have more continuous distributions and are shown as cumulative histograms. Although neither network has a power-law degree distribution, both have moderately long tails, which suggests that targeted vaccination strategies might be effective. However, calculations show that for network C, about 10% of the highest degree nodes would need to be vaccinated to prevent an epidemic from spreading (7), whereas network D would require about 80%. The first of these figures is probably too high for an effective targeted vaccination strategy, and the second is clearly far too high. (Targeted vaccination would be entirely ineffective in the other two networks as well, because the nodes are much more highly connected.) The two e-mail networks illustrate the ways in which different virus replication strategies can lead to different network topologies. An e-mail virus could look for addresses in address books, thereby spreading over a network with a topology like that of network C, or it could search through other files or folders on the machine for addresses of senders and recipients of archived e-mail messages, giving a topology more like network D. Another example is provided by the Nimda virus, which infects Web servers by targeting random IP addresses, producing a network like network A. However, if the virus had a more intelligent way of selecting IP addresses to attack (e.g., by inspecting hyperlinks), then it might spread over a topology more like that of the Web, which is believed to have a power-law degree distribution (9, 10). A control strategy is needed that is immune to changes in network topology and that does not require us to know the mechanisms of infections before an outbreak. A number of methods have been proposed (13). One such strategy is throttling, first introduced for the control of misbehaving programs (14) and recently extended to computer network connections (15). In this context, throttling limits the number of new connections a computer can make to other machines in a given time period. Because it works by limiting spreading rates rather than stopping spread altogether, the method does not completely eliminate infections but only slows them down. Frequently, however, this is all that is necessary to render a virus harmless or easily controllable by other means (16). Throttling is most effective when viruses generate traffic at a rate significantly higher than normal network communications. Luckily this is true for many common protocols and the viruses that exploit them (15, 17). For a virus to spread, it needs to propagate itself to many different machines; to spread quickly, it must do so at a high rate. For example, the Nimda worm attempts to infect Web servers at a rate of around 400 new machines per second, which greatly exceeds the normal rate of connections to new Web servers of about one per second or slower (15). A throttling mechanism that limited connections to new Web servers to about one per second would slow Nimda by a factor of 400 without affecting typical legitimate traffic. This could easily be enough to change a serious infection into a minor annoyance, which could then be eliminated by traditional means. Slowing the spread of Nimda by a factor of 400 (from a day to more than a year) would have allowed plenty of time to develop and deploy signatures and prophylactic software patches. (Of course, if throttling were implemented on only a subset of the nodes in a network, then infections could spread more easily.) In addition to reducing virus spread, throttling has the practical benefit of reducing the amount of traffic generated by an epidemic, thus reducing demand on networking equipment--often the primary symptom of an attack. Targeted vaccination strategies for the control of computer viruses are unlikely to be generally effective because the networks over which viruses spread are not sufficiently dominated by highly connected nodes, and because network topology can be influenced strongly by the way in which a virus is written. Throttling provides a promising alternative strategy that works with any network topology and can greatly reduce viruses' impact by slowing their spread to the point where they can be treated by conventional means. The disparity between the speed of computer attacks (machine and network speed) and the speed of manual response (human speed) has increased in recent years. If this trend continues, automated mechanisms like throttling will likely become an essential tool, complementing the largely manual approach of software patching in use today. The idea of rate limits is not specific to viruses, and could be applied to many situations in which an attack or cascading failure occurs faster than possible human response. References and Notes 1.Citations documenting these events are listed on www.cs.unm.edu/~judd/virus.html, as are citations to each of the viruses and worms mentioned above. 2.S. Staniford, V. Paxson, N. Weaver, in Proceedings of the USENIX Security Symposium (USENIX Association, Berkeley, CA, 2002), pp. 149-167. 3.J. O. Kephart, S. R. White, in Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy (IEEE Computer Society, Los Alamitos, CA, 1991), pp. 343-359. 4.R. Pastor-Satorras, A. Vespignani, Phys. Rev. Lett. 86, 3200 (2001) [APS]. 5.A. L. Lloyd, R. M. May, Science 292, 1316 (2001). 6.H. Ebel, L.-I. Mielsch, S. Bornholdt, Phys. Rev. E 66, 035103 (2002) [APS]. 7.M. E. J. Newman, S. Forrest, J. Balthrop, Phys. Rev. E 66, 035101 (2002) [APS]. 8.M. Faloutsos, P. Faloutsos, C. Faloutsos, Comput. Commun. Rev. 29, 251 (1999). 9.R. Albert, H. Jeong, A.-L. Barabasi, Nature 401, 130 (1999) [Abstract]. 10.J. M. Kleinberg, S. R. Kumar, P. Raghavan, S. Rajagopalan, A. Tomkins, in Proceedings of the International Conference on Combinatorics and Computing, vol. 1627 of Lecture Notes in Computer Science (Springer, Berlin, 1999), pp. 1-18. 11.R. Albert, H. Jeong, A.-L. Barabasi, Nature 406, 378 (2000) [Medline]. 12.D. S. Callaway, M. E. J. Newman, S. H. Strogatz, D. J. Watts, Phys. Rev. Lett. 85, 5468 (2000) [APS]. 13.D. Moore, C. Shannon, G. Voelker, S. Savage, in Proceedings of the 22nd Annual Joint Conference of IEEE Computer and Communication Societies (INFOCOM) (IEEE Communications Society, New York, 2003), pp. 1901-1910. 14.A. Somayaji, S. Forrest, in Proceedings of the 9th USENIX Security Symposium (USENIX Association, Berkeley, CA, 2000), pp. 185-197. 15.M. M. Williamson, in Proceedings of ACSAC Security Conference (IEEE Computer Society, Los Alamitos, CA, 2002), pp. 61-68. 16.M. M. Williamson, Complexity 9, 34 (November- December 2003) [Abstract]. 17.M. M. Williamson, in Proceedings of ACSAC Security Conference (IEEE Computer Society, Los Alamitos, CA, 2003), pp. 76-85. 18.J. R. Tyler, D. M. Wilkinson, B. A. Huberman, in Communities and Technologies, M. Huysman, E. Wenger, V. Wulf, Eds. (Kluwer, Dordrecht, Netherlands, 2003), pp. 81-95 [publisher's information]. 19.We thank J. Gassaway for help collecting the e-mail address book data set, C. Hickman for the administrator data set, and J. Tyler and B. Huberman for the e-mail traffic data set. Supported by the James S. McDonnell Foundation, NSF, Defense Advanced Research Projects Agency, Intel Corp., and Santa Fe Institute. From rah at shipwright.com Thu May 20 07:07:43 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 20 May 2004 10:07:43 -0400 Subject: Yahoo releases internet standard draft for using DNS as public key server Message-ID: --- begin forwarded text From rah at shipwright.com Thu May 20 07:42:12 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 20 May 2004 10:42:12 -0400 Subject: [p2p-hackers] Onion Routing Economy Message-ID: --- begin forwarded text From emc at artifact.psychedelic.net Thu May 20 11:01:46 2004 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Thu, 20 May 2004 11:01:46 -0700 (PDT) Subject: Science: throttling computer viruses In-Reply-To: <40ACD684.CB13ABB9@cdc.gov> Message-ID: <200405201801.i4KI1kTm001693@artifact.psychedelic.net> Major Variola writes: > Computer viruses and worms are an increasing problem throughout the > world. By some estimates 2003 was the worst year yet: > Viruses halted or hindered operations at numerous businesses and other > organizations, disrupted cash-dispensing machines, I have a dual boot system which normally runs Linux. Since it had been a couple of months since I last ran XP, I booted it on Tuesday to run Windows Update, and keep it current with critical patches. Within minutes, before I had even downloaded the first update, my box ground to a nearly screeching halt from Sasser, and some other piece of malware which was trying to make thousands of connections to random IPs on port 5000. I've had Linux exposed to the Net for years, and have never had these kinds of problems. You really wonder why someone doesn't arrest Bill Gates for software malpractice. It's really silly when code can leap into your machine, install itself, configure itself to start up again every time the system is booted, and then sit there using all your system resources looking for other boxes to victimize. Didn't we learn all we needed to know about provably correct secure inpenetrable kernels with MULTICS in the 1960's? Why has the world of computing been subjected to 20 years of Microsoft slowly reinventing the wheel starting with DOS, and they still haven't gotten it right. We recall McDonalds toys with parts kids can bite off and choke on, but we let millions of lines of closed source code that does Lord-knows-what on various network ports run on nearly every machine in the universe with impunity. -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From rah at shipwright.com Thu May 20 08:36:59 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 20 May 2004 11:36:59 -0400 Subject: New biometric approach secures ID cards Message-ID: New Scientist New biometric approach secures ID cards 19:00 19 May 04 Exclusive from New Scientist Print Edition. Subscribe and get 4 free issues. A novel biometric identification system could counter many of the objections to ID card schemes such as the one being proposed by the UK government. The system can unequivocally link a person to a particular ID card without having to match their biometric characteristics to data stored either on the card or on a central database. A biometric is a unique measure of some facet of a person's body - such as a fingerprint or an iris scan. By 2005, the International Civil Aviation Organisation wants such data incorporated in newly issued passports. And the UK government wants it in ID cards from 2007. The information will also be stored on databases. A person enrolling into a biometric scheme based on iris recognition first has to peer into an infrared scanner which records an image of one of their irises. This is then processed to convert it into a string of digits - that person's "biometric reference template". This is obtained by dividing the image into hundreds of squares and measuring the light intensity in each one. This is then stored on a central database, as in the proposed UK system, or on the individual's ID card. Sufficiently similar Later, when that person needs to prove their identity, a fresh scan is taken and processed, and the resulting data is matched to the stored reference template. If the two are sufficiently similar, the ID is authenticated. An exact match is not required, because there are always likely to be some differences between scans, caused by variations in measurement conditions, like lighting. The danger, security experts say, is that if someone's reference template were to be captured it could be used illicitly. For example, a criminal could simply send the template to a service provider such as a bank as if it had originated from a scanner. Now Gavan Duffy of Generics Group, based in Cambridge, UK, has devised a technique that avoids any need to store the biometric reference template. It relies on a statistical trick that removes the variability in the results when an iris or fingerprint is scanned. "We're enhancing its stability," Duffy says. String of digits In conventional systems, when an iris image is divided into a grid and converted into a string of digits, the values stored for the brightness vary within a range. Problems occur when the brightness value falls close to a threshold between two levels. This makes it likelier that during one scan it will fall short of this threshold, while under different lighting conditions it might rise far enough to put it in a different range. For example, if the scale of light intensities is from 0 to 10, a reference reading in a certain grid square might be 3.9. This would normally be rounded down to a 3. But in a later scan, that grid point might be measured as high as 4.1 and so be recorded as a 4, creating a mismatch between the scanned template number and the reference template number. Generics' trick is to remove this uncertainty by providing an "offset" value for each data point in the grid. Each offset value is chosen so as to shift the value of the original scan to the middle of its range. In the above example, the grid square would have an offset of 0.4 assigned to it, to shift the reading of 3.9 to the middle of its range, which is 3.5. If a later scan happened to produce a reading of 4.1, applying the offset it would bring it down to 3.7, which would be recorded as a 3, just as in the reference. "We can, with high reliability, generate the same number," says Duffy. Irreversibly encrypted Because the scan gives the same result time after time, the reference template can be combined with data recorded on the card to create a "digital signature" unique to the user. By irreversibly encrypting this signature it is possible to ensure that the biometric data is unrecoverable and not open to misuse. The offset data is stored on the card, unencrypted, as it is no use to anyone but the owner. When someone needs to prove who they are, a reader combines the scan with the offsets to make a template. This is then combined with the personal data on the card to produce a fresh signature. If the user is genuine, the new signature should be a perfect match for the stored one. Privacy campaigners are guardedly impressed: "This looks like a good solution. They are just storing information that needs the iris or fingerprint to be present for the offset information to be any use," says Ian Brown, of the Foundation for Information Policy Research. Though he stresses FIPR is opposed to ID cards, he says Generic's scheme seems to be a lesser evil. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu May 20 12:20:22 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 20 May 2004 15:20:22 -0400 Subject: Paying through the mouse Message-ID: The Economist Online payments Paying through the mouse May 20th 2004 | SAN JOSE, CALIFORNIA >From The Economist print edition PayPal is turning into a huge online-payments business ONE of the most powerful forces in e-commerce is the "network effect": the more people who flock to a particular website, the greater its appeal. The latest beneficiary of this phenomenon is PayPal, which now handles online payments at an annualised rate of more than $17 billion. PayPal is not a bank, but for online buyers and sellers it performs much the same function. It already has 45m account-holders worldwide, one-quarter of the number of the mighty Citigroup. Next time, online The company began in Silicon Valley in 1998. Its e-mail system for payments became so widespread on internet auction sites that the biggest firm in this business, eBay, set up a rival, Billpoint, in the hope of snaffling for itself some of the value of transactions. But Billpoint never matched PayPal's popularity, so in 2002 eBay bought PayPal for $1.5 billion in shares. PayPal's ambition is to become the global standard for internet payments and it is expanding overseas in eBay's footsteps. In the first quarter of 2004, the value of items sold on eBay was $8 billion, 51% more than a year earlier. Meg Whitman, eBay's chairman, told analysts recently that the company reckons one in three online shoppers in America now has a PayPal account. Although PayPal's customers mostly buy via eBay, usage elsewhere is also growing-estimated at well over $1 billion-worth of transactions in the first quarter of the year. Besides purchasing from other dotcoms, you can pay your taxes in York County, South Carolina or send a donation to the Pat Brody Shelter for Cats in Lunenburg, Massachusetts. PayPal also does gift vouchers. The payment mechanism is simple enough. Newcomers to PayPal provide details of a credit card or bank account. These are verified with a nominal transaction. Thereafter, a buyer can e-mail a payment directly to a seller. This is immediately debited from the buyer's credit card or bank account, and a credit is made to the seller's PayPal account. Money in a PayPal account can be withdrawn by cheque or transferred to a bank account. Individuals and small traders can receive credit-card payments without obtaining a merchant account. PayPal's cut comes from charging recipients between 2.2% and 3.4%, depending on the country, and levying fees for currency conversions. In the first quarter of 2004, PayPal's revenues were $155m, 69% more than a year before. PayPal has helped slash the time internet users spend completing transactions and has greatly increased confidence in trading online, says Matthew Bannick, the company's general manager of global payments. It can take several weeks for cheques to arrive in the post and for payments to clear, but online payments are made instantly, which means goods can be shipped straight away. "It has improved the velocity of trade," adds Mr Bannick. Another benefit, he says, is that buyers do not have to impart banking or credit-card information to merchants. Security remains the prime concern of internet shoppers. An NOP survey that PayPal commissioned in Britain, where the company opened its first overseas site last year, found that more than one-third of internet users are reluctant to spend more than #50 ($90) online. To overcome their concerns, payment protection is now offered in America (up to $500) and in Britain (up to #250) on goods sold by eligible traders (those who have built up good reputations within eBay's ranking system). This now covers more than 60% of all listings on eBay's American site. PayPal wants to expand internationally, to continental Europe and Asia. Although it has not said so, the likeliest next local site is Germany; China, eBay's fastest-growing market, looks like a good long-term possibility. Such growth will bring new challenges. People in different countries favour different ways of making payments offline: the French like cheques, for instance; in Germany, bank transfers are common. This might translate into different online habits. Countries also regulate financial services differently. PayPal has no plans, though, to become a bank, even though it performs some similar functions. Customers in America can earn interest on their PayPal balances by allowing PayPal to place the funds in a pooled savings account or by enrolling into PayPal's money market fund. It has been licensed as a money-transmitter in American states and in Britain. Regulation as a bank would require more costly and complicated compliance. Nevertheless, the company has faced regulatory challenges, not least because it could be used for the illicit transfer of funds. Soon after it acquired PayPal, eBay ended its services to online gambling merchants because of complaints from federal prosecutors that this violated America's Patriot Act, which Congress passed after the September 11th terrorist attacks to harden money-laundering rules. Last year, eBay paid $10m to settle the charges. Because most of its payments are small, big sums stand out. This should help PayPal comply with the authorities. Now it is interested in handling even smaller amounts. Late last year it introduced lower processing fees for micro-payments, to make it more feasible for online merchants to accept tiny payments for digital-music downloads. The success of portable music players, such as Apple's iPod, suggest that this too will be big online business. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu May 20 12:22:36 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 20 May 2004 15:22:36 -0400 Subject: Database Measured 'Terrorism Quotient' Message-ID: AP: Database Measured 'Terrorism Quotient' Email this Story May 20, 7:25 AM (ET) By BRIAN BERGSTEIN sponsored links Voice Your Opinion - Take today's My Way Poll, featuring a new topic daily. http://poll.myway.com Play Free Online Games - Collapse, Bounce Out, Jigsaw, Crossword, Mah Jong and tons more. http://games.myway.com NEW YORK (AP) - Before helping to launch the criminal information project known as Matrix, a database contractor gave U.S. and Florida authorities the names of 120,000 people who showed a statistical likelihood of being terrorists - sparking some investigations and arrests. The "high terrorism factor" scoring system also became a key selling point for the involvement of the database company, Seisint Inc., in the Matrix project. Public records obtained by The Associated Press from several states show that Justice Department officials cited the scoring technology in appointing Seisint sole contractor on the federally funded, $12 million project. Seisint and the law enforcement officials who oversee Matrix insist that the terrorism scoring system ultimately was kept out of the project, largely because of privacy concerns. However, new details about Seisint's development of the "terrorism quotient," including the revelation that authorities apparently acted on the list of 120,000, are renewing privacy activists' suspicions about Matrix's potential power. "Assuming they have in fact abandoned the terrorist quotient, there's nothing that stops them from bringing it back," said Barry Steinhardt, director of the technology and liberty program at the American Civil Liberties Union, which learned about the list of 120,000 through its own records request in Utah. Matrix - short for Multistate Anti-Terrorism Information Exchange - combines state records and data culled by Seisint to give investigators fast access to information on crime and terrorism suspects. It was launched in 2002. Because the system includes information on people with no criminal record as well as known criminals, Matrix has drawn objections from liberal and conservative privacy groups. Utah and at least eight other states have pulled out, leaving Florida, Connecticut, Ohio, Michigan and Pennsylvania. The AP has received thousands of pages of Matrix documents in records requests this year, including meeting minutes and presentation materials that discuss the project in detail. Not one indicates that Matrix planners decided against using the statistical method of determining an individual's propensity for terrorism. When the AP specifically requested documents indicating the scoring system was scrapped, the general counsel's office for Florida state police said it could not uncover any. Even so, people involved with Matrix pledge that the statistical method was removed from the final product. "I'll put my 26 years of law enforcement experience on the line. It is not in there," said Mark Zadra, chief investigator for the Florida Department of Law Enforcement. He said Matrix, which has 4 billion records, merely speeds access to material that police have always been able to get from disparate sources, and does not automatically or proactively finger suspects. Bill Shrewsbury, a Seisint executive and former federal drug agent, said the terrorism scoring algorithm that produced the list of 120,000 names was "put on the shelf" after it was demonstrated immediately following Sept. 11, 2001. He said the scoring system requires intelligence data that was fed into the software for the initial demonstration but is not commonly available. "Nor are we interested in pursuing that," he said. The Utah documents included a Seisint presentation saying the scoring system was developed by the company and law enforcement officials by reverse engineering an unnamed "Terrorist Handbook" that reveals how terrorists "penetrate and in live our society." The scoring incorporated such factors as age, gender, ethnicity, credit history, "investigational data," information about pilot and driver licenses, and connections to "dirty" addresses known to have been used by other suspects. According to Seisint's presentation, dated January 2003 and marked confidential, the 120,000 names with the highest scores were given to the Immigration and Naturalization Service, FBI, Secret Service and Florida state police. (Later, those agencies would help craft the software that queries Matrix.) Of the people with the 80 highest scores, five were among the Sept. 11 hijackers, Seisint's presentation said. Forty-five were identified as being or possibly being under existing investigations, while 30 others "were unknown to FBI." "Investigations were triggered and arrests were made by INS and other agencies," the presentation added. Two bullet points stated: "Several arrests within one week" and "Scores of other arrests." It does not provide details of when and where the investigations and arrests took place. Phil Ramer, who heads Florida state police's intelligence division, said his agency found the list a useful starting point for some investigations, though he said he could not recall how many. He stressed that the list was not used as the sole evidence to make arrests. "What we did with the list is we went back and found out how they got on the list," Ramer said. Dean Boyd, a spokesman for U.S. Immigration and Customs Enforcement, a descendant of INS in the Department of Homeland Security, said he could not confirm that INS used or was given the list. Although Seisint says it shelved the scoring system - known as high terrorist factor, or HTF - after the original demonstrations in the wake of Sept. 11, 2001, the algorithm was touted well into 2003. A records request by the AP in Florida turned up "briefing points," dated January 2003, for a presentation on Matrix to Vice President Dick Cheney and other top federal officials delivered jointly by Seisint, Florida Gov. Jeb Bush and Florida's top police official. One of the items on Seisint's agenda: "Demonstrate HTF with mapping." Matrix meeting minutes from February 2003 say Cheney was briefed along with Homeland Security Director Tom Ridge and FBI Director Robert Mueller. In May 2003, the Justice Department approved Seisint as sole data contractor on the project, citing the company's "technical qualifications," including software "applying the 'terrorism quotient' in all cases." "The quotient identifies a set of criteria which accurately singled out characteristics related to the perpetrators of the 9-11 attacks and other terrorist events," said a memo from an Office of Justice Programs policy adviser, Bruce Edwards. "This process produced a scoring mechanism (that), when applied to the general criminal population, yields other people that may have similar motives." A spokeswoman for the Office of Justice Programs declined to comment. Ramer, the Florida agent, said the scoring system was scrapped because it was "really specific to 9/11," and not applicable for everyday use. Also, he said, "we didn't want anybody abusing it." Seisint Inc., is a Boca Raton, Fla., company founded by a millionaire, Hank Asher, who stepped down from its board of directors last year after revelations of past ties to drug smugglers. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Thu May 20 13:05:43 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Thu, 20 May 2004 16:05:43 -0400 Subject: Weblinks sponsors the Senior National Cricket Team Uniforms Message-ID: Radio Anguilla Thursday, 20 May, 2004 12:23 PM Weblinks sponsors the Senior National Cricket Team Uniforms Anguilla's newly formed Telecommunications Company Weblinks, has taken the initiative to sponsor a number of uniforms for the Anguilla Senior National Cricket team. The National team will participate in the Leeward Islands Cricket Tournament - slated to begin on May 28. Speaking during a presentation ceremony and cocktail last night at Paradise Cove Resort, President of the Anguilla Cricket Association Mr Gerard Gumbs underscored the importance of the development of society through sports. "I am proud to say that as local Anguillians, they have seen the need to contribute further to the development of the Anguillian society by contributing wholeheartedly to the sponsorship of the uniform for the local Cricket Team. These guys are truly Anguillians at heart who believe they can make a difference in helping to nurture a good society through their contribution to the sport of Cricket. Let us not underestimate the value that playing sports has on the lives of our people, especially our young people. Sports is still today, an aspect of our life that calls for tremendous personal discipline, on and off the field of play. If you check professional sportsmen, most of them talk about being role models within their community and giving back to their communities. It is through efforts such as this sponsorship that we here in Anguilla can mold young people into productive men and women, as interaction through sports helps to build character, respect and discipline." President of the Anguilla Cricket Association Mr Gerard Gumbs. In making the presentation, Weblinks representative, Mr Kennedy Hodge stated that he hopes Weblinks will someday be able to provide sponsorship for all expenses of the National Team. The Company has this year provided team members with three warm up t-shirts, playing shirts, warm up pants and a travelling shirt. Weblinks is a locally owned and based company that has been in operation since late 1999. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From measl at mfn.org Thu May 20 21:09:00 2004 From: measl at mfn.org (J.A. Terranson) Date: Thu, 20 May 2004 23:09:00 -0500 (CDT) Subject: [David_Heinrich@urmc.rochester.edu: [mises] praxeology and game theory] In-Reply-To: <20040520143407.GB40626@cthulhu.neutraldomain.org> References: <20040520143407.GB40626@cthulhu.neutraldomain.org> Message-ID: <20040520230634.J22397@oso.hfpupt1.zsa.bet> On Thu, 20 May 2004, Gabriel Rocha wrote: > Let's consider one possible preference which everyone seems to reject > off-hand: D,D. Let's say that A and B were married. It is possible to > think that both, then, would place the highest value on outcome D,D, > as both know that neither would want to live without the other. Obviously, Mr. Heinrich is not himself married. A truly married couple would be following the more traditional model: Live, DIE!DIE!DIE!!! Yours, J.A. Terranson From dave at farber.net Fri May 21 04:43:00 2004 From: dave at farber.net (dave at farber.net) Date: Fri, 21 May 2004 7:43 -0400 Subject: [IP] Microsoft told to explain e-mail deletion memos Message-ID: ...... Forwarded Message ....... From: Barry Ritholtz To: Dave Farber Date: Wed, 31 Dec 1969 19:44:02 -0500 Subj: Microsoft told to explain e-mail deletion memos Dave, This is an enormous development, given the history of all the litigation against Microsoft. The Judge's order implies a concern over a very conscious decision by the software giant to eliminate incriminating emails -- after receiving a judicial order to archive all of them during the Anti-Trust case. Additionally, being ordered to search the legal department's archive suggests (in my biased opinion) that because of the affirmative actions of the company in ordering email destruction, they are not able to hide behind Attorney-Client privilege. Further, this implies that some Microsoft employees perjured themselves during prior sworn testimony. As previously disclosed, I am on the Board of Burst, and have absolutely no objectivity whatsoever. But read the report yourself, and reach your own conclusion. Barry L. Ritholtz Market Strategist Maxim Group britholtz at maximgrp.com (212) 895-3614 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Microsoft told to explain e-mail deletion memos http://seattlepi.nwsource.com/business/174343_msftburst21.html Friday, May 21, 2004 By JAMES ROWLEY BLOOMBERG NEWS A federal judge ordered Microsoft Corp. yesterday to search a company computer to help explain why Vice President James Allchin told employees in 2000 to eliminate e-mails. U.S. District Judge J. Frederick Motz in Baltimore issued the order in an antitrust and patent suit by Burst.com Inc., which has accused Microsoft of stealing its technology for broadcasting sound and video over the Internet at high speeds. Burst.com charges that Microsoft destroyed e-mails that may help the smaller rival win its case. Motz told the company to search a legal department computer for any evidence that Microsoft lawyers advised Allchin and others to adopt a policy of scrapping e-mails. A written policy circulated in 1997 by company computer operators advised employees not to save e-mails for more than 30 days "due to legal issues." "I want to know as much as I can how 'due to legal issues' got in there," Motz told Microsoft lawyer John Treece at a hearing yesterday. "I want to know who talked to Mr. Allchin from the legal department before the e-mail was sent and what was said." Motz didn't accept Microsoft's explanation that the information technology department inserted the words in the company policy statement to make it easier to persuade employees to delete e-mails after 30 days to save computer memory space. "It may be true, but it doesn't have the ring of truth to me," the judge said. Allchin's Jan. 23, 2000, e-mail said: "do not archive your mail. 30 days." Allchin told employees, "This is not something that you get to decide. This is ------------------------------------- You are subscribed as rah at shipwright.com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri May 21 05:30:51 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 21 May 2004 08:30:51 -0400 Subject: US airport fake ID study 'was found in al-Qaida cave' Message-ID: The Register Original URL: http://www.theregister.co.uk/2004/05/20/us_airport_id_security/ US airport fake ID study 'was found in al-Qaida cave' By John Lettice (john.lettice at theregister.co.uk) Published Thursday 20th May 2004 21:47 GMT The US House Aviation Subcommittee yesterday heard how congressional investigators used false IDs to gain access to a series of federal buildings and two commercial airports, and how a copy of the report detailing their success was later found in an al-Qaida cave in Afghanistan. The investigators were 100 per cent successful in getting past security, but apparently less so in the case of their own report's security. Subcommittee Chairman John Mica told a hearing (http://www.winonadailynews.com/articles/2004/05/20/ap/HiTech/d82lr3m00.txt) on biometric ID in aviation that the deployment of more secure ID needed to be accelerated, given that terrorists are interested in gaining access to restricted airport areas. The congressional investigators had made their fake IDs using software downloaded from the Internet, and apparently this passed muster. Documentation presented to the hearing however included even more comforting information about the security of the US aviation industry. If you look down near the bottom of this document, (http://www.house.gov/transportation/aviation/05-19-04/05-19-04memo.html) in the section covering the Registered Traveler program you will find a subsection dealing with Law Enforcement Officer (LEO) Credentials. As you see, it says: "Currently, Federal LEO's can fly armed at any time, simply by presenting their agency's credential. In addition, LEO's from 18,000 separate State and local law enforcement agencies may fly armed if they present their agency's credential and a letter on their agency's letterhead stating that they have an official, work-related reason to fly armed. The use of so many different types of law enforcement credentials increases the risk that an unauthorized person could use a forged credential to carry a gun on-board." Under the Registered Traveler Pilot program LEOs wishing to fly armed will have biometric ID issued by the Transportation Security Administration saying so, but it's not clear to us whether this will mean LEOs from the 18,000 non-Federal agencies will have to have this if they want to fly armed, or whether the letterhead will still be enough. The pilot program starts at five airports next month, and one would hope that the authorities elsewhere will be taking extra special care in scrutinising LEO credentials pending a wider rollout. . -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "Several times a week, to enter a TV studio say, or to board a plane, I have to produce a tiny picture of my face." -- Christopher Hitchens From rah at shipwright.com Fri May 21 05:46:18 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 21 May 2004 08:46:18 -0400 Subject: [IP] Microsoft told to explain e-mail deletion memos Message-ID: --- begin forwarded text From jbone at place.org Fri May 21 07:21:35 2004 From: jbone at place.org (Contempt for Meatheads) Date: Fri, 21 May 2004 09:21:35 -0500 Subject: [FoRK] Are you a potential terrorist? Message-ID: >From the everything-evil-in-America-comes-from-Texas-Florida-or-DC dept.: http://www.wired.com/news/conflict/0,2100,63535,00.html Are You a Potential Terrorist? Associated Press Story location: http://www.wired.com/news/conflict/0,2100,63535,00.html 10:20 AM May. 20, 2004 PT Before helping to launch the criminal information project known as Matrix, a database contractor gave U.S. and Florida authorities the names of 120,000 people who showed a statistical likelihood of being terrorists ? sparking some investigations and arrests. The "high terrorism factor" scoring system also became a key selling point for the involvement of the database company, Seisint Inc., in the Matrix project. Public records obtained by The Associated Press from several states show that Justice Department officials cited the scoring technology in appointing Seisint sole contractor on the federally funded, $12 million project. Seisint and the law enforcement officials who oversee Matrix insist that the terrorism scoring system ultimately was kept out of the project, largely because of privacy concerns. However, new details about Seisint's development of the "terrorism quotient," including the revelation that authorities apparently acted on the list of 120,000, are renewing privacy activists' suspicions about Matrix's potential power. "Assuming they have in fact abandoned the terrorist quotient, there's nothing that stops them from bringing it back," said Barry Steinhardt, director of the technology and liberty program at the American Civil Liberties Union, which learned about the list of 120,000 through its own records request in Utah. Matrix ? short for Multistate Anti-Terrorism Information Exchange ? combines state records and data culled by Seisint to give investigators quick access to information on crime and terrorism suspects. It was launched in 2002. Because the system includes information on people with no criminal record as well as known criminals, Matrix has drawn objections from both liberal and conservative privacy groups. Utah and at least eight other states have pulled out, leaving Florida, Connecticut, Ohio, Michigan and Pennsylvania. The AP has received thousands of pages of Matrix documents in records requests this year, including meeting minutes and presentation materials that discuss the project in detail. Not one indicates that Matrix planners decided against using the statistical method of determining an individual's propensity for terrorism. When the AP specifically requested documents indicating the scoring system was scrapped, the general counsel's office for Florida state police said it could not uncover any. Even so, people involved with Matrix pledge that the statistical method was removed from the final product. "I'll put my 26 years of law enforcement experience on the line. It is not in there," said Mark Zadra, chief investigator for the Florida Department of Law Enforcement. He said Matrix, which has 4 billion records, merely speeds access to material that police have always been able to get from disparate sources, and does not automatically or proactively finger suspects. Bill Shrewsbury, a Seisint executive and former federal drug agent, said the terrorism scoring algorithm that produced the list of 120,000 names was "put on the shelf" after it was demonstrated immediately following Sept. 11, 2001. He said the scoring system requires intelligence data that was fed into the software for the initial demonstration but is not commonly available. "Nor are we interested in pursuing that," he said. The Utah documents included a Seisint presentation saying the scoring system was developed by the company and law enforcement officials by reverse engineering an unnamed "terrorist handbook" that reveals how terrorists "penetrate and in live our society." The scoring incorporated such factors as age, gender, ethnicity, credit history, "investigational data," information about pilot and driver licenses, and connections to "dirty" addresses known to have been used by other suspects. According to Seisint's presentation, dated January 2003 and marked confidential, the 120,000 names with the highest scores were given to the Immigration and Naturalization Service, FBI, Secret Service and Florida state police. (Later, those agencies would help craft the software that queries Matrix.) Of the people with the 80 highest scores, five were among the Sept. 11 hijackers, Seisint's presentation said. Forty-five were identified as being or possibly being under existing investigations, while 30 others "were unknown to FBI." "Investigations were triggered and arrests were made by INS and other agencies," the presentation added. Two bullet points stated: "Several arrests within one week" and "Scores of other arrests." It does not provide details of when and where the investigations and arrests took place. Phil Ramer, who heads Florida state police's intelligence division, said his agency found the list a useful starting point for some investigations, though he said he could not recall how many. He stressed that the list was not used as the sole evidence to make arrests. "What we did with the list is we went back and found out how they got on the list," Ramer said. Dean Boyd, a spokesman for U.S. Immigration and Customs Enforcement, a descendant of INS in the Department of Homeland Security, said he could not confirm that INS used or was given the list. Although Seisint says it shelved the scoring system ? known as high terrorist factor, or HTF ? after the original demonstrations in the wake of the Sept. 11 attacks, the algorithm was touted well into 2003. A records request by the AP in Florida turned up "briefing points," dated January 2003, for a presentation on Matrix to Vice President Dick Cheney and other top federal officials delivered jointly by Seisint, Florida Gov. Jeb Bush and Florida's top police official. One of the items on Seisint's agenda: "Demonstrate HTF with mapping." Matrix meeting minutes from February 2003 say Cheney was briefed along with Homeland Security Director Tom Ridge and FBI Director Robert Mueller. In May 2003, the Justice Department approved Seisint as sole data contractor on the project, citing the company's "technical qualifications," including software "applying the 'terrorism quotient' in all cases." "The quotient identifies a set of criteria which accurately singled out characteristics related to the perpetrators of the 9-11 attacks and other terrorist events," said a memo from an Office of Justice Programs policy adviser, Bruce Edwards. "This process produced a scoring mechanism (that), when applied to the general criminal population, yields other people that may have similar motives." A spokeswoman for the Office of Justice Programs declined to comment. Ramer, the Florida agent, said the scoring system was scrapped because it was "really specific to 9/11," and not applicable for everyday use. Also, he said, "we didn't want anybody abusing it." Seisint is a Boca Raton, Fla., company founded by a millionaire, Hank Asher, who stepped down from its board of directors last year after revelations of past ties to drug smugglers. End of story _______________________________________________ FoRK mailing list http://xent.com/mailman/listinfo/fork ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature] From DaveHowe at gmx.co.uk Fri May 21 02:51:46 2004 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Fri, 21 May 2004 10:51:46 +0100 Subject: Science: throttling computer viruses References: <200405201801.i4KI1kTm001693@artifact.psychedelic.net> Message-ID: <001e01c43f19$3e77d6f0$c71121c2@exchange.sharpuk.co.uk> Eric Cordian wrote: > I have a dual boot system which normally runs Linux. Since it had > been a couple of months since I last ran XP, I booted it on Tuesday > to run Windows Update, and keep it current with critical patches. > Within minutes, before I had even downloaded the first update, my box > ground to a nearly screeching halt from Sasser, and some other piece > of malware which was trying to make thousands of connections to > random IPs on port 5000. Personally, I would have downloaded the patches under linux, rebooted offline, installed them and *then* ran the update. but that's just me :) From camera_lumina at hotmail.com Fri May 21 07:57:31 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 21 May 2004 10:57:31 -0400 Subject: welcoming computer viruses Message-ID: Well, why can we use this to our advantage? As usual, this thought emerges from Tyler Durden's punch-drunk brain, but it's worth considering... Imagine I'm working for a large Fortune 100 Company. Now imagine I hear about a sasser-like worm that will install atself and spread, BUT "it has been confirmed" that the worm will proceed to vomit spam at X for a period of 48 hours. Depend on X (eg, the CIA, Microsoft, Re-elect George W...) I might be more than willing to download that virus, provided I had some kind of assurance that it wouldn't trash all my work (and if it closes down my company for a day or two, all the better 'cause I'm way overworked). Of course, I'll need plausible denial: "Oh, I thought that was my boss sending me a file..."). -TD >From: Eric Cordian >To: cypherpunks at minder.net >Subject: Re: Science: throttling computer viruses >Date: Thu, 20 May 2004 11:01:46 -0700 (PDT) > >Major Variola writes: > > > Computer viruses and worms are an increasing problem throughout the > > world. By some estimates 2003 was the worst year yet: > > Viruses halted or hindered operations at numerous businesses and other > > organizations, disrupted cash-dispensing machines, > >I have a dual boot system which normally runs Linux. Since it had been a >couple of months since I last ran XP, I booted it on Tuesday to run >Windows Update, and keep it current with critical patches. Within >minutes, before I had even downloaded the first update, my box ground to a >nearly screeching halt from Sasser, and some other piece of malware which >was trying to make thousands of connections to random IPs on port 5000. > >I've had Linux exposed to the Net for years, and have never had these >kinds of problems. You really wonder why someone doesn't arrest Bill >Gates for software malpractice. > >It's really silly when code can leap into your machine, install itself, >configure itself to start up again every time the system is booted, and >then sit there using all your system resources looking for other boxes to >victimize. Didn't we learn all we needed to know about provably correct >secure inpenetrable kernels with MULTICS in the 1960's? Why has the world >of computing been subjected to 20 years of Microsoft slowly reinventing >the wheel starting with DOS, and they still haven't gotten it right. > >We recall McDonalds toys with parts kids can bite off and choke on, but we >let millions of lines of closed source code that does Lord-knows-what on >various network ports run on nearly every machine in the universe with >impunity. > >-- >Eric Michael Cordian 0+ >O:.T:.O:. Mathematical Munitions Division >"Do What Thou Wilt Shall Be The Whole Of The Law" > _________________________________________________________________ Get 200+ ad-free, high-fidelity stations and LIVE Major League Baseball Gameday Audio! http://radio.msn.click-url.com/go/onm00200491ave/direct/01/ From camera_lumina at hotmail.com Fri May 21 08:00:00 2004 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 21 May 2004 11:00:00 -0400 Subject: US airport fake ID study 'was found in al-Qaida cave' Message-ID: SO... This begs the question: Can we start issuing Cypherpunks LEO IDs? -TD >From: "R. A. Hettinga" >To: cypherpunks at al-qaeda.net, cypherpunks at al-qaeda.net >Subject: US airport fake ID study 'was found in al-Qaida cave' >Date: Fri, 21 May 2004 08:30:51 -0400 > > > >The Register > > > > Original URL: >http://www.theregister.co.uk/2004/05/20/us_airport_id_security/ > >US airport fake ID study 'was found in al-Qaida cave' >By John Lettice (john.lettice at theregister.co.uk) >Published Thursday 20th May 2004 21:47 GMT > >The US House Aviation Subcommittee yesterday heard how congressional >investigators used false IDs to gain access to a series of federal >buildings and two commercial airports, and how a copy of the report >detailing their success was later found in an al-Qaida cave in Afghanistan. >The investigators were 100 per cent successful in getting past security, >but apparently less so in the case of their own report's security. > >Subcommittee Chairman John Mica told a hearing >(http://www.winonadailynews.com/articles/2004/05/20/ap/HiTech/d82lr3m00.txt) >on biometric ID in aviation that the deployment of more secure ID needed to >be accelerated, given that terrorists are interested in gaining access to >restricted airport areas. The congressional investigators had made their >fake IDs using software downloaded from the Internet, and apparently this >passed muster. > >Documentation presented to the hearing however included even more >comforting information about the security of the US aviation industry. If >you look down near the bottom of this document, >(http://www.house.gov/transportation/aviation/05-19-04/05-19-04memo.html) >in the section covering the Registered Traveler program you will find a >subsection dealing with Law Enforcement Officer (LEO) Credentials. As you >see, it says: "Currently, Federal LEO's can fly armed at any time, simply >by presenting their agency's credential. In addition, LEO's from 18,000 >separate State and local law enforcement agencies may fly armed if they >present their agency's credential and a letter on their agency's letterhead >stating that they have an official, work-related reason to fly armed. The >use of so many different types of law enforcement credentials increases the >risk that an unauthorized person could use a forged credential to carry a >gun on-board." > >Under the Registered Traveler Pilot program LEOs wishing to fly armed will >have biometric ID issued by the Transportation Security Administration >saying so, but it's not clear to us whether this will mean LEOs from the >18,000 non-Federal agencies will have to have this if they want to fly >armed, or whether the letterhead will still be enough. The pilot program >starts at five airports next month, and one would hope that the authorities >elsewhere will be taking extra special care in scrutinising LEO credentials >pending a wider rollout. . > > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"Several times a week, to enter a TV studio say, or to board a plane, I >have to produce a tiny picture of my face." -- Christopher Hitchens > _________________________________________________________________ Watch LIVE baseball games on your computer with MLB.TV, included with MSN Premium! http://join.msn.click-url.com/go/onm00200439ave/direct/01/ From junger at SAMSARA.LAW.CWRU.EDU Fri May 21 08:07:06 2004 From: junger at SAMSARA.LAW.CWRU.EDU (Peter D. Junger) Date: Fri, 21 May 2004 11:07:06 -0400 Subject: [CYBERIA] 1st amendment protection of software Message-ID: I have started a weblog, which is at . One of the entries, which I enclose, about first amendment protection of software may be of interest to some members of this list. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH EMAIL: junger at samsara.law.cwru.edu URL: http://samsara.law.cwru.edu NOTE: junger at pdj2-ra.f-remote.cwru.edu no longer exists --Begin Enclosure Expression Has Nothing to Do with It If one is concerned, as I am, with extending the First Amendment's protection of free speech and of the press to the writings of computer programmers and to the publication of information in digital form, one needs to find some way not to couch one's arguments in terms of ``freedom of expression.'' Burning a flag to protest a war is protected by the First Amendment, even though flag-burning is not literally speech, because flag-burning is ``expressive.'' That extension of the First Amendment beyond its literal scope does not, however, in any way imply that the speaking or publishing of materials that are not expressive are not acts entitled to First Amendment protection. Saying that ``one and one is two'' is not, I submit, expressive in the sense that burning a flag is expressive. That, however, does not give the government absolute authority under the First Amendment to forbid saying ``one and one is two,'' even though saying that might endanger the success of the government's fiscal policies or its conduct of the war in Iraq. Random numbers are not expressive in any sense at all, yet that does not mean that the publication of a table of random numbers would not be protected by the First Amendment. That might seem obvious, but when some years ago I challenged the constitutionality of the government's export regulations that forbade the publication of computer programs in digital form, the Government's response was to argue that computer programs are ``functional'' and therefore not ``expressive'' and that the publication of computer programs is thus not protected by the First Amendment. Put that way, the government's argument may not seem very persuasive. The trouble was, however, that there are no judicial precedents holding, or even saying, that non-expressive (or functional) speaking and publication are activities protected by the First Amendment--a point that is so obvious that it never has been litigated--and there are lots of precedents saying that one can only obtain a copyright on expressive writings and that functional writings are not copyrightable. Of course, the issue of whether a computer program is copyrightable has no bearing on whether it is entitled to First Amendment protection, but this apparently is not easy to see if one does not have the slightest idea as to what a computer program actually is. How difficult it is for courts, and lawyers, to understand that computer programs are simply writings like the recipes in a recipe book or the mathematical tables in an engineering handbook, is illustrated by the holding of the Federal District Court judge in my case, Junger v. Daley: Source code is ``purely functional,'' in a way that . . . instructions, manuals, and recipes are not. Unlike instructions, a manual, or a recipe, source code actually performs the function it describes. While a recipe provides instructions to a cook, source code is a device, like embedded circuitry in a telephone, that actually does the function of encryption. At that point my long-suffering lawyers had little choice but to adopt the government's interpretation of the First Amendment and argue that computer programs--or at least their source code--are protected by the First Amendment because they are ``expressive.'' And that argument prevailed. The Court of Appeals held in my case that Because computer source code is an expressive means for the exchange of information and ideas about computer programming, we hold that it is protected by the First Amendment. That was a great victory. Junger v. Daley is now the leading case holding that computer programs, or at least their source code, are protected by the First Amendment. The fact remains, however, that there is a much simpler reason for holding that the publication of computer programs--and not just source code--is protected by the First Amendment. To publish a computer program is to publish information and it is the publication of information that is protected by the freedom of the press. It's that simple. Expression has nothing to do with it --End Enclosure ********************************************************************** For Listserv Instructions, see http://www.lawlists.net/cyberia Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot Need more help? Send mail to: Cyberia-L-Request at listserv.aol.com ********************************************************************** --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From rah at shipwright.com Fri May 21 08:30:16 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 21 May 2004 11:30:16 -0400 Subject: [CYBERIA] 1st amendment protection of software Message-ID: --- begin forwarded text From rah at shipwright.com Fri May 21 12:26:15 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 21 May 2004 15:26:15 -0400 Subject: The Fingerprint As Password Message-ID: There's one born every minute, boys and girls. We should take bets on when the first digital robbery occurs spoofing the output of one of these things. Cheers, RAH -------- Forbes Ten O'Clock Tech The Fingerprint As Password Arik Hesseldahl, 05.21.04, 10:00 AM ET Active Web users have lots of passwords to remember. First there's the log-in information just to sign in to a computer. Beyond that, an increasing number of Web sites that used to let visitors browse unencumbered are now requiring registration user names and passwords. More people are doing their banking online as well. And ever more people are ditching traditional e-mail accounts for Web-based e-mail from Microsoft's (nasdaq: MSFT - news - people ) Hotmail or Yahoo! (nasdaq: YHOO - news - people ). Password overload is a common problem. Both Microsoft and Apple Computer (nasdaq: AAPL - news - people ) have added new software tools to keep track of all your passwords, and Web browsers are increasingly likely to remember them for you as well. APC's Biometric Password Manager But whatever happened to biometrics? That's the science behind using a part of the body, such as a fingerprint or the iris of an eye, to replace a password. Wasn't biometrics supposed to be the field that would save us all from the frustrations of faulty password memory? If you've been waiting for the right device that will allow you to use a fingerprint to sign in to your PC and access the many password-protected Web sites you use, then your time has come. This week we tested a little device called the Biometric Password Manager from American Power Conversion (nasdaq: APCC - news - people ). This company is better known for its numerous power products, such as surge protectors, uninterruptible power sources and the like. APC's Password Manager plugs into the USB port of your PC. It sits on the desktop and whenever a password would be needed, you use a fingerprint to sign in. Software running on the PC associates the fingerprint with the user name and password and automatically enters them both and signs in the user. The product more or less worked exactly as described. Installation was pretty easy. A simple software wizard took us through the process of scanning the fingerprint, first for practice and then for real. The software supports up to 20 individual fingerprints, allowing for multiple users. It integrates easily with a browser, too. Aside from the system log-in, we trained the software to remember the sign-in information for a Yahoo! mail account. Doing so was a little less clear than was the initial setup and took a few tries. But once it was set up correctly, the fingerprint signed us in smoothly and instantaneously to check e-mail. The software also allows encryption of files on a PC. Say you've got an Excel workbook containing data you'd rather people outside your company didn't see, but which you don't need to refer to very often. You can lock it up with a password, but after several months that password may be difficult to remember. The fingerprint system makes that process easy. The unit is available for about $50. The software supports Microsoft Windows, starting with Windows 98, but doesn't support the Mac operating system. Mac users who want fingerprint security should investigate a similar device from Sony (nyse: SNE - news - people ), called the Puppy, which we'll test sometime in the future. Overall, APC's Biometric Password Manager seems a good value, offering a relatively simple method to avoid password overload. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "This Way to the Egress" -- Placard girl in P.T. Barnum's circus From lloyd at randombit.net Fri May 21 12:50:31 2004 From: lloyd at randombit.net (Jack Lloyd) Date: Fri, 21 May 2004 15:50:31 -0400 Subject: The Fingerprint As Password In-Reply-To: References: Message-ID: <20040521195031.GC4666@acm.jhu.edu> a) Why do I have the feeling that there is no way to tell which password a piece of software is asking for when you thumb it. Does the host machine get all of them and figure out which one it wants to use? b) How hard is it to bypass the check and simply pull the complete set of passwords out of it's memory. My guess it "not too fucking hard." At $50 a piece, they can't have spent too much (if any) on tamper-resitance, security review, etc. Anyone know how much cheap thumb scanner hardware goes for in bulk these days? -Jack On Fri, May 21, 2004 at 03:26:15PM -0400, R. A. Hettinga wrote: > There's one born every minute, boys and girls. > > We should take bets on when the first digital robbery occurs spoofing the > output of one of these things. > > Cheers, > RAH > -------- > > > > Forbes > > [...] From rah at shipwright.com Fri May 21 13:04:11 2004 From: rah at shipwright.com (R. A. Hettinga) Date: Fri, 21 May 2004 16:04:11 -0400 Subject: Financial Cryptography: FC05 - Dominica - March 2005 Message-ID: Financial Cryptography mixing Finance, Cryptography and a whole bunch of other things + Mutual Funds - Timestamping | Main May 21, 2004 FC05 - Dominica - March 2005 FC'05 is announced with a new title "Financial Cryptography and Data Security." Vital statistics are 28th Feb to 3rd March, 2005, in Roseau, Dominica, East Caribbean, and submissions in the Call for Papers are due by 10th September, 2004. -------- Original Message -------- Subject: [fc-announce] CFP: FC'05 - Financial Cryptography and Data Security Date: Tue, 18 May 2004 16:59:41 -0400 From: Stuart Schechter Organization: Harvard University To: FC'05 Financial Cryptography and Data Security http://www.ifca.ai/fc05/ CALL FOR PAPERS Ninth International Conference February 28-March 3, 2005 Roseau, The Commonwealth Of Dominica Submissions Due Date: September 10, 2004 Financial Cryptography and Data Security (FC'05) is the premier international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. We have augmented our conference title and expanded our scope to cover all aspects of securing transactions and systems. These aspects include a range of technical areas such as: cryptography, payment systems, secure transaction architectures, software systems and tools, user and operator interfaces, fraud prevention, payment systems, secure IT infrastructure, and analysis methodologies. Our focus will also encompass legal, financial, business and policy aspects. Material both on theoretical (fundamental) aspects of securing systems and on secure applications and real-world deployments will be considered. The conference goal is to bring together top cryptographers, data-security specialists, and scientists with economists, bankers, implementers, and policy makers. Intimate and colorful by tradition, the FC'05 program will feature invited talks, academic presentations, technical demonstrations, and panel discussions. This conference is organized annually by the International Financial Cryptography Association (IFCA). Original papers and presentations on all aspects of financial and commerce security are invited. Submissions must have a visible bearing on financial and commerce security issues, but can be interdisciplinary in nature and need not be exclusively concerned with cryptography or security. Possible topics for submission to the various sessions include, but are not limited to: * Anonymity and Privacy * Auctions * Audit and Auditability * Authentication and Identification, including Biometrics * Certification and Authorization * Commercial Cryptographic Applications * Commercial Transactions and Contracts * Digital Cash and Payment Systems * Digital Incentive and Loyalty Systems * Digital Rights Management * Financial Regulation and Reporting * Fraud Detection * Game Theoretic Approaches to Security * Infrastructure Design * Legal and Regulatory Issues * Microfinance and Micropayments * Monitoring, Management and Operations * Reputation Systems * RFID-Based and Contactless Payment Systems * Risk Assessment and Management * Secure Banking * Secure Financial Web Services * Securing Emerging Computational Paradigms * Security and Risk Perceptions and Judgments * Security Economics * Smart Cards and Secure Tokens * Trust Management * Trustability and Trustworthiness * Underground-Market Economics * Usability and Acceptance of Security Systems * User and Operator Interfaces SUBMISSION INSTRUCTIONS ======================= FC'05 is inviting submissions in three categories: (1) research papers, (2) systems and applications presentations, (3) panel sessions. For all accepted submissions, at least one author must attend the conference and present the work. Research Papers =============== Research papers should describe novel scientific contributions to the field, and they will be subject to vigorous peer review. Papers can be a maximum of 15 pages in length (including references and appendices), and accepted submissions will be published in full in the conference proceedings. Submission of previously published material and simultaneous submission of papers to other conferences or workshops with proceedings is not permitted. Authors of research papers found to be doubly submitted risk having all their submissions withdrawn from consideration as well as other appropriate sanctions. Systems and Application Presentations ===================================== Submissions in this category should describe novel or successful systems with an emphasis on secure digital commerce applications. Presentations may concern commercial systems, academic prototypes, or open-source projects for any of the topics listed above. Where appropriate, software or hardware demonstrations are encouraged as part of the presentations in these sessions. Contributions must reflect careful thought and effort and provide valuable, up-to-date experience that is relevant to practitioners in the fields of financial cryptography and data security. Submissions in this category should consist of a short summary of the work (1-6 pages in length) to be reviewed by the Program Committee, along with a short biography of the presenters. Accepted submissions will be presented at the conference (25 minutes per presentation), and a one-page abstract will be published in the conference proceedings. Panel Sessions ============== Proposals for panel sessions are also solicited, and should include a brief description of the panel as well as prospective participants. Panel proposals should be submitted via e-mail, in plain ASCII format, to the Program Chairs. Accepted panel sessions will be presented at the conference, and each participant will contribute a one-page abstract to be published in the conference proceedings. The Rump Session ================ FC'05 will also include the popular "rump session" held on one of the evenings in an informal, social atmosphere. The rump session is a program of short (5-7 minute), informal presentations on works in progress, off-the-cuff ideas, and any other matters pertinent to the conference. Any conference attendee is welcome to submit a presentation to the Rump Session Chair (to be announced). This submission should consist of a talk title, the name of the presenter, and, if desired, a very brief abstract. Submissions may be sent via e-mail, or submitted in person through the Monday of the conference. Preparation Instructions ======================== Submissions to the research papers and systems/application presentation categories must be received by the due date. Papers must be formatted in standard PostScript, PDF format, or MS Word. Submissions in other formats will be rejected. All papers must be submitted electronically according to the instructions and forms found on this web site. (Specific instructions for electronic submissions will be published in the near future.) Author names and affiliations on submissions must be explicit. In other words, submitted papers should not be anonymized. Submissions must include on the first page the title of the paper, the names and affiliations of all authors, a brief abstract, and a list of topical keywords. Accepted submissions will be included in the conference proceedings to be published in the Springer-Verlag Lecture Notes in Computer Science (LNCS) series after the conference, so the submissions must be formatted in the standard LNCS format. Authors of accepted submissions will be required to complete and sign an IFCA copyright form. A pre-proceedings volume containing preliminary versions of the papers will be distributed at the conference. Questions about all conference submissions should be directed to the Program Chairs. IMPORTANT DATES =============== Submission Deadline: September 10, 2004 Author Notification: November 1, 2004 Pre-Proceedings Version Due: TBA Conference: February 28 - March 3, 2005 Final Proceedings Version Due: TBA CONFERENCE ORGANIZERS ===================== Conference Website: http://www.ifca.ai/fc05/ General Chair: Stuart Schechter, stuart at eecs.harvard.edu Program Chairs: Andrew Patrick, Andrew.Patrick at nrc-cnrc.gc.ca Moti Yung, moti at cs.columbia.edu Program Committee: TBA _______________________________________________ fc-announce mailing list fc-announce at ifca.ai http://mail.ifca.ai/mailman/listinfo/fc-announce Posted by iang at May 21, 2004 12:49 PM | TrackBack Comments Post a comment Name: Email Address: URL: Remember personal info? YesNo Comments: -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Fri May 21 07:39:42 2004 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 21 May 2004 16:39:42 +0200 Subject: [FoRK] Are you a potential terrorist? (fwd from jbone@place.org) Message-ID: <20040521143941.GV16732@leitl.org> ----- Forwarded message from Contempt for Meatheads ----- From pgut001 at cs.auckland.ac.nz Sat May 22 02:17:39 2004 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Sat, 22 May 2004 21:17:39 +1200 Subject: The life of a Kiwi contractor in Iraq Message-ID: There's an interesting look at the situation in Iraq from the point of view of a third-party contractor, in an article in the Sunday Star Times, http://www.stuff.co.nz/stuff/sundaystartimes/0,2106,2908644a6442,00.html. Most quotable quote: The thing that pisses us off is the Yanks had no idea what to do after they'd taken out the Iraqi army. They rocked on in, took them out and then thought: OOh shit, what do we do now? Peter.