From isn at c4i.org  Tue Feb  1 01:05:23 2005
From: isn at c4i.org (InfoSec News)
Date: Tue, 1 Feb 2005 03:05:23 -0600 (CST)
Subject: [ISN] REVIEW: "Modern Cryptography: Theory and Practice", Wenbo Mao
Message-ID: <mailman.1164.1576007655.31620.cypherpunks-legacy@lists.cpunks.org>

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah"
<rslade at sprint.ca>

BKMDNCRP.RVW   20041207

"Modern Cryptography: Theory and Practice", Wenbo Mao, 2004,
0-13-066943-1, U$54.99/C$82.99
%A   Wenbo Mao
%C   One Lake St., Upper Saddle River, NJ   07458
%D   2004
%G   0-13-066943-1
%I   Prentice Hall
%O   U$54.99/C$82.99 +1-201-236-7139 fax: +1-201-236-7131
%O  http://www.amazon.com/exec/obidos/ASIN/0130669431/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0130669431/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0130669431/robsladesin03-20
%O   tl s rl 1 tc 3 ta 3 tv 0 wq 1
%P   707 p.
%T   "Modern Cryptography: Theory and Practice"

A "Short Description of the Book" states that it is intended to
address the issue of whether various crypto algorithms are
"practical," as opposed to just theoretically strong.  This seems odd,
since no algorithm is ready for implementation as such: it must be
made part of a full system, and most problems with cryptography come
in the implementation.  The preface doesn't make things much clearer:
it reiterates a "fit-for-application" mantra, but doesn't say clearly,
at any point, why existing algorithms are not appropriate for use.
The preface also suggests that this book is for advanced study in
cryptography, although it states that security engineers and
administrators, with special responsibility for developing or
implementing cryptography, are also in the target audience.

Part one is an introduction, consisting of two chapters.  Chapter one
outlines the idea of the first "protocol" of the book: a "fair coin
toss" over the telephone, grounding the book firmly in the camp of
cryptography for the purpose of secure communications.  The remainder
of the chapter points out all the requirements to make such an
unbiased selector work, acting as a kind of sales pitch or "come on"
to make you want to read the rest of the book.  The promotion is
slightly flawed by the fact that there is very little practical detail
in the material (it takes a lot of work on the part of the reader to
figure out that, yes, this system might work), excessive verbiage, and
poor explanations.  The stated "objectives" of the chapter, given at
the end, say that you should have a "fundamental understanding of
cryptography": this is true only in the most limited sense.  Chapter
two slowly builds a kind of pseudo-Kerberos system.

Part two covers mathematical foundations.  Chapter three deals with
probability and information theory, four with Turing Machines and the
notion of computational complexity, five with the algebraic
foundations behind the use of prime numbers and elliptic curves for
cryptography, and various number theory topics are touched on in
chapter six.

Part three addresses basic cryptographic techniques.  Chapter seven
deals with basic symmetric encryption techniques, touching on
substitution and transposition, as well as reviewing the operations of
DES (Data Encryption Standard) and AES (Advanced Encryption Standard).
The insistence on converting all operations, and giving all
explanations, in symbolic logic does not seem to have any utility,
does not provide any clarity, and makes the material much more
difficult than it could be.  Asymmetric techniques, and attacks
against them, are outlined in chapter eight.  Finding individual bits
of the message, a process examined in chapter nine, can, over time,
result in an attack on the message or key as a whole.  Chapter ten
looks at data integrity, hashes, and digital signatures.

Part four deals with authentication.  Chapter eleven reviews various
conceptual protocols, pointing out (for example) that there is a
serious problem of key storage for challenge/response systems.  A
variety of real applications are considered in chapter twelve, and
warnings issued about each.  Issues of authentication specific to
asymmetric systems are covered in chapter thirteen.

Part five looks at formal approaches to the establishment of security.
There is more asymmetric cryptographic theory in chapter fourteen.
Chapter fifteen examines a number of provably secure asymmetric
cryptosystems, while sixteen does the same for digital signatures.
Formal methods of authentication protocol analysis are given in
chapter seventeen.

Part six discusses abstract cryptographic protocols.  Chapter eighteen
reviews a number of zero knowledge protocols, which provide the basis
for authentication where the principals are not previously known to
each other.  The coin flipping protocol, initiated in chapter one, is
revisited in chapter nineteen.  Chapter twenty wraps up with a summary
of the author's intentions for the book.

The book is certainly for advanced study, but it is hardly suitable
for security administrators, professionals, or even engineers.  The
mathematical material is quite demanding, and is seldom explained (as
opposed to the clear explanations of the implications of the math that
is given in, for example, "Applied Cryptography" [cf. BKAPCRYP.RVW],
or even the equally advanced but much more comprehensible "Algebraic
Aspects of Cryptography" [cf. BKALASCR.RVW]).  However, there are
points in the material that could be useful for practical
cryptographic systems, provided one is dealing primarily with
authentication of communications, and the possibility of physical
access is ignored.  The text would have been much more useful if the
author could have been induced to provide some of the basic
explanations in English, rather than leaving the reader to work out
the math.

copyright Robert M. Slade, 2004   BKMDNCRP.RVW   20041207


======================  (quote inserted randomly by Pegasus Mailer)
rslade at vcn.bc.ca      slade at victoria.tc.ca      rslade at sun.soci.niu.edu
As soon as men decide that all means are permitted to fight an
evil, then their good becomes indistinguishable from the evil
that they set out to destroy.
                       - Christopher Dawson, The Judgment of Nations
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Tue Feb  1 07:23:13 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 1 Feb 2005 10:23:13 -0500
Subject: [ISN] Call for Papers - PHRACK #63
Message-ID: <p06110471be254f4adace@[68.167.57.91]>

--- begin forwarded text



From rah at shipwright.com  Tue Feb  1 07:25:20 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 1 Feb 2005 10:25:20 -0500
Subject: [ISN] REVIEW: "Modern Cryptography: Theory and Practice", Wenbo
   Mao
Message-ID: <p06110473be254fc7f81e@[68.167.57.91]>

--- begin forwarded text



From rah at shipwright.com  Tue Feb  1 08:58:14 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 1 Feb 2005 11:58:14 -0500
Subject: Mudge Returns to BBN
Message-ID: <p0611047abe25630a7bb9@[68.167.57.91]>

<http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20050201005660&newsLang=en>


Business Wire
 
 February 01, 2005 10:03 AM US Eastern Timezone

Peiter ''Mudge'' Zatko, Information Security Expert -- Who Warned that
Hackers ''Could Take Down the Internet in 30 Minutes'' -- Returns to BBN
Technologies

  CAMBRIDGE, Mass.--(BUSINESS WIRE)--Feb. 1, 2005--BBN Technologies, an
advanced technology and research and development firm, announced today that
Peiter Zatko has re-joined the company as a division scientist. Mr. Zatko
joins a group of over 75 scientists and engineers at BBN who perform
leading edge research and development to protect Department of Defense data
and systems and are also well known for their IP security expertise. At a
time when cyber threats are occurring at an unprecedented rate, Mr. Zatko
is focused on anticipating and protecting against the next generation of
information and network security threats to government and commercial
networks.


 Known to the security community as "Mudge," Mr. Zatko has a long track
record of success in the security industry, most recently as founding
scientist of Intrusic, Inc., the first security software company to target
the 'Insider Threat.' He is renowned for running L0pht Heavy Industries
(and later founding @stake, Inc.), a hacker research collaborative and
consultancy that released security tools such as L0phtCrack, now the
industry standard Microsoft password-auditing tool.

 "It's exciting to be back at BBN, working alongside the very people who
helped invent the Internet and defending against some of the toughest
information warfare threats," said Mr. Zatko. "I've often said that my
personal mission is to 'make a dent in the universe' and what better place
to do that than at BBN, where the focus is on protecting vital networks
from the most critical and challenging attacks."

 Mr. Zatko testified before the Senate Committee on Governmental Affairs in
1998 and warned that, if they were so inclined, any member of L0pht could
bring down the Internet in 30 minutes and keep it down for several days. He
has also been a witness for the House and Senate Joint Judiciary Oversight
committee, and, in 2000, was invited to participate in a security summit
with former U.S. President Bill Clinton and ex-Attorney General Janet Reno.

 "BBN is currently tackling some of the toughest security problems for our
government and high-profile corporations," said Tad Elmer, president, BBN
Technologies. "This challenging environment is what people like Mudge find
most rewarding."

 Mr. Zatko is the developer of L0phtCrack (now LC5), the de-facto Microsoft
password auditing tool; AntiSniff, the world's first remote promiscuous
system detector that was used across primary Department of Defense
entities; Tempwatch, now a distributed component of Linux and BSD
distributions; and SLINT, a pioneering tool in automating source code
analysis to discover security coding problems.

 He originally joined BBN Technologies in 1994, before founding @Stake and
Intrusic and consulting for the White House, the Pentagon, the FBI, and
Fortune 500 companies.

 About BBN

 BBN Technologies, an advanced technology and research and development
firm, is focused on solving some of the world's most pressing problems.
>From national security, information security, speech recognition and
language translation, to integrating disparate systems and networks, BBN
has been at the forefront of technological change for over 50 years.

 Known for pioneering the development of the ARPANET, the forerunner of the
Internet, BBN continues to create advances in Internet and networking
technologies through its work on ad hoc networking, the semantic web,
quantum communications, and advanced protocols. Building on its substantial
list of firsts, BBN operates the first metro quantum cryptography network,
the first real-time foreign broadcast monitoring system, and has developed
the world's first stereoscopic digital mammography system. For more
information, visit BBN.com
 Contacts
BBN Technologies Contact:
Joyce Kuzmin, 617-873-8193
jkuzmin at bbn.com
 or
Agency Contact:
Mullen
Christine Milligan, 978-468-8951
christine.milligan at mullen.com
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From jrandom at i2p.net  Tue Feb  1 13:03:02 2005
From: jrandom at i2p.net (jrandom)
Date: Tue, 1 Feb 2005 13:03:02 -0800
Subject: [i2p] weekly status notes [feb 1]
Message-ID: <mailman.1165.1576007655.31620.cypherpunks-legacy@lists.cpunks.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi y'all, weekly status time

* Index
1) 0.5 status
2) nntp
3) tech proposals
4) ???

* 1) 0.5 status

There has been lots of progress on the 0.5 front, with a big batch
of commits yesterday.  The bulk of the router now uses the new
tunnel encryption and tunnel pooling [1], and it has been working
well on the test network.  There are still some key pieces left to
integrate, and the code is obviously not backwards compatible, but
I'm hoping we can do some wider scale deployment sometime next week.

As mentioned before, the initial 0.5 release will provide the
foundation on which different tunnel peer selection/ordering
strategies can operate.  We'll start with a basic set of
configurable parameters for the exploratory and client pools, but
later releases will probably include other options for different
user profiles.

[1]http://dev.i2p.net/cgi-bin/cvsweb.cgi/i2p/router/doc/tunnel-alt.html?rev=H
EAD

* 2) nntp

As mentioned on LazyGuy's site [2] and my blog [3], we've got a new
NNTP server up and running on the network, reachable at nntp.fr.i2p.
While LazyGuy has fired up some suck [4] scripts to read in a few
lists from gmane, the content is pretty much of, for, and by I2P
users.  jdot, LazyGuy, and myself did some research into what
newsreaders could be used safely, and there seem to be some pretty
easy solutions.  See my blog for instructions on running slrn [5]
to do anonymous newsreading and posting.

[2] http://fr.i2p/
[3] http://jrandom.dev.i2p/
[4] http://freshmeat.net/projects/suck/
[5] http://freshmeat.net/projects/slrn/

* 3) tech proposals

Orion and others have put up a series of RFCs for various tech
issues up on ugha's wiki [6] to help flesh out some of the harder
client and app level problems out there.  Please use that as the
place to discuss naming issues, updates to SAM, swarming ideas, and
the like - when you post up there, we can all collaborate at our own
place to get a better result.

[6] http://ugha.i2p/I2pRfc

* 4) ???

Thats all I have for the moment (good thing too, as the meeting
starts momentarily).  As always, post up your thoughts whenever and
wherever :)

=jr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB/+1+GnFL2th344YRAuF5AKDF/FzxzlKs25B2FRLsmC61KRQjlgCg/YjD
kF6G0CoDu08TvpEtuzuzH9o=
=ewBU
-----END PGP SIGNATURE-----
_______________________________________________
i2p mailing list
i2p at i2p.net
http://i2p.dnsalias.net/mailman/listinfo/i2p

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From camera_lumina at hotmail.com  Tue Feb  1 10:35:37 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Tue, 01 Feb 2005 13:35:37 -0500
Subject: Le no-no
In-Reply-To: <41FED74A.3040702@gmx.co.uk>
Message-ID: <BAY24-F53750D1F2B6A5BD339E609B7D0@phx.gbl>

Yes and don't forget..the middle east won't be a source of enemies 
-forever-...what'll we do with all those weapons? Ah yes...the Chinese are 
apparently on the backburner.

-TD

>From: Dave Howe <DaveHowe at gmx.co.uk>
>To: Email List: Cypherpunks <cypherpunks at al-qaeda.net>
>Subject: Re: Le no-no
>Date: Tue, 01 Feb 2005 01:11:38 +0000
>
>Tyler Durden wrote:
>>Huh? There are IBM laptops with dedicated crypto chips? Although I don't 
>>claim to be any kind of an expert, I think this has to be wrong. Anyone 
>>know any different?
>well, certainly some thinkpads have encryption of the hard drive; if you 
>take the hard drive out and try to read it on another system, you find the 
>drive contains garbage - if and only if you have a bios and startup 
>password set. the same password is used for both startup access and drive 
>encryption.
>I suspect it is more that they are looking for a reason to block this sale, 
>and this is the first one they thought of. exactly why they would like to 
>do this is beyond me - possibly MS would like IBM to still be tied to them 
>by Windows contracts, or possibly just someone in government doesn't like 
>the idea of "THE IBM PC" being a chinese company.




From zachary.tumin at fstc.org  Tue Feb  1 11:38:24 2005
From: zachary.tumin at fstc.org (Zachary Tumin)
Date: Tue, 01 Feb 2005 14:38:24 -0500
Subject: FSTC Announces Availability of FSTC Counter-Phishing Project
 Whitepaper and Supporting Documents
Message-ID: <mailman.1166.1576007655.31620.cypherpunks-legacy@lists.cpunks.org>



From rah at shipwright.com  Tue Feb  1 12:16:03 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 1 Feb 2005 15:16:03 -0500
Subject: FSTC Announces Availability of FSTC Counter-Phishing Project  
  Whitepaper and Supporting Documents
Message-ID: <p061104c2be2593eef13f@[68.167.57.91]>

--- begin forwarded text



From rah at shipwright.com  Tue Feb  1 12:38:02 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 1 Feb 2005 15:38:02 -0500
Subject: Researchers Combat Terrorists by Rooting Out Hidden Messages
Message-ID: <p061104c4be2598d5175a@[68.167.57.91]>

<http://www.newswise.com/p/articles/view/509563/>

Newswise

Source: University of Delaware 
  
Released: Tue 01-Feb-2005, 13:10 ET 

Researchers Combat Terrorists by Rooting Out Hidden Messages

Libraries
Science News
 
Keywords
STEGANOGRAPHY, STEGANALYSIS, HIDDEN MESSAGES, DIGITAL IMAGES, CRYPTOGRAPHY,
TERRORISM

 Contact Information
Available for logged-in reporters only

Description
Researchers at the University of Delaware are working to combat terrorism
by developing techniques to detect the use of steganography, which
encompasses various methods of hiding messages in apparently ordinary
digital images and videos.



 Newswise - A University of Delaware research team has received National
Science Foundation funding to combat terrorism by developing techniques to
detect the use of steganography, which encompasses various methods of
hiding messages in apparently ordinary digital images and videos.

It is feared electronic steganography can be used by terrorist
organizations to pass along orders or other vital information
surreptitiously through images posted on the Internet or sent via e-mail.

The grant for more than $167,000 was awarded to Charles Boncelet, UD
professor of electrical and computer engineering, to conduct research in
the relatively new field of steganalysis. Boncelet will work on the project
with Lisa Marvel, a UD graduate now employed by the U.S. Army Research
Laboratory, and with several graduate students.

 Boncelet said steganography is Greek for covered writing, and is a means
by which a person can hide the very fact that they are communicating. In
that, it differs from the better-known practice of cryptography, Greek for
secret writing, in which a message is purposely garbled and can be
understood only by those who have the key to decipher it.

 The two forms of communication are not mutually exclusive, Boncelet said,
and can be combined. A person can encrypt a message and then hide the fact
that they are sending it.

Boncelet previously worked in steganography for the U.S. Army and through
this project will begin working in steganalysis, or the development of
methods by which to seek out steganography.

"The work we are doing is in multimedia, with a focus on digital images,"
Boncelet said. "You can take an image on your web site and use
steganographic techniques to hide a message in the image. The image looks
completely ordinary but if you know the key, you can extract the secret
message."

"The object of the research," Boncelet said, "is to try to figure out how
to find steganography in the images."

The problem is that steganalysis is very difficult because the messages are
hidden by design. However, Boncelet said, "when you hide a message in a
digital image, you change the image a little bit. If you change the image
too much, it gives it away."

The way to determine any changes to an image, given that the steganalyst
does not have the benefit of the original for purposes of comparison, is to
use algorithms and very fast computers to look for unusual features in the
image.

Boncelet said he believes the research will lead to a novel class of
electronic steganography searchers based on image representations that
depend on a quality factor, with the long-term goal being automated
scanners that can rapidly find likely candidates amongst large numbers of
images and videos.

 "Assuming the technique we develop is successful, we hope to branch out to
video and audio," Boncelet said, "but right now the focus is on digital
images."

In addition to the research, the project will provide training in
steganalysis and intelligence techniques to the students involved.

Boncelet said steganography "is a very big fear for governments," adding
that the security agencies that deal with the technique "worry about
terrorists passing messages, or traitors leaking out information from
secure sites."

After the terrorist attacks of Sept. 11, 2001, there was widespread
speculation in the public press that terrorists had used steganography on
the Internet to communicate plans. Although those reports were never
confirmed, the possibility remains a grave concern.

One of the earliest examples of steganography comes from ancient history,
Boncelet said, explaining that a Greek city was surrounded by enemy
soldiers and the leader wanted to get a message to his allies to send
troops. He selected a slave and shaved his head, tattooing the plea for
help on his scalp, then allowed the slave's hair to grow back over the
message. The slave was sent out of the city walls, was captured and
released by the enemy troops, and arrived safely with the message.

In World War II, Boncelet said, American soldiers used steganography to
provide information on their whereabouts to relatives back home by putting
a pinprick on a map. Army censors were forced to pepper letters with
hundreds of pinpricks to offset the practice. German spies used
steganography in microdots, tiny images of typed pages that could be pasted
over periods in seemingly harmless letters.

The NSF grant is for one year and was awarded through the Approaches to
Combat Terrorism Program in the Directorate for Mathematical and Physical
Sciences, which supports new concepts in basic research and work force
development with the potential to contribute to national security.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Tue Feb  1 12:59:59 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 1 Feb 2005 15:59:59 -0500
Subject: Dell to Add Security Chip to PCs
Message-ID: <p061104c8be259dc23eeb@[68.167.57.91]>

<http://online.wsj.com/article_print/0,,SB110727370814142368,00.html>

The Wall Street Journal

      February 1, 2005 11:04 a.m. EST

Dell to Add Security Chip to PCs

By GARY MCWILLIAMS
Staff Reporter of THE WALL STREET JOURNAL
February 1, 2005 11:04 a.m.


HOUSTON -- Dell Inc. today is expected to add its support to an industry
effort to beef up desktop and notebook PC security by installing a
dedicated chip that adds security and privacy-specific features, according
to people familiar with its plans.

Dell will disclose plans to add the security features known as the Trusted
Computing Module on all its personal computers. Its support comes in the
wake of similar endorsements by PC industry giants Advanced Micro Devices
Inc., Hewlett-Packard Co., Intel Corp. and International Business Machines
Corp. The technology has been promoted by an industry organization called
the Trusted Computing Group.

The company is also expected to unveil new network PCs.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From camera_lumina at hotmail.com  Tue Feb  1 14:02:04 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Tue, 01 Feb 2005 17:02:04 -0500
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <p061104c8be259dc23eeb@[68.167.57.91]>
Message-ID: <BAY24-F3126D05CF303FD1D549BBA9B7D0@phx.gbl>

ANyone familiar with computer architectures and chips able to answer this 
question:

That "chip"...is it likely to be an ASIC or is there already such a thing as 
a security network processor? (ie, a cheaper network processor that only 
handles security apps, etc...)

Or could it be an FPGA?

-TD

>From: "R.A. Hettinga" <rah at shipwright.com>
>To: cryptography at metzdowd.com, cypherpunks at al-qaeda.net
>Subject: Dell to Add Security Chip to PCs
>Date: Tue, 1 Feb 2005 15:59:59 -0500
>
><http://online.wsj.com/article_print/0,,SB110727370814142368,00.html>
>
>The Wall Street Journal
>
>       February 1, 2005 11:04 a.m. EST
>
>Dell to Add Security Chip to PCs
>
>By GARY MCWILLIAMS
>Staff Reporter of THE WALL STREET JOURNAL
>February 1, 2005 11:04 a.m.
>
>
>HOUSTON -- Dell Inc. today is expected to add its support to an industry
>effort to beef up desktop and notebook PC security by installing a
>dedicated chip that adds security and privacy-specific features, according
>to people familiar with its plans.
>
>Dell will disclose plans to add the security features known as the Trusted
>Computing Module on all its personal computers. Its support comes in the
>wake of similar endorsements by PC industry giants Advanced Micro Devices
>Inc., Hewlett-Packard Co., Intel Corp. and International Business Machines
>Corp. The technology has been promoted by an industry organization called
>the Trusted Computing Group.
>
>The company is also expected to unveil new network PCs.
>
>
>--
>-----------------
>R. A. Hettinga <mailto: rah at ibuc.com>
>The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
>44 Farquhar Street, Boston, MA 02131 USA
>"... however it may deserve respect for its usefulness and antiquity,
>[predicting the end of the world] has not been found agreeable to
>experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From camera_lumina at hotmail.com  Tue Feb  1 14:07:25 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Tue, 01 Feb 2005 17:07:25 -0500
Subject: Researchers Combat Terrorists by Rooting Out Hidden
  Messages
In-Reply-To: <p061104c4be2598d5175a@[68.167.57.91]>
Message-ID: <BAY24-F58E9CCE2649651A2114349B7D0@phx.gbl>

Counter-stego detection.

Seems to me a main tool will be a 2-D Fourier analysis...Stego will 
certainly have a certain "thumbprint", depending on the algorithm. Are there 
certain images that can hide stego more effectively? IN other words, these 
images should have a lot of spectral energy in the same frequency bands 
where Stego would normally show.

-TD





>From: "R.A. Hettinga" <rah at shipwright.com>
>To: cryptography at metzdowd.com, cypherpunks at al-qaeda.net, 
>osint at yahoogroups.com
>Subject: Researchers Combat Terrorists by Rooting Out Hidden Messages
>Date: Tue, 1 Feb 2005 15:38:02 -0500
>
><http://www.newswise.com/p/articles/view/509563/>
>
>Newswise
>
>Source: University of Delaware
>
>Released: Tue 01-Feb-2005, 13:10 ET
>
>Researchers Combat Terrorists by Rooting Out Hidden Messages
>
>Libraries
>Science News
>
>Keywords
>STEGANOGRAPHY, STEGANALYSIS, HIDDEN MESSAGES, DIGITAL IMAGES, CRYPTOGRAPHY,
>TERRORISM
>
>  Contact Information
>Available for logged-in reporters only
>
>Description
>Researchers at the University of Delaware are working to combat terrorism
>by developing techniques to detect the use of steganography, which
>encompasses various methods of hiding messages in apparently ordinary
>digital images and videos.
>
>
>
>  Newswise - A University of Delaware research team has received National
>Science Foundation funding to combat terrorism by developing techniques to
>detect the use of steganography, which encompasses various methods of
>hiding messages in apparently ordinary digital images and videos.
>
>It is feared electronic steganography can be used by terrorist
>organizations to pass along orders or other vital information
>surreptitiously through images posted on the Internet or sent via e-mail.
>
>The grant for more than $167,000 was awarded to Charles Boncelet, UD
>professor of electrical and computer engineering, to conduct research in
>the relatively new field of steganalysis. Boncelet will work on the project
>with Lisa Marvel, a UD graduate now employed by the U.S. Army Research
>Laboratory, and with several graduate students.
>
>  Boncelet said steganography is Greek for covered writing, and is a means
>by which a person can hide the very fact that they are communicating. In
>that, it differs from the better-known practice of cryptography, Greek for
>secret writing, in which a message is purposely garbled and can be
>understood only by those who have the key to decipher it.
>
>  The two forms of communication are not mutually exclusive, Boncelet said,
>and can be combined. A person can encrypt a message and then hide the fact
>that they are sending it.
>
>Boncelet previously worked in steganography for the U.S. Army and through
>this project will begin working in steganalysis, or the development of
>methods by which to seek out steganography.
>
>"The work we are doing is in multimedia, with a focus on digital images,"
>Boncelet said. "You can take an image on your web site and use
>steganographic techniques to hide a message in the image. The image looks
>completely ordinary but if you know the key, you can extract the secret
>message."
>
>"The object of the research," Boncelet said, "is to try to figure out how
>to find steganography in the images."
>
>The problem is that steganalysis is very difficult because the messages are
>hidden by design. However, Boncelet said, "when you hide a message in a
>digital image, you change the image a little bit. If you change the image
>too much, it gives it away."
>
>The way to determine any changes to an image, given that the steganalyst
>does not have the benefit of the original for purposes of comparison, is to
>use algorithms and very fast computers to look for unusual features in the
>image.
>
>Boncelet said he believes the research will lead to a novel class of
>electronic steganography searchers based on image representations that
>depend on a quality factor, with the long-term goal being automated
>scanners that can rapidly find likely candidates amongst large numbers of
>images and videos.
>
>  "Assuming the technique we develop is successful, we hope to branch out 
>to
>video and audio," Boncelet said, "but right now the focus is on digital
>images."
>
>In addition to the research, the project will provide training in
>steganalysis and intelligence techniques to the students involved.
>
>Boncelet said steganography "is a very big fear for governments," adding
>that the security agencies that deal with the technique "worry about
>terrorists passing messages, or traitors leaking out information from
>secure sites."
>
>After the terrorist attacks of Sept. 11, 2001, there was widespread
>speculation in the public press that terrorists had used steganography on
>the Internet to communicate plans. Although those reports were never
>confirmed, the possibility remains a grave concern.
>
>One of the earliest examples of steganography comes from ancient history,
>Boncelet said, explaining that a Greek city was surrounded by enemy
>soldiers and the leader wanted to get a message to his allies to send
>troops. He selected a slave and shaved his head, tattooing the plea for
>help on his scalp, then allowed the slave's hair to grow back over the
>message. The slave was sent out of the city walls, was captured and
>released by the enemy troops, and arrived safely with the message.
>
>In World War II, Boncelet said, American soldiers used steganography to
>provide information on their whereabouts to relatives back home by putting
>a pinprick on a map. Army censors were forced to pepper letters with
>hundreds of pinpricks to offset the practice. German spies used
>steganography in microdots, tiny images of typed pages that could be pasted
>over periods in seemingly harmless letters.
>
>The NSF grant is for one year and was awarded through the Approaches to
>Combat Terrorism Program in the Directorate for Mathematical and Physical
>Sciences, which supports new concepts in basic research and work force
>development with the potential to contribute to national security.
>
>
>--
>-----------------
>R. A. Hettinga <mailto: rah at ibuc.com>
>The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
>44 Farquhar Street, Boston, MA 02131 USA
>"... however it may deserve respect for its usefulness and antiquity,
>[predicting the end of the world] has not been found agreeable to
>experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From s.schear at comcast.net  Tue Feb  1 23:21:31 2005
From: s.schear at comcast.net (Steve Schear)
Date: Tue, 01 Feb 2005 23:21:31 -0800
Subject: Researchers Combat Terrorists by Rooting Out Hidden  
  Messages
In-Reply-To: <BAY24-F58E9CCE2649651A2114349B7D0@phx.gbl>
References: <p061104c4be2598d5175a@[68.167.57.91]> 
  <BAY24-F58E9CCE2649651A2114349B7D0@phx.gbl>
Message-ID: <6.0.1.1.0.20050201231918.041b4640@mail.comcast.net>

At 02:07 PM 2/1/2005, Tyler Durden wrote:

>Counter-stego detection.
>
>Seems to me a main tool will be a 2-D Fourier analysis...Stego will 
>certainly have a certain "thumbprint", depending on the algorithm. Are 
>there certain images that can hide stego more effectively? IN other words, 
>these images should have a lot of spectral energy in the same frequency 
>bands where Stego would normally show.

Images that ideal for hiding secret messages using stego are those that by 
default contain stego with no particular hidden content.  A sort of Crowds 
approach to stego.

Steve 




From alan at clueserver.org  Wed Feb  2 00:21:15 2005
From: alan at clueserver.org (Alan)
Date: Wed, 02 Feb 2005 00:21:15 -0800
Subject: Researchers Combat Terrorists by Rooting Out Hidden
  Messages
In-Reply-To: <6.0.1.1.0.20050201231918.041b4640@mail.comcast.net>
References: <p061104c4be2598d5175a@[68.167.57.91]> 	
  <BAY24-F58E9CCE2649651A2114349B7D0@phx.gbl> 	
  <6.0.1.1.0.20050201231918.041b4640@mail.comcast.net>
Message-ID: <1107332475.4058.69.camel@dagon.fnordora.org>

On Tue, 2005-02-01 at 23:21 -0800, Steve Schear wrote:
> At 02:07 PM 2/1/2005, Tyler Durden wrote:
> 
> >Counter-stego detection.
> >
> >Seems to me a main tool will be a 2-D Fourier analysis...Stego will 
> >certainly have a certain "thumbprint", depending on the algorithm. Are 
> >there certain images that can hide stego more effectively? IN other words, 
> >these images should have a lot of spectral energy in the same frequency 
> >bands where Stego would normally show.
> 
> Images that ideal for hiding secret messages using stego are those that by 
> default contain stego with no particular hidden content.  A sort of Crowds 
> approach to stego.

If you really want to send secret messages, just send it in the chaff in
spam.  Everyone is programmed to ignore it or filter it out.

-- 
"When a student reads in a math book that there are no absolutes,
suddenly every value he's been taught is destroyed. And the next thing
you know, the student turns to crime and drugs." - Mel Gabler - Censor




From jtrjtrjtr2001 at yahoo.com  Wed Feb  2 05:16:18 2005
From: jtrjtrjtr2001 at yahoo.com (Sarad AV)
Date: Wed, 2 Feb 2005 05:16:18 -0800 (PST)
Subject: Researchers Combat Terrorists by Rooting Out Hidden
  Messages
In-Reply-To: <20050202102155.GT1404@leitl.org>
Message-ID: <20050202131618.56731.qmail@web21208.mail.yahoo.com>

hi,


Tyler Durden wrote:
>Are there certain images that can hide stego more
>effectively? IN other words, 
>these images should have a lot of spectral energy in
>the same frequency bands where Stego would normally
>show.

Yes, there should be a lot of noise in the image, some
way or the other. If you reduce the amount of info you
want to send per image, the lesser the chances that it
be detected. Once you detect and recover the entire
information, decrypting it by some cryptalysis
technique is another nearly impossible task. The whole
thing appears to do with politics. Anyway,a lot of
research grants would be spend for stegano detection,
which is particlarly good for the community.

Sarad.






		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Helps protect you from nasty viruses. 
http://promotions.yahoo.com/new_mail




From ptrei at rsasecurity.com  Wed Feb  2 06:52:21 2005
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Wed, 2 Feb 2005 09:52:21 -0500
Subject: Dell to Add Security Chip to PCs
Message-ID: <017630AA6DF2DF4EBC1DD4454F8EE29704776C51@rsana-ex-hq1.NA.RSA.NET>

Seeing as it comes out of the TCG, this is almost certainly
the enabling hardware for Palladium/NGSCB. Its a part of
your computer which you may not have full control over.

Peter Trei


Tyler Durden
> ANyone familiar with computer architectures and chips able to 
> answer this 
> question:
> 
> That "chip"...is it likely to be an ASIC or is there already 
> such a thing as 
> a security network processor? (ie, a cheaper network 
> processor that only 
> handles security apps, etc...)

> 
> -TD
> 
> >From: "R.A. Hettinga" <rah at shipwright.com>
> >HOUSTON -- Dell Inc. today is expected to add its support to 
> an industry
> >effort to beef up desktop and notebook PC security by installing a
> >dedicated chip that adds security and privacy-specific 
> features, according
> >to people familiar with its plans.
> >
> >Dell will disclose plans to add the security features known 
> as the Trusted
> >Computing Module on all its personal computers. Its support 
> comes in the
> >wake of similar endorsements by PC industry giants Advanced 
> Micro Devices
> >Inc., Hewlett-Packard Co., Intel Corp. and International 
> Business Machines
> >Corp. The technology has been promoted by an industry 
> organization called
> >the Trusted Computing Group.




From measl at mfn.org  Wed Feb  2 07:54:45 2005
From: measl at mfn.org (J.A. Terranson)
Date: Wed, 2 Feb 2005 09:54:45 -0600 (CST)
Subject: Researchers Combat Terrorists by Rooting Out Hidden
  Messages
In-Reply-To: <1107332475.4058.69.camel@dagon.fnordora.org>
References: <p061104c4be2598d5175a@[68.167.57.91]> 
  <BAY24-F58E9CCE2649651A2114349B7D0@phx.gbl>  
  <6.0.1.1.0.20050201231918.041b4640@mail.comcast.net> 
  <1107332475.4058.69.camel@dagon.fnordora.org>
Message-ID: <20050202095412.E21095@ubzr.zsa.bet>

On Wed, 2 Feb 2005, Alan wrote:

> If you really want to send secret messages, just send it in the chaff in
> spam.  Everyone is programmed to ignore it or filter it out.

Yeah, but it doesn't make for great story copy or funding proposals ;-)

-- 
Yours,

J.A. Terranson
sysadmin at mfn.org
0xBD4A95BF

 Civilization is in a tailspin - everything is backwards, everything is
upside down- doctors destroy health, psychiatrists destroy minds, lawyers
destroy justice, the major media destroy information, governments destroy
freedom and religions destroy spirituality - yet it is claimed to be
healthy, just, informed, free and spiritual. We live in a social system
whose community, wealth, love and life is derived from alienation,
poverty, self-hate and medical murder - yet we tell ourselves that it is
biologically and ecologically sustainable.

The Bush plan to screen whole US population for mental illness clearly
indicates that mental illness starts at the top.

Rev Dr Michael Ellner




From eugen at leitl.org  Wed Feb  2 01:56:01 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 2 Feb 2005 10:56:01 +0100
Subject: [i2p] weekly status notes [feb 1] (fwd from jrandom@i2p.net)
Message-ID: <20050202095601.GO1404@leitl.org>

----- Forwarded message from jrandom <jrandom at i2p.net> -----


From eugen at leitl.org  Wed Feb  2 02:21:55 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 2 Feb 2005 11:21:55 +0100
Subject: Researchers Combat Terrorists by Rooting Out Hidden
  Messages
In-Reply-To: <6.0.1.1.0.20050201231918.041b4640@mail.comcast.net>
References: <p061104c4be2598d5175a@[68.167.57.91]>
  <BAY24-F58E9CCE2649651A2114349B7D0@phx.gbl>
  <6.0.1.1.0.20050201231918.041b4640@mail.comcast.net>
Message-ID: <20050202102155.GT1404@leitl.org>

On Tue, Feb 01, 2005 at 11:21:31PM -0800, Steve Schear wrote:
> At 02:07 PM 2/1/2005, Tyler Durden wrote:
>
> >Counter-stego detection.
> >
> >Seems to me a main tool will be a 2-D Fourier analysis...Stego will
> >certainly have a certain "thumbprint", depending on the algorithm. Are

Stego doesn't need to have a detectable (as telling apart from noise)
signature. If you show me how you test for stego I can show you a way to
package content that will pass that test. The problem space is similiar to
build good digital watermarks.

The difficulty is constructing a realistic-looking noise for a given set of
digital sources. Given that the tests take crunch, this will be limited to
forensics. (And one would wonder why the turdorrists smart enough to use
steganography wouldn't use really good cryptographic file systems).

And any idiot knows successful terrorists don't use crypto.

> >there certain images that can hide stego more effectively? IN other words,
> >these images should have a lot of spectral energy in the same frequency
> >bands where Stego would normally show.
>
> Images that ideal for hiding secret messages using stego are those that by
> default contain stego with no particular hidden content.  A sort of Crowds
> approach to stego.

If you have noise in the signal, can you substitute that noise with your
payload easily, or is it better to use synthetic low-noise signals, and add
your suitably encoded payload to it?

--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From steve49152 at yahoo.ca  Wed Feb  2 09:11:32 2005
From: steve49152 at yahoo.ca (Steve Thompson)
Date: Wed, 2 Feb 2005 12:11:32 -0500 (EST)
Subject: [i2p] weekly status notes [feb 1] (fwd from
  jrandom@i2p.net)
In-Reply-To: <20050202095601.GO1404@leitl.org>
Message-ID: <20050202171132.86916.qmail@web51806.mail.yahoo.com>

 --- Eugen Leitl <eugen at leitl.org> wrote: 
> ----- Forwarded message from jrandom <jrandom at i2p.net> -----
> 
> From: jrandom <jrandom at i2p.net>
> Date: Tue, 1 Feb 2005 13:03:02 -0800
> To: i2p at i2p.net
> Subject: [i2p] weekly status notes [feb 1]
[snip]
> Thats all I have for the moment (good thing too, as the meeting
> starts momentarily).  As always, post up your thoughts whenever and
> wherever :)

Ha ha.

Just why is it that "we" should post "up" our thoughts when it is 
now the norm to ignore such thoughts if they (a) come from the
'wrong' source, or (b) if said thoughts do not mesh in the 
approved fashion with the agendas of the moment?
 

I've recently come to a realisation that the reason why most
people are accepting of the current environment of highly 
tuned and structured radio/television media and news content 
is that the common themes underlying most such input gives 
people a false sense of inclusion and belonging.  Sure, the 
cognitive neural structures that become trained and tuned to
one broad class of input leverage some of the basic and 
flexable architecture of the human mind, and this leads to 
what some would consider a higher commonality of performance
in communication and interaction with like others, but the 
loss of fundamental flexability in thought and debate in
public spaces is an unacceptable compromise in so far as
I am concerned.

Excuses that in turn leverage the idea that the present status-
quo is the best we've got at the moment, in terms of fostering
a community of purpose among people of a single culture, and
also in terms of avoiding an `unproductive' factionalisation
of the citizenry, strike me as being without sustainable merit.

Am I making sense here, or is this merely superficially
obfuscated surplus verbiage?  You decide.  In the meantime
I will further consider, in my few moments of quiet and 
solitude, the negative aspects of the current state in which
civil and human rights are selectively applied only to those
who kiss ass in the 'approved' fashion.  


Regards,

Steve


______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca




From rah at shipwright.com  Wed Feb  2 09:11:57 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 2 Feb 2005 12:11:57 -0500
Subject: MSN Belgium to use eID cards for online checking
Message-ID: <p0611042ebe269ccf0604@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/01/msn_belgium_id_cards/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Internet and Law ; Digital Rights/Digital Wrongs ;

 Original URL: http://www.theregister.co.uk/2005/02/01/msn_belgium_id_cards/

MSN Belgium to use eID cards for online checking
By Jan Libbenga (libbenga at yahoo.com)
Published Tuesday 1st February 2005 14:34 GMT

Microsoft will integrate the Belgian eID Card with MSN Messenger.
Microsoft's Bill Gates and Belgian State Secretary for e-government Peter
Vanvelthoven announced the alliance today in Brussels. "We're working to
ensure that our technologies support e-ID, to help make online transactions
and communications more secure," Gates said. eID stands for Electronic
Identity Card. The card contains an electronic chip and gradually will
replace the existing ID card system in Belgium. By end-2005, over 3 million
eID cards will be distributed in the country.

Microsoft believes that combined with the eID Card MSN Messenger chatrooms
will be much safer. Users would have a trustworthy way of identifying
themselves online. The Belgian Federal Computer Crime Unit (FCCU) could
even refuse young children access to certain chatrooms based on their
electronic identity.

"We're not sure yet when we will be able to deliver this integration," Bill
Gates said. "But developers here in Belgium and the US have proven the
concept and are working already on the actual solution."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Wed Feb  2 09:12:42 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 2 Feb 2005 12:12:42 -0500
Subject: Cost and privacy concerns stall PAYD car insurance
Message-ID: <p0611042dbe269cce059f@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/01/car_insurace_payd/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Personal ;

 Original URL: http://www.theregister.co.uk/2005/02/01/car_insurace_payd/

Cost and privacy concerns stall PAYD car insurance
By Lucy Sherriff (lucy.sherriff at theregister.co.uk)
Published Tuesday 1st February 2005 11:53 GMT

Pay-as-you-drive car insurance will not be commercially viable anytime in
the next three years, according to Strategy Analytics. It cites privacy
concerns, launch costs and patent fees, along with back-end data
integration, as significant short-term obstacles to the technology's
mass-scale deployment.

Under pay-as-you-drive insurance, a black box records data about the
driver's journeys. Charges vary, according to the risk of each journey.
Last August, Norwich Union started testing the technology in the UK, with a
pilot scheme for younger drivers
(http://www.aviva.com/index.asp?PageID=55&year=&newsid=1971&filter=corporate,csr,uklife,intlife,ukgeneral,intgeneral,morleyfm,intfm)
launched this year.

Clare Hughes, a Strategy Analytics analyst, said: "While PAYD protects
drivers from generalized assumptions, there are still major hurdles to
overcome before PAYD insurance schemes are commercially viable; and these
are not going to be successfully addressed for a number of years."

But in due course, PAYD will become widespread, she said. Its introduction
will be driven by an increased government focus on road safety, the
availability of tamper-proof vehicle data to verify insurance claims, and
the potential cost savings to the companies and the consumer.

"The days of the once a year insurance premium will eventually disappear
for the majority of consumers, with the rollout of risk-based variable
monthly billing." .


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Wed Feb  2 09:27:35 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 2 Feb 2005 12:27:35 -0500
Subject: Peppercoin Small Payments Processing Suite Available to First 
  Data Channels
Message-ID: <p0611047dbe26bdd4c316@[68.167.57.91]>

<http://biz.yahoo.com/prnews/050202/new005_1.html>

Yahoo! Finance
    

Press Release
Source: Peppercoin

Peppercoin Small Payments Processing Suite Available to First Data Channels
Wednesday February 2, 9:03 am ET

Small Transaction Suite Certified for Sale Through Processor's Merchant
Acquiring Partners

WALTHAM, Mass., Feb. 2 /PRNewswire/ -- Peppercoin, a payments company that
enables profitable, new business models for low-priced digital content and
physical goods, today announced its Small Transaction Suite is authorized
for sale by First Data's merchant acquiring partners, to satisfy the small
payment needs of the 3.5 million merchant clients they serve.

Peppercoin offers merchants a hosted small-payment service, based on credit
and debit card usage, which enables merchants to optimize revenue and
profitability. Peppercoin is the only small-payment vendor that addresses
the digital, mobile and physical point-of-sale (POS) markets.

"Our agreement with First Data Merchant Services validates Peppercoin's
ability to deliver a desired and profitable small payment solution to the
financial services market, as well as the growing need for small payment
credit and debit card payments solutions," said Mark Friedman, president of
Peppercoin. "FDMS will enable a small payment business model that enhances
merchant and acquirer revenue with one complete payment application."

Significant Market Opportunity:

Consumers are demonstrating a clear and growing preference to use their
credit and debit cards for all sizes and types of purchases. In a 2004
study, Ipsos-Insight estimated that roughly 37.5 million US consumers would
choose to use their credit and debit cards for transactions below $5.

Each year, more than 354 billion cash transactions occur in the U.S. for
less than $5 at the physical point-of-sale, representing $1.32 trillion in
aggregate revenue. Leading markets include vending ($18 billion), parking
($10 billion), coin-op ($6 billion) and quick-serve-restaurants ($110
billion).

The online and mobile small payment opportunities are substantial as well;
fueled by music, games, video, publishing and services. TowerGroup
estimates the digital micropayments opportunity reached more than $3
billion in 2004. And a September 2004 Ipsos-Insight study revealed that, in
just one year, the number of US consumers who have made small online
purchases grew 250%, from 4 million to 14 million.

About Peppercoin, Inc.

Peppercoin enables profitable new business models for low-priced digital
content and physical goods. Peppercoin's small payment products help
merchants, banks, and other payments companies build market adoption
quickly through a flexible, consumer-friendly approach. Peppercoin
integrates easily with existing business models and systems to accelerate
revenues and increase profits while dramatically lowering transaction and
customer service costs. For more information visit
http://www.peppercoin.com.
    All trademarks are the property of their respective owners.

    Contact:   Mark McClennan or Scott Love
               Schwartz Communications
               781-684-0770
               peppercoin at schwartz-pr.com




 Source: Peppercoin

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From steve49152 at yahoo.ca  Wed Feb  2 09:45:58 2005
From: steve49152 at yahoo.ca (Steve Thompson)
Date: Wed, 2 Feb 2005 12:45:58 -0500 (EST)
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <017630AA6DF2DF4EBC1DD4454F8EE29704776C51@rsana-ex-hq1.NA.RSA.NET>
Message-ID: <20050202174558.90787.qmail@web51801.mail.yahoo.com>

 --- "Trei, Peter" <ptrei at rsasecurity.com> wrote: 
> Seeing as it comes out of the TCG, this is almost certainly
> the enabling hardware for Palladium/NGSCB. Its a part of
> your computer which you may not have full control over.

Well we all know that having complete control over one's own
computer is far too dangerous.  Obviously, it would be best if
computers, operating systems, and application software had 
proprietary back-doors that would enable the secret police to
arbitrarily monitor the all goes on in the suspicious and dark
recesses of memory and the CPU.

Hell, I trust the secret police to use such capabilities for 
moral and legitimate purposes only, and as we all know the 
people who become secret police are of the best and brightest
stock of humanity and will allways act in the best interests 
of mankind.  Corruption and fraud among such elites will be
impossible, particularly if current standards of law and 
morality continue to be applied with the consistency we are
now accustomed to.

Personally, I have no fear that you, the members of this 
group, who I am barely qualified to address online, and who
represent some of the best people the Internet has to offer,
would not be the ones best suited to control the computing
infrastructure of the Earth's people.  

And in that vein, I offer the following job tip as a token
of my confidence.  In today's Globe and Mail newspaper there
is an advertisment from the CSE (Communications Security
Establishment, for those who are not familiar with the 
lesser known TLA's) in which they relate that they are 
soliciting new team members:

"We are the Communications Security Establishment,
a member agency of Canada's security and intelligence
team.

CSE acquires and provides forign signals intelligence
and provides advice, guidance and services to help
insure the protection of Government of Canada electronic
information.  CSE also provides assistance to federal
law enforcement and security agencies.

We offer a stimulating work environment, state-of-the-
art technology, competative salaries, and an opportunity
to make a difference.

ENGINEERS
 - hardware design
 - wireless
 - computers and network security
 - test and verification
 - project management

ANALYSTS
 - intelligence
 - linguistic (Asian, Middle Eastern and European languages)
 - systems
 - financial
 - human resources
 - policy
 - network

COMPUTER SCIENCE SPECIALISTS
 - LAN/WAN administration (UNIX/WINDOWS)
 - programmer analysts (C/C++, Java)
 - computer and network security
 - project management

MATHEMATICIANS
 - cryptography and cryptanalysis
 - diverse theoretical and applied areas of mathematics
 - optimization, numerical and computational methods 


Requirements:
-------------

Postions in our organisation will be of interest to those with a
post-secondary education and/or experience in: engineering, 
mathematics, computer science, language studies, political science,
business, economics or accounting.  You must be a Canadian 
citizen and eligable for a top secret security clearance.
positions are located in Ottawa.

CSE is an equal opportunity employer.  We welcome applications from
all qualified individuals, including women, mempers of visible 
minorities, Aboriginal peoples and persons with disabilities.



It sounds so good that I would certainly consider applying myself
if it were not for the fact that I love my current occupation as
slave and chew-toy for the privilaged and beautifle so very much.

For those of you who are not canadian citizens, I can let you in on
a little secret.  CSIS doesn't check all that closely when they do
their security clearance background investigations, and so you can
just tell them you forgot your ID in your other suit when they ask
for it.

By all accounts, the pay is great as are the fringe benefits.  Loot
confiscated as a part of legitimate intelligence excercises and
operations are generally made available on a first-come, first-
serve basis to employees in good standing.  Other benefits include
super-human abilities and powers unavailable to normal human
beings.

All in all, it sounds like a great place to work.  Good luck to any
of you who apply.


Regards,

Steve


______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca




From kaiser at emjay.net  Wed Feb  2 10:55:59 2005
From: kaiser at emjay.net (Michael Johnson)
Date: Wed, 2 Feb 2005 13:55:59 -0500
Subject: Sound filtering software.
Message-ID: <mailman.1167.1576007655.31620.cypherpunks-legacy@lists.cpunks.org>

On Feb 2, 2005, at 12:01 AM, Joseph Chamberlain, DDS wrote:

>Do any of you know of a software that I could use to isolate the
>frequency
>of the human voice and then clean everything else to make the recording
>clearer and easier to listen to ?

<slips on audio engineer hat>

If I had a nickel for every client who came in my studio asking the
same question...

The human voice has an amazing range in frequency and in dB.  It's one
of the most versatile instruments ever.  The subtleties are amazing
when combining guttural sounds with sibilance and resonance, as well as
air flow and labial manipulation (which you probably understand being a
DDS).  This presents a great difficulty when trying to do what you've
just asked.

For example, in television and radio, you have an effective frequency
range of about 15kHz which is more than sufficient for the human voice.
 However, you're limited to 20dB of dynamic range.  This isn't a
problem if your speaker is doing a Ben Stein (Bueller?  Bueller?)
impression.  On a cassette tape, you have about 40-50dB, and on 16 bit
PCM digital audio, you have ~96dB (which is probably more than the room
you're recording in or listening in).

The human voice needs about 4kHz to be distinguishable from mumbling.
The "presence" of the human voice is (arguably) around 3.8kHz.  If you
really want to do it right, you'll need about 12kHz to get everything
without sounding like a telephone, although that could sound a bit too
sibilant if you aren't careful.  Basically, what you'll need is a
bandpass filter and an expander.  Here's what they do:

Bandpass filter - Cuts off the low end below a certain frequency and
the high end off at a different frequency.  You get for example, 150Hz
through 4kHz.  Anything below 150Hz will be dropped and anything above
4kHz will be dropped.  This should get rid of the rumble of the air
handlers down low and the rush of the air through the vents up high.
it will also sound a little muffled, but you should be able to hear
everything just fine.

Expander - Makes everything below a certain decibel level quieter.  You
set a cutoff point, for example 50dB.  Anything below that point will
unaffected.  Everything above that point will be raised according to
the ratio you set, for example 1:2, effectively making 60dB sound like
80dB (10dB above the setting at a 1:2 ratio gives a 20dB rise).

Now, if there's a lot of noise, using these simple tools is not enough.
 Many/most recording studios have a "NoNoise?" suite, or "Pro Tools?"
suite with DINR (Digidesign Intelligent Noise Reduction...pronounced
like dinner).  Each of these two applications will take a sample of the
noise, and dynamically set filtering through the entire sound file to
give you a "clean" version of the file.

The software and hardware costs thousands of dollars, but it's well
worth going to a studio where they've done this type thing before.
It's not going to clean it up like you see on the spy thriller movies,
but it can clean it up a lot to make things much more audible.

IIRC, the Nat King Cole and Natalie Cole album, "Unforgettable", was
done using Sonic Solutions NoNoise?.  The engineers took the old
recordings, cleaned up the noise, removed his vocal, and then recorded
her vocal.  When Kenny G came to Washington DC to play on BET, his
monitor engineer came to my studio because they had
lost/broken/whatever the original CD he used to "play with" Louis
Armstrong.  We loaded the song from CD, removed the saxophone at the
certain points where Kenny played the melody (using DINR), and burned a
new CD so he could play it live.

This may be a little more power than you need, but it's effectively the
same thing, and it sounds pretty good.  It also took a LOT longer to do
that that it would take to clean up your recording to make it more
audible.

Now, I'll take my audio engineer hat off and get back to being a UNIX
administrator geek...

<removes audio engineer hat and goes back to his slashdot hat>

-Michael

---------------------------------------
Sometimes your joy is the source of your smile, but sometimes your
smile can be the source of your joy.

					--Thich Nhat Hanh

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Scitech mailing list      (Scitech at lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/scitech/eugen%40leitl.org

This email sent to eugen at leitl.org

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From wata.34mt at coresecurity.com  Wed Feb  2 10:31:48 2005
From: wata.34mt at coresecurity.com (AW)
Date: Wed, 02 Feb 2005 15:31:48 -0300
Subject: Researchers Combat Terrorists by Rooting Out Hidden
  Messages
In-Reply-To: <1107332475.4058.69.camel@dagon.fnordora.org>
References: <p061104c4be2598d5175a@[68.167.57.91]>	  
  <BAY24-F58E9CCE2649651A2114349B7D0@phx.gbl>	  
  <6.0.1.1.0.20050201231918.041b4640@mail.comcast.net>  
  <1107332475.4058.69.camel@dagon.fnordora.org>
Message-ID: <42011C94.10703@coresecurity.com>

Just herd of this  http://www.spammimic.com/

AW

Alan wrote:
> On Tue, 2005-02-01 at 23:21 -0800, Steve Schear wrote:
> 
> If you really want to send secret messages, just send it in the chaff in
> spam.  Everyone is programmed to ignore it or filter it out.




From dan at doxpara.com  Wed Feb  2 15:45:56 2005
From: dan at doxpara.com (Dan Kaminsky)
Date: Wed, 02 Feb 2005 15:45:56 -0800
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <Pine.LNX.4.58.0502021726530.5915@shining.seclogd.org>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C51@rsana-ex-hq1.NA.RSA.NET>
    <Pine.LNX.4.58.0502021726530.5915@shining.seclogd.org>
Message-ID: <42016634.2040104@doxpara.com>

Uh, you *really* have no idea how much the black hat community is 
looking forward to TCPA.  For example, Office is going to have core 
components running inside a protected environment totally immune to 
antivirus.  Since these components are going to be managing 
cryptographic operations, the "well defined API" exposed from within the 
sandbox will have arbitrary content going in, and opaque content coming 
out.  Malware goes in (there's not a executable environment created that 
can't be exploited), sets up shop, has no need to be stealthy due to the 
complete blockage of AV monitors and cleaners, and does what it wants to 
the plaintext and ciphertext (alters content, changes keys) before 
emitting it back out the opaque outbound interface.

So, no FUD, you lose :)

--Dan



Erwann ABALEA wrote:

>On Wed, 2 Feb 2005, Trei, Peter wrote:
>
>  
>
>>Seeing as it comes out of the TCG, this is almost certainly
>>the enabling hardware for Palladium/NGSCB. Its a part of
>>your computer which you may not have full control over.
>>    
>>
>
>Please stop relaying FUD. You have full control over your PC, even if this
>one is equiped with a TCPA chip. See the TCPA chip as a hardware security
>module integrated into your PC. An API exists to use it, and one if the
>functions of this API is 'take ownership', which has the effect of
>erasing it and regenerating new internal keys.




From erwann at abalea.com  Wed Feb  2 08:30:33 2005
From: erwann at abalea.com (Erwann ABALEA)
Date: Wed, 2 Feb 2005 17:30:33 +0100 (CET)
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <017630AA6DF2DF4EBC1DD4454F8EE29704776C51@rsana-ex-hq1.NA.RSA.NET>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C51@rsana-ex-hq1.NA.RSA.NET>
Message-ID: <Pine.LNX.4.58.0502021726530.5915@shining.seclogd.org>

On Wed, 2 Feb 2005, Trei, Peter wrote:

> Seeing as it comes out of the TCG, this is almost certainly
> the enabling hardware for Palladium/NGSCB. Its a part of
> your computer which you may not have full control over.

Please stop relaying FUD. You have full control over your PC, even if this
one is equiped with a TCPA chip. See the TCPA chip as a hardware security
module integrated into your PC. An API exists to use it, and one if the
functions of this API is 'take ownership', which has the effect of
erasing it and regenerating new internal keys.

-- 
Erwann ABALEA <erwann at abalea.com> - RSA PGP Key ID: 0x2D0EABD5

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com




From jya at pipeline.com  Wed Feb  2 19:43:52 2005
From: jya at pipeline.com (John Young)
Date: Wed, 02 Feb 2005 19:43:52 -0800
Subject: Jim Bell WMD Threat
Message-ID: <E1CwVB7-0000F9-00@maynard.mail.mindspring.net>

The FBI continues to claim Jim Bell is a WMD threat
despite having no case against him except in the media,
but that conforms to current FBI/DHS policy of fictionalizing
homeland threats.


http://www.edgewood.army.mil/downloads/bwirp/mdc_appendix_b02.pdf

See page 16.

This document was initially prepared in June 2002, updated in June
2003. 




From eugen at leitl.org  Wed Feb  2 10:44:18 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 2 Feb 2005 19:44:18 +0100
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <20050202174558.90787.qmail@web51801.mail.yahoo.com>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C51@rsana-ex-hq1.NA.RSA.NET>
  <20050202174558.90787.qmail@web51801.mail.yahoo.com>
Message-ID: <20050202184417.GJ1404@leitl.org>

On Wed, Feb 02, 2005 at 12:45:58PM -0500, Steve Thompson wrote:

> Well we all know that having complete control over one's own
> computer is far too dangerous.  Obviously, it would be best if
> computers, operating systems, and application software had
> proprietary back-doors that would enable the secret police to
> arbitrarily monitor the all goes on in the suspicious and dark
> recesses of memory and the CPU.

If there's nasty Nagscab living on your motherboard, you might as well use it
for something constructive:

http://www.linuxjournal.com/article/6633

(Of course the stuff might contain undocumented "features", so only a fool
would rely it to conform to specs, all the time).

--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From eugen at leitl.org  Wed Feb  2 11:05:30 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 2 Feb 2005 20:05:30 +0100
Subject: Sound filtering software. (fwd from kaiser@emjay.net)
Message-ID: <20050202190530.GN1404@leitl.org>

----- Forwarded message from Michael Johnson <kaiser at emjay.net> -----


From iang at systemics.com  Wed Feb  2 15:38:46 2005
From: iang at systemics.com (Ian G)
Date: Wed, 02 Feb 2005 23:38:46 +0000
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <Pine.LNX.4.58.0502021726530.5915@shining.seclogd.org>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C51@rsana-ex-hq1.NA.RSA.NET>
  <Pine.LNX.4.58.0502021726530.5915@shining.seclogd.org>
Message-ID: <42016486.5000704@systemics.com>

Erwann ABALEA wrote:

>On Wed, 2 Feb 2005, Trei, Peter wrote:
>
>  
>
>>Seeing as it comes out of the TCG, this is almost certainly
>>the enabling hardware for Palladium/NGSCB. Its a part of
>>your computer which you may not have full control over.
>>    
>>
>
>Please stop relaying FUD. You have full control over your PC, even if this
>one is equiped with a TCPA chip. See the TCPA chip as a hardware security
>module integrated into your PC. An API exists to use it, and one if the
>functions of this API is 'take ownership', which has the effect of
>erasing it and regenerating new internal keys.
>  
>

So .. the way this works is that Dell & Microsoft
ship you a computer with lots of nice multimedia
stuff on it.  You take control of your chip by erasing
it and regenerating keys, and then the multimedia
software that you paid for no longer works?

I'm just curious on this point.  I haven't seen much
to indicate that Microsoft and others are ready
for a nymous, tradeable software assets world.

iang

-- 
News and views on what matters in finance+crypto:
        http://financialcryptography.com/




From jays at panix.com  Wed Feb  2 22:13:41 2005
From: jays at panix.com (Jay Sulzberger)
Date: Thu, 3 Feb 2005 01:13:41 -0500 (EST)
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <Pine.LNX.4.58.0502021726530.5915@shining.seclogd.org>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C51@rsana-ex-hq1.NA.RSA.NET>
   <Pine.LNX.4.58.0502021726530.5915@shining.seclogd.org>
Message-ID: <Pine.NEB.4.61.0502030052350.24645@panix5.panix.com>

On Wed, 2 Feb 2005, Erwann ABALEA wrote:

> On Wed, 2 Feb 2005, Trei, Peter wrote:
>
>> Seeing as it comes out of the TCG, this is almost certainly
>> the enabling hardware for Palladium/NGSCB. Its a part of
>> your computer which you may not have full control over.
>
> Please stop relaying FUD. You have full control over your PC, even if this
> one is equiped with a TCPA chip. See the TCPA chip as a hardware security
> module integrated into your PC. An API exists to use it, and one if the
> functions of this API is 'take ownership', which has the effect of
> erasing it and regenerating new internal keys.
>
> -- 
> Erwann ABALEA <erwann at abalea.com> - RSA PGP Key ID: 0x2D0EABD5

After TCPA systems are the only systems for sale at CompUSA, how long
before this off switch is removed?  All agree we live in a time of crisis;
at any moment MICROSOFT/RIAA/MPAA/HOMSECPOL/CONGREGATIONOFMARTYRS may
require of all of us an attestation of faith and obedience greater and more
secure than present hardware can convincingly convey.

oo--JS.




From arma at mit.edu  Thu Feb  3 00:42:31 2005
From: arma at mit.edu (Roger Dingledine)
Date: Thu, 3 Feb 2005 03:42:31 -0500
Subject: Tor: Please block these file-sharing ports from your exit policy
Message-ID: <mailman.1168.1576007655.31620.cypherpunks-legacy@lists.cpunks.org>

Hi folks,

You're getting this mail because you've registered a Tor server. Thanks
for contributing to the Tor network! We've been getting a lot of nodes
lately from people saying they're happy Tor exists because now they can
publish anonymously, reach websites that are blocked from their country,
etc etc. This is all possible because of people like you.

There are two parts to this mail: (1) asking how Tor servers are doing
and reminding you to upgrade / restart them, and (2) asking you to
prepend some more exit policy lines in their torrc.

****** Part one: ******

If your Tor server has crashed and you haven't noticed, please notice,
and consider upgrading to at least 0.0.9.3 and restarting it. :) If it
was running 0.0.9.3 when it crashed, please let me know of any hints
(e.g. core files and error messages) you might have for us.

If you've turned off your Tor server because it's eating too much of your
bandwidth/CPU, please consider setting BandwidthRate and BandwidthBurst
and starting it up again. Bandwidth limiting also limits the cpu use,
since it's tied to how many bytes you process. Even cable and DSL
rates are usable and useful to us. Also, note that we've implemented
Hibernation, which lets you set a maximum number of bytes to handle per
day/week/month, and your server goes to sleep in between. Let me know if
you need help choosing good configuration parameters; I'm happy to help.

If you're feeling adventurous, feel free to try the code in CVS:
http://tor.eff.org/developers.html
It hasn't crashed on us lately, and it uses pthreads rather than forking
so the "using lots of memory for each dnsworker" problem should be
resolved. We'll be putting out an actual package for 0.1.0-alpha in a
week or two, if you prefer to wait.

If you're feeling adventurous and still have bandwidth to spare, feel free
to set your BandwidthRate to something higher than the 780 KB default.
http://serifos.eecs.harvard.edu:8000/cgi-bin/exit.pl?sortbw=1 shows the
daily top servers by usefulness, for those with a competitive streak. :)

And if you have any wishlist items or other comments, we'd love to
hear them.

****** Part two: ******

In the past weeks, file-sharing has been pummeling the Tor network:
http://www.noreply.org/tor-running-routers/

While we don't have any legal or moral opinions about this particular
traffic, we need to take technical measures to make the network usable
again. One solution would be to enumerate the ten or so ports that
we know we want to accept, and reject the rest. We may end up needing
to do that, but we'd like to try an intermediate approach first. So,
please prepend the following line to your exit policy, by putting this
line in your torrc file:

ExitPolicy reject *:4661-4666,reject *:6346-6429,reject *:6881-6999

There's no need to do this if you're a middleman node, or your chosen
exit policy already rejects these. But otherwise, please do it even
if you personally do not mind carrying traffic for these ports: Tor's
architecture means that most of the hops in the circuit don't know what
traffic they're carrying, and at least for now we'd like to crank down
the overall bandwidth used by applications on these ports. Hopefully in
the future we'll have a better (e.g. more decentralized) Tor that can
handle it, but there's no point letting the network die in the meantime.

Thanks!
--Roger




----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From ereed at novell.com  Thu Feb  3 04:45:21 2005
From: ereed at novell.com (Ed Reed)
Date: Thu, 03 Feb 2005 05:45:21 -0700
Subject: Dell to Add Security Chip to PCs
Message-ID: <s201ba7d.064@sinclair.provo.novell.com>

>>> Ian G <iang at systemics.com> 2/2/2005 6:38:46 PM >>>
> I'm just curious on this point.  I haven't seen much
> to indicate that Microsoft and others are ready
> for a nymous, tradeable software assets world.

No, and neither are corporate customers, to a large extent.

Accountability is, in fact, a treasured property of business computing.
 

Lack of accountability creates things like Enron, Anderson Consulting,
Oil-for-Food scams, and the missing 9 billion dollars or so of
reconstruction aid.  It's the fuel that propells SPAM, graft, and
identity theft.

What I've not seen is much work providing accountability for anonymous
transactions.

It's a shame people persist in thinking a single solution will satify
everyone, as though computing was somehow different from everything else
in life.

Ed




From ereed at novell.com  Thu Feb  3 04:45:21 2005
From: ereed at novell.com (Ed Reed)
Date: Thu, 03 Feb 2005 05:45:21 -0700
Subject: Dell to Add Security Chip to PCs
Message-ID: <s201ba7d.066@sinclair.provo.novell.com>

>>> Ian G <iang at systemics.com> 2/2/2005 6:38:46 PM >>>
> I'm just curious on this point.  I haven't seen much
> to indicate that Microsoft and others are ready
> for a nymous, tradeable software assets world.

No, and neither are corporate customers, to a large extent.

Accountability is, in fact, a treasured property of business computing.
 

Lack of accountability creates things like Enron, Anderson Consulting,
Oil-for-Food scams, and the missing 9 billion dollars or so of
reconstruction aid.  It's the fuel that propells SPAM, graft, and
identity theft.

What I've not seen is much work providing accountability for anonymous
transactions.

It's a shame people persist in thinking a single solution will satify
everyone, as though computing was somehow different from everything else
in life.

Ed

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com




From camera_lumina at hotmail.com  Thu Feb  3 05:42:27 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Thu, 03 Feb 2005 08:42:27 -0500
Subject: Jim Bell WMD Threat
In-Reply-To: <E1CwVB7-0000F9-00@maynard.mail.mindspring.net>
Message-ID: <BAY24-F18B3C196F27A5EBADBA3AD9B7F0@phx.gbl>

Some of that is actually pretty funny, like "Mixed in with food served to 
ex-girlfriend".

It really boils down to drumming up a stable gig for yourself.

-TD

>From: John Young <jya at pipeline.com>
>To: cypherpunks at al-qaeda.net
>Subject: Jim Bell WMD Threat
>Date: Wed, 02 Feb 2005 19:43:52 -0800
>
>The FBI continues to claim Jim Bell is a WMD threat
>despite having no case against him except in the media,
>but that conforms to current FBI/DHS policy of fictionalizing
>homeland threats.
>
>
>http://www.edgewood.army.mil/downloads/bwirp/mdc_appendix_b02.pdf
>
>See page 16.
>
>This document was initially prepared in June 2002, updated in June
>2003.




From camera_lumina at hotmail.com  Thu Feb  3 05:46:07 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Thu, 03 Feb 2005 08:46:07 -0500
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <E1CwYza-0001q1-00@medusa01.cs.auckland.ac.nz>
Message-ID: <BAY24-F36BDB0E1E362AFFAF74E79B7F0@phx.gbl>

Ah. That's a good sanity check. Like I said I'm by no means an expert but I 
considered it highly unlikely they'd use a dedicated crypto ASIC in this 
context.

-TD

>From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
>To: camera_lumina at hotmail.com, 
>cryptography at metzdowd.com,cypherpunks at al-qaeda.net, rah at shipwright.com
>Subject: RE: Dell to Add Security Chip to PCs
>Date: Thu, 03 Feb 2005 17:53:22 +1300
>
>"Tyler Durden" <camera_lumina at hotmail.com> writes:
>
> >That "chip"...is it likely to be an ASIC or is there already such a thing 
>as
> >a security network processor? (ie, a cheaper network processor that only
> >handles security apps, etc...)
> >
> >Or could it be an FPGA?
>
>Neither.  Currently they've typically been smart-card cores glued to the
>MB and accessed via I2C/SMB.
>
>Peter.




From eugen at leitl.org  Thu Feb  3 00:07:38 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 3 Feb 2005 09:07:38 +0100
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <Pine.LNX.4.58.0502021726530.5915@shining.seclogd.org>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C51@rsana-ex-hq1.NA.RSA.NET>
  <Pine.LNX.4.58.0502021726530.5915@shining.seclogd.org>
Message-ID: <20050203080738.GG1404@leitl.org>

On Wed, Feb 02, 2005 at 05:30:33PM +0100, Erwann ABALEA wrote:

> Please stop relaying FUD. You have full control over your PC, even if this

Please stop relaying pro-DRM pabulum. The only reason for Nagscab is
restricting the user's rights to his own files.

Of course there are other reasons for having crypto compartments in your
machine, but the reason Dell/IBM is rolling them out is not that.

> one is equiped with a TCPA chip. See the TCPA chip as a hardware security
> module integrated into your PC. An API exists to use it, and one if the
> functions of this API is 'take ownership', which has the effect of
> erasing it and regenerating new internal keys.

Really? How interesting. Please tell us more.

--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From rah at shipwright.com  Thu Feb  3 07:36:25 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 3 Feb 2005 10:36:25 -0500
Subject: Police cuff US student keystroke logger
Message-ID: <p061104a2be27f373fee2@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/02/student_keystroke_logger/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Security ; Network Security ;

 Original URL:
http://www.theregister.co.uk/2005/02/02/student_keystroke_logger/

Police cuff US student keystroke logger
By Lester Haines (lester.haines at theregister.co.uk)
Published Wednesday 2nd February 2005 14:39 GMT

A Houston High School student faces a fine possible $2,000 fine or 180
days' jail after admitting rigging a keystoke logger to a teacher's PC and
using it to download exams, Houston's Local 2 reports
(http://www.click2houston.com/education/4152951/detail.html).

Fort Bend School District School spokeswoman Mary Ann Simpson said:
"Sometime in mid-December, we got a tip that this student was selling test
exams that had apparently come from a teacher's computer, so that's when
the investigation began." Said probe ended with the unnamed 16-year-old
having his collar felt by the police. He immediately confessed to the crime
when confronted, was charged with a Class B misdemeanour and transferred to
another school.

Police this week sent out alerts to other schools warning them of the
threat of keystoke-logging ne'er-do-wells. .


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From eugen at leitl.org  Thu Feb  3 01:40:44 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 3 Feb 2005 10:40:44 +0100
Subject: Tor: Please block these file-sharing ports from your exit
  policy (fwd from arma@mit.edu)
Message-ID: <20050203094043.GJ1404@leitl.org>

----- Forwarded message from Roger Dingledine <arma at mit.edu> -----


From ptrei at rsasecurity.com  Thu Feb  3 08:51:57 2005
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Thu, 3 Feb 2005 11:51:57 -0500
Subject: Dell to Add Security Chip to PCs
Message-ID: <017630AA6DF2DF4EBC1DD4454F8EE29704776C5F@rsana-ex-hq1.NA.RSA.NET>

Erwann ABALEA
> On Wed, 2 Feb 2005, Trei, Peter wrote:
> 
> > Seeing as it comes out of the TCG, this is almost certainly
> > the enabling hardware for Palladium/NGSCB. Its a part of
> > your computer which you may not have full control over.
> 
> Please stop relaying FUD. You have full control 
> over your PC, even if this one is equiped with 
> a TCPA chip. See the TCPA chip as a hardware 
> security module integrated into your PC. An API 
> exists to use it, and one if the functions of 
> this API is 'take ownership', which has the effect of
> erasing it and regenerating new internal keys.

Congratulations on your new baby.

Working in the security business, paranoia is pretty
much a job requirement. "What's the worst that could 
happen?" is taken seriously.

The best that can happen with TCPA is pretty good -
it could stop a lot of viruses and malware, for one
thing.

But the worst that can happen with TCPA is 
pretty awful.

It could easily be leveraged to make motherboards
which will only run 'authorized' OSs, and OSs
which will run only 'authorized' software.

And you, the owner of the computer, will NOT
neccesarily be the authority which gets to decide
what OS and software the machine can run.

If you 'take ownership' as you put it, the internal
keys and certs change, and all of a sudden you
might not have a bootable computer anymore.

Goodbye Linux.
Goodbye Freeware.
Goodbye independent software development.

It would be a very sad world if this comes
to pass.

Peter Trei




From rah at shipwright.com  Thu Feb  3 11:32:05 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 3 Feb 2005 14:32:05 -0500
Subject: New Accord Reader available to city traders
Message-ID: <p061104adbe281e4006ed@[68.167.57.91]>

<http://www.aberdeencity.gov.uk/textonly/vbparser.asp?path=http://www.aberdeencity.gov.uk%2FACC%5FData%2Fnews+item%2Fppu%5Fnews%5F050203b%2Easp?>


News Item

New Accord Reader available to city traders

 03 February 2005 14:29

 Traders in Aberdeen are being offered help stamping out underage sales of
tobacco, solvents, spray paints and other restricted items.

The Accord Reader is a small till-top device that verifies an age band for
customers, using the information stored on their Accord Card - Aberdeen
City Council's pioneering smartcard.

The gadget is already a common sight in city stores - with the Safer
Aberdeen partnership having bought and distributed 320 readers among shops
providing off sales, prior to Christmas.

Now the Accord team is writing to newsagents, video stores and cinemas
offering them the chance to pick up the invaluable devices, which cost just
#15 each.

Accord Readers are small devices, little bigger than the Accord Card
itself. They work by accessing the birth date information stored on each
card and displaying a minimum age for the customer, such as 12, 16, 18 -
verifying whether they are entitled to buy tobacco, lottery products,
alcohol and other age-restricted items.

The cardholder's date of birth itself is not revealed and no other personal
information - such as entitlement to concessionary travel, free school
meals or library lending - can be accessed.

The Accord Card is already issued to secondary school pupils in the city -
a key group when addressing the issue of underage sales.

It can be used to determine whether a customer can legally be sold items
including tobacco products, knives, videos and DVDs, fireworks, glue,
lighter fuel and spray paint.


 The Accord Reader

Benefit to the retailer: Rather than relying on retail staff to calculate,
or even guess, a customer's date of birth, the Proof of Age Reader gives
them access to secure, reliable data at their fingertips.

Any Accord Card can be inserted in the Reader, instantly displaying a
message that the bearer is ''OVER XX'', one of a range of specified ages.
 Retailers also have a secondary check, using the photograph on the back of
each Accord Card, to confirm the customer is who they say they are.
 All pupils of Council-run secondary schools in Aberdeen hold Accord Cards.

Benefit to customers: Customers will be safe in the knowledge they can
prove they are entitled to purchase certain products, and they - and you -
are not unwittingly breaking the law.

The Accord Card

In simplistic terms, the Accord Card is:

* A system identifier

Grampian Police backs the Accord Card as a proof of age and identity.
 It also identifies those users who are Young Scots.

* A product carrier

Currently, 19,000 concessionary cardholders use the card - as a proof of
identity - when they travel on public transport. This initiative is being
further developed to provide transport ticketing.

Accord replaces library cards. However, its use is not limited to Council
service - it can be used in the private sector.

It will be a long lasting card, which provides users with greater and
easier access to many benefits and services.

* An electronic purse

Twelve secondary schools currently use Accord as an electronic purse -
allowing for cashless catering and vending. This encourages children to
access concessionary entitlements anonymously - removing any stigma
attached to receiving free school meals or clothing grants.

These are just a few of the potential benefits of the Accord Card. It aims
to become one card that replaces many others - for example, replacing
library cards, leisure cards, travel cards and dinner tickets.
 The Accord Card will be available to all citizens of Aberdeen during 2005.
 To find out more about the scheme, please contact the Accord Office on
01224 645596 between the hours on 9:00 am and 4:00pm, Monday to Friday.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From erwann at abalea.com  Thu Feb  3 05:39:43 2005
From: erwann at abalea.com (Erwann ABALEA)
Date: Thu, 3 Feb 2005 14:39:43 +0100 (CET)
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <Pine.LNX.4.58.0502021726530.5915@shining.seclogd.org>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C51@rsana-ex-hq1.NA.RSA.NET>
     <Pine.LNX.4.58.0502021726530.5915@shining.seclogd.org>
Message-ID: <Pine.LNX.4.58.0502031431080.6276@shining.seclogd.org>

Bonjour,

On Wed, 2 Feb 2005, Erwann ABALEA wrote:

> On Wed, 2 Feb 2005, Trei, Peter wrote:
>
> > Seeing as it comes out of the TCG, this is almost certainly
> > the enabling hardware for Palladium/NGSCB. Its a part of
> > your computer which you may not have full control over.
>
> Please stop relaying FUD. You have full control over your PC, even if this
> one is equiped with a TCPA chip. See the TCPA chip as a hardware security
> module integrated into your PC. An API exists to use it, and one if the
> functions of this API is 'take ownership', which has the effect of
> erasing it and regenerating new internal keys.

I've read your objections. Maybe I wasn't clear. What's wrong in
installing a cryptographic device by default on PC motherboards?
I work for a PKI 'vendor', and for me, software private keys is a
nonsense. How will you convice "Mr Smith" (or Mme Michu) to buy an
expensive CC EAL4+ evaluated token, install the drivers, and solve the
inevitable conflicts that will occur, simply to store his private key? You
first have to be good to convice him to justify the extra depense.
If a standard secure hardware cryptographic device is installed by default
on PCs, it's OK! You could obviously say that Mr Smith won't be able to
move his certificates from machine A to machine B, but more than 98% of
the time, Mr Smith doesn't need to do that.

Installing a TCPA chip is not a bad idea. It is as 'trustable' as any
other cryptographic device, internal or external. What is bad is accepting
to buy a software that you won't be able to use if you decide to claim
your ownership... Palladium is bad, TCPA is not bad. Don't confuse the
two.

-- 
Erwann ABALEA <erwann at abalea.com> - RSA PGP Key ID: 0x2D0EABD5




From erwann at abalea.com  Thu Feb  3 05:43:39 2005
From: erwann at abalea.com (Erwann ABALEA)
Date: Thu, 3 Feb 2005 14:43:39 +0100 (CET)
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <Pine.NEB.4.61.0502030052350.24645@panix5.panix.com>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C51@rsana-ex-hq1.NA.RSA.NET>
     <Pine.LNX.4.58.0502021726530.5915@shining.seclogd.org>   
  <Pine.NEB.4.61.0502030052350.24645@panix5.panix.com>
Message-ID: <Pine.LNX.4.58.0502031440490.6276@shining.seclogd.org>

On Thu, 3 Feb 2005, Jay Sulzberger wrote:

> On Wed, 2 Feb 2005, Erwann ABALEA wrote:
>
> > On Wed, 2 Feb 2005, Trei, Peter wrote:
> >
> >> Seeing as it comes out of the TCG, this is almost certainly
> >> the enabling hardware for Palladium/NGSCB. Its a part of
> >> your computer which you may not have full control over.
> >
> > Please stop relaying FUD. You have full control over your PC, even if this
> > one is equiped with a TCPA chip. See the TCPA chip as a hardware security
> > module integrated into your PC. An API exists to use it, and one if the
> > functions of this API is 'take ownership', which has the effect of
> > erasing it and regenerating new internal keys.
>
> After TCPA systems are the only systems for sale at CompUSA, how long
> before this off switch is removed?  All agree we live in a time of crisis;
> at any moment MICROSOFT/RIAA/MPAA/HOMSECPOL/CONGREGATIONOFMARTYRS may
> require of all of us an attestation of faith and obedience greater and more
> secure than present hardware can convincingly convey.

And do you seriously think that "you can't do that, it's technically not
possible" is a good answer? That's what you're saying. For me, a better
answer is "you don't have the right to deny my ownership".

-- 
Erwann ABALEA <erwann at abalea.com> - RSA PGP Key ID: 0x2D0EABD5




From erwann at abalea.com  Thu Feb  3 05:49:28 2005
From: erwann at abalea.com (Erwann ABALEA)
Date: Thu, 3 Feb 2005 14:49:28 +0100 (CET)
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <42016634.2040104@doxpara.com>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C51@rsana-ex-hq1.NA.RSA.NET>
     <Pine.LNX.4.58.0502021726530.5915@shining.seclogd.org>  
  <42016634.2040104@doxpara.com>
Message-ID: <Pine.LNX.4.58.0502031444000.6276@shining.seclogd.org>

On Wed, 2 Feb 2005, Dan Kaminsky wrote:

> Uh, you *really* have no idea how much the black hat community is
> looking forward to TCPA.  For example, Office is going to have core
> components running inside a protected environment totally immune to
> antivirus.

How? TCPA is only a cryptographic device, and some BIOS code, nothing
else. Does the coming of TCPA chips eliminate the bugs, buffer overflows,
stack overflows, or any other way to execute arbitrary code? If yes, isn't
that a wonderful thing? Obviously it doesn't (eliminate bugs and so on).

>  Since these components are going to be managing
> cryptographic operations, the "well defined API" exposed from within the
> sandbox will have arbitrary content going in, and opaque content coming
> out.  Malware goes in (there's not a executable environment created that
> can't be exploited), sets up shop, has no need to be stealthy due to the
> complete blockage of AV monitors and cleaners, and does what it wants to
> the plaintext and ciphertext (alters content, changes keys) before
> emitting it back out the opaque outbound interface.

I use cryptographic devices everyday, and TCPA is not different than the
present situation. No better, no worse.

-- 
Erwann ABALEA <erwann at abalea.com> - RSA PGP Key ID: 0x2D0EABD5




From pgut001 at cs.auckland.ac.nz  Wed Feb  2 20:53:22 2005
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Thu, 03 Feb 2005 17:53:22 +1300
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <BAY24-F3126D05CF303FD1D549BBA9B7D0@phx.gbl>
Message-ID: <E1CwYza-0001q1-00@medusa01.cs.auckland.ac.nz>

"Tyler Durden" <camera_lumina at hotmail.com> writes:
 
>That "chip"...is it likely to be an ASIC or is there already such a thing as
>a security network processor? (ie, a cheaper network processor that only
>handles security apps, etc...)
> 
>Or could it be an FPGA?

Neither.  Currently they've typically been smart-card cores glued to the 
MB and accessed via I2C/SMB.

Peter.




From cripto at ecn.org  Thu Feb  3 13:25:28 2005
From: cripto at ecn.org (Anonymous)
Date: Thu,  3 Feb 2005 22:25:28 +0100 (CET)
Subject: Dell to Add Security Chip to PCs
Message-ID: <171698b6a6b2c59c7b495fd1259d66b0@ecn.org>

I spent considerable time a couple years ago on these lists arguing
that people should have the right to use this technology if they want.
I also believe that it has potential good uses.  But let's be accurate.

> Please stop relaying FUD. You have full control over your PC, even if this
> one is equiped with a TCPA chip. See the TCPA chip as a hardware security
> module integrated into your PC. An API exists to use it, and one if the
> functions of this API is 'take ownership', which has the effect of
> erasing it and regenerating new internal keys.

It is not true that the TPM_TakeOwnership command erases and regenerates
the internal keys.  It does generate a new Storage Root Key, which is
used for encrypting local data.  But the main controversy around TC is
the Remote Attestation feature.  That uses a key called the Endorsement
Key, EK.  It is an RSA public key generated on chip at manufacture
time, before it comes into the user's hands.  The manufacturer issues a
certificate on the public part of the EK, called the PUBEK.  This key is
then used (in a somewhat roundabout manner) to issue signed statements
which attest to the software state of the machine.  These attestations
are what allow a remote server to know if you are running a client
software configuration which the server finds acceptable, allowing the
server to refuse service to you if it doesn't like what you're running.
And this is the foundation for DRM.

The point is that the user can't change the PUBEK.  Only one is generated
per chip, and that is the only one which gets a certificate from the
manufacturer.  The private part of this key never leaves the chip and no
one, not the user and not the manufacturer, ever learns the private key.

Now, my personal perspective on this is that this is no real threat.
It allows people who choose to use the capability to issue reasonably
credible and convincing statements about their software configuration.
Basically it allows people to tell the truth about their software in a
convincing way.  Anyone who is threatened by the ability of other people
to tell the truth should take a hard look at his own ethical standards.
Honesty is no threat to the world!

The only people endangered by this capability are those who want to be
able to lie.  They want to agree to contracts and user agreements that,
for example, require them to observe DRM restrictions and copyright
laws, but then they want the power to go back on their word, to dishonor
their commitment, and to lie about their promises.  An honest man is
not affected by Trusted Computing; it would not change his behavior in
any way, because he would be as bound by his word as by the TC software
restrictions.

But I guess Cypherpunks are rogues, theives and liars, if my earlier
interactions with them are any guide.  It's an ironic and unfortunate
turn for an organization originally devoted to empowering end users
to use new cryptographic technologies in favor of what was once called
crypto anarchy.  TC is the ultimate manifestation of anarchic behavior,
a technology which is purely voluntary and threatens no one, which
allows people to make new kinds of contracts and commitments that no one
else should have the right to oppose.  And yet Cypherpunks are now arch
collectivists, fighting the right of private individuals and companies
to make their own choices about what technologies to use.  How the worm
has turned.

Another poster writes:
> Please stop relaying pro-DRM pabulum. The only reason for Nagscab is
> restricting the user's rights to his own files.
> Of course there are other reasons for having crypto compartments in your
> machine, but the reason Dell/IBM is rolling them out is not that.

A sad illustration of the paranoia and blinkered groupthink so prevalant
on this mailing list today.  Imagine, Dell is providing this chip as part
of a vast conspiracy to restrict the user's rights to his own files.
Anyone whose grasp on reality is so poor as to believe this deserves
what he gets.

The truth is, frankly, that Dell is providing this chip on their laptops
simply because laptop owners like the idea of having a security chip,
most other laptop companies offer them, and the TCG is the main player
in this space.  Dell is neither seeking to advance my liberatarian goals
nor promoting the conspiracy-theorist vision of taking away people's
control over their computers.  The truth is far more mundane.




From skquinn at speakeasy.net  Thu Feb  3 21:45:01 2005
From: skquinn at speakeasy.net (Shawn K. Quinn)
Date: Thu, 03 Feb 2005 23:45:01 -0600
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <171698b6a6b2c59c7b495fd1259d66b0@ecn.org>
References: <171698b6a6b2c59c7b495fd1259d66b0@ecn.org>
Message-ID: <1107495901.4338.5.camel@xevious>

On Thu, 2005-02-03 at 22:25 +0100, Anonymous wrote:
> The manufacturer issues a certificate on the public part of the EK,
> called the PUBEK.  This key is then used (in a somewhat roundabout
> manner) to issue signed statements which attest to the software state
> of the machine.  These attestations are what allow a remote server to
> know if you are running a client software configuration which the
> server finds acceptable, allowing the server to refuse service to you
> if it doesn't like what you're running. And this is the foundation for
> DRM.

Isn't it possible to emulate the TCPA chip in software, using one's own
RSA key, and thus signing whatever you damn well please with it instead
of whatever the chip wants to sign? So in reality, as far as remote
attestation goes, it's only as secure as the software driver used to
talk to the TCPA chip, right?

-- 
Shawn K. Quinn <skquinn at speakeasy.net>




From arma at mit.edu  Thu Feb  3 22:18:40 2005
From: arma at mit.edu (Roger Dingledine)
Date: Fri, 4 Feb 2005 01:18:40 -0500
Subject: Tor 0.0.9.4 is out
Message-ID: <mailman.1169.1576007655.31620.cypherpunks-legacy@lists.cpunks.org>

Tor 0.0.9.4 fixes a server bug that took down most of the network (if
you're running a server, please upgrade; or if you're running cvs,
please cvs update). It also makes us more robust to running out of
file descriptors.

http://tor.eff.org/download.html

  o Bugfixes on 0.0.9:
    - Fix an assert bug that took down most of our servers: when
      a server claims to have 1 GB of bandwidthburst, don't
      freak out.
    - Don't crash as badly if we have spawned the max allowed number
      of dnsworkers, or we're out of file descriptors.
    - Block more file-sharing ports in the default exit policy.
    - MaxConn is now automatically set to the hard limit of max
      file descriptors we're allowed (ulimit -n), minus a few for
      logs, etc.
    - Give a clearer message when servers need to raise their
      ulimit -n when they start running out of file descriptors.
    - SGI Compatibility patches from Jan Schaumann.
    - Tolerate a corrupt cached directory better.
    - When a dirserver hasn't approved your server, list which one.
    - Go into soft hibernation after 95% of the bandwidth is used,
      not 99%. This is especially important for daily hibernators who
      have a small accounting max. Hopefully it will result in fewer
      cut connections when the hard hibernation starts.
    - Load-balance better when using servers that claim more than
      800kB/s of capacity.

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From ashwood at msn.com  Fri Feb  4 01:54:03 2005
From: ashwood at msn.com (Joseph Ashwood)
Date: Fri, 4 Feb 2005 01:54:03 -0800
Subject: Dell to Add Security Chip to PCs
References: <171698b6a6b2c59c7b495fd1259d66b0@ecn.org>
  <1107495901.4338.5.camel@xevious>
Message-ID: <BAY0-SMTP0440B45E895203B66A0061AC700@phx.gbl>

----- Original Message ----- 
From: "Shawn K. Quinn" <skquinn at speakeasy.net>
Subject: Re: Dell to Add Security Chip to PCs


> Isn't it possible to emulate the TCPA chip in software, using one's own
> RSA key, and thus signing whatever you damn well please with it instead
> of whatever the chip wants to sign? So in reality, as far as remote
> attestation goes, it's only as secure as the software driver used to
> talk to the TCPA chip, right?

That issue has been dealt with. They do this by initializing the chip at the 
production plant, and generating the certs there, thus the process of making 
your software TCPA work actually involves faking out the production facility 
for some chips. This prevents the re-init that I think I saw mentioned a few 
messages ago (unless there's some re-signing process within the chip to 
allow back-registering, entirely possible, but unlikely). It even gets worse 
from there because the TCPA chip actually verifies the operating system on 
load, and then the OS verifies the drivers, solid chain of verification. 
Honestly Kaminsky has the correct idea about how to get into the chip and 
break the security, one small unchecked buffer and all the security 
disappears forever.
                    Joe


Trust Laboratories
Changing Software Development
http://www.trustlaboratories.com 




From dan at doxpara.com  Thu Feb  3 23:02:43 2005
From: dan at doxpara.com (Dan Kaminsky)
Date: Fri, 04 Feb 2005 02:02:43 -0500
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <Pine.LNX.4.58.0502031444000.6276@shining.seclogd.org>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C51@rsana-ex-hq1.NA.RSA.NET>
  <Pine.LNX.4.58.0502021726530.5915@shining.seclogd.org>
  <42016634.2040104@doxpara.com>
  <Pine.LNX.4.58.0502031444000.6276@shining.seclogd.org>
Message-ID: <42031E13.4040205@doxpara.com>

>>Uh, you *really* have no idea how much the black hat community is
>>looking forward to TCPA.  For example, Office is going to have core
>>components running inside a protected environment totally immune to
>>antivirus.
>>    
>>
>
>How? TCPA is only a cryptographic device, and some BIOS code, nothing
>else. Does the coming of TCPA chips eliminate the bugs, buffer overflows,
>stack overflows, or any other way to execute arbitrary code? If yes, isn't
>that a wonderful thing? Obviously it doesn't (eliminate bugs and so on).
>
>  
>
TCPA eliminates external checks and balances, such as antivirus.  As the 
user, I'm not trusted to audit operations within a TCPA-established 
sandbox.  Antivirus is essentially a user system auditing tool, and 
TCPA-based systems have these big black boxes AV isn't allowed to analyze.

Imagine a sandbox that parses input code signed to an API-derivable 
public key.  Imagine an exploit encrypted to that.  Can AV decrypt the 
payload and prevent execution?  No, of course not.  Only the TCPA 
sandbox can.  But since AV can't get inside of the TCPA sandbox, 
whatever content is "protected" in there is quite conspicuously unprotected.

It's a little like having a serial killer in San Quentin.  You feel 
really safe until you realize...uh, he's your cellmate.

I don't know how clear I can say this, your threat model is broken, and 
the bad guys can't stop laughing about it.

>I use cryptographic devices everyday, and TCPA is not different than the
>present situation. No better, no worse.
>  
>
I do a fair number of conferences with exploit authors every few months, 
and I can tell you, much worse.  "Licking chops" is an accurate assessment.

Honestly, it's a little like HID's "radio barcode number" concept of 
RFID.  Everyone expects it to get everywhere, then get exploited 
mercilessly, then get ripped off the market quite painfully. 

--Dan




From ericm at lne.com  Fri Feb  4 06:28:33 2005
From: ericm at lne.com (Eric Murray)
Date: Fri, 4 Feb 2005 06:28:33 -0800
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <1107495901.4338.5.camel@xevious>; from
  skquinn@speakeasy.net on Thu, Feb 03, 2005 at 11:45:01PM -0600
References: <171698b6a6b2c59c7b495fd1259d66b0@ecn.org>
  <1107495901.4338.5.camel@xevious>
Message-ID: <20050204062833.A18148@slack.lne.com>

On Thu, Feb 03, 2005 at 11:45:01PM -0600, Shawn K. Quinn wrote:
> Isn't it possible to emulate the TCPA chip in software, using one's own
> RSA key, and thus signing whatever you damn well please with it instead
> of whatever the chip wants to sign? So in reality, as far as remote
> attestation goes, it's only as secure as the software driver used to
> talk to the TCPA chip, right?

The TCPA chip verifies the (signature on the) BIOS and the OS.
So the software driver is the one that's trusted by the TCPA chip.

Plus the private key is kept in the chip, so it can't
be read by your emulator.  If your emulator picks its own key pair
then its attesations will be detected as invalid by a
relying party that's using the real TCPA public keys.


Eric




From camera_lumina at hotmail.com  Fri Feb  4 07:54:33 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Fri, 04 Feb 2005 10:54:33 -0500
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <42031E13.4040205@doxpara.com>
Message-ID: <BAY24-F19F88A6024FD6159A1E0479B700@phx.gbl>

>I don't know how clear I can say this, your threat model is broken, and the 
>bad guys can't stop laughing about it.

Come on, now...who's going to be better at Security than Microsoft? Since 
bad guys won't be allowed inside the TCPA world then everything's going to 
be just fine.

Seems like the "evil packet" idea will be useful here...bad packets should 
have their "evil bit" set to one, and they won't be alllowed inside.

-TD




From lynn at garlic.com  Fri Feb  4 10:07:32 2005
From: lynn at garlic.com (Anne & Lynn Wheeler)
Date: Fri, 04 Feb 2005 11:07:32 -0700
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <E1CwYza-0001q1-00@medusa01.cs.auckland.ac.nz>
References: <E1CwYza-0001q1-00@medusa01.cs.auckland.ac.nz>
Message-ID: <4203B9E4.5060700@garlic.com>

Peter Gutmann wrote:
> Neither.  Currently they've typically been smart-card cores glued to the 
> MB and accessed via I2C/SMB.

and chips that typically have had eal4+ or eal5+ evaluations. hot topic 
in 2000, 2001 ... at the intel developer's forums and rsa conferences




From lynn at garlic.com  Fri Feb  4 10:12:59 2005
From: lynn at garlic.com (Anne & Lynn Wheeler)
Date: Fri, 04 Feb 2005 11:12:59 -0700
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <Pine.LNX.4.58.0502031431080.6276@shining.seclogd.org>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C51@rsana-ex-hq1.NA.RSA.NET>
  <Pine.LNX.4.58.0502021726530.5915@shining.seclogd.org>
  <Pine.LNX.4.58.0502031431080.6276@shining.seclogd.org>
Message-ID: <4203BB2B.4080102@garlic.com>

Erwann ABALEA wrote:
  > I've read your objections. Maybe I wasn't clear. What's wrong in
> installing a cryptographic device by default on PC motherboards?
> I work for a PKI 'vendor', and for me, software private keys is a
> nonsense. How will you convice "Mr Smith" (or Mme Michu) to buy an
> expensive CC EAL4+ evaluated token, install the drivers, and solve the
> inevitable conflicts that will occur, simply to store his private key? You
> first have to be good to convice him to justify the extra depense.
> If a standard secure hardware cryptographic device is installed by default
> on PCs, it's OK! You could obviously say that Mr Smith won't be able to
> move his certificates from machine A to machine B, but more than 98% of
> the time, Mr Smith doesn't need to do that.
> 
> Installing a TCPA chip is not a bad idea. It is as 'trustable' as any
> other cryptographic device, internal or external. What is bad is accepting
> to buy a software that you won't be able to use if you decide to claim
> your ownership... Palladium is bad, TCPA is not bad. Don't confuse the
> two.

the cost of EAL evaluation typically has already been amortized across 
large number of chips in the smartcard market. the manufactoring costs 
of such a chip is pretty proportional to the chip size ... and the thing 
that drives chip size tends to be the amount of eeprom memory.

in tcpa track at intel developer's forum a couple years ago ... i gave a 
talk and claimed that i had designed and significantly cost reduced such 
a chip by throwing out all features that weren't absolutely necessary 
for security. I also mentioned that two years after i had finished such 
a design ... that tcpa was starting to converge to something similar. 
the head of tcpa in the audience quiped that i didn't have a committee 
of 200 helping me with the design.




From rah at shipwright.com  Fri Feb  4 10:15:15 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 4 Feb 2005 13:15:15 -0500
Subject: Auto-HERF: Car Chase Tech That's Really Hot
Message-ID: <p0611047bbe296c0f4210@[68.167.57.91]>

<http://www.wired.com/news/print/0,1294,66473,00.html>

Wired News


Car Chase Tech That's Really Hot 
By Cyrus Farivar?

Story location: http://www.wired.com/news/autotech/0,2554,66473,00.html

02:00 AM Feb. 03, 2005 PT

If a Los Angeles-area scientist has his way, car chases may become as
antiquated as horse-mounted cavalry.

 James Tatoian, chief executive of Eureka Aerospace in Pasadena,
California, is developing a system that uses microwave energy to interfere
with microchips inside cars. Once the chip is overloaded with excessive
current, the car ceases to function, and will gradually decelerate on its
own, he said.


 "If you put approximately 10 or 15 kilovolts per meter on a target for a
few seconds, you should be able to bring it to a halt," Tatoian said.

 Most cars built in the United States since 1982 have some type of on-board
microprocessor. Today, the processors are advanced enough to control
functions such as fuel injection and GPS equipment.

 Eureka Aerospace's High Power Electromagnetic System consists of a series
of wires arranged in a 5-foot-by-4-foot rectangular array. The interference
is emitted in a conical shape outward from the device.

 Tatoian said that while he is not the first to come up with the idea of
using electromagnetic interference to stop cars, he has been able to reduce
the size and power consumption of such a device so that it would be much
more portable.

 It is small enough such that it could be mounted onto a helicopter, or
onto a law enforcement pursuit vehicle -- an application that interests the
Los Angeles County Sheriff's Department.

 Eureka Aerospace hopes to have a working prototype that the sheriff's
department can test by late summer. The National Institute of Justice and
the U.S. Marine Corps may also be potential early clients. The company's
early tests indicate that the car-stopping device should be functional at a
range of 300 feet.

 Cmdr. Sid Heal, who evaluates technology for the Los Angeles County
Sheriff's Department, said that after seeing a preliminary demonstration of
the device last year, he was very enthusiastic about its prospects.

 "Everybody on the globe is interested in a technology like this," he said.
"Every law enforcement agency and every military agency in the world will
jump on this. I can say that with absolute confidence."

 In current situations where police need to disable a car they are
pursuing, sometimes the officers must resort to spike strips, which are
designed to puncture the vehicle's tires. Heal said that with an
electromagnetic interference system, a potentially dangerous outcome (such
as loss of control from flat tires) could be avoided.

 "The beautiful part of using the (microwave) energy is that it leaves the
suspect in control of the car," he said. "He can steer, he can brake, he
just can't accelerate."

 Another benefit to such a technology, Heal said, is that it would give
officers the ability to pinpoint where they want to stop a car -- on a
freeway overpass, for instance -- which would limit a suspect's
opportunities for escape.

 "It's going to change law enforcement tactics," he said.

 If the technology is able to prove worthy, it may also change the behavior
of potential criminals. Heal said most people who lead police on car chases
have never committed such an act before, and they might think twice if they
recall the presence of such a device.

 "You would automatically remember you can't get away," he said. "What I
think we're going to get is compliance. That would be a breakthrough beyond
anything of what anyone has provided in the past."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From dan at doxpara.com  Fri Feb  4 10:20:50 2005
From: dan at doxpara.com (Dan Kaminsky)
Date: Fri, 04 Feb 2005 13:20:50 -0500
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <017630AA6DF2DF4EBC1DD4454F8EE29704776C5F@rsana-ex-hq1.NA.RSA.NET>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C5F@rsana-ex-hq1.NA.RSA.NET>
Message-ID: <4203BD02.8080701@doxpara.com>

>The best that can happen with TCPA is pretty good -
>it could stop a lot of viruses and malware, for one
>thing.
>
>  
>
No, it can't.  That's the point; it's not like the code running inside 
the sandbox becomes magically exploitproof...it just becomes totally 
opaque to any external auditor.  A black hat takes an exploit, encrypts 
it to the public key exported by the TCPA-compliant environment (think 
about a worm that encrypts itself to each cached public key) and sends 
the newly unauditable structure out.  Sure, the worm can only manipulate 
data inside the sandbox, but when the whole *idea* is to put everything 
valuable inside these safe sandboxes, that's not exactly comforting.

--Dan




From smb at cs.columbia.edu  Fri Feb  4 10:30:59 2005
From: smb at cs.columbia.edu (Steven M. Bellovin)
Date: Fri, 04 Feb 2005 13:30:59 -0500
Subject: Dell to Add Security Chip to PCs 
In-Reply-To: Your message of "Fri, 04 Feb 2005 02:02:43 EST."           
    <42031E13.4040205@doxpara.com> 
Message-ID: <20050204183059.931D43C022A@berkshire.machshav.com>

In message <42031E13.4040205 at doxpara.com>, Dan Kaminsky writes:
>
>>>Uh, you *really* have no idea how much the black hat community is
>>>looking forward to TCPA.  For example, Office is going to have core
>>>components running inside a protected environment totally immune to
>>>antivirus.
>>>    
>>>
>>
>>How? TCPA is only a cryptographic device, and some BIOS code, nothing
>>else. Does the coming of TCPA chips eliminate the bugs, buffer overflows,
>>stack overflows, or any other way to execute arbitrary code? If yes, isn't
>>that a wonderful thing? Obviously it doesn't (eliminate bugs and so on).
>>
>>  
>>
>TCPA eliminates external checks and balances, such as antivirus.  As the 
>user, I'm not trusted to audit operations within a TCPA-established 
>sandbox.  Antivirus is essentially a user system auditing tool, and 
>TCPA-based systems have these big black boxes AV isn't allowed to analyze.
>
>Imagine a sandbox that parses input code signed to an API-derivable 
>public key.  Imagine an exploit encrypted to that.  Can AV decrypt the 
>payload and prevent execution?  No, of course not.  Only the TCPA 
>sandbox can.  But since AV can't get inside of the TCPA sandbox, 
>whatever content is "protected" in there is quite conspicuously unprotected.
>
>It's a little like having a serial killer in San Quentin.  You feel 
>really safe until you realize...uh, he's your cellmate.
>
>I don't know how clear I can say this, your threat model is broken, and 
>the bad guys can't stop laughing about it.
>

I have no idea whether or not the bad guys are laughing about it, but 
if they are, I agree with them -- I'm very afriad that this chip will 
make matters worse, not better.  With one exception -- preventing the 
theft of very sensitive user-owned private keys -- I don't think that 
the TCPA chip is solving the right problems.  *Maybe* it will solve the 
problems of a future operating system architecture; on today's systems, 
it doesn't help, and probably makes matters worse.

TCPA is a way to raise the walls between programs executing in 
different protection spaces.  So far, so good.  Now -- tell me the last 
time you saw an OS flaw that directly exploited flaws in conventional 
memory protection or process isolation?  They're *very* rare.

The problems we see are code bugs and architectural failures.  A buffer 
overflow in a Web browser still compromises the browser; if the 
now-evil browser is capable of writing files, registry entries, etc., 
the user's machine is still capable of being turned into a spam engine, 
etc.  Sure, in some new OS there might be restrictions on what such an 
application can do, but you can implement those restrictions with 
today's hardware.  Again, the problem is in the OS architecture, not in 
the limitations of its hardware isolation.

I can certainly imagine an operating system that does a much better job 
of isolating processes.  (In fact, I've worked on such things; if 
you're interested, see my papers on sub-operating systems and separate 
IP addresses per process group.)  But I don't see that TCPA chips add 
much over today's memory management architectures.  Furthermore, as Dan 
points out, it may make things worse -- the safety of the OS depends on 
the userland/kernel interface, which in turn is heavily dependent on 
the complexity of the privileged kernel modules.  If you put too much 
complex code in your kernel -- and from the talks I've heard this is 
exactly what Microsoft is planning -- it's not going to help the 
situation at all.  Indeed, as Dan points out, it may make matters worse.

Microsoft's current secure coding initiative is a good idea, and from 
what I've seen they're doing a good job of it.  In 5 years, I wouldn't 
be at all surprised if the rate of simple bugs -- the buffer overflows, 
format string errors, race conditions, etc. -- was much lower in 
Windows and Office than in competing open source products.  (I would 
add that this gain has come at a *very* high monetary cost -- training, 
code reviews, etc., aren't cheap.)  The remaining danger -- and it's a 
big one -- is the architecture flaws, where ease of use and 
functionality often lead to danger.  Getting this right -- getting it 
easy to use *and* secure -- is the real challenge.  Nor are competing 
products immune; the drive to make KDE and Gnome (and for that matter 
MacOS X) as easy to use (well, easier to use) than Windows is likely to 
lead to the same downward security sprial.

I'm ranting, and this is going off-topic.  My bottom line: does this 
chip solve real problems that aren't solvable with today's technology?  
Other than protecting keys -- and, of course, DRM -- I'm very far from 
convinced of it.  "The fault, dear Brutus, is not in our stars but in 
ourselves."

		--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb




From rah at shipwright.com  Fri Feb  4 10:34:05 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 4 Feb 2005 13:34:05 -0500
Subject: mmm, petits filous (was Re: NTK now, 2005-02-04)
In-Reply-To: <3.0.6.32.20050204174558.019d8780@127.0.0.1>
References: <3.0.6.32.20050204174558.019d8780@127.0.0.1>
Message-ID: <p0611047fbe29704f410f@[68.167.57.91]>

At 5:45 PM +0000 2/4/05, Dave Green wrote:
>                             mmm, petits filous
>
>         Everyone else likes to worry about Google's gathering
>         conflict of interests, but Verisign's S.P.E.C.T.R.E.-level
>         skills still take some beating. This week, orbiting crypto
>         analysts Ian Grigg and Adam Shostock belatedly pointed out
>         to ICANN that perhaps Verisign couldn't trusted with
>         .net. Why? Well, Verisign these days offers both top level
>         domains and SSL certificate authentication. They also, with
>         their NetDiscovery service - sell ISPs a complete service for
>         complying with law enforcement surveillance orders. So, if an
>         American court demands an ISP wiretap its customers, and the
>         ISP turns that order over to Verisign to do the dirty: well,
>         Verisign can now fake any domain you want, and issue any
>         temporary fake certificate, allowing even SSLed
>         communications to be monitored. What's even more fun is that
>         they are - at least in the US - now moving into providing
>         infrastructure for mobile telephony. Yes, NOT EVEN YOUR
>         RINGTONES ARE SAFE.
>         http://forum.icann.org/lists/net-rfp-verisign/msg00008.html
>                            - you know, this is probably a little late
>         http://iang.org/ssl/
>                             - but then, this is the year of the snail
>         http://www.thefeature.com/article?articleid=101334&ref=5459267
>                                  - stupid network vs stupider company

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From mxe20 at psu.edu  Fri Feb  4 11:30:48 2005
From: mxe20 at psu.edu (Mark Allen Earnest)
Date: Fri, 04 Feb 2005 14:30:48 -0500
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <017630AA6DF2DF4EBC1DD4454F8EE29704776C5F@rsana-ex-hq1.NA.RSA.NET>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C5F@rsana-ex-hq1.NA.RSA.NET>
Message-ID: <4203CD68.1060709@psu.edu>

Trei, Peter wrote:
> It could easily be leveraged to make motherboards
> which will only run 'authorized' OSs, and OSs
> which will run only 'authorized' software.
> 
> And you, the owner of the computer, will NOT
> neccesarily be the authority which gets to decide
> what OS and software the machine can run.
> 
> If you 'take ownership' as you put it, the internal
> keys and certs change, and all of a sudden you
> might not have a bootable computer anymore.
> 
> Goodbye Linux.
> Goodbye Freeware.
> Goodbye independent software development.
> 
> It would be a very sad world if this comes
> to pass.

Yes it would, many governments are turning to Linux and other freeware. 
Many huge companies make heavy use of Linux and and freeware, suddenly 
losing this would have a massive effect on their bottom line and 
possibly enough to impact the economy as a whole. Independent software 
developers are a significant part of the economy as well, and most 
politicians do not want to associate themselves with the concept of 
"hurting small business". Universities and other educational 
institutions will fight anything that resembles what you have described 
tooth and nail.

To think that this kind of technology would be mandated by a government 
is laughable. Nor do I believe there will be any conspiracy on the part 
of ISPs to require to in order to get on the Internet. As it stands now 
most people are running 5+ year old computer and windows 98/me, I doubt 
this is going to change much because for most people, this does what 
they want (minus all the security vulnerabilities, but with NAT 
appliances those are not even that big a deal). There is no customer 
demand for this technology to be mandated, there is no reason why an ISP 
or vendor would want to piss off significant percentages of their 
clients in this way. The software world is becoming MORE open. Firefox 
and Openoffice are becoming legitimate in the eyes of government and 
businesses, Linux is huge these days, and the open source development 
method is being talked about in business mags, board rooms, and 
universities everywhere.

The government was not able to get the Clipper chip passed and that was 
backed with the horror stories of rampant pedophilia, terrorism, and 
organized crime. Do you honestly believe they will be able to destroy 
open source, linux, independent software development, and the like with 
just the fear of movie piracy, mp3 sharing, and such? Do you really 
think they are willing to piss off large sections of the voting 
population, the tech segment of the economy, universities, small 
businesses, and the rest of the world just because the MPAA and RIAA 
don't like customers owning devices they do not control?

It is entirely possibly that a machine like you described will be built, 
  I wish them luck because they will need it. It is attempted quite 
often and yet history shows us that there is really no widespread demand 
for iOpeners, WebTV, and their ilk. I don't see customers demanding 
this, therefor there will probably not be much of a supply. Either way, 
there is currently a HUGE market for general use PCs that the end user 
controls, so I imagine there will always be companies willing to supply 
them.

My primary fear regarding TCPA is the remote attestation component. I 
can easily picture Microsoft deciding that they do not like Samba and 
decide to make it so that Windows boxes simply cannot communicate with 
it for domain, filesystem, or authentication purposes. All they need do 
is require that the piece on the other end be signed by Microsoft. Heck 
they could render http agent spoofing useless if they decide to make it 
so that only IE could connect to ISS. Again though, doing so would piss 
off a great many of their customers, some of who are slowly jumping ship 
to other solutions anyway.


-- 

Mark Allen Earnest
Lead Systems Programmer
Emerging Technologies
The Pennsylvania State University

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]




From rah at shipwright.com  Fri Feb  4 11:37:41 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 4 Feb 2005 14:37:41 -0500
Subject: Parliamentary report flags ID scheme human rights issues
Message-ID: <p06110417be294f4a83f4@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/03/id_scheme_echr_concern/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Internet and Law ; Digital Rights/Digital Wrongs ;

 Original URL: http://www.theregister.co.uk/2005/02/03/id_scheme_echr_concern/

Parliamentary report flags ID scheme human rights issues
By John Lettice (john.lettice at theregister.co.uk)
Published Thursday 3rd February 2005 12:27 GMT

Parliament's Joint Committee on Human Rights has flagged a string of
problems the UK's ID Cards Bill has with the European Convention on Human
Rights, which was incorporated into UK law in 1998. The Committee's report
draws Parliament's attention to "a number of serious questions of human
rights compatibility", and it has written a lengthy note to Home Secretary
Charles Clarke asking for answers to 14 of them by next Monday (7th
February).

Asked this morning if the report meant that it was now time to put ID cards
on hold, a spokesman for the Prime Minister said that international
requirements for biometric passports meant there was a need to go down this
route, and that the Prime Minister believed the legislation satisfied the
UK's commitment to international human rights conventions.

This however is clearly not what the Committee believes. It particularly
questions the extent, justification and proportionality of the information
to be held in the National Identity Register, and points to the potential
for information to be recorded there without the individual's consent. It
also notes that the "designated documents" capability will make
registration effectively compulsory for some groups of people, and that the
intent to phase the scheme in may discriminate against some groups subject
to compulsion.

The extent of disclosure of personal information to service providers in
exchange for the delivery of public services and other reasons, and the
capability for the unlimited extension of powers of disclosure are also
flagged. The Government's approach so far to such criticisms of the scheme
has boiled down to stating that it is confident it complies with human
rights law, and that there will be "safeguards". The Committee's letter to
Clarke however demands clear justifications of the purpose of each of the
points of concern, together with detailed explanations of the safeguards.

Some of of this territory has actually been covered during the extremely
brief Committee stage of the Bill, where Minister Des Browne in particular
fleshed out some of the Government's interpretations and intentions. These
are, however, simply what the Government currently says the Bill is
supposed to do and what it intends to do with it, not what the Bill itself
says, and the Bill emerged from Committee largely unamended.

Also on the human rights and freedom theme, the Office of Government
Commerce has responded to Spy Blog's FOIA request
(http://www.spy.org.uk/spyblog/archives/2005/02/ogc_gateway_rev.html) for
publication of its Gateway Reviews of the ID scheme saying it needs a
further 15 working days "to consider the balance of public interest." Spy
Blog notes that this takes any publication neatly beyond the Third Reading
of the Bill in the Commons on 10th February. Coincidentally (?) Minister
Paul Boateng recently replied to a question from LibDem Home Affairs
spokesman Mark Oaten with: "I am currently reviewing whether there is any
Gateway Review or other OGC review which should be published regarding the
identity cards scheme and I will write to the hon. Member as soon as these
considerations are complete." Which would perhaps be the week after next,
Paul?

So over to Charles Clarke. Will he have a response to the Committee on
Human Rights by Monday, and if so, will it be good enough? The Bill will
almost certainly go through the Commons next week anyway, but if the
Government can't make a convincing stab at the human rights angle,
opposition in the Lords is likely to stregthen.
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb  4 11:37:59 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 4 Feb 2005 14:37:59 -0500
Subject: Tory group report attacks ID scheme as a con trick
Message-ID: <p06110414be294f4582e1@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/03/peter_lilley_id_report/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Internet and Law ; Digital Rights/Digital Wrongs ;

 Original URL: http://www.theregister.co.uk/2005/02/03/peter_lilley_id_report/

Tory group report attacks ID scheme as a con trick
By John Lettice (john.lettice at theregister.co.uk)
Published Thursday 3rd February 2005 17:47 GMT

The Bow Group Tory think tank has published a critique of the ID scheme by
former Minister Peter Lilley MP. Lilley, who has been active in opposition
to the scheme in Parliament, echoes Privacy International's suggestion that
the ID card could become the Labour Party's poll tax, and the report
provides a succinct primer to the flaws of the scheme. But it's Lilley's
parliamentary and ministerial experience that makes the report particularly
interesting.

He notes that in opposition (in 1995) one Tony Blair said: "Instead of
wasting hundreds of millions of pounds on compulsory ID cards as the Tory
Right demand, let that money provide thousands more police officers on the
beat in our local communities", which is of course just slightly different
from the current line. Lilley contends that "his change of heart is
entirely cynical. It reflects government by focus group. The focus groups
showed that the public felt the government had failed on crime and
immigration; the Conservatives were trusted to do better; and Michael
Howard was a successful Home Secretary who reduced both crime and
immigration. Focus groups also showed that the public believed ID cards
would help tackle both problems. So Blair is pressing ahead with ID cards
to create the impression that he is being tough on crime and immigration.
Having adopted the idea cynically, the government embraced them
wholeheartedly because ID cards fit squarely within the New Labour mould.
They have the smack of modernity - witness Ministers' talk of biometrics,
smart cards and new technology; they are nakedly populist; they make
Britain more like our European neighbours, many of whom have identity card
schemes of one sort or another; and they reflect New Labour's desire to
nanny and control us."

Which is an argument, certainly. Lilley the politician also notes a telling
signpost in the ID Bill's Regulatory Impact Assessment, which says: "The
government wants to encourage lawful migration into the country... In
sustaining and perhaps increasing current levels of lawful migration, it is
important to retain the confidence of the resident population". The
assessment says ID cards will help achieve this by convincing people "that
immigration controls will not be abused".

"In other words," says Lilley, "if the government mounts a high profile
campaign against 'abuse of immigration controls' the public will not
realise that it is actually 'encouraging' and 'increasing' the present
unprecedented level of immigration."

Perception management of this sort chimes with David Blunkett's explanation
of the need to deal with perception of threat, as opposed to reality, here
(http://www.theregister.co.uk/2004/11/21/blunkett_internet_ban/) (where
you'll also see the first sighting of ASBOs for terror suspects, which are
now likely to be deployed as Clarke control orders for Belmarsh prisoners),
and with his explanation of pre-emptive measures
(http://www.theregister.co.uk/2004/11/16/blunkett_be_afraid/) as a response
to fear. And also, of course, with the news that the Home Office is
actively trying to measure fear levels.
(http://www.theregister.co.uk/2005/01/11/lander_harm_model/) So there's
ample support for Lilley's pitch that the ID scheme is just a hugely
expensive exercise in mass perception management, whether or not you agree
with him that immigration levels should be reduced.

Lilley makes several other useful points, notably that asylum seekers have
had biometric ID cards anyway since 2002, and that detected illegal
immigrants would simply have to claim asylum in order to get one. The
Government's lack of success in actually removing many illegal immigrants
from the country, says Lilley, means that in these circumstances most of
them can stay indefinitely. Coincidentally, in a parliamentary answer a few
days ago Immigration Minister Des Browne explained the Government's failure
to achieve its 30,000 removals target (10,780 were achieved in 2002) thus:
"The 30,000 removals target was set to drive up performance and to achieve
a real step change in the number of failed asylum seekers being removed. We
have since accepted that it was not achievable." Which does sound a bit
like an admission that it was perception management and was never expected
to be achieved in the first place.

The Bow Group site
(http://www.bowgroup.org/cgi-bin/page.pl?page=about/index.html) doesn't yet
have a copy of the full report, but it will no doubt be posted there in the
near future.

ID cards extra: The Portuguese Government is to introduce an electronic ID
card in order to tackle forgery of its existing cards. Fakes Portuguese
cards, it has emerged, have been widely used by Brazilian illegal
immigrants in order to work in the UK. There is as yet no introduction
date, so at around $75 the current fakes remain an excellent deal for the
wannabe European citizen. France meanwhile has launched a public debate on
its proposed electronic ID card, INES (identiti nationale ilectronique
sicurisie). The French card is also being pitched as a secure successor to
the current card, but France is majoring on its use as a means of enabling
secure electronic ID from the citizen's point of view (i.e. it helps you,
as opposed to your needing to have it in order to get stuff from the
Government). There's a very readable (if you read French) consultation
document here,
(http://www.foruminternet.org/telechargement/forum/pres-prog-ines-20050201.pdf)
and a live citizen's discussion forum with a credible level of activity
(how different from the sites of our own dear Home Office) here.
(http://www.foruminternet.org/forums/list.php?f=16) .


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From eugen at leitl.org  Fri Feb  4 06:10:49 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 4 Feb 2005 15:10:49 +0100
Subject: Tor 0.0.9.4 is out (fwd from arma@mit.edu)
Message-ID: <20050204141049.GH1404@leitl.org>

----- Forwarded message from Roger Dingledine <arma at mit.edu> -----


From mdpopescu at yahoo.com  Fri Feb  4 05:36:09 2005
From: mdpopescu at yahoo.com (Marcel Popescu)
Date: Fri, 4 Feb 2005 15:36:09 +0200
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <171698b6a6b2c59c7b495fd1259d66b0@ecn.org>
Message-ID: <200502041335.j14DZpYF000495@positron.jfet.org>

> From: owner-cypherpunks at Algebra.COM [mailto:owner-cypherpunks at Algebra.COM]
> On Behalf Of Anonymous

> The only people endangered by this capability are those who want to be
> able to lie.  They want to agree to contracts and user agreements that,
> for example, require them to observe DRM restrictions and copyright
> laws, but then they want the power to go back on their word, to dishonor
> their commitment, and to lie about their promises.

This assumes an US world, which is - to say the least - a little unreal. In
my country, contracts are void unless signed in the official language. That
means that, even if I want to agree to the license, I can't legally do so -
because it's in English. Which means that I can click on "I agree" WITHOUT
legally agreeing to anything - and everybody knows that.

> An honest man is
> not affected by Trusted Computing; it would not change his behavior in
> any way, because he would be as bound by his word as by the TC software
> restrictions.

Only in the US and related countries :) We are not bound, legally or even
morally, by a contract in a foreign language - there are people who bought
Windows or some other software even though they don't speak an iota of
English. (Furthermore, I wrote a little application which can change the
caption of a button - so I can change it to "I do not agree" (or the
equivalent in my language) before installing whatever I'm installing. Do you
think that's good enough? <g>)

> And yet Cypherpunks are now arch
> collectivists, fighting the right of private individuals and companies
> to make their own choices about what technologies to use.  How the worm
> has turned.

BS, of course. As has already been explained here, we are paranoids - we try
to defend against the worst that could happen, not against the best. 

> A sad illustration of the paranoia and blinkered groupthink so prevalant
> on this mailing list today.

Today? You're new here, right? Paranoia is the motto of the cypherpunks :)

> Imagine, Dell is providing this chip as part
> of a vast conspiracy to restrict the user's rights to his own files.

It's not THAT vast. The mere idea that it is NOT a conspiracy, OTOH, is
plainly ridiculous. They've been at it for several years, and everyone here
should know that.

> The truth is, frankly, that Dell is providing this chip on their laptops
> simply because laptop owners like the idea of having a security chip,

No really? Name five of these laptop owners. (No, that was rethorical. Your
phrase was information-free.)

> most other laptop companies offer them, and the TCG is the main player
> in this space.

Name other five (out of the "most") laptop companies offering this chip in
their laptops. (This is NOT rethorical, I'm really curious.)

> Dell is neither seeking to advance my liberatarian goals
> nor promoting the conspiracy-theorist vision of taking away people's
> control over their computers.  The truth is far more mundane.

Profit is a very good tool, for both good and evil. In this case, they see
profit in doing something that can ultimately be used against consumers. We
comment on that, nothing more. Then again, if the consumers catch on the
trick, profit will dictate that they remove it. <g>

Marcel


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.8.5 - Release Date: 2/3/2005




From rah at shipwright.com  Fri Feb  4 14:34:50 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 4 Feb 2005 17:34:50 -0500
Subject: ACLU (Road) Pizza
Message-ID: <p061104c0be29a2e71cdb@[68.167.57.91]>

Wherein the ACLU pitches us with the flash-pizza from hell:

<http://www.adcritic.com/interactive/view.php?id=5927>



I suppose I might actually give a damn about the above scenario if a
*business* was able to obtain all that information from other *businesses*
on an open market, from information *I* gave to those businesses in the
first place, up to, and including, an insurance company -- though I doubt
that we'd have "health" insurance, except that for catastrophic events, if
such "insurance" weren't deductible from a confiscatory business tax
return. I suppose we should be grateful that we don't have "food
insurance", like they used to have in, say, the Soviet Union.



As I've said many times before, modern financial cryptography was invented
by leftist professors to "free" us from evil capitalists. In splendid
irony, it was immediately seized upon and evangelized by
anarcho-capitalists, to free us from that very model of a modern
slave-master: the state.


Of course, the market will determine, as always, whether we'll be free or
slaves, and if so, to the state, to "capitalists", or whomever.


Fortunately, the trend of history, almost since the forcible capture of
sedentary proto-agrarian society by "princes" 12,000 years ago, has been
one of increasing liberty from such "bandits who don't move". One can hope,
and maybe soon, that strong financial cryptography will free all of us,
once and for all, from the tyranny of such monopolistic force "markets",
and trade *will* finally be free, once and for all.

When it does happen, it won't be lawyers who do it though. Especially
"public interest" lawyers like the ACLU. It will be the engineers who will
use the weapon of the cryptographer's mathematics to save us from the
state-constructed tyranny of the lawyer's words.

Cheers,
RAH



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From s.schear at comcast.net  Fri Feb  4 18:41:57 2005
From: s.schear at comcast.net (Steve Schear)
Date: Fri, 04 Feb 2005 18:41:57 -0800
Subject: Auto-HERF: Car Chase Tech That's Really Hot
In-Reply-To: <p0611047bbe296c0f4210@[68.167.57.91]>
References: <p0611047bbe296c0f4210@[68.167.57.91]>
Message-ID: <6.0.1.1.0.20050204183914.04cc2e00@mail.comcast.net>

At 10:15 AM 2/4/2005, R.A. Hettinga wrote:

>  "The beautiful part of using the (microwave) energy is that it leaves the
>suspect in control of the car," he said. "He can steer, he can brake, he
>just can't accelerate."

Sorry Charlie, but I think newer vehicles are moving to fly-by-wire 
steering, especially hybrids that don't have an internal combustion engine 
running all the time so they can't easily use traditional hydraulic servo 
steering.

Steve 




From jamesd at echeque.com  Fri Feb  4 19:07:12 2005
From: jamesd at echeque.com (James A. Donald)
Date: Fri, 04 Feb 2005 19:07:12 -0800
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <171698b6a6b2c59c7b495fd1259d66b0@ecn.org>
Message-ID: <4203C7E0.13803.96055BB@localhost>

    --
On 3 Feb 2005 at 22:25, Anonymous wrote:
> Now, my personal perspective on this is that this is no real
> threat. It allows people who choose to use the capability to
> issue reasonably credible and convincing statements about
> their software configuration. Basically it allows people to
> tell the truth about their software in a convincing way.
> Anyone who is threatened by the ability of other people to
> tell the truth should take a hard look at his own ethical
> standards. Honesty is no threat to the world!
>
> The only people endangered by this capability are those who
> want to be able to lie.  They want to agree to contracts and
> user agreements that, for example, require them to observe
> DRM restrictions and copyright laws, but then they want the
> power to go back on their word, to dishonor their commitment,
> and to lie about their promises.  An honest man is not
> affected by Trusted Computing; it would not change his
> behavior in any way, because he would be as bound by his word
> as by the TC software restrictions.

The ability to convincingly tell the truth is a very handy one
between people who are roughly equal.  It is a potentially
disastrous one if one party can do violence with impunity to
the one with the ability to convincingly tell the truth.


    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     6B7i0tiB4vUHqQnAP6nXT2z+B+zLB8624+K6+ENU
     47fFHg6cY0KInzxMe/l+L2c7LqmPZyrwOSZepYIR3




From jason at lunkwill.org  Fri Feb  4 11:35:59 2005
From: jason at lunkwill.org (Jason Holt)
Date: Fri, 4 Feb 2005 19:35:59 +0000 (UTC)
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <Pine.LNX.4.58.0502031440490.6276@shining.seclogd.org>
Message-ID: <Pine.LNX.4.44.0502041930520.25924-100000@potato.zayda.com>

On Thu, 3 Feb 2005, Erwann ABALEA wrote:
> And do you seriously think that "you can't do that, it's technically not
> possible" is a good answer? That's what you're saying. For me, a better
> answer is "you don't have the right to deny my ownership".

Yes, Senator McCarthy, I do in fact feel safer knowing that mathematics
protects my data.  Welcome to cypherpunks.

						-J




From iang at systemics.com  Fri Feb  4 11:43:05 2005
From: iang at systemics.com (Ian G)
Date: Fri, 04 Feb 2005 19:43:05 +0000
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <s201ba7d.066@sinclair.provo.novell.com>
References: <s201ba7d.066@sinclair.provo.novell.com>
Message-ID: <4203D049.4000602@systemics.com>

Ed Reed wrote:

>>I'm just curious on this point.  I haven't seen much
>>to indicate that Microsoft and others are ready
>>for a nymous, tradeable software assets world.
>>    
>>
>
>No, and neither are corporate customers, to a large extent.
>  
>

Right, so my point (I think) was that without some
indication that those people are ready for a nymous,
tradeable assets world, the notion of a trusted
computing base is limited to working for the
Microsofts off the world as the owners of the
content, not to users as the owners of assets.

>Accountability is, in fact, a treasured property of business computing.
> 
>
>Lack of accountability creates things like Enron, Anderson Consulting,
>Oil-for-Food scams, and the missing 9 billion dollars or so of
>reconstruction aid.  It's the fuel that propells SPAM, graft, and
>identity theft.
>
>What I've not seen is much work providing accountability for anonymous
>transactions.
>  
>

I am having trouble with tying in "accountability"
with the above examples.  That doesn't sound like
an accountability issue in the technical sense,
that sounds like a theft problem.  In this sense,
I see two different uses of the word, and they don't
have much of a linkage.

Nymous systems are generally far more accountable
in the technical sense, simply because they give you
the tools to be absolutely sure about your statements.
A nymous account has a an audit trail that can be
traced as far as you have access to the information,
and because the audit trail is cryptographically
secured (by usage of hash and digsigs) a complete
picture can be built up.

This stands in contraposition to systems based on
blinding formulas.  That sort of issued money is
intended to be untraceable and is thus less easily
used to 'account' for everything.  Having said that,
there's no reason why a given transaction can't be
set and stabilised in stone with a digital receipt,
which then can form part of an accounting trail.


But regardless of which system is used (nymous,
blinded or POBA - plain old bank account) the
money can be stolen, statements can be hidden
and fudged, and purposes can be misrepresented,
just like any others...  If there was a reason why
these big companies didn't get into such digital
assets, I'd say it was because they hadn't
succeeded in a form that was 'feel good' enough,
as yet for them.

In which case, I'd say that they would consider
'accountability' to mean 'my accountant won't
think it strange.'

iang

-- 
News and views on what matters in finance+crypto:
        http://financialcryptography.com/




From justin-cypherpunks at soze.net  Fri Feb  4 12:21:47 2005
From: justin-cypherpunks at soze.net (Justin)
Date: Fri, 4 Feb 2005 20:21:47 +0000
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <4203CD68.1060709@psu.edu>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C5F@rsana-ex-hq1.NA.RSA.NET>
  <4203CD68.1060709@psu.edu>
Message-ID: <20050204202146.GB27680@arion.soze.net>

On 2005-02-04T14:30:48-0500, Mark Allen Earnest wrote:
> The government was not able to get the Clipper chip passed and that was 
> backed with the horror stories of rampant pedophilia, terrorism, and 
> organized crime. Do you honestly believe they will be able to destroy 
> open source, linux, independent software development, and the like with 
> just the fear of movie piracy, mp3 sharing, and such? Do you really 
> think they are willing to piss off large sections of the voting 
> population, the tech segment of the economy, universities, small 
> businesses, and the rest of the world just because the MPAA and RIAA 
> don't like customers owning devices they do not control?

They managed with the HTDV broadcast flag mandate.

-- 
"War is the father and king of all, and some he shows as gods, others as
men; some he makes slaves, others free."  --Heraclitus (Kahn.83/D-K.53) 




From rah at shipwright.com  Fri Feb  4 18:27:15 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 4 Feb 2005 21:27:15 -0500
Subject: Sex offender list used to find dates, police say
Message-ID: <p061104eabe29df40419f@[68.167.57.91]>

<http://sfgate.com/cgi-bin/article.cgi?file=/c/a/2005/02/04/BAGV2B5O6P1.DTL&type=printable>

 
          www.sfgate.com          Return to regular view
SANTA CLARA COUNTY
 Sex offender list used to find dates, police say
 Convict on Megan's Law roster charged with misdemeanor
 - Ryan Kim, Chronicle Staff Writer
 Friday, February 4, 2005


While fearful parents were searching the Megan's Law sex offender database
for local molesters, police said Glen Westberg, a registered sex offender
himself, was perusing the internet listing for a very different reason: a
date.

 In what is considered to the first case of its kind in California,
Westberg, 35, of Cupertino was charged Thursday with one misdemeanor count
of illegally accessing the database as a registered sex offender.

 Authorities said Westberg used the newly released on-line database of
registered sex offenders to find potential dates, sending explicit letters
to a handful of offenders in hopes of wooing them for sex.

 Westberg, a twice convicted child molester, was booked into Santa Clara
County Jail on Thursday and faces up to six months in jail and a $1,000
fine, if found guilty.

 "I never would have thought someone would have used this for dating or for
soliciting people," said Santa Clara County prosecutor Steve Fein.

 Bill Ahern, commander of San Mateo County's Sexual Assault Felony
Enforcement task force, said police first learned of Westberg's activities
after a San Mateo County registered sex offender reported receiving a
solicitation on Jan. 14. The letter, one of about five Westberg allegedly
sent out to local sex offenders, explained that Westberg had found the man
on the Megan's Law database and was interested in a date. Ahern said
Westberg had provided an explicit physical description of himself and
directed the man to look him up on the database. He wrote that if the man
was not interested in sex, they could still pursue friendship, said Ahern.

 "The (recipient of the letter) was quite alarmed by it and didn't know
what to think about of the letter," Ahern said. "He didn't know if someone
was trying to get him into trouble."

 Ahern, posing as the man who received the letter, contacted Westberg and
had him meet him at Redwood City Starbucks cafe on Jan. 27. There,
investigators confronted Westberg, who admitted he had used the database
and had sent similar letters to four other Bay Area registered offenders.

 The Megan's Law database, released to the public on Dec. 15, contains the
names and, in many cases addresses and pictures, for 63,000 sex offenders
required by law to register with their local law enforcement agency.
Registered offenders are not allowed to access the site, in part to prevent
them from conspiring with other convicts.

 Westberg earned his way on to the list following two convictions for child
molestation in San Mateo County in 1992 and 1998, Ahern said. Prior to the
release of the list, some law enforcement officials worried that someone
might use the list to take the law into their own hands, said Ahern.

 "Everyone was afraid of vigilantes, but we haven't had that," he said.
"Here, you have an offender trying to abuse other offenders, which is kind
of a strange twist."


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From eugen at leitl.org  Fri Feb  4 13:52:54 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 4 Feb 2005 22:52:54 +0100
Subject: [s-t] bright lights, big computers digest #1
Message-ID: <20050204215254.GV1404@leitl.org>

[from somelist]

> Subject: Re: [s-t] The return of Das Blinkenlight
> Date: Mon, 31 Jan 2005 19:00:49 -0500
>
> >In the early 90's I was a product manager for a (now-defunct) company
> >that made LAN hubs-- this was when a 10Base-T port would cost you a couple
>
>
> This reminded me of a story from a few years ago.
>
> Apparently a lot of modem manufacturers tied the activity light on
> the modem directly to the circuit which modulated the sound.
>
> Then someone realized that with a telescope, and and optical
> transister, one could read that datastream as if hooked to the modem
> directly.
>
> And astonishing numbers of businesses had their modem pools facing
> windows, because the blinkenlights looked impressive.

<http://applied-math.org/optical_tempest.pdf>

Not just modems.  Some Cisco routers, even at megabit rates.  2002
publication, although the research was over the previous couple of
years.

And (for instance) the Paradyne Infolock 2811-11 DES encryptor, which
has an LED on the plaintext data.

How we laughed.

The paper also covers using LEDs (such as keyboard LEDs) as covert
data channels.  And yes, it cites Cryptonomicon.

I'm not sure whether this was more or less cool than Marcus Kuhn's
work on reconstructing CRT displays from reflected light, by reverse
convolution with the impulse-response curves of the various phosphors.
Both papers are fantastic reads, very accessible, very stimulating.

<http://www.cl.cam.ac.uk/~mgk25/ieee02-optical.pdf>

Nick B

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From eugen at leitl.org  Fri Feb  4 14:28:56 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 4 Feb 2005 23:28:56 +0100
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <20050204202146.GB27680@arion.soze.net>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C5F@rsana-ex-hq1.NA.RSA.NET>
  <4203CD68.1060709@psu.edu> <20050204202146.GB27680@arion.soze.net>
Message-ID: <20050204222856.GE1404@leitl.org>

On Fri, Feb 04, 2005 at 08:21:47PM +0000, Justin wrote:

> They managed with the HTDV broadcast flag mandate.

If I film off a HDTV screen with a HDTV camera (or just do single-frame with
a good professional camera) will the flag be preserved?

Watermarks will, but that's the next mass genocide by IP nazis.

--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From eugen at leitl.org  Fri Feb  4 14:57:24 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 4 Feb 2005 23:57:24 +0100
Subject: Secret Data: Steganography v Steganalysis
Message-ID: <20050204225724.GJ1404@leitl.org>

Too lazy to post the full article. No one's going to read it anyway, right?

Link: http://slashdot.org/article.pl?sid=05/02/04/1642249
Posted by: CmdrTaco, on 2005-02-04 18:11:00

   from the fight-of-the-year dept.
   [1]gManZboy writes "Two researchers in China has taken a look at the
   [2]steganography vs. steganalysis arms race. Steganography (hiding
   data) has drawn more attention recently, as those concerned about
   information security have recognized that illicit use of the technique
   might become a threat (to companies or even states). Researchers have
   thus increased study of steganalysis, the detection of embedded
   information."

References

   1. http://www.acmqueue.com/
   2.
http://www.acmqueue.com/modules.php?name=Content&pa=showpage&pid=241&page=1

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From pgut001 at cs.auckland.ac.nz  Fri Feb  4 03:47:58 2005
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Sat, 05 Feb 2005 00:47:58 +1300
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <Pine.LNX.4.58.0502031431080.6276@shining.seclogd.org>
Message-ID: <E1Cx1wM-00031d-00@medusa01.cs.auckland.ac.nz>

Erwann ABALEA <erwann at abalea.com> writes:

>I've read your objections. Maybe I wasn't clear. What's wrong in installing a
>cryptographic device by default on PC motherboards? I work for a PKI 'vendor',
>and for me, software private keys is a nonsense. 

A simple crypto device controlled by the same software is only slightly less
nonsensical.  That is, the difference between software-controlled keys and a
device controlling the keys that does anything the software tells it to is
negligible.  To get any real security you need to add a trusted display, I/O
system, clock, and complete crypto message-processing capability (not just
"generate a signature" like the current generation of smart cards do), and
that's a long way removed from what TCPA gives you.

>You could obviously say that Mr Smith won't be able to move his certificates
>from machine A to machine B, but more than 98% of the time, Mr Smith doesn't
>need to do that.

Yes he will.  That is, he may not really need to do it, but he really, really
wants to do it.  Look at the almost-universal use of PKCS #12 to allow people
to spread their keys around all over the place - any product aimed at a mass-
market audience that prevents key moving is pretty much dead in the water.

>Installing a TCPA chip is not a bad idea. 

The only effective thing a TCPA chip gives you is a built-in dongle on every
PC.  Whether having a ready-made dongle hardwired into every PC is a good or
bad thing depends on the user (that is, the software vendor using the TCPA
device, not the PC user).

Peter.




From cripto at ecn.org  Fri Feb  4 16:15:24 2005
From: cripto at ecn.org (Anonymous)
Date: Sat,  5 Feb 2005 01:15:24 +0100 (CET)
Subject: Dell to Add Security Chip to PCs
Message-ID: <78e62348a8c929c48fb814eccbe472b8@ecn.org>

As far as the question of malware exploiting TC, it's difficult to
evaulate without knowing more details about how the technology ends up
being used.

First there was TCPA, which is now called TCG.  Microsoft spun off their
own version called Palladium, then NGSCB.  But then Microsoft withdrew
NGSCB, and at this point I have no idea whether they will ever offer a
new approach.

Microsoft offered four concepts for its vision, but only two of
them are in the current TCG: Sealed Storage and Remote Attestation.
Microsoft's additional features are Trusted I/O and Process Isolation.
It's possible that TCG may incorporate these eventually, because without
them the security offered by TC is much more limited.

Microsoft's vision for application development under NGSCB involved
splitting programs into two parts, which they called the left hand side
(LHS) and right hand side (RHS).  The LHS was the legacy program, which
had access to the entire Windows API.  It would be responsible for user
interface, I/O, and any non-secure features.  The RHS was the new stuff;
it would run in a special partitioned memory that could not be accessed
even by the OS.  However the RHS would not have access to the full
Windows API, and instead would only get very limited OS support from a
mini-kernel called the Nexus.  The goal was to publish the source of the
Nexus for review and to have it be simple and clean enough to be secure.

Applications would do their security stuff in the RHS modules, which
were called Nexus Computing Agents (NCAs).  These could use the other TPM
features.  They could encrypt data such that only that NCA could decyrpt
it; and they could attest to a remote server or peer about exactly what
NCA was running.  NCAs would also have some kind of secure I/O channel
to input and display devices.  An NCA would be immune to molestation by
virus and malware unless the virus got into the NCA itself, which would
be hard because they were supposed to be relatively small and simple.
Infections elsewhere in the program, in the OS, or in other NCAs would
not propagate to an NCA.

Microsoft's design was sophisticated and (IMO) elegant, and goes far
beyond anything the clumsy, design-by-committee TCG has come up with yet.
Yet NGSCB failed even before it was released.  Experience from early
beta testers was uniformly negative, according to press reports, and the
project was pulled for a redesign.  Nothing has been heard of it for a
year now.

The problem was apparently that this LHS/RHS design was unacceptable to
developers, introducing complexity and requiring a substantial rewrite
of existing applications.  The RHS Nexus API was so primitive that it was
hard to do anything useful there, while LHS functionality was completely
unprotected and received no benefits from the new technology.

So that's where we stand.  Given this uncertainty, it is hard to credit
those who claim that TC will be a golden opportunity for malware.
Nobody really knows what the architecture of TC will be by the time
it is released.  In this respect, Bruce Schneier's comments were the
most accurate and prescient.  Over two years ago he advised adopting a
wait and see attitude, and predicted exactly the kind of revamping and
redesign which is currently underway.

But for the purposes of analysis, let's suppose that Microsoft's original
vision were intact, and that NGSCB with the four features were actually
being deployed.  How might Dan Kaminsky's scenario of an infected
Microsoft Word work out in detail?

First we need to consider how the LHS/RHS split might work for a word
processor.  Most functions are not security related and will be in
the LHS.  Let's imagine a security function.  Suppose a company wants
to have certain documents to always be saved encrypted, and only to be
exchanged (in encrypted form) with other employees also running the secure
Word program.  Nobody would be able to get access to the data except via
this special program.  This could be useful for company-confidental docs.

So we will have an NCA on the RHS which can, under the guidance of
some policy, save documents in encrypted form and locked to the NCA.
No other software will be able to decrypt them because of the Sealed
Storage function of the TPM.  NCA's can exchange documents with matching
NCAs on other computers, using Remote Attestation to verify that the
remote system is running the right software, and to set up a secure comm
channel between the NCAs.  No other software, not even the LHS of Word,
could decrypt the data being exchanged between the NCAs.  And the NCAs
run in secure memory, so that even in an infected computer there will
be no way for the malware to get access to the sensitive data.

So how does Kaminsky's attack work?  He proposes to give some bogus
data to the NCA and infect it.  Now, here's the problem.  The NCA is
a relative small and simple program.  It's not going to have the full
capabilities of the rest of Word.  It has a clean interface and a clean
API to program to.  Everything about the system is designed so that
secure NCAs will be relatively easy to write.

The goal here is to reduce the target size.  Presently the target is the
entire Windows kernel, device drivers, services and all the other things
which run as Administrator.  NCAs and the Nexus will be a much smaller
target, without the burdens of legacy code which make it so hard to
secure a system the size of Windows.  (Of course this same "clean piece
of paper" approach to design is what caused NGSCB to be rejected, but we
are ignoring that for now in this thought experiment.)  This gives us
reason to expect that NCAs and the Nexus will be much harder for virus
writers to hit than the big, fat, juicy target of Windows itself.

But no software is perfect, so let's suppose that some NCAs do have bugs
and can be infected.  Kaminsky is right that these agents would then be
immune to memory-based AV scanners.  Even though the scanners run with
full privileges, they can't see NCA memory.  So this does give a virus
a place to hide.  But what can the virus do?  Remember, NCAs do not
have access to the full Windows API.  They have a much simpler and more
primitive API in the form of the Nexus, and it's primarily oriented around
doing crypto operations.  So a virus can come in and do some crypto.
Big whoop.

It's important to understand that architecturally, it's not like you break
into a "trusted code layer" and can then do whatever you want.  NCAs are
still protected from one another.  The Nexus is protected from NCAs.
The only single point of failure is the Nexus itself, but as I said it
is designed as a micro kernel set up for open review.  This is the one
piece of code they would focus most intently on making bulletproof.

The other problem with breaking into an NCA is that if it changes the
memory footprint of the agent, the agent will lose access to its own
sealed storage.  The sealed data is locked to the hash of the agent, so
if the agent's code is altered, unsealing will no longer be possible.
The virus can't even get access to the sensitive documents the NCA
was protecting.

Based on these considerations, attacking NCAs does not seem to be a
productive avenue for malware writers.  The other possibility is for virus
writers to do as they do now, ignore the RHS and just go after Windows.
As Steve Bellovin points out, they can still delete files, send out
copies of themselves, and wreak other havoc.  What good is TC against
this threat?

The benefit of TC is that data which is secured by NCAs would be immune
to discovery and disclosure by malware which broke into the rest of
the machine.  This could include financial account numbers, passwords,
records and other important documents.  We have already seen viruses
which scan disks for things that look like credit card and account
numbers, and probably these will increase in the future.  Just being
able to have a secure, hardware protected vault for hiding this data
will be an important step forward for security.

Other kinds of applications will also benefit from immunity to malware.
Any network application can use remote attestation to make sure that
its servers, clients or peers are running intact, in secured and
isolated memory, on a TC enabled system.  One example which has been
proposed is secure election software.  It would be crazy to think about
Internet voting with today's PCs, but running a voting client as an NCA
would enable safe voting even on a malware infected PC.  Another idea,
which should be near and dear to the cypherpunk heart, is a TC secured
remailer network.  Each remailer could verify that the others in the net
were running unmolested, and even remailer operators would be unable to
monitor traffic passing through their systems.

TC will not stop the malware threat, but it aims to bypass it, by letting
designers create a new generation of applications which each runs securely
in its own world.  This would stop the worst feature of today's systems,
that a failure in one part of the PC makes the whole thing insecure.
That will be a major step forward for the security and usability of the
next generation of computers.

If the technology is allowed to exist, that is.




From justin-cypherpunks at soze.net  Fri Feb  4 17:19:46 2005
From: justin-cypherpunks at soze.net (Justin)
Date: Sat, 5 Feb 2005 01:19:46 +0000
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <20050204222856.GE1404@leitl.org>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C5F@rsana-ex-hq1.NA.RSA.NET>
  <4203CD68.1060709@psu.edu> <20050204202146.GB27680@arion.soze.net>
  <20050204222856.GE1404@leitl.org>
Message-ID: <20050205011946.GA28354@arion.soze.net>

On 2005-02-04T23:28:56+0100, Eugen Leitl wrote:
> On Fri, Feb 04, 2005 at 08:21:47PM +0000, Justin wrote:
> 
> > They managed with the HTDV broadcast flag mandate.
> 
> If I film off a HDTV screen with a HDTV camera (or just do single-frame
> with a good professional camera) will the flag be preserved?

I don't think so, I think the flag is in the bitstream and doesn't
affect visual output at all.  You still run into significant quality
loss trying to get around it that way.

The point is that HDTV is a popular consumer technology, and the MPAA
and TV networks alone managed to hijack it.

-- 
"War is the father and king of all, and some he shows as gods, others as
men; some he makes slaves, others free."  --Heraclitus (Kahn.83/D-K.53) 




From skquinn at speakeasy.net  Sat Feb  5 00:21:43 2005
From: skquinn at speakeasy.net (Shawn K. Quinn)
Date: Sat, 05 Feb 2005 02:21:43 -0600
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <4203C7E0.13803.96055BB@localhost>
References: <4203C7E0.13803.96055BB@localhost>
Message-ID: <1107591704.4338.13.camel@xevious>

On Fri, 2005-02-04 at 19:07 -0800, James A. Donald wrote:
> The ability to convincingly tell the truth is a very handy one
> between people who are roughly equal.  It is a potentially
> disastrous one if one party can do violence with impunity to
> the one with the ability to convincingly tell the truth.

In other words, NGSCB/Palladium/etc doesn't give you an advantage in the
least when you step onto a playing field tilting heavily in Microsoft's
direction.

-- 
Shawn K. Quinn <skquinn at speakeasy.net>




From cripto at ecn.org  Fri Feb  4 20:34:39 2005
From: cripto at ecn.org (Anonymous)
Date: Sat,  5 Feb 2005 05:34:39 +0100 (CET)
Subject: Dell to Add Security Chip to PCs
Message-ID: <b541a5fa5624f2d6fa04d35d878b0f78@ecn.org>

Eric Murray writes:
> The TCPA chip verifies the (signature on the) BIOS and the OS.
> So the software driver is the one that's trusted by the TCPA chip.

I don't believe this is correct.  The TPM does not verify any signatures.
It is fundamentally a passive chip.  Its only job is to store hashes
of software components that the BIOS, boot loader and OS report to it.
It can then report those hashes in attestations, or perform crypto sealing
and unsealing operations in such a way that sealed data is locked to
those hashes, and can't be unsealed if the hashes are different.

and then asks:
> I have an application for exactly that behaviour.
> It's a secure appliance.  Users don't run
> code on it.  It needs to be able
> to verify that it's running the authorized OS and software
> and that new software is authorized.
> (it does it already, but a TCPA chip might do it better).
>
> So a question for the TCPA proponents (or opponents):
> how would I do that using TCPA?

You might want to look at enforcer.sourceforge.net for some ideas.
They created a Tripwire-like system which does a secure boot and compares
the software that is loaded with "approved" versions.  I don't remember
if they used signatures or hashes for the comparison but presumably
either one could be made to work.

Marcel Popescu's message was mostly content free (I love the way he
thinks its OK to lie as long as it's in English! - remind me never to
trust this guy) but he did ask one non-"rethorical" question:

> Name other five (out of the "most") laptop companies offering this chip in
> their laptops. (This is NOT rethorical, I'm really curious.)

IBM T43 and Thinkpads (over 16 million TPMs shipped as of last year).
HP/Compaq nc6000, nc8000, nw8000, nc4010 notebooks.
Toshiba Dynabook SS LX, Tecra M3 and Portege M205-S810.
Fujitsu Lifebook S7010 and LifeBook E8000 laptops; T4000 and ST5020 tablets.
Samsung X-Series.
NEC VersaPro/VersaProJ.
and now Dell Latitude D410, D610 and D810.




From eugen at leitl.org  Sat Feb  5 02:23:14 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Sat, 5 Feb 2005 11:23:14 +0100
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <20050205011946.GA28354@arion.soze.net>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C5F@rsana-ex-hq1.NA.RSA.NET>
  <4203CD68.1060709@psu.edu> <20050204202146.GB27680@arion.soze.net>
  <20050204222856.GE1404@leitl.org>
  <20050205011946.GA28354@arion.soze.net>
Message-ID: <20050205102314.GV1404@leitl.org>

On Sat, Feb 05, 2005 at 01:19:46AM +0000, Justin wrote:

> > If I film off a HDTV screen with a HDTV camera (or just do single-frame
> > with a good professional camera) will the flag be preserved?
>
> I don't think so, I think the flag is in the bitstream and doesn't
> affect visual output at all.  You still run into significant quality

I know; that was a rhetorical question.

> loss trying to get around it that way.

I doubt the quality loss would be perceivable. What you'll get will be
persistent artifacts which would allow source fingerprinting via digital
forensics.

> The point is that HDTV is a popular consumer technology, and the MPAA
> and TV networks alone managed to hijack it.

I have yet to see a single HDTV movie/broadcast, and I understand most TV
sets can't display anything beyond 800x600.

DVD started with a copy protection, too.

--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From justin-cypherpunks at soze.net  Sat Feb  5 07:57:29 2005
From: justin-cypherpunks at soze.net (Justin)
Date: Sat, 5 Feb 2005 15:57:29 +0000
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <171698b6a6b2c59c7b495fd1259d66b0@ecn.org>
References: <171698b6a6b2c59c7b495fd1259d66b0@ecn.org>
Message-ID: <20050205155729.GA2166@arion.soze.net>

On 2005-02-03T22:25:28+0100, Anonymous wrote:
> The only people endangered by this capability are those who want to be
> able to lie.  They want to agree to contracts and user agreements that,
> for example, require them to observe DRM restrictions and copyright
> laws, but then they want the power to go back on their word, to dishonor
> their commitment, and to lie about their promises.  An honest man is

No, I want the right to fair use of material I buy.  If someone sells
DRM-only material, I won't buy it at anything approaching non-DRM
prices.  In some cases, I won't buy it at all.

My fair use rights should not be held hostage by a stupid majority who
support a DRM-only market.

Maybe the market for music won't support DRM-only products, but I
suspect the market for DVDs and low-sales books will.  The result is
that I won't be able to rip a season's worth of DVDs so I can watch them
all without playing hot potato with the physical DVDs.  I won't be able
to avoid the 15-second copyright warnings, or the useless menu
animations.

Low-sales books may end up being DRM-only, and I _hate_ reading books on
a screen.  Since DRM-only rare books will satisfy some of the market,
there will be even less pressure on physical book publishers to
occasionally reprint them, thus forcing even more people to buy the
DRM'd ebooks.

I bought an ebook on amazon for $1.99 a couple months ago.  The printed
book was $20.  It was very nearly the worst purchase of my life.  I
won't buy a similarly DRM'd ebook every again, for any amount.  The
hassle plus the restrictions aren't worth the $18 savings.

-- 
"War is the father and king of all, and some he shows as gods, others as
men; some he makes slaves, others free."  --Heraclitus (Kahn.83/D-K.53) 




From die at dieconsulting.com  Sat Feb  5 17:20:10 2005
From: die at dieconsulting.com (Dave Emery)
Date: Sat, 5 Feb 2005 20:20:10 -0500
Subject: Dell to Add Security Chip to PCs
In-Reply-To: <20050205102314.GV1404@leitl.org>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C5F@rsana-ex-hq1.NA.RSA.NET>
  <4203CD68.1060709@psu.edu> <20050204202146.GB27680@arion.soze.net>
  <20050204222856.GE1404@leitl.org>
  <20050205011946.GA28354@arion.soze.net>
  <20050205102314.GV1404@leitl.org>
Message-ID: <20050206012010.GB30204@pig.dieconsulting.com>

On Sat, Feb 05, 2005 at 11:23:14AM +0100, Eugen Leitl wrote:
> > The point is that HDTV is a popular consumer technology, and the MPAA
> > and TV networks alone managed to hijack it.
> 
> I have yet to see a single HDTV movie/broadcast, and I understand most TV
> sets can't display anything beyond 800x600.

	Not widespread in Europe yet, but all the big networks in the US
now support it for most or nearly all their prime time schedule and most
big events (sports and otherwise) are now in HDTV in the USA.   Also
more and more cable networks in HDTV and some movie channels. Bandwidth
is the big limitation on satellite and cable, otherwise there would be
even more.

	And HDTV sets are selling well now in the USA.   Most do not yet
have the full 1920 by 1080 resolution, but many are around 1280 by 720
native resolution which works well with the 720p progressive version used
primarily for sports (looks better with fast motion).

> 
> DVD started with a copy protection, too.

	However the really strange thing about the FCC broadcast flag is
that the actual over the air ATSC transport stream on broadcast channels
is mandated by law to be sent *IN THE CLEAR*, no encryption allowed - so
the FCC decision basicly requires any receiver sold to the public
*ENCRYPT* an ITC signal before providing it to the user.    Naturally
this bit of nonsense will go far to make the broadcast flag very
effective indeed at preventing anyone with very modest  sophistication
from capturing the over the air in the clear transport stream and
passing it around on P2P networks or whatever - there is already plenty
of PCI hardware out there to receive ATSC transmissions (MyHD and many
others) and supply the transport stream to software running on the PC.

-- 
   Dave Emery N1PRE,  die at dieconsulting.com  DIE Consulting, Weston, Mass 02493




From cripto at ecn.org  Sat Feb  5 13:12:16 2005
From: cripto at ecn.org (Anonymous)
Date: Sat,  5 Feb 2005 22:12:16 +0100 (CET)
Subject: What is a cypherpunk?
Message-ID: <cdc59edf8e00ae14b3eda1ac8cc9f512@ecn.org>

Justin writes:

> No, I want the right to fair use of material I buy.  If someone sells
> DRM-only material, I won't buy it at anything approaching non-DRM
> prices.  In some cases, I won't buy it at all.

Well, that's fine, nobody's forcing you to buy anything.  But try to think
about this from a cypherpunk perspective.  "Fair use" is a government
oriented concept.  Cypherpunks generally distrust the collectivist wisdom
of Big Brother governments.  What fair use amounts to is an intrustion
of government regulation into a private contractual arrangement.  It is
saying that two people cannot contract away the right to excerpt a work
for purposes of commentary or criticism.  It says that such contracts
are invalid and unenforceable.

Now, maybe you think that is good.  Maybe you think minimum wage is
good, a similar imposition of government regulation to prevent certain
forms of contracts.  Maybe you think that free speech codes are good.
Maybe you support all kinds of government regulations that happen to
agree with your ideological preferences.

If so, you are not a cypherpunk.  May I ask, what the hell are you
doing here?

Cypherpunks support the right and ability of people to live their
own lives independent of government control.  This is the concept
of crypto anarchy.  See that word?  Anarchy - it means absence of
government.  It means freedom to make your own rules.  But part of the
modern concept of anarchy is that ownership of the self implies the
ability to make contracts and agreements to limit your own actions.
A true anarchic condition is one in which people are absolutely free
to make whatever contracts they choose.  They can even make evil,
immoral, wicked contracts that people like you do not approve of.
They can be racists, like Tim May.  They can avoid paying their taxes.
They can take less money than minimum wage for their work.  They can
practice law or medicine without a license.  And yes, they can agree to
DRM restrictions and contract away their so-called fair use rights.

One of the saddest things I've seen on this list, and I've seen it many
times, is when people say that the laws of their country give them the
right to ignore certain contractual elements that they have agreed to.
They think that it's morally right for them to ignore DRM or limitations
on fair use, because their government said so.  I can't describe how
appalling I consider this view.  That anyone, in this day and age,
could consider _government_ as an arbiter of morality is so utterly
bizarre as to be incredible.  And yet not only is this view common, it
is even expressed here on this list, among people who supposedly have
a distrust and suspicion of government.

I can only assume that the ideological focus of this mailing list has
been lost over the years.  Newcomers have no idea what it means to be a
cypherpunk, no sense of the history and purpose which originally drove
the movement.  They blindly accept what they have been force-fed in
government-run schools, that government is an agency for good.

That's one interpretation.  The other is worse.  It's that people on
this list have sold out their beliefs, their ideals, and their morality.
What was the bribe offered to them to make them turn away from the
moral principles which brought them to this list originally?  What was
so valuable that they would discard their belief in self ownership in
favor of a collectivist worship of government morality?  Simply this:
free music and movies.

The lure of being able to download first MP3s and now video files
has been so great that even cypherpunks, the supposed defenders of
individual rights and crypto anarchy, are willing to break their word,
violate their contracts, lie and cheat and steal in order to feed their
addictive habit.  They are willing to do and say anything they have to in
order to get access to those files.  They don't feel the slightest bit of
guilt when they download music and movies in direct contradiction to the
expressed desire of the people who put their heart and soul into creating
those works.  They willingly take part in a vast criminal enterprise,
an enormous machine which takes from the most creative members of our
society without offering anything in return.  And this enterprise is
criminal not by the standards of any government or legal code, but by
the standards of the morality which is the essence of the cypherpunk
worldview: the standard of self ownership, of abiding by one's word,
of honoring one's agreements.

This poisonous activity has penetrated to all parts of internet based
society, and its influence has stolen away what honor the cypherpunks
once possessed.  Its toxic morality ensures that cypherpunks can no
longer present a consistent philosophy, that there is nothing left but
meaningless paranoid rantings.

I challenge anyone here to answer the question of what it means to be
a cypherpunk.  What are your goals?  What is your philosophy?  Do you
even recognize the notion of right and wrong?  Or is it all simply a
matter of doing whatever you can get away with, of grabbing what you can
while you can, of looting your betters for your own short term benefit?

Is that what it means to be a cypherpunk today?  Because that's how it
looks from here.




From mv at cdc.gov  Sat Feb  5 22:52:48 2005
From: mv at cdc.gov (Major Variola (ret))
Date: Sat, 05 Feb 2005 22:52:48 -0800
Subject: Auto-HERF: Car Chase Tech That's Really Hot
Message-ID: <4205BEBF.4F7A7351@cdc.gov>

At 06:41 PM 2/4/05 -0800, Steve Schear wrote:
>At 10:15 AM 2/4/2005, R.A. Hettinga wrote:
>
>>  "The beautiful part of using the (microwave) energy is that it
leaves the
>>suspect in control of the car," he said. "He can steer, he can brake,
he
>>just can't accelerate."
>
>Sorry Charlie, but I think newer vehicles are moving to fly-by-wire
>steering, especially hybrids that don't have an internal combustion
engine
>running all the time so they can't easily use traditional hydraulic
servo
>steering.

Also amusing will be the congealed lenses of bystanders,
dead pacemaker wearers, fried business computers,
in addition to the accidents caused by other disabled cars.
But the cops will get their man, and the rest is collateral damage, put
it on the perp's ticket.

Besides, the ECU is shielded pretty well by the car metal and the unit
itself is shielded from the electrical ignition noise.  But someone
needs to explain that to this "executive" who fancies himself
an inventor and can't wait to suckle Caesar's teat, selling "cyber
terrorist" gizmos to
the man.

Personally I only use the magnetron & horn (concealed in my rooftop
fiberglass luggage holder) on
inconsiderate cell-phone-using drivers.   Better than jamming, because
they get to kiss their
RF front end goodbye, permenantly.  So it helps everyone for several
days, *and* sells
new handsets, helping the economy.   Works on pig radios too.

Also works on the thumpa-thumpa drivers, and when I turn the power up I
find that
Chihauha's skulls are not meant to take internal pressure; a steam
explosion is
pretty messy, and fuzzy dice don't really clean the insides of
windshields terribly well.




From rah at shipwright.com  Sun Feb  6 12:20:51 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 6 Feb 2005 15:20:51 -0500
Subject: Polish spies list leaked
Message-ID: <p061104e4be2c24ac86ec@[68.167.57.91]>

<http://www.stuff.co.nz/stuff/print/0,1478,3179078a12,00.html>

Fairfax New Zealand Limited

Polish spies list leaked

 SUNDAY , 06 FEBRUARY 2005


 WARSAW: Polish spies may be in danger after a list of names from
communist-era files was leaked onto the internet earlier in the week, Prime
Minister Marek Belka says.



 The directory of 240,000 names includes informers, spies and people
questioned by the secret police under communist rule. The archives are held
by the National Remembrance Institute (IPN) but the names were copied by a
journalist and published.

 Speaking after meeting US Secretary of State Condoleezza Rice, Belka said
yesterday it was possible that names of working agents were on the list.

 "I don't want to be alarmist. On the other hand, I would like to treat
with the utmost gravity the possibility of a safety threat to a few or even
just one active security agent, especially abroad," Belka told reporters.

 Poles have flooded the internet trying to find family members on the list.

 But daily paper Trybuna earlier yesterday scolded the journalist, former
anti-communist activist Bronislaw Wildstein, pointing out the potential
threat to spies.

 "The fun has ended. Polish intelligence officers are in danger...
Operations have been suspended, people withdrawn," it wrote in a front page
article headlined "Catastrophe".

 Belka said there would be a meeting between the secret services and the
IPN to establish the precise threat posed.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Sun Feb  6 12:20:57 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 6 Feb 2005 15:20:57 -0500
Subject: Poles clamor to see secret police file index
Message-ID: <p061104e5be2c24ae8760@[68.167.57.91]>

<http://www.suntimes.com/cgi-bin/print.cgi>

www.suntimes.com


Poles clamor to see secret police file index

 February 6, 2005

BY ELA KASPRZYCKA


 WARSAW, Poland -- Prosecutors said Friday they are investigating the leak
of a government index of communist-era secret police files that has landed
on the Internet, creating a frenzy among Poles scrambling to find out if
their names are on the list.

 The uproar over the list, leaked from the institute that makes the files
available to victims, historians and journalists, is all the louder because
names of informers are mingled with those of victims, causing fear it will
stain the innocent.

 Journalist Bronislaw Wildstein hasn't said how he obtained a copy of the
nonpublic list on computer disc from the archives of the state-run National
Remembrance Institute, where he was authorized to conduct research.

 He denies being behind the appearance of the 240,000 names on the Internet
and says he gave it to only a few trusted journalists.

 He has since been fired from the Rzeczpospolita newspaper, which said he
was getting involved in politics. Several right-wing parties have called
for publishing secret police files on the Internet.

 The issue of secret police files touches a nerve in Poland, where having
collaborated with the communist-era authorities is viewed as disgraceful by
many. Nonetheless, when a democratic government took over in 1989-90,
Poland's leaders declined to make a thorough purge of informers from public
life.

 Candidates for public office now must simply declare whether they
collaborated. There's no penalty for such an admission, but those who
falsely deny it and are caught face a 10-year ban from holding office. Some
are calling for a wider-ranging effort to expose former collaborators.

 The institute says theft of the list is illegal, and prosecutors say they
are investigating.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From camera_lumina at hotmail.com  Sun Feb  6 12:23:05 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Sun, 06 Feb 2005 15:23:05 -0500
Subject: What is a cypherpunk?
In-Reply-To: <cdc59edf8e00ae14b3eda1ac8cc9f512@ecn.org>
Message-ID: <BAY24-F66E1E9F265128CDFA274E9B720@phx.gbl>

Well, I agree with the general gist of this post though not it's specific 
application.

OK...a Cypherpunk ultimately believes that technology and, in particular, 
crypto give us the defacto (though, as you point out, not dejure) right to 
certain levels of self-determination and that this 'right' is ultimately 
exerted indepedent of any governing bodies. In the end, most likely despite 
any governing bodies. Moreover, it has been argued (in general fairly well, 
I think) that attempting to exert one's 'rights' through a 'democratically 
elected' mob is rarely much more than mob rule. "We have voted to ransack 
your home." OK, that I think is well understood.

BUT, an essentially Cypherpunkly philosophy does not preclude any kind of 
action in the legal/governing realm, particularly when it's recognized that 
said government can easily make it very difficult to live the way one wants. 
In other words, if Kodos is promising to start curfew laws and make 
possession or use of crypto a crime, I'll probably vote for Kang in the dim 
hopes this'll make a difference.

Things get sticky when you start talking private sector...unlike most 
Cypherpunks I don't subscribe to the doctrine that, 
"Private=Good=Proto-anarchy"...Halliburton is a quasi-government entitity, 
AFAIC, the CEO of which 'needs killing' ASAP. In the US Private industry has 
a way of entangling it's interests with that of the Feds, and vice versa, so 
I don't see any a priori argument against establishing some kind of "rear 
guard" policy to watch the merger and possibly vote once in a while. With 
Palladium it's easy to see the Feds one day busting down your doors when 
they find out you broke open the lock box and tore out their little 
citzen-monitoring daemon inside, which they put in there working with 
Microsoft.

With respect to TCPA, however, I happen to agree with you. IN particular, I 
think most people will put 2 and 2 together and remember that it was 
Microsoft in the first place that (in effect) caused a lot of the security 
problems we see. Watch mass scale defections from Microsoft the moment they 
try a lock-box approach...or rather, the moment the first big 
hack/trojan/DoS attack occurs leveraging the comfy protection of TCPA.

-TD

>From: Anonymous <cripto at ecn.org>
>To: cypherpunks at al-qaeda.net
>Subject: What is a cypherpunk?
>Date: Sat,  5 Feb 2005 22:12:16 +0100 (CET)
>
>Justin writes:
>
> > No, I want the right to fair use of material I buy.  If someone sells
> > DRM-only material, I won't buy it at anything approaching non-DRM
> > prices.  In some cases, I won't buy it at all.
>
>Well, that's fine, nobody's forcing you to buy anything.  But try to think
>about this from a cypherpunk perspective.  "Fair use" is a government
>oriented concept.  Cypherpunks generally distrust the collectivist wisdom
>of Big Brother governments.  What fair use amounts to is an intrustion
>of government regulation into a private contractual arrangement.  It is
>saying that two people cannot contract away the right to excerpt a work
>for purposes of commentary or criticism.  It says that such contracts
>are invalid and unenforceable.
>
>Now, maybe you think that is good.  Maybe you think minimum wage is
>good, a similar imposition of government regulation to prevent certain
>forms of contracts.  Maybe you think that free speech codes are good.
>Maybe you support all kinds of government regulations that happen to
>agree with your ideological preferences.
>
>If so, you are not a cypherpunk.  May I ask, what the hell are you
>doing here?
>
>Cypherpunks support the right and ability of people to live their
>own lives independent of government control.  This is the concept
>of crypto anarchy.  See that word?  Anarchy - it means absence of
>government.  It means freedom to make your own rules.  But part of the
>modern concept of anarchy is that ownership of the self implies the
>ability to make contracts and agreements to limit your own actions.
>A true anarchic condition is one in which people are absolutely free
>to make whatever contracts they choose.  They can even make evil,
>immoral, wicked contracts that people like you do not approve of.
>They can be racists, like Tim May.  They can avoid paying their taxes.
>They can take less money than minimum wage for their work.  They can
>practice law or medicine without a license.  And yes, they can agree to
>DRM restrictions and contract away their so-called fair use rights.
>
>One of the saddest things I've seen on this list, and I've seen it many
>times, is when people say that the laws of their country give them the
>right to ignore certain contractual elements that they have agreed to.
>They think that it's morally right for them to ignore DRM or limitations
>on fair use, because their government said so.  I can't describe how
>appalling I consider this view.  That anyone, in this day and age,
>could consider _government_ as an arbiter of morality is so utterly
>bizarre as to be incredible.  And yet not only is this view common, it
>is even expressed here on this list, among people who supposedly have
>a distrust and suspicion of government.
>
>I can only assume that the ideological focus of this mailing list has
>been lost over the years.  Newcomers have no idea what it means to be a
>cypherpunk, no sense of the history and purpose which originally drove
>the movement.  They blindly accept what they have been force-fed in
>government-run schools, that government is an agency for good.
>
>That's one interpretation.  The other is worse.  It's that people on
>this list have sold out their beliefs, their ideals, and their morality.
>What was the bribe offered to them to make them turn away from the
>moral principles which brought them to this list originally?  What was
>so valuable that they would discard their belief in self ownership in
>favor of a collectivist worship of government morality?  Simply this:
>free music and movies.
>
>The lure of being able to download first MP3s and now video files
>has been so great that even cypherpunks, the supposed defenders of
>individual rights and crypto anarchy, are willing to break their word,
>violate their contracts, lie and cheat and steal in order to feed their
>addictive habit.  They are willing to do and say anything they have to in
>order to get access to those files.  They don't feel the slightest bit of
>guilt when they download music and movies in direct contradiction to the
>expressed desire of the people who put their heart and soul into creating
>those works.  They willingly take part in a vast criminal enterprise,
>an enormous machine which takes from the most creative members of our
>society without offering anything in return.  And this enterprise is
>criminal not by the standards of any government or legal code, but by
>the standards of the morality which is the essence of the cypherpunk
>worldview: the standard of self ownership, of abiding by one's word,
>of honoring one's agreements.
>
>This poisonous activity has penetrated to all parts of internet based
>society, and its influence has stolen away what honor the cypherpunks
>once possessed.  Its toxic morality ensures that cypherpunks can no
>longer present a consistent philosophy, that there is nothing left but
>meaningless paranoid rantings.
>
>I challenge anyone here to answer the question of what it means to be
>a cypherpunk.  What are your goals?  What is your philosophy?  Do you
>even recognize the notion of right and wrong?  Or is it all simply a
>matter of doing whatever you can get away with, of grabbing what you can
>while you can, of looting your betters for your own short term benefit?
>
>Is that what it means to be a cypherpunk today?  Because that's how it
>looks from here.




From rah at shipwright.com  Sun Feb  6 12:34:19 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 6 Feb 2005 15:34:19 -0500
Subject: Tory party set to withdraw ID scheme support
Message-ID: <p061104e3be2c24ab8695@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/06/tories_id_flip/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Internet and Law ; Digital Rights/Digital Wrongs ;

 Original URL: http://www.theregister.co.uk/2005/02/06/tories_id_flip/

Tory party set to withdraw ID scheme support
By John Lettice (john.lettice at theregister.co.uk)
Published Sunday 6th February 2005 12:10 GMT

The Tory Party is to withdraw support for the UK's identity card scheme,
following the Government's failure to deal with the 'five tests'
(http://www.theregister.co.uk/2004/12/14/tory_id_support/) the Tories put
forward as a condition of their support. Tory leader Michael Howard
personally favours ID cards, but substantial sections of his party are
either sceptical or totally opposed to them.

According to a report
(http://news.telegraph.co.uk/news/main.jhtml?xml=/news/2005/02/06/nid06.xml)
in today's Sunday Telegraph, short of a face-about by the Government when
the House of Commons votes on the bill on Thursday, the Tories will now
abstain. This may induce more Tory refuseniks to vote against the scheme,
but even if the party line was to oppose rather than abstain, it would
still be approved because of Labour's large majority.

The Liberal Democrats have opposed the scheme throughout the bill's
passage, and Richard Allan MP, who has been arguing the party's case
through the Bill's brief committee stage, has moved a number of amendments
which he expects to be ignored. Allan predicts that the report stage of the
Bill (where the Standing Committee's report back is considered) will take
approximately three to four hours, leaving as little as 30 minutes for the
Commons to consider the Bill prior to the curtain being brought down
(Allan's comments and amendments here
(http://www.richardallan.org.uk/index.php?p=311)).

The Bill will however be likely to run into stiffer opposition in the House
of Lords, where the LibDems have a number of highly competent opponents,
and where Tory opponents may view their party's tiptoeing away from support
as carte blanche to cause mayhem. .

Related Stories:

Tory group report attacks ID scheme as a con trick
(http://www.theregister.co.uk/2005/02/03/peter_lilley_id_report/)
Parliamentary report flags ID scheme human rights issues
(http://www.theregister.co.uk/2005/02/03/id_scheme_echr_concern/)
UK gov ready to u-turn on passport-ID card link?
(http://www.theregister.co.uk/2005/01/19/browne_biometric_passports/)

) Copyright 2005

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From steve49152 at yahoo.ca  Sun Feb  6 14:31:26 2005
From: steve49152 at yahoo.ca (Steve Thompson)
Date: Sun, 6 Feb 2005 17:31:26 -0500 (EST)
Subject: Jim Bell WMD Threat
In-Reply-To: <E1CwVB7-0000F9-00@maynard.mail.mindspring.net>
Message-ID: <20050206223126.23324.qmail@web51807.mail.yahoo.com>

 --- John Young <jya at pipeline.com> wrote: 
> The FBI continues to claim Jim Bell is a WMD threat
> despite having no case against him except in the media,
> but that conforms to current FBI/DHS policy of fictionalizing
> homeland threats.
> 
> 
> http://www.edgewood.army.mil/downloads/bwirp/mdc_appendix_b02.pdf
> 
> See page 16.
> 
> This document was initially prepared in June 2002, updated in June
> 2003. 

Interesting that you say the "FBI/DHS" have a policy of "fictionalizing"
[homeland] "threats", but suggest that Jim Bell is a victim of such
fictionalization rather than an example of a fictionalised threat.

Probably back in about 2001, my Government Cynicism Threat and Alert
System(tm) was upgraded from a rating of Moderate to Near Total Cynicism. 
Consequently, I re-assessed the words I had read concerning the Jim Bell
case and decided that he was a fake threat designed as input to the
legal/policing system in order to push it in a number of well-defined
directions, tending of course towards tyranny.

Nothing that I have seen or heard of since, directly related to Jim Bell
or otherwise, has led me to believe anything other than threats of the
kind that Mr. Bell are supposed to pose are nothing more than
sophisticated and well orchestrated frauds.  In fact, even such incidents
as the Adobe PDF kerfuffle including Dmitri Skylerov and a cast of
pseudo-hacks in the tech press are indicative of the degree to which the
government and certain segments of the industry and online community are
trained to march in lock-step to the tunes as they are called by certain
special interest groups.

Perhaps the RAND institute might be characterised as one of the
organisations that might be said to steer broad trends in fields and
strategic industries of interest to government control-freaks and would-be
plutocrats.

Mind you, I am not necessarily the best or most objective source when it
comes to the analysis of such issues.  As *some* of you know, I allege a
variety of real and utterly indefensable wrongdoings on the part of
various police and government-related officials, but as yet have seen not
the least bit of support come my way despite the value of some of the work
that is at risk.  This is in contrast to petty crap like the RSA script on
a T-shirt bullshit that has previously occupied so many people's
attentions, not to mention media coverage (like "Wired").

But perhaps I am merely not worthy, and that my thoughts on various
matters cannot be trusted, even when they are relevant.  Fraud, after all,
is a rather serious charge.  If one is accusing the Massey Fergeson of the
Industry of perpetrating a massive fraud, then I suppose one requires
rock-solid evidence -- which I admit I cannot possibly produce at this
time.


Regards,

Steve


______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca




From steve49152 at yahoo.ca  Sun Feb  6 15:13:57 2005
From: steve49152 at yahoo.ca (Steve Thompson)
Date: Sun, 6 Feb 2005 18:13:57 -0500 (EST)
Subject: What is a cypherpunk?
In-Reply-To: <BAY24-F66E1E9F265128CDFA274E9B720@phx.gbl>
Message-ID: <20050206231357.6880.qmail@web51802.mail.yahoo.com>

Anonymous wrote:
>I challenge anyone here to answer the question of what it means to be
>a cypherpunk.  What are your goals?  What is your philosophy?  Do you

In this day and age, do you realy expect anyone to answer questions like
that openly and honestly?   Really.  There's a similar and simple label
that gets used and abused by people who might either be technically
competent engineers, or merely script kiddies: hacker.

These days, being a hacker is nearly enough the moral equivalent of being
a Communist in California during the Fifties.  Or a leper.  Note how the
term 'hacker' is normally used, as a perjorative, in writings and speech
found in the mainstream media.  If a journalist for Time Magazine uses the
label 'hacker' in a perjorative context, chances are that a letter-writing
campaign launched in earnest for the purpose of reclaiming the defintion
preferred by engineers, will at best produce a tiny correction buried in a
corner of a subsequent issue.  And then some other writer will make the
same mistake later.  

The same applies to the term `cyperhpunk', only the term is rarely used
outside of the Internet.  Quite frankly, I couldn't care less what label
applies to me.  I'm somewhat knowledgeable on issues that are said to be
characteristic of the focus of 'cypherpunks', but I don't pray every day
with a reading from the Cypherpunk Manifesto.

>even recognize the notion of right and wrong?  Or is it all simply a
>matter of doing whatever you can get away with, of grabbing what you can
>while you can, of looting your betters for your own short term benefit?

Depends on the person, I guess.  

>Is that what it means to be a cypherpunk today?  Because that's how it
>looks from here.

Perhaps a comprehensive survey should be done.  A comprehensive
questionaire in the form of a purity test might do it, as might something
like a geek code for 'cypherpunks'...

Do you read Applied Cryptography?
Have you ever generated a 16 kbit RSA key?
Do you have a picture of Ralph Merkle hanging on the wall in your bedroom?
etc.


Face it.  You aren't going to get straight answers to questions from
highly technical internet sophisticates, even if you ask politely.  They
have better things to do than to justify and explain their ideologies when
in fact such is easily read from the body of their work, and implicit to
their writings.
  

Regards,

Steve


______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca




From popkin at hod.aarg.net  Sun Feb  6 19:18:43 2005
From: popkin at hod.aarg.net (D. Popkin)
Date: Sun, 6 Feb 2005 19:18:43 -0800
Subject: What is a cypherpunk?
References: <cdc59edf8e00ae14b3eda1ac8cc9f512@ecn.org>
Message-ID: <200502070318.j173Ihwa023849@marco.aarg.net>

-----BEGIN PGP SIGNED MESSAGE-----

"Cypherpunks generally distrust the collectivist wisdom ..."

Yes, but Big Brother governments are not the only way such "wisdom"
gets imposed.  Bill Gates came close to imposing it upon all of us,
and if it hadn't been for Richard Stallman and Linus Torvalds, we
might all be suffering under that yoke today.

The genius of Bill Gates is in knowing that most people don't notice
or care that to agree to a EULA is to make a vow of ignorance, and not
being ashamed to stoop to their level.

The true danger of TCPA is not that "free" MP3s and movies will become
unavailable, but the de facto loss of privacy as non-TCPA gear becomes
unavailable or prohibitively expensive.

D. Popkin

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQBVAwUBQgaySPPsjZpmLV0BAQHEhwIAiv9N+F0GSYVB7xXE3Vftiyxgi7PYqNNP
FnAN/nh1CdoLKG0lymhGEOGW8ZAZsKRAzv5FZSal7QUSWRzzZ8qo4w==
=jsCx
-----END PGP SIGNATURE-----




From rah at shipwright.com  Sun Feb  6 18:09:48 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 6 Feb 2005 21:09:48 -0500
Subject: FBI Computers: You Don't Have Mail
Message-ID: <p0611040abe2c7e3c84c6@[68.167.57.91]>

<http://www.msnbc.msn.com/id/6919621/site/newsweek/print/1/displaymode/1098/>
  MSNBC.com

FBI Computers: You Don't Have Mail
By Michael Isikoff and Mark Hosenball
Newsweek


Feb. 14 issue - The FBI's computer woes got even worse last week when
bureau officials were forced to shut down a commercial e-mail network used
by supervisors, agents and others to communicate with the public. The
reason, sources tell NEWSWEEK, was an apparent "cyberintrusion" by an
outside hacker who officials fear had been tapping into supposedly secure
e-mail messages since late last year. FBI spokesmen publicly sought to
downplay the damage, saying the compromised commercial server-maintained by
AT&T-was used exclusively for unclassified and "nonsensitive"
communications that did not involve ongoing investigations. One example,
they said, was notices from public-affairs offices' fbi.gov addresses to
members of the press. But privately, officials were highly concerned-and
recently notified the White House. One top FBI official says he regularly
used his shut-down fbi.gov e-mail account to send messages to state and
local police chiefs. Another source tells news-week that more than 3,000
old and current e-mail accounts were shut down. Others say the same
apparently compromised server also provided accounts to other government
agencies. Justice Department officials, who launched their own cybercrime
investigation into the apparent intrusion, noted that there was no telling
the potential damage at this point, given the common tendency for everybody
to say too much-including making references to law-enforcement "sensitive"
cases-even in theoretically routine e-mails. "This is an eye-opener for all
of us," says one FBI official.

The bigger question, sources say, was how the hackers penetrated the
bureau's e-mails-and why it took the FBI so long to notify the rest of the
government. The FBI e-mail system was erected with firewalls that were
supposed to prevent even sophisticated hackers from penetrating. But while
officials stressed there was no evidence that the apparent intruder or
intruders were part of any terrorist or foreign intelligence organization,
the authorities were still baffled as to how they got into the system.
According to sources familiar with the investigation, one suspicion is that
hackers either used sophisticated "password cracking" software that tries
out millions of password combinations or somehow eavesdropped on Internet
transmissions. Over the weekend, NEWSWEEK has learned, the Department of
Homeland Security posted a computer-security alert to agencies throughout
the federal government urging e-mail users to be more careful about
choosing their passwords by avoiding obvious clues-like nicknames,
initials, children's names, birth dates, pet names or brands of car. "Such
information can be easily obtained and used to crack your password," the
bulletin states.

The e-mail compromise couldn't have come at a worse time for the bureau.
Just last week, the Justice Department inspector-general released a report
sharply criticizing the FBI's management of its new Virtual Case File
computer system-a $170 million software upgrade that bureau officials now
concede they may have to -scrap. The VCF system was supposed to make it
much easier for agents to electronically access vital information relating
to ongoing cases in different FBI offices. But the I.G. found that poor
planning and ineffective management have resulted in a system that is
nearly unworkable. FBI chief Robert Mueller, who sources say has personally
briefed President George W. Bush on the matter, took responsibility "at
least in part" for the fiasco before a Senate subcommittee. "No one is more
frustrated and disappointed than I," he said.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Sun Feb  6 18:18:48 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 6 Feb 2005 21:18:48 -0500
Subject: Interview with Ward Churchill
Message-ID: <p06110413be2c7fcfe329@[68.167.57.91]>

>I want the state gone: transform the situation to U.S. out of North
>America. U.S. off the planet. Out of existence altogether.


Cheers,
RAH
-------

<http://www.satyamag.com/apr04/churchill.html>  

 
Satya April 04
 
Dismantling the Politics of Comfort
The Satya Interview with Ward Churchill


Photo ) AK Press

Ward Churchill is perhaps one of the most provocative thinkers around. A
Creek and enrolled Keetoowah Band Cherokee, Churchill is a longtime Native
rights activist. He has been heavily involved in the American Indian
Movement and the Leonard Peltier Defense Committee. He is Professor of
Ethnic Studies at the University of Colorado and has served as a delegate
to the UN Working Group on Indigenous Populations.

 One of Churchill's areas of expertise is the history of the U.S.
government's genocide of Native Americans-the chronic violation of treaties
and systematic extermination of North American indigenous populations. His
many books include A Little Matter of Genocide: Holocaust and Denial in the
Americas: 1492 to Present (1998) and The COINTELPRO Papers: Documents from
the FBI's Secret Wars Against Dissent in the U.S. (2nd edition, 2002). His
new book, On the Justice of Roosting Chickens: Reflections on the
Consequences of U.S. Imperial Arrogance and Criminality, was just published
by AK Press (www.akpress.org).

 As a member of a people who have been on the receiving end of violence,
Churchill has a rather distinct perspective of the U.S. and the
effectiveness of political dissent and social change. Ward Churchill
recently shared some of his views with Catherine Clyne.

 This issue of Satya is trying to push the debate about whether or not
violence is an appropriate means for a desired end. With animal activists,
there's a growing gap between people who feel it's not and others who feel
that, for example, breaking into laboratories to liberate animals or
burning down property is an effective way to stop abuse.
 Well, that's an absurd framing in my view. Defining violence in terms of
property-that basically nullifies the whole notion that life is sacred.
People who want to elevate property to the same level of importance as life
are so absurd as to be self-nullifying.

Some people feel that those who abuse animals or people negate their right
to consideration and open themselves up to physical violence. What's your
response to this?
 The individuals who are perpetrators in one way or another, the "little
Eichmanns"* in the background-the technocrats, bureaucrats, technicians-who
make the matrix of atrocity that we are opposing possible are used to
operating with impunity. If you're designing thermonuclear weapons, you're
subject to neutralization, in the same sense that somebody who is engaged
in homicide would be, in terms of their capacity to perpetrate that
offense. One or two steps removed should not have the effect of immunizing.
Otherwise, only those who are in the frontline-usually the most expendable
in the systemic sense-are subject to intervention. None of the
decision-makers, the people who make it possible, would be subject to
intervention that would prevent their action in any way at all.

That brings me to one question, which is, in general, people like to think
they're pretty decent. They don't like to think of themselves as violent or
complying with a system that is oppressive...
 Heinrich Himmler viewed himself in exactly that way. He was a family man,
he had high moral values, he'd met his responsibilities, blah, blah, blah-a
good and decent man in his own mind.

 Do you think that applies to most American people?
 In the sense that it applied to most Germans [during the Third Reich].

 Your recent works detail the documentable history of the consequences of
U.S. imperialism. After reading On the Justice of Roosting Chickens and
listening to your two CDs, what do you want your audience to walk away with?
 A fundamental understanding of the nature of their obligation to intervene
to bring the kind of atrocities that I've described to a halt by whatever
means are necessary.

 The predominating absurdity in American oppositional circles for the past
30 years is the notion that if one intervenes to halt a rape or a murder in
progress, if you actually use physical force as necessary to prevent that
act, somehow or other you've become morally the same as the perpetrator.

What do you think those oppositional circles need to do to really effect
change?
 Stop being preoccupied with the sanctity of their own personal security,
on the one hand, and start figuring out what would be necessary. That might
require experimentation with tactics and techniques. Not how, like an
alchemist, you repeat the performance often enough to make yourself feel
good in the face of an undisturbed continuation of the horror you're
opposing. If your candlelit vigil doesn't bring the process you're opposing
to a halt, what do you do next, presuming you actually desired to have an
effect.

 Let's just presume that, in this case.
 That's not a safe presumption. There's a whole feel-good ethic out there.
It's not [to] effect any substantive change. It's to bear moral witness to
make the person feel good, to assuage their conscience in exactly the
fashion you were talking about: they can then posture as good and decent
people, while engaged in active complicity in the crimes they purportedly
oppose. Complicity of acquiescence: that's the "Good German Syndrome."

 You move on. Rather than a vigil, you hold a rally. When that doesn't do
it either, you march around, do petitions, letters, you hold alternative
educational fora, you try to build bridges with people; you do whatever.
None of that works.

 The obligation is not to be personally pure. The obligation is to effect a
measurable change.

 Some argue that the ten million people who gathered last year on February
15th to stop a U.S. invasion of Iraq didn't really amount to much in terms
of tangible results. Is there a precedent of experimentation you think
people are not looking at?
 If you conduct your protest activities in a manner which is sanctioned by
the state, the state understands that the protest will have no effect on
anything.

 You can gauge the effectiveness-real or potential at least-of any line of
activity by the degree of severity of repression visited upon it by the
state. It responds harshly to those things it sees as, at least
incipiently, destabilizing. So you look where they are visiting repression:
that's exactly what you need to be doing.

 People engaged in the activity that is engendering the repression are the
first people who need to be supported-not have discussion groups to
endlessly consider the masturbatory implications of the efficacy of their
actions or whether or not they are pure enough to be worthy of support.
They are by definition worthy. Ultimately, the people debating continuously
are unworthy. They are apologists for the state structure; [and] in
[effect], try to convince people to be ineffectual.

 Nonviolent action can be effectual when harnessed in a way that is
absolutely unacceptable to the state: if you actually clog the freeways or
occupy sites or whatever to disrupt state functioning with the idea of
ultimately making it impossible for the state to function at all, and are
willing to incur the consequences of that. That's very different from
people standing with little signs, making a statement. Statements don't do
it. If [they] did, we would have transformed society in this country more
than a century ago.

 What do you think holds people back?
 For all the rhetoric, there is no nonviolent context operating here-not at
all. The more you become in any sense effectual, you're going to be
confronted with the violence of the state to maintain order of a sort that
perpetuates its functioning. So nonviolence renders one vulnerable to the
lethal counter-force of the state. So there's tangible fear. It's
basically, politically a consecration or concession of physical force to
the state by those who purport to oppose the state.

 Even if there is a sort of inchoate understanding of a position of
privilege in society, coming from an economically affluent background, if
you're not going to face physical violence, ultimately, you are subject to
consequences which are not physical: an erosion of your privilege, a making
of your life more uncomfortable. Basically, nonviolence as it is practiced,
espoused in the U.S., is not Gandhian. Gandhi never articulated anything
that precluded personal sacrifice. This is a non-Gandhian appropriation of
his principles for the purpose of confirming personal comfort. So it's a
politics of the comfort zone.

 What are some of the solutions? Extreme events, like 9/11 and the invasion
of Iraq, have mobilized people out of such complacency, albeit temporarily.
 I don't have a ready answer for that. One of the things I've suggested is
that it may be that more 9/11s are necessary. This seems like such a
no-brainer that I hate to frame it in terms of actual transformation of
consciousness. 'Hey those brown-skinned folks dying in the millions in
order to maintain this way of life, they can wait forever for those who
purport to be the opposition here to find some personally comfortable and
pure manner of affecting the kind of transformation that brings not just
lethal but genocidal processes to a halt.' They have no obligation-moral,
ethical, legal or otherwise-to sit on their thumbs while the opposition
here dithers about doing anything to change the system. So it's removing
the sense of-and right to-impunity from the American opposition.

In the case of the Germans during the Third Reich, outside influence could
have altered their course. Do you think there's any place for that in terms
of the U.S.? From Europe or Canada, to kind of kick things along? I'm
thinking of systems that have power and leverage with the U.S.
administration.
 That's looking for a painless fix again. Power and leverage in the
traditional sense are not going to bring fundamental change into being.
Each of those entities is a projector of the same kind of violence, but on
a quantitatively lesser scale than the U.S. However, the nature of their
intervention, based upon their perception of self-interest, is convincing
the U.S. to [change] in a way that will not visit undue consequences upon
them. You'd get cosmetic alterations-policy adjustments and so forth-a
refinement of the system, thus the continuation of the status quo. It would
ultimately create illusions of change and keep people confused.

 Third world opposition on the other hand understands this dynamic much
more clearly. You have to have an eradication of the beast, not a
retraining of the beast's performance.

 I can give a talk to a university in North America, to students and
professors, and they are fundamentally confused about things that are
automatically self-evident to people when you go to a village in Latin
America, where the average educational attainment is third grade. Now why
can these "peasants" automatically grasp concepts that are just beyond the
reach altogether of your average university audience in North America?

Why do you think?
 Partly because it's this fostering of illusion-and it's self-imposed-that
repeating the same process yet again will somehow lead to a fundamentally
different result. We can go through the charade of 'let's elect John Kerry
instead of George Bush,' do things which are essentially painless to us,
and the outcome is going to be different. You don't have politics, you have
alchemy. That's delusional behavior. It's a state of denial in a social
maybe even cultural sense. And that's what's masquerading as progressive
politics.

 Is there a historical example of what could happen here?
There is absolutely no historical precedent that I could name. We're
[within] the belly of the beast. When you destabilize, when there is
genuinely significant fracturing, the actual disintegration of the social
and political order. Everybody goes on about the end of the 60s, but there
nonetheless were conditions indicating substantial instability. The ability
of the U.S. to project power didn't exactly evaporate but it was very
sharply curtailed. But a complete curtailment of the U.S. ability to
project power on a global basis has no historical precedent.

So if it takes eradication of the beast from within, how would you see that
happening?
 Well, first the withdrawal of consent, people imbued with consciousness to
withdraw altogether from an embrace of the state.

 If I defined the state as being the problem, just what happens to the
state? I've never fashioned myself to be a revolutionary, but it's part and
parcel of what I'm talking about. You can create through consciousness a
situation of flux, perhaps, in which something better can replace it. In
instability there's potential. That's about as far as I go with
revolutionary consciousness. I'm actually a de-evolutionary. I don't want
other people in charge of the apparatus of the state as the outcome of a
socially transformative process that replicates oppression. I want the
state gone: transform the situation to U.S. out of North America. U.S. off
the planet. Out of existence altogether.

So what does that look like?
 There's no U.S. in America anymore. What's on the map instead? Well let's
just start with territoralities often delineated in treaties of
fact-territoralities of 500 indigenous nations imbued with an inalienable
right to self-determination, definable territoralities which are
jurisdictionally separate. Then you've got things like the internal
diasporic population of African Americans in internal colonies that have
been established by the imposition of labor patterns upon them. You've got
Appalachian whites. Since the U.S. unilaterally violated its treaty
obligations, it forfeits its rights-or presumption of rights-under
international law. Basically, you've got a dismantlement and devolution of
the U.S. territorial and jurisdictional corpus into something that would be
more akin to diasporic self-governing entities and a multiplicity of
geographical locations. A-ha, chew on that one for awhile.

 There's no overarching authority other than consensus or agreement between
each of these. There has to be a collaborative and cooperative arrangement
rather than something that's centrally organized and arbitrarily imposed.

Is there any precedence for that in human history?
 Well, partial precedence at least. It's not worked out.

 My ancestors did, in fact, generate their agreements voluntarily, serving
their own interests to do so; they did cede territory. Not the territory
that's been taken, but the territory that's been ceded is legitimately in
the ownership of someone else. So there is, in that sense, a place for
different populations, and accommodation arrangement can be made for others.

 It's not a case of returning to things as they were in 1619 or 1606 or
whatever you want to pick from history as being the "pre-here." It's a
matter of reasserting or sustaining the values and understandings that came
with the disposition of things that applied at that time, and reapplying it
or continuing to apply it in a contemporary context. It's a reordering of
relations both between people in the singular, and the rest of the natural
order in a way that is coherent now. It's not everybody who's not in some
sense discernibly native needs to leave in a physical sense. It's that
everybody who is not in some sense native needs to figure out how to
accommodate themselves to life in either a native jurisdiction (as natives
have been accommodating themselves) and existing under somebody else's
jurisdiction. Or, living in a jurisdiction of their own, but one that is
constrained to that legitimate jurisdiction. In other words, not having
arbitrary authority over anybody else's lives, land or resources. To exist
on the basis of the resources available to them in this constricted land
base. A whole reordering of consciousness goes into that.

 A self-defined spirit group in other words cannot assign itself a superior
right to benefit from somebody else's property. That property, I'm using in
the broadest sense, includes their very lives.

What gives you hope?
 What gives me hope is that people are imbued innately with consciousness
and you can potentially reorder that to arrive at an understanding of what
needs to be done. Once the understanding is there, the capacity to do what
necessary is obviously present. So despite the fact that my experience
tells me that it is unlikely (because of the vast preference of the bulk of
the people to indulge themselves personally, rather than engage in
something that might be effective but personally uncomfortable), the
possibility of an alteration in that consciousness, remains always present.
There's where I find hope. That was a somewhat muddled response.

 What would I do in the alternative if I were completely divested of hope?
Collect stamps. The reason to go on with the struggle is why it's work.
It's not an event; it's a process. And if one understands one's place in
the world properly one is obligated to struggle. Struggling, you've got to
have hope that you can succeed. If not in the immediacy of my lifetime,
then to plant the seeds that can reach maturation at some point. Now I have
an obligation to my children and my children's children and generations out
into the future, as do we all, whether we understand it or not.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From skquinn at speakeasy.net  Sun Feb  6 22:30:47 2005
From: skquinn at speakeasy.net (Shawn K. Quinn)
Date: Mon, 07 Feb 2005 00:30:47 -0600
Subject: What is a cypherpunk?
In-Reply-To: <200502070318.j173Ihwa023849@marco.aarg.net>
References: <cdc59edf8e00ae14b3eda1ac8cc9f512@ecn.org> 	
  <200502070318.j173Ihwa023849@marco.aarg.net>
Message-ID: <1107757847.13825.14.camel@xevious>

On Sun, 2005-02-06 at 19:18 -0800, D. Popkin wrote:
> The true danger of TCPA is not that "free" MP3s and movies will become
> unavailable, but the de facto loss of privacy as non-TCPA gear becomes
> unavailable or prohibitively expensive.

Agreed, in part. I don't think it'll fly too well if any hardware
manufacturer builds in TCPA such that only a Microsoft-certified OS will
run on it, for one, it's a bad idea to piss off the geeks (and certainly
there's a higher geek to ordinary user ratio in the free software
world), and also this would be a great way for Microsoft to piss off
even the current (far-right Republican) administration. I would expect
the setting to disable the TCPA chip to be present in new hardware for
as long as TCPA lasts, and indeed, there may be cases where even an
ordinary user would want to disable the TCPA chip.

I personally don't trust Microsoft at all. They had their chance to keep
my trust, and they blew it, big time.

-- 
Shawn K. Quinn <skquinn at speakeasy.net>




From Jenkinssaajl at broadcastindia.com  Sun Feb  6 19:20:50 2005
From: Jenkinssaajl at broadcastindia.com (Jessie Garcia)
Date: Mon, 07 Feb 2005 01:20:50 -0200
Subject: Searching for a true friend
Message-ID: <EM2X45R2513Z060n3k6G08RX806R5C9VZS@netshel.net@hotmail.com>

A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 476 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20050207/c9ed3df3/attachment.txt>

From rah at shipwright.com  Mon Feb  7 06:56:00 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 7 Feb 2005 09:56:00 -0500
Subject: Ireland faces ¤50m e-voting write-off
Message-ID: <p0611043dbe2d31eea24e@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/04/ireland_evoting_bill/print.html>

The Register


 Biting the hand that feeds IT

The Register » Internet and Law » eGovernment »

 Original URL: http://www.theregister.co.uk/2005/02/04/ireland_evoting_bill/

Ireland faces ¤50m e-voting write-off
By electricnews.net (feedback at theregister.co.uk)
Published Friday 4th February 2005 12:16 GMT

A lack of public confidence in e-voting means that Ireland may be forced
into writing off its ¤50m investment in electronic ballot systems.

Michael Noonan, chairman of the Dail Public Accounts Committee, expressed
doubts that the current system will ever be introduced, after last year's
debacle where plans to initiate e-voting were scrapped over security
concerns, the Irish Times reports. Even if the system is found to be safe,
few ministers would give it the go-ahead because the public would have
little trust in it, he told the newspaper.

Noonan made his comments ahead of an inquiry into expenditure on the
e-voting initiative. Officials from the Department of Environment are due
before the committee today to answer criticisms over the the scheme.

The civil servants are likely to be subjected to a serious grilling on why
security concerns were not addressed before ¤50m was spent on e-voting
systems. The storage of the unused e-voting machines is estimated to cost
Irish taxpayers up to ¤2m per annum.

Fine Gael, Ireland's biggest opposition party, has attacked the Government
over the fiasco. "The criticisms contained in the report of the Independent
Commission on Electronic Voting make it clear that this was a fiasco of the
highest order," Fergus O'Dowd TD, Fine Gael spokesman on the Environment,
said. "Considering all the information that is available to him, Minister
Roche needs to fully explain the findings of these inquiries."

"Is it now the case, as feared, that the government will have to write-off
the ¤50m spend on electronic voting because of the botched handling of the
project? I will be raising the issue through Fine Gael's priority questions
in the Dail early next week. The Minister must give some definite answers."

The Irish government had planned to introduce e-voting at local and
European elections on 11 June 2004. But it abandoned the idea, following a
report of the Independent Commission on Electronic Voting (ICEV) which
raised doubts over the accuracy of the software used in the system.

According to the Irish Citizens for Trustworthy Evoting (ICTE) submission
to the commission, the Nedap/Powervote electronic voting system had a
fundamental design flaw because it had no mechanism to verify that votes
would be recorded accurately in an actual election. Consequently, results
obtained from the system could not be said to be accurate, ICTE said.

Other flaws identified included possible software errors and the use of the
graphical user interface programming language Object Pascal for a
safety-critical system.

Although ICEV's remit was advisory, the government accepted its
recommendation that the system should not be used until further testing had
established the effectiveness of its security.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com




From rah at shipwright.com  Mon Feb  7 09:04:15 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 7 Feb 2005 12:04:15 -0500
Subject: Iraq passport racket highlights lapses in security
Message-ID: <p0611047abe2d46245f0a@[68.167.57.91]>

<http://www.theage.com.au/news/Iraq/Iraqi-passport-racket-highlights-security-lapses/2005/02/07/1107625135924.html?oneclick=true#>

Welcome to The Age Online.


Passport racket highlights lapses in security
By Paul McGeough
Baghdad
February 8, 2005


The passport details the bearer's Arab background but has Paul McGeough's
picture.

For a few hundred dollars, anyone can buy their way through most
checkpoints and across borders.

While officials in Baghdad and Washington berate Iraq's neighbours for
failing to block insurgency movements across their borders, one of the most
dangerous security lapses thrives in Baghdad's heart - a trade in illicit
Iraqi passports.

In a secretive exchange at a suburban gambling den, across the road from a
heavily fortified government ministry that is an insurgency target, it
costs only $US200 ($A250) for a pass through most of the security
checkpoints in a city at war.

The ease with which this deal was conducted is a chilling window on the
easy movement of terrorists in and out of the country.

The security blanket in the capital can be numbing - some wait for hours in
snail's-pace queues for access to military, government, political and
private establishments.

Passing through the maze of blast walls and razor wire that isolates the
Green Zone, within which top US and Iraqi officials are bunkered on the
banks of the Tigris River, requires checks at four heavily armed posts only
150 metres apart.

All bags are searched and visitors are frisked, physically and
electronically, at two of them.

At a ministry as mundane as Displacement and Migration there is a twist:
personal IDs are held at the first check; and a special pale blue pass is
issued that must be swapped for a darker blue tag at a second checkpoint
closer to the building.

Journalists reporting on the January 30 election had to carry three
separately issued passes, each of which took half a day or more to be
issued: one from the US-run Combined Press Information Centre; another from
the Iraqi Ministry of the Interior; and the third from the Independent
Electoral Commission of Iraq.

But the starting point for any pass is a valid passport. And in the absence
of most of the fancy laminated picture passes, a passport, or any other
picture ID, say a driver's licence, are likely to get the bearer through
most checkpoints.

But take the Iraqi passport pictured above. It gives the name of the
bearer's Arab mother and it describes him as a Baghdad businessman - but it
has a picture of me. It was acquired through a former Iraqi policeman who
replied cryptically when asked what his business was: "I'm retired."

This is not a backstreet counterfeit, it is said to be real. It was to cost
$US100 and could have been turned around in a couple of hours, but it was
ordered during the weekend and had to be delivered 48 hours later.

In the best opportunist tradition, the price suddenly doubled at the point
of collection.

The passport racket emerged last week in interviews with insurgency and
criminal elements in Baghdad.

They said Sabah al-Baldawi, one of the insurgency's top financiers and the
man they say is behind most of the kidnapping in the city, moves freely
between Baghdad and Damascus using up to 20 false passports.

One said false Iraqi documents were used to spirit Saad al-Kharki, an
insurgency leader in Baghdad, out of Iraq when he needed to hide in Cairo
after a televised alert that authorities were hunting him.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb  7 09:33:56 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 7 Feb 2005 12:33:56 -0500
Subject: Security's inseparable couple
Message-ID: <p06110476be2d46105a5a@[68.167.57.91]>

<http://www.itworldcanada.com:80/Mobile/ViewArticle.aspx?id=idgml-257f41ee-4005-4949-b75c-a2e55d52f3ec&format=Print>

Network World

Security's inseparable couple
By:  Bob Brown
Network World (US)    (07 Feb 2005)


 The most familiar names in network security are neither vendors nor geeks:
Try Alice and Bob.

 Since Ron Rivest, Adi Shamir and Len Adleman - the R, S and A in RSA
Security Inc. - introduced Alice and Bob in their seminal public-key
cryptosystem paper in 1978, the couple has become the subject of countless
security-related papers, test questions, speeches and even, ahem, jokes.

 Alice and Bob were the names given to fictitious characters used to
explain how the RSA encryption method worked, with the thinking being that
using names instead of letters like A and B would make a complex subject
easier to grasp. They are so commonly used that most security experts don't
even give a second thought to reaching for them.

 "They're like old friends," says Charles Kolodgy, research director for
security products at IDC. "I use them the same way everyone else does. 'So
the sender, Alice, is trying to message Bob. . . .'"

 "I use them conversationally. Sometimes I use them in documents, as well,"
says James Cupps, information security officer at Sappi Fine Paper North
America in Portland, Maine. "I often use them in training because they are
easier than Machine A and Machine B."

 Over the years, the Alice and Bob story line has become more complicated,
something of a high-tech reality show. Not only are Alice and Bob trying to
share a secret, say a Valentine's Day poem, but Carol and Dave want in and
Eve is trying to eavesdrop. A whole cast of characters has been introduced
to explain everything from micropayments to SSL to quantum cryptography.

 "Cryptography is the one area of mathematics where there are people, not
just numbers," says Bruce Schneier, CTO of Counterpane Internet Security
Inc. and author of Applied Cryptography, a book first published in 1994
that includes a table of "dramatis personae" headed by Alice and Bob (see
graphic). "Alice and Bob are the links between the mathematical variables
and the people."

 Whitfield Diffie, Sun Microsystems Inc.'s chief security officer and
co-author of the Diffie-Hellman key agreement protocol, says there is
seemingly no end to this modern day Dick and Jane's adventures.

 "(They have) appeared in fanciful circumstances in numerous papers
carrying on their stormy relationship entirely over unprotected
communication media and against the plots of their exes, the secret
police.," he says. One gossipy headline in a trade journal teased: "Alice
and Bob grow apart." Some suspect the names stem from the swinging 1960s
movie "Bob & Carol & Ted & Alice."

 RSA co-founder Rivest, who is a Massachusetts Institute of Technology
(MIT) professor, says he came up with Alice and Bob to be able to use "A"
and "B" for notation, and that by having one male and one female, the
pronouns "he" and "she" could be used in descriptions. Rivest says it is
possible that Alice came to mind because he is something of an Alice in
Wonderland buff.

 Never did he expect the names to take on lives of their own. "Nor did I
imagine that our proposed cryptosystem would be so widely used," he says.

 Ask those in the know about Alice and Bob and you'll inevitably be pointed
to an after-dinner speech delivered at a technology seminar in Zurich,
Switzerland in 1984 by data security expert John Gordon. In his "Story of
Alice and Bob," Gordon refers to the speech as perhaps "the first time a
definitive biography of Alice and Bob has been given."

 From the speech we learn that "Bob is a subversive stockbroker and Alice
is a two-timing speculator" and that they've never actually met one
another. Gordon, who runs a consultancy in the U.K., sums up their story
like this: "Against all odds, over a noisy telephone line, tapped by the
tax authorities and the secret police, Alice will happily attempt, with
someone she doesn't trust, whom she cannot hear clearly, and who is
probably someone else, to fiddle (with) her tax returns and to organize a
coup d'tat, while at the same time minimizing the cost of the phone call."

 Gordon, who has been in cryptography since 1976, says over the years he
has taken the text of the speech off his company's Web site, only to put it
back on because of reader demand.

 "Today, nobody remembers I invented Strong Primes (special numbers used in
cryptography), but everyone knows me as the guy who wrote the story of
Alice and Bob," he says. Gordon estimates the speech gets viewed about
1,000 times a month. Security experts say Alice and Bob likely aren't going
anywhere soon. Other names, such as Lucy and Desi, have been used, but
without a following.

 "I suspect that (Alice and Bob) will be around almost forever," says Joel
Snyder, a senior partner with consulting firm Opus One. "In our business,
we tend to live by very long and ugly traditions, and people are using
terms now that were invented by MIT and Cal Tech undergrads in the 1970s --
mostly without knowing why or what. Consider 'hacker' for example."

 Barry Stiefel, CTO for consulting and training company Information Engine
and founder of the Check Point User Group, says he still gets "a wry little
smile" whenever he hears or uses the names Alice and Bob.

 "As soon as you say those names, everybody's already 5 minutes into the
story's exposition and excited to hear where the plot will take us," he
says.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb  7 09:39:36 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 7 Feb 2005 12:39:36 -0500
Subject: NIST moves to stronger hashing
Message-ID: <p0611047ebe2d582a985b@[68.167.57.91]>

<http://www.fcw.com/print.asp>

Federal Computer Week




Monday, February 7, 2005


NIST moves to stronger hashing


 BY  Florence Olsen
 Published on Feb. 7, 2005


Federal agencies have been put on notice that National Institute of
Standards and Technology officials plan to phase out a widely used
cryptographic hash function known as SHA-1 in favor of larger and stronger
hash functions such as SHA-256 and SHA-512.

 The change will affect many federal cryptographic functions that
incorporate hashes, particularly digital signatures, said William Burr,
manager of NIST's security technology group, which advises federal agencies
on electronic security standards.

"There's really no emergency here," Burr said. "But you should be planning
how you're going to transition - whether you're a vendor or a user - so
that you can do better cryptography by the next decade."

Hashing is used to prevent tampering with electronic messages. A hash is a
numerical code generated from a string of text when a message is sent. The
receiving system checks it against a hash it creates from the same text,
and if they match, the message was sent intact.

Speaking at a recent meeting of the federal Public Key Infrastructure
Technical Working Group at NIST, Burr said some critics have questioned the
security of the government-developed SHA-1 after some researchers managed
to break a variant of the SHA-1 hash function last year.

But Burr said no complete implementation of the SHA-1 function has been
successfully attacked. "SHA-1 is not broken," he said, "and there is not
much reason to suspect that it will be soon." But advances in computer
processing capability make it prudent to phase out SHA-1 by 2010, he said.

 Burr said other widely used hash functions such as MD5 are vulnerable to
attack and their use should be discontinued. "If by some chance you are
still using MD5 in certificates or for digital signatures, you should
stop," he said.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rabbi at abditum.com  Mon Feb  7 12:59:27 2005
From: rabbi at abditum.com (Len Sassaman)
Date: Mon, 7 Feb 2005 12:59:27 -0800 (PST)
Subject: CodeCon Reminder
Message-ID: <Pine.LNX.4.58.0502071259180.14180@thetis.deor.org>

e'd like to remind those of you planning to attend this year's event that
CodeCon is fast approaching.

CodeCon is the premier event in 2005 for application developer community.
It is a workshop for developers of real-world applications with working
code and active development projects.

Past presentations at CodeCon have included the file distribution software
BitTorrent; the Peek-A-Booty anti-censorship application; the email
encryption system PGP Universal; and Audacity, a powerful audio editing
tool.

Some of this year's highlights include Off-The-Record Messaging, a
privacy-enhancing encryption protocol for instant-message systems;
SciTools, a web-based toolkit for genetic design and analysis; and
Incoherence, a novel stereo sound visualization tool.

CodeCon registration is discounted this year:  $80 for cash at the door
registrations. Registration will be available every day of the conference,
though ticket are limited, and attendees are encouraged to register on the
first day to secure admission.

CodeCon will be held February 11-13, noon-6pm, at Club NV (525 Howard
Street) in San Francisco.


For more information, please visit http://www.codecon.org.




From rah at shipwright.com  Mon Feb  7 10:16:01 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 7 Feb 2005 13:16:01 -0500
Subject: Riggs Sale to PNC Is Called Off
Message-ID: <p06110486be2d5aa02c34@[68.167.57.91]>

<http://online.wsj.com/article_print/0,,SB110779147630847722,00.html>

The Wall Street Journal

      February 7, 2005 12:19 p.m. EST

 MARKETS


Riggs Sale to PNC Is Called Off

By MITCHELL PACELLE and NIKHIL DEOGUN
Staff Reporters of THE WALL STREET JOURNAL
February 7, 2005 12:19 p.m.


WASHINGTON -- The sale of beleaguered Riggs National Corp. to PNC Financial
Services Group has been called off.

The board of Riggs unanimously rejected PNC's demands to alter the terms of
the agreement, the company said in a news release. In addition, Riggs is
suing PNC in Superior Court for the District of Columbia saying it has been
damaged by PNC's decisions not to proceed with the merger after Riggs had
devoted the past six months to preparing for the merger and taking various
actions at PNC's behest.

Riggs's banking subsidiary has been embroiled in a massive money-laundering
scandal for the past several months and recently pleaded guilty to a
criminal count of violating the Bank Secrecy Act. Investors had hoped that
the guilty plea, part of a settlement of a Justice Department investigation
that also included a $16 million fine, would clear the way for PNC to
complete its acquisition of Riggs, a venerable financial institution in the
nation's capital.

PNC struck its deal to buy Riggs last July -- in a transaction valued at
the time at $779 million in cash and stock -- just as the Riggs scandal was
starting to reverberate. However, in recent weeks PNC has balked at going
ahead with the deal at the agreed-to price, saying the business has
undergone "material" deterioration.

In what appears to be a pre-emptive strike, Riggs is making the first legal
move, saying PNC isn't living up to the terms of the agreement. PNC had
been proposing a revised tentative agreement that would offer Riggs
shareholders $19.32 a share and a contingent security of 83 cents a share,
according to the news release. But this proposal, in addition to being well
below the earlier offer, would possibly have been subject to further
revision and was contingent on other factors as well.

PNC officials couldn't be reached for immediate comment.

Like most merger agreements, PNC's deal with Riggs includes a "material
adverse change clause" that entitles it to walk away should there be a
dramatic change in the business. However, recent legal history has shown
that it is difficult for a buyer to back out of a deal by invoking a "MAC"
clause. In 2001, a Delaware Chancery Court ruled that Tyson Foods Inc.
couldn't terminate its planned acquisition of IBP Inc. because of a decline
in IBP's earnings and accounting irregularities at an IBP unit. To avoid a
costly legal battle, companies end up renegotiating transactions if there
is a significant deterioration in a seller's business.

After settling the Justice Department's criminal investigation on Jan. 27,
Riggs, which is controlled by the Allbritton family, said that it expected
to make an announcement about the "status" of the agreement on or about
Feb. 4. That date passed without any statement.

Now Riggs is likely to try to drum up interest from other bidders. Riggs
had been prohibited from entering into discussions with other parties under
terms of the agreement with PNC. It is now, however, sending a letter to
the board saying it now believes it can enter into merger discussions with
other banks.

Separately, Riggs said it expects to report a loss for the fourth quarter
and for 2004 and plans to shut its London branch as it focuses on domestic
banking.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb  7 11:46:01 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 7 Feb 2005 14:46:01 -0500
Subject: Quantum crypto firm charts way to mainstream
Message-ID: <p06110477be2d461d5d73@[68.167.57.91]>

<http://news.zdnet.com/2102-1009_22-5564288.html?tag=printthis>

Quantum crypto firm charts way to mainstream

 By Michael Kanellos
 URL: http://news.zdnet.com/2100-1009_22-5564288.html
Magiq Technologies is creating a new line of products this year that it
says could help make quantum encryption--theoretically impossible to
crack--more palatable to mainstream customers.

The New York-based company said it has signed a deal with Cavium Networks,
under which Cavium's network security chips will be included inside Magiq's
servers and networking boards.

 Magiq and Cavium will also create reference designs for networking boards
and cards, with all of the necessary silicon to create a quantum encryption
system. These will be marketed to networking gear makers, which, Magiq
hopes, will include the boards inside future boxes.

 "We have operability tests going on with major vendors," said Andy
Hammond, vice president of marketing at Magiq. "Our goal in life is to
increase the adoption rate of this technology."

 By the fall, Magiq expects to be able to provide functioning beta, or
test, products that include its quantum encryption boards. Volume sales to
manufacturers are scheduled to begin in 2006.

 Quantum encryption involves sending data by way of photons, the smallest
unit of light. The photons are polarized, or oriented, in different
directions. Eavesdroppers cause detectable changes in the orientation,
which in turn prevents them from getting secret information, as dictated by
Heisenberg's Uncertainty Principle, which says you can't observe something
without changing it. For added measure, the data is encrypted before
sending.

 "There is no cracking it. This is like the apple falling down," said
Audrius Berzanskis, Magiq's vice president of security engineering, meaning
that it was like one of Sir Isaac Newton's natural laws.

 This doesn't mean quantum encryption systems are unconditionally
foolproof, he added. Hypothetically, radio transmitters or some other
technology could intercept signals before they are sent. Still, these are
computer architecture issues: Unlike traditional encryption systems,
applying brute-force calculations to a message encrypted using quantum
methods will not eventually yield its contents to an unauthorized party.

 However, quantum encryption systems are pricey. The two-box system Magiq
sells goes for $70,000. Academic institutions and government agencies have
been the primary customers, the company said.

 Whether demand will go mainstream is still a matter of debate. Nearly
foolproof encryption has its obvious attractions. Various security experts
have stated, however, that the strength of today's cryptography is the
least of the security world's worries.

 "Security is a chain; it's only as strong as the weakest link. Currently
encryption is the strongest link we have. Everything else is worse:
software, networks, people. There's absolutely no value in taking the
strongest link and making it even stronger," Bruce Schneier, chief
technology officer at Counterpane Internet Security, wrote in an e-mail to
CNET News.com on quantum cryptography in general.

 "It's like putting a huge stake in the ground and hoping the enemy runs
right into it," he noted.

 Speed also has been a problem for quantum encryption. The deal with Cavium
will ideally boost the performance of the Magiq products and lower the
costs by standardizing some of the engineering. Cavium's chips, for
instance, will assume encryption tasks now performed in software. Reference
designs also allow potential customers to skirt some independent design
tasks.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb  7 11:48:38 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 7 Feb 2005 14:48:38 -0500
Subject: MD5 comes in for further criticism
Message-ID: <p06110474be2d45f95513@[68.167.57.91]>

<http://www.techworld.com/storage/news/index.cfm?NewsID=3081&Page=1&pagePos=11>

Techworld.com


07 February 2005
More experts warn of CAS arrays risks
MD5 comes in for further criticism


By Lucas Mearian, Computerworld (US)

More security experts are warning against the use of the flawed hashing
algorithm, MD5, for digital signatures on content addressed storage (CAS)
systems.

Last August, a Chinese researcher, Xiaoyun Wang, unveiled detailsof the
flaw. Other security experts are now chipping in.

 An official at the National Institute of Standards and Technology said IT
managers have good reason to be concerned about security flaws in MD5.
"It's pretty well known right now that it's just not up to what you need,"
said Elaine Barker, head of NIST's computer security division. Barker said
NIST has no plans to certify or recommend the MD5 algorithm for government
use.

The warnings come as more vendors unveil CAS systems to meet the need for
disk-based backup of fixed data such as e-mail and medical images. Experts
say that under specific circumstances, hackers could create files
containing malicious data that could cause data loss or the dissemination
of bad data.

Of the four major vendors of CAS storage, two of them - EMC and Archivas -
use the MD5 algorithm. The other two, Permabit and Avamar Technologies do
not. Archivas said it provides the option of using another method of
indexing, called the Secure Hash Algorithm-1.

Users of EMC and Archivas systems say they aren't concerned about the warnings.

"I believe that the possibility of a (problem) is so unlikely that it does
not bother me," said John Halamka, CIO at Boston-based CareGroup, a
hospital management company. "Thus far, we've been working with (the)
Centera (array) for more than a year without a single issue."

Curt Tilmes, a systems engineer at NASA's Goddard Space Flight Center, has
been beta-testing an Archivas Cluster CAS system for archiving satellite
data about the earth's atmosphere for more than a year.

He said he feels it's secure because it's on a private network with
firewalls. "I suppose it wouldn't hurt [to use a more secure algorithm],
but for my application, it wouldn't have an effect," Tilmes said.

Meanwhile, Sun's long-awaited CAS system, code-named Honeycomb, won't use
the MD5 algorithm because of security concerns, said Chris Woods, chief
technology officer for Sun's storage practice. Woods would not say which
algorithm the company will use to index stored objects.

"It really is time for [the industry] to stop using MD5," said Dan
Kaminsky, a security consultant at Avaya. "MD5 has been a deprecated
hashing algorithm for almost a decade. The industry has clung to the
algorithm, partially out of inertia, partially out of scarcity of computer
power."

In a report last month, Kaminsky pointed out that an attack could be used
to create two files with the same MD5 hash, one with "safe" data and one
with "malicious" data. If both files were saved to the same system, a
so-called collision could result, leading to data loss or the dissemination
of bad data, he said.

Mike Kilian, CTO at EMC's Centera division, contended that MD5 flaws don't
apply to Centera arrays because once a piece of content is stored, a
company can't change it.

"Centera from almost Day 1 has had multiple addressing schemes available to
applications," Kilian said.

Kaminsky disagreed. "Cryptography tends to be a 'garbage algorithm in,
garbage security out' discipline," he said. "Let's say they were appending
custom metadata to the end of their files. Conceivably, the attack would
not care, as once two files have the same hash, you can append the same
[identical] metadata to both of them and they'll still possess the same
hash."

Archivas officials noted that its CAS device does not use the MD5 hash key
to name the file in the archive, the way EMC's product does.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From ptrei at rsasecurity.com  Mon Feb  7 13:09:32 2005
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Mon, 7 Feb 2005 16:09:32 -0500
Subject: RSA Conference, and BA Cypherpunks
Message-ID: <017630AA6DF2DF4EBC1DD4454F8EE29704776C6A@rsana-ex-hq1.NA.RSA.NET>

Once again, the RSA Conference is upon us, and many of the 
corrospondents on these lists will be in San Francisco. I'd like to
see if anyone is interested in getting together. We've done this
before.

At past conferences, we've had various levels of participation, 
from 50 down to 3. Since the BAC Physical Meetings seem
to have pretty well died out, I'd like to propose that those
of us who are interested get together for lunch or dinner 
at some point.

I'll be arriving on site Monday afternoon, and leaving Friday
morning. Thursday night, at least, is already spoken for.

At the moment, it looks like Monday or Tuesday night 
may be the best, though a lunch is also possible.

Any takers?

Peter Trei
ptrei at rsasecurity.com

RSA Data Security Conference
Dates: Feb 14-18 2005
Place: Moscone Center, San Francisco

http://www.rsaconference.com 

While the full conference is rather expensive, note
that you can get a free Expo pass if you register online
by 5pm Feb 14th.




From dave at farber.net  Mon Feb  7 13:11:15 2005
From: dave at farber.net (David Farber)
Date: Mon, 07 Feb 2005 16:11:15 -0500
Subject: [IP] Hacking Fingerprint Readers
Message-ID: <mailman.1170.1576007655.31620.cypherpunks-legacy@lists.cpunks.org>


------ Forwarded Message
From: Muheed Jeeran <muhidanj at YAHOO.COM>
Reply-To: The Biometric Consortium's Discussion List
<BIOMETRICS at PEACH.EASE.LSOFT.COM>
Date: Mon, 7 Feb 2005 12:52:13 -0800
To: <BIOMETRICS at PEACH.EASE.LSOFT.COM>
Subject: Subject: Hacking Fingerprint Readers

Hello all
I have report of fake the fingerprint reader. Is this technique is fooling
the most of the fingerprint readers currently? Or are they any improvement
to block this impostor attempt?

I think it is better to talk about this matter, cause the biometrics
becoming a major security barrier to most of the governments currently,
especially on national security. If we cannot cope to block this kind of
attempt, I think our biometric industry will have to face a major blow;
Cause public is still not much interest to keep their feet on our security
measure. Our responsibility is to keep this Industry stable by developing
this technology by looking at the criminals move on break this security
barrier.

Muheed Jeeran
Bsc Hons Computing



Subject: Hacking Fingerprint Readers

Last year in the June issue of CRYPTO-GRAM you made a reference to our
article "Don't get your fingers burned".  In the article we describe two
methods to duplicate fingerprints.  One method assumes co-operation
(somebody "lends" his finger to make a duplicate), while in the other method
a lifted latent fingerprint is duplicated by means of a photo/chemical
process.  With these dummy fingerprints we have been able to fool all
fingerprint sensors we have tested in our lab and on exhibitions (about 20
different brands).  I started with these
experiments in the early nineties, so more than 10 years ago.

Last week we were invited by the BBC to come to London for in interview
about duplicating fingerprints.  The reason was that the British
Administration intends to add biometrics to the new British identity card,
one of the options is fingerprint biometrics.  The programme,
"Kenyon Confronts" has aired on Wednesday October 29th and is (for a short
period of time) available for on-line viewing at the BBC site.

Since my first experiments were dated ten years back, I decided to redo my
experiments.  I knew it would be easier to duplicate fingerprints with all
the materials and equipment available today, but the results even amazed me.
To give you an idea, ten years ago to make a duplicate of a fingerprint with
co-operation took me 2 to 3 hours and for an optimum result I used materials
used by dental technicians.  Nowadays I use materials you can buy in a
do-it-yourself shop and the total material costs are about $10 (enough for
about 20 dummy fingers).

The time it takes to make a perfect duplicate is about 15 minutes (with
special material it can be reduced to less than 10 minutes).  To make a
duplicate of a lifted fingerprint took me several days in 1992 and I had to
do a lot of experiments to find the right process/technique.  Now it takes
me half an hour and the material costs are $20 (also sufficient for about 20
duplicates), the only equipment you need is a digital camera and an UV lamp.
Not only do I now make the duplicates in a fraction of the time, but also
the quality is better.

The reason for writing you all this is the following.  Although, most of the
fingerprint manufacturers still ignore that there is a problem or claim to
have solved it, some are willing to admit, but use the argument that it is
very difficult and expensive to duplicate fingerprints and that it can only
be done by highly skilled professionals.  In the first place I think this is
not a very strong argument, second I admit I am a professional, but now the
average do-it-yourself is able to achieve perfect results and requires only
limited means and skills.

So it is our opinion, that as long as the manufacturers of fingerprint
equipment do not solve the live detection problem (i.e. detect the
difference between a live finger and a dummy), biometric fingerprint sensors
should not be used in combination with identity cards, or in
medium to high security applications.  In fact, we even believe that
identity cards with fingerprint biometrics are in fact weaker than cards
without it.  The following two examples may illustrate this statement.

1.  Suppose, because of the fingerprint check, there is no longer visual
identification by an official or a controller.  When the fingerprint matches
with the template in the card then access is granted if it is a valid card
(not on the blacklist).  In that case someone who's own card is on the
blacklist, can buy a valid identity card with matching dummy fingerprint
(only 15 minutes work) and still get access without anyone noticing this.

2.  Another example: Suppose there still is visual identification and only
in case of doubt--the look-alike problem with identity cardsthe fingerprint
will be checked.  When the photo on the identity card and the person do not
really match and the official asks for fingerprint verification, most likely
the positive result of the fingerprint scan will prevail.  That is, the "OK"
from the technical fingerprint system will remove any (legitimate) doubt.

It is our opinion that especially the combination of identity cards and
biometric fingerprint sensors results in risks of which not many people are
aware.



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com


-------------------------------------------------------------------
The preceding was forwarded by the Biometric Consortium's Electronic
Discussion Group.  Any opinions expressed here do not necessarily
reflect those of the Biometric Consortium.  Further distribution
is prohibited.

LISTSERV members may access the BIOMETRICS mailing list archives or change
their subscription settings (including removing your name from the list)
at: http://peach.ease.lsoft.com/archives/biometrics.html.

Also, you may revove your name from the list by sending the command
"SIGNOFF BIOMETRICS" to <LISTSERV at PEACH.EASE.LSOFT.COM>.  Please do not
send the "SIGNOFF BIOMETRICS" command to the BIOMETRICS list.

You may update your membership information (new e-mail address etc.) by
sending a message to <bailey at biometrics.org> providing the updated
information.  Please do not send membership information change requests
to the BIOMETRICS list.

Problems and questions regarding this list should be sent to
BIOMETRICS-request at PEACH.EASE.LSOFT.COM.
-------------------------------------------------------------------


------ End of Forwarded Message

-------------------------------------
You are subscribed as eugen at leitl.org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From rah at shipwright.com  Mon Feb  7 13:12:06 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 7 Feb 2005 16:12:06 -0500
Subject: [fc-announce] Transportation, Taxes, and Conference Events
Message-ID: <p06110401be2d8a08487b@[68.167.57.91]>

--- begin forwarded text


User-Agent: Microsoft-Entourage/11.1.0.040913
From: "Stuart E. Schechter" <ses at ll.mit.edu>
To: "fc-announce at ifca.ai" <fc-announce at ifca.ai>
Subject: [fc-announce] Transportation, Taxes, and Conference Events
Sender: fc-announce-admin at ifca.ai
Date: Mon, 07 Feb 2005 15:12:11 -0500


              IMPORTANT NOTES FOR THOSE ATTENDING FC05

Transportation
==============

   We would like to accommodate attendees with discounted transportation to
and from the airport.  Please fill out the following survey if you would
like to arrange for discounted transportation or give your opinion on
conference activities.  We need your answers this week.

   http://www.zoomerang.com/survey.zgi?p=WEB2244SFRHAFQ

Dominica departure tax
======================
  Please note that there is a departure tax of approximately EC$50/US$22
payable at the airport on you way out of Dominica.  You'll be reminded of
the exact figure at the conference.

New York Times article
======================
   Dominica was recently featured in Saturday's New York times.  (Ignore the
red herring of their reference to the Dominican Republic early in the
article.)  It's a great read to get yourself in the mood for your upcoming
trip.
   http://nytimes.com/2005/02/06/travel/06dominica.html?pagewanted=all

[Learn to] Scuba dive
=====================
   Please contact me at stuart.schechter at gmail.com if you are interested in
a discover-scuba social on Tuesday or Wednesday afternoon, if you are
interested in getting a full open water certification on Dominica, or if you
are already certified and want to dive with other attendees.

Registration
============
   With three weeks to go before the conference registration has already
exceeded our totals from last year by more than 10%.  We're glad to see
you're as excited as we are and we're looking forward to a great conference.

   Best regards

   Stuart Schechter
   General Chair
   Financial Cryptography and Data Security 2005


_______________________________________________
fc-announce mailing list
fc-announce at ifca.ai
http://mail.ifca.ai/mailman/listinfo/fc-announce

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From measl at mfn.org  Mon Feb  7 15:19:30 2005
From: measl at mfn.org (J.A. Terranson)
Date: Mon, 7 Feb 2005 17:19:30 -0600 (CST)
Subject: RSA Conference, and BA Cypherpunks
In-Reply-To: <017630AA6DF2DF4EBC1DD4454F8EE29704776C6A@rsana-ex-hq1.NA.RSA.NET>
References: <017630AA6DF2DF4EBC1DD4454F8EE29704776C6A@rsana-ex-hq1.NA.RSA.NET>
Message-ID: <20050207171822.W59847@ubzr.zsa.bet>

On Mon, 7 Feb 2005, Trei, Peter wrote:

> Once again, the RSA Conference is upon us, and many of the
> corrospondents on these lists will be in San Francisco. I'd like to
> see if anyone is interested in getting together. We've done this
> before.

Yeah, but can we eat food, drink beer, shoot drugs and screw expensive
hookers at Tim May's "compound"?


-- 
Yours,

J.A. Terranson
sysadmin at mfn.org
0xBD4A95BF

"Quadriplegics think before they write stupid pointless
shit...because they have to type everything with their noses."

	http://www.tshirthell.com/




From rah at shipwright.com  Mon Feb  7 19:10:43 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 7 Feb 2005 22:10:43 -0500
Subject: As Piracy Battle Nears Supreme Court, the Messages Grow Manic
Message-ID: <p06110454be2d3b07c421@[68.167.57.91]>

<http://www.nytimes.com/2005/02/07/technology/07sharing.html?th=&pagewanted=print&position=>

The New York Times

February 7, 2005

As Piracy Battle Nears Supreme Court, the Messages Grow Manic
 By TOM ZELLER Jr.


Garret the Ferret is one hip copyright crusader. The cartoon character
urges young cybercitizens toward ethical downloading and - in baggy jeans
and a gold "G" medallion - reminds them that copying and sharing software
is uncool.

 He is also a byproduct of the long-roiling public relations battle between
copyright owners, who say they are threatened by digital piracy, and
technology advocates opposed to strict controls on the copying of digital
media, and on the kinds of software that make piracy so easy.

 With the Supreme Court scheduled next month to hear a pivotal case pitting
copyright holders (represented by MGM Studios) against the makers of
file-sharing software (Grokster and StreamCast Networks), some participants
are putting their message machines into high gear.

 But winning hearts and minds - of teenagers, consumers and lawmakers - has
never been a simple matter.

 "It's hard for two reasons," said Rick Weingarten, the director of the
Office for Information Technology Policy at the American Library
Association, which has been exploring ways to strike a balance in the
copyright and antipiracy messages being aimed at young people.

"Copyright law is not the easiest thing to explain, and it's hard to put a
bumper sticker on it," Mr. Weingarten said. "But, you're also talking about
the future, and it's hard to explain to a consumer that there could one day
be a lot of restrictions on what you can do with new technology."

 One side must make people care about obscure technological innovations
that they say will be stifled by legislative action or an adverse Supreme
Court ruling. The other side battles the image of greedy corporate
profiteers and the perception that freely downloading copyrighted works is
something other than theft.

 "It was easier before the computer," said Dan Glickman, the president and
chief executive of the Motion Picture Association of America, which has
ramped up its antipiracy efforts in recent weeks with a new round of
lawsuits and a media campaign warning would-be thieves to "think again."
Two weeks ago, the association also began offering a free, downloadable
program that allows parents to scan computers for file-sharing software and
potentially pirated media files.

 "People knew they couldn't steal a video tape out of Blockbuster," Mr.
Glickman said, "but the principles are still the same."

 Not to be outdone, the Electronic Frontier Foundation, the digital rights
advocacy group that is representing StreamCast Networks in the Grokster
case, unveiled its Endangered Gizmos campaign to coincide with the filing
of dozens of MGM-friendly amicus briefs with the Supreme Court late last
month.

The campaign displays cheeky taxonomies of "extinct" or "endangered"
techno-species like the original file-sharing service Napster, which was
sued into submission, and the Streambox VCR, which allowed users to record
streaming media off the Internet and suffered a similar fate. The
foundation hopes to convince consumers and lawmakers that there are
cultural costs to giving copyright holders too much power.

 "So many of the issues that we deal with are really abstruse," said Wendy
Seltzer, an intellectual property attorney with the Electronic Frontier
Foundation and the principal creator of the Endangered Gizmos campaign.
"And yet they touch a whole segment of the public that we want to reach out
to."

Whether any of these messages is getting through is an open question.
Survey data from the Pew Internet and American Life Project, a nonprofit
research group in Washington, show that among those who actively download
music, 58 percent still say they do not care if the material is copyright
protected.

 Among the general public, 57 percent say they are unfamiliar with concepts
like "fair use" - the kernel of copyright law that allows people to copy
protected materials under certain conditions, and which digital rights
groups contend has been inappropriately constricted by the recording and
film industries.

 The fight has given rise to grass-roots organizations like Downhill
Battle, a nonprofit group based in Worcester, Mass., that conducts a robust
trade in T-shirts, bumper stickers, posters and other paraphernalia that
chide the music and film industries for what it considers wanton
profiteering at the expense of artists and consumers.

In a challenge to fair-use restrictions, the group made digitized,
downloadable copies of "Eyes on the Prize, Part I: Awakenings" - the first
installment of a 1987 documentary on the civil rights movement - and is
encouraging mass, noncommercial screenings of it tomorrow. The film has
largely been absent from television and video rental shelves while the
production company, Blackside Inc., of Boston, works to renew (and pay for)
permissions on the hundreds of copyrighted elements used in the film - from
archival news footage to songs like "Happy Birthday."

 Blackside was not pleased with the copying and distribution of its film,
and persuaded the group to remove it from its Web site last week. But fear
and confusion over the legal issues has led at least one county in Virginia
to stop a teacher from showing the school's legally acquired copy of the
film to students and community members.

 "The school district didn't understand that they have fair-use rights,"
said Tiffiniy Cheng, a director of Downhill Battle, which lists more than
two dozen venues that, it says, have committed to screening the film.

 But the nagging fear of legal action, even among right-minded users of
digital materials, has made it difficult for copyright holders to foster a
positive public image - even though they see lawsuits as critical to
stamping out theft.

 "It would be ideal if our educational efforts got more attention," said
Mitch Bainwol, the chief executive of the Recording Industry Association of
America, which has waged a well-publicized legal campaign against file
sharers. "But the lawsuits get more coverage because of the nature of the
controversy."

 Those on the digital rights side of the debate recognize the content
industry's image problem - and they are not above exploiting it. But they
know that their own image is troubled, too.

 Indeed, all but the most strident digital anarchists agree that illegal
file sharing is wrong. Yet those who argue for strong fair-use protections
are often portrayed by opponents as supporters of theft.

 "They can so easily be painted as favoring piracy," said Susan Crawford, a
professor of Internet law at the Benjamin N. Cardozo Law School in New York
and a member of the advisory board for Public Knowledge, a Washington group
that has fought legislation that it argues would stifle new technological
advances. "They have to deal with a concept that's even harder to visualize
- innovation - and they have not found a sound bite or a picture that puts
across a message to people."

For groups like Public Knowledge, antipiracy tactics like the entertainment
industry's case against Grokster and StreamCast or legislation like the
Induce Act, which stalled in Congress last year and which opponents argued
would have stifled technological innovation by making developers of
file-sharing software subject to lawsuits, present a morass of legal and
technical nuance that is hard to reduce to sound bites.

That is why the Electronic Frontier Foundation has taken to turning the
gizmos they see threatened by the Grokster lawsuit into pandas and spotted
owls. "That's an image," Ms. Crawford said. "They can play on people's love
for gadgets," although she added that it's not quite the humanizing stroke
one might hope for.

 "It's an uphill battle to visualize innovation," she said.

 The Business Software Alliance, the powerful consortium of software
manufacturers, might well agree with that sentiment.

 The group clearly wants to stamp out the use of pirated software - a
recent study by International Data Corporation estimated that 36 percent of
software installed on computers worldwide was pirated. But it is also
interested in fostering the development of new technologies that, in
addition to having perfectly legal uses, could also be abused by pirates.

 "It's easy for one side to say well, let's just limit the functionality of
technology, because we only care about the pain it's causing our business,"
said Emery Simon, the director for general policy at the alliance. "On the
flip side, you can say, well, technology is the superceding and overarching
good. Both are right, and both are wrong."

In addressing those rights and wrongs, the alliance has mounted some of the
more ambitious public campaigns of any group - including the introduction
of Garret the Ferret into schools. The group has also relicensed its use of
the cartoon character Dilbert, which it has used to reach out to
professional engineers, via Web sites like BSAengineers.com and through
bulk mailings, to warn them against using pirated software.

 "We hope that the engineers that got the Dilbert flier will take the
message home," said Debbi Mayster, the alliance's communications manager.

 It did not work for everyone.

 Bryan Fields, a partner and chief engineer with Illiana.net, an Internet
service provider to customers in Illinois and Indiana, is one recipient who
did not appreciate the gesture. He said in an e-mail message that he did
not like seeing Dilbert, "who stands for everything that's wrong with
soul-sucking corporations, acting as a mouthpiece for the most evil of them
all - the B.S.A."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb  7 19:16:47 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 7 Feb 2005 22:16:47 -0500
Subject: Why Felons Deserve the Right to Vote
Message-ID: <p0611044abe2d3af4bfc7@[68.167.57.91]>

<http://www.nytimes.com/2005/02/07/opinion/7mon3.html?th=&pagewanted=print&position=>

The New York Times

February 7, 2005
EDITORIAL

Why Felons Deserve the Right to Vote
n a watershed moment for the debate over whether convicted felons should be
allowed to vote, the American Correctional Association has issued a welcome
statement calling on states to end the practice of withholding voting
rights from parolees and people who have completed their prison terms.
Noting that society expects people to become responsible members of society
once they are released from prison, the organization, which represents
corrections officials, also called on states to cut through the confusing
thicket of disenfranchisement laws by explaining clearly to inmates how
they get their rights back after completing their sentences.

 Some five million Americans are barred from the polls by a bewildering
patchwork of state laws that strip convicted felons of the right to vote,
often temporarily, but sometimes for life. These laws serve no correctional
purpose - and may actually contribute to recidivism by keeping ex-offenders
and their families disengaged from the civic mainstream. This notion is
clearly supported by data showing that former offenders who vote are less
likely to return to jail. This lesson has long since been absorbed by
democracies abroad, some valuing the franchise so much that they take
ballot boxes right to the prisons.

 Several states are now reconsidering laws barring convicted felons from
voting. In Maryland, for instance, the legislature is considering a bill
that would eliminate a lifetime ban that remains in place for some
offenders. The Maryland bill should pass. And other states should follow
suit.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From eugen at leitl.org  Mon Feb  7 13:27:13 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 7 Feb 2005 22:27:13 +0100
Subject: [IP] Hacking Fingerprint Readers (fwd from dave@farber.net)
Message-ID: <20050207212712.GW1404@leitl.org>

----- Forwarded message from David Farber <dave at farber.net> -----


From rah at shipwright.com  Tue Feb  8 07:55:53 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 8 Feb 2005 10:55:53 -0500
Subject: How Privacy Went Public
Message-ID: <p06110414be2e9116efce@[68.167.57.91]>

<http://www.opinionjournal.com/extra/?id=110006265>


OpinionJournal

WSJ Online

 Wall Street Journal

AT LAW

How Privacy Went Public
Penumbras and emanations make strange bedfellows.

BY JAMES TARANTO
Tuesday, February 8, 2005 12:01 a.m. EST

Last week a state judge held that New York City's refusal to issue marriage
licenses to same-sex couples violates the constitutional right to privacy.
When the Massachusetts Supreme Judicial Court mandated the recognition of
same-sex marriage in 2003, it too cited the right to privacy. Whatever the
merits of gay marriage, this is a case of judicial activism run amok, for
the contemporary right to privacy has its roots precisely in the
traditional definition of marriage.

 "Would we allow the police to search the sacred precincts of marital
bedrooms for telltale signs of the use of contraceptives?" Justice William
O. Douglas asked rhetorically in the 1965 U.S. Supreme Court case of
Griswold v. Connecticut. Then he answered: "The very idea is repulsive to
the notions of privacy surrounding the marriage relationship."

 But the court did not long confine those "notions of privacy" to "the
marriage relationship." In less than a decade it expanded the right of
marital privacy into a right of reproductive privacy. In Eisenstadt v.
Baird (1972) the court held that unmarried couples have the same right as
married ones to obtain and use contraceptives, and the following year, in
Roe v. Wade, the justices declared that the right to privacy includes
abortion.

 In 1986 the justices refused to take the next step of recognizing a right
to sexual privacy. In Bowers v. Hardwick, they upheld a state law
prohibiting homosexual sodomy between consenting adults. But in 1992 the
Supreme Court set the stage for overturning Bowers. In Planned Parenthood
v. Casey--a decision for which Justices Sandra Day O'Connor, Anthony
Kennedy and David Souter claimed joint authorship--the court essentially
upheld Roe, while asserting a new, breathtakingly expansive formulation of
the right to privacy.

 "Intimate and personal choices," the justices wrote, are "central to the
liberty protected by the Fourteenth Amendment. At the heart of liberty is
the right to define one's own concept of existence, of meaning, of the
universe, and of the mystery of human life." Justice Kennedy cited this
language in his majority opinion in Lawrence v. Texas, the 2003 case that
found sodomy laws were unconstitutional after all.

 The U.S. Supreme Court has not yet taken up the question of same-sex
marriage. But as Justice Antonin Scalia argued in his Lawrence dissent,
it's hard to see how one could square a ban on same-sex marriage with what
he mockingly called "the famed sweet-mystery-of-life passage." If the
Constitution guarantees no less than the right to "define one's own concept
of . . . the universe," how can government limit the definition of marriage
to a man and a woman, or for that matter limit it at all? (Justice O'Connor
argued in Lawrence that "preserving the traditional institution of
marriage" is in fact a "legitimate state interest," but it's telling that
none of the other five justices in the majority joined her concurrence.)

 None of these cases rest on solid legal ground. As Justice Douglas
acknowledged in Griswold, the right to privacy is to be found not in the
Constitution but in its "penumbras" and "emanations." At the same time,
there is a strong political consensus against the government intruding into
people's bedrooms. If Griswold and Lawrence disappeared from the books
tomorrow, it's unlikely any state would rush to re-enact laws against
contraceptives or consensual sodomy.

 Abortion and same-sex marriage, by contrast, do spark strong opposition,
but not on privacy grounds. Abortion opponents argue that life before birth
is worthy of legal protection, while the case against same-sex marriage is
that it confers public approval on gay relationships--approval the New York
and Massachusetts courts have given without public consent.

 When judges find rights in hidden constitutional meanings, they run a
twofold risk. If they limit those rights, striking balances and compromises
between such competing values as privacy vs. life or privacy vs. morality,
they act as politicians, only without democratic accountability. The
alternative, to let those rights expand without limit, seems more
principled and thus is more appealing. But it ignores democracy's most
important principle of all: the right of the people to govern themselves.

 Mr. Taranto is editor of OpinionJournal.com.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Tue Feb  8 09:02:42 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 8 Feb 2005 12:02:42 -0500
Subject: Identity thieves can lurk at Wi-Fi spots
Message-ID: <p06110454be2e9ad0376a@[68.167.57.91]>

<http://www.usatoday.com/tech/news/2005-02-06-evil-twin-usat_x.htm>

USA Today



Identity thieves can lurk at Wi-Fi spots
 By Jon Swartz, USA TODAY
SAN FRANCISCO - Coffee shop Web surfers beware: An evil twin may be lurking
near your favorite wireless hotspot.

Thieves are using wireless devices to impersonate legitimate Internet
access points to steal credit card numbers and other personal information,
security experts warn.

So-called evil-twin attacks don't require technical expertise. Anyone armed
with a wireless laptop and software widely available on the Internet can
broadcast a radio signal that overpowers the hot spot.
  How to avoid an 'evil twin'?? Install personal firewall and security
patches. Use hot spots for Web surfing only. Enter passwords only into Web
sites that include an SSL key at bottom right. Turn off or remove wireless
card if you are not using a hot spot. Avoid hot spots where it's difficult
to tell who's connected, such as at hotels and airport clubs. If hot spot
is not working properly, assume password is compromised. Change password
and report incident to hot spot provider. Do not use insecure applications
such as e-mail instant messaging while at hot spots.

 Source: AirDefense Then, masquerading as the real thing, they view the
activities of wireless users within several hundred feet of the hot spot.

"It could be someone sitting next to you on a plane or in a parking lot
across the street from a coffee shop," says Jon Green, director of
technical marketing at Aruba Wireless Networks, which makes
radio-wave-scanning equipment that detects and shuts down bogus hot spots.

"Wireless networks are wide open," says Steve Lewack, director of
technology services for Columbus Regional Medical Center in Columbus, Ga.

The facility uses software and sensors to monitor 480 wireless devices used
by medical personnel at 110 access points. Last month, it stopped about 120
attempts to steal financial information from medical personnel and patients
- double the number of incidents from a few months earlier.

The recent surge in evil-twin attacks parallels phishing scams - fraudulent
e-mail messages designed to trick consumers into divulging personal
information. Though the problem is in its infancy, it has caught the
attention of some businesses heavily dependent on wireless communications.

But most consumers aren't aware of the threat, security expert Green says.

Wi-Fi, or wireless Internet, sends Web pages via radio waves. Hot spots are
an area within range of a Wi-Fi antenna.

As the technology has grown - there are now about 20,000 hot spots in the
USA, up from 12,000 a year ago - so too have security concerns. Anil
Khatod, CEO of AirDefense, a maker of software and sensors, estimates
break-ins number in the hundreds each month in the USA.

Companies employing hundreds of people with wireless laptops are especially
vulnerable to evil-twin scams. When a worker's information is filched, it
can expose a corporate network.

"It presents a serious, hidden danger to Web users," says Phil Nobles, a
wireless-security expert at Cranfield University in England who has
researched the threat. "It's hard to nab the perpetrator, and the victim
has no idea what happened."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From jrandom at i2p.net  Tue Feb  8 12:57:44 2005
From: jrandom at i2p.net (jrandom)
Date: Tue, 8 Feb 2005 12:57:44 -0800
Subject: [i2p] weekly status notes [feb 8]
Message-ID: <mailman.1171.1576007655.31620.cypherpunks-legacy@lists.cpunks.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi y'all, update time again

* Index
1) 0.4.2.6-*
2) 0.5
3) i2p-bt 0.1.6
4) fortuna
5) ???

* 1) 0.4.2.6-*

It doesn't seem like it, but its been over a month since the 0.4.2.6
release came out and things are still in pretty good shape.  There
have been a series of pretty useful updates [1] since then, but no
real show stopper calling for a new release to get pushed.  However,
in the last day or two we've had some really good bugfixes sent in
(thanks anon and Sugadude!), and if we weren't on the verge of the
0.5 release, I'd probably package 'er up and push 'er out.  anon's
update fixes a border condition in the streaming lib which has been
causing many of the timeouts seen in BT and other large transfers,
so if you're feeling adventurous, grab CVS HEAD and try 'er out.  Or
wait around for the next release, of course.

[1] http://dev.i2p.net/cgi-bin/cvsweb.cgi/i2p/history.txt?rev=HEAD

* 2) 0.5

Lots and lots of progress on the 0.5 front (as anyone on the i2p-cvs
list [2] can attest to).  All of the tunnel updates and various
performance tweaks have been tested out, and while it doesn't
include much in the way of the various [3] enforced ordering
algorithms, it does get the basics covered.  We've also integrated
a set of (BSD licensed) Bloom filters [4] from XLattice [5],
allowing us to detect replay attacks without requiring any
per-message memory usage and nearly 0ms overhead.  To accomodate our
needs, the filters have been trivially extended to decay so that
after a tunnel expires, the filter doesn't have the IVs we saw in
that tunnel anymore.

While I'm trying to slip in as much as I can into the 0.5 release, I
also realize that we need to expect the unexpected - meaning the
best way to improve it is to get it into your hands and learn from
how it works (and doesn't work) for you.  To help with this, as I've
mentioned before, we're going to have a 0.5 release (hopefully out in
the next week), breaking backwards compatability, then work on
improving it from there, building a 0.5.1 release when its ready.

Looking back at the roadmap [6], the only thing being deferred to
0.5.1 is the strict ordering.  There'll also be improvements to the
throttling and load balancing over time, I'm sure, but I expect
we'll be tweaking that pretty much forever.  There have been some
other things discussed that I've hoped to include in 0.5 though,
like the download tool and the one-click update code, but it looks
like those will be deferred as well.

[2] http://dev.i2p.net/pipermail/i2p-cvs/2005-February/thread.html
[3] http://dev.i2p.net/cgi-bin/cvsweb.cgi/i2p/router/doc/
                    tunnel-alt.html?rev=HEAD#tunnel.selection.client
[4] http://en.wikipedia.org/wiki/Bloom_filter
[5] http://xlattice.sourceforge.net/index.html
[6] http://www.i2p.net/roadmap

* 3) i2p-bt 0.1.6

duck has patched up a new i2p-bt release (yay!), available at the
usual locations, so get yours while its hot [7].  Between this
update and anon's streaming lib patch, I pretty much saturated my
uplink while seeding some files, so give it a shot.

[7] http://forum.i2p.net/viewtopic.php?t=300

* 4) fortuna

As mentioned in last week's meeting, smeghead has been churning away
at a whole slew of different updates lately, and while battling to
get I2P working with gcj, some really horrendous PRNG issues have
cropped up in some JVMs, pretty much forcing the issue of having a
PRNG we can count on.  Having heard back from the GNU-Crypto folks,
while their fortuna implementation hasn't really been deployed yet,
it looks to be the best fit for our needs.  We might be able to get
it into the 0.5 release, but chances are it'll get deferred to 0.5.1
though, as we'll want to tweak it so that it can provide us with the
necessary quantity of random data.

* 5) ???

Lots of things going on, and there has been a burst of activity on
the forum [8] lately as well, so I'm sure I've missed some things.
In any case, swing on by the meeting in a few minutes and say whats
on your mind (or just lurk and throw in the random snark)

=jr
[8] http://forum.i2p.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCCSaRGnFL2th344YRApVpAKCEypMmgxmJu7ezMwKD5G3ROClh8ACfRqj6
+bDiCX8vfeua3lkyUfiF7ng=
=+m56
-----END PGP SIGNATURE-----
_______________________________________________
i2p mailing list
i2p at i2p.net
http://i2p.dnsalias.net/mailman/listinfo/i2p

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From mv at cdc.gov  Tue Feb  8 17:47:10 2005
From: mv at cdc.gov (Major Variola (ret))
Date: Tue, 08 Feb 2005 17:47:10 -0800
Subject: LA Times on brinworld, complete with nothing to hide quote
Message-ID: <42096B9D.DE3D9392@cdc.gov>

                           Article Published: Sunday, February 06, 2005
- 7:14:24 PM PST

                           Who's got an
                           eye on you?

                           Secret
                           cameras are
                           everywhere

                           By Andrea
                           Cavanaugh,
                           Staff Writer

                           Smile!

                           If you're
                           making your
                           way around
                           Los Angeles
                           -- or any
                           metropolitan
                           area in
                           America these
                           days -- there's
                           a good
                           chance your
                           movements
                           are being
                           recorded by a
                           surveillance
                           camera.

                           Once limited
                           mostly to
                           banks and
                           convenience
                           stores, the
                           beady eye of
                           the surveillance camera has appeared nearly
everywhere over the past
                           decade. Cheaper surveillance systems and
heightened fears of terrorist
                           attacks have created a world that is
increasingly captured on camera.

                           "If you're outside doing anything, you're
being recorded 50 percent of the
                           time," said Paul Ramos, vice president of
sales and marketing for Fairfax
                           Electronics, a Los Angeles company that sells
security systems.

                           "If you're shopping or attending an event, it
goes up to 90 percent. Yes,
                           Big Brother is there, and Big Brother is
strong."

                           Perched on rooftops and under eaves, cameras
discreetly rake shopping
                           centers, stadiums, office buildings and
parking lots.

                           Police say surveillance cameras, whether
installed by businesses,
                           homeowners or local governments, act as a
powerful law-enforcement tool
                           and crime deterrent. Law-abiding people have
nothing to worry about, said
                           Lt. Paul Vernon of the Los Angeles Police
Department.

                           "When people start talking about Big Brother,
I say, 'I've got nothing to
                           hide.' Those cameras aren't looking into my
home, and if they were, it
                           would be pretty boring."

                           Although law-enforcement agencies hail the
technology as a labor-saving
                           device that allows them to patrol much larger
areas with fewer sets of eyes,
                           many civil libertarians view surveillance
cameras as a creeping erosion of
                           privacy rights.

                           "How would you like to be followed around by
a slimy guy in a raincoat
                           who records everything you do? It's a
technological version of a slimy guy
                           in a raincoat," said privacy expert Lauren
Weinstein, who is producing a
                           radio series about technology's impact on
society.

                           "The difference is, you can't see it, you
don't know what it's pointed at, or
                           how long the images are going to be stored."

                           The mostly unregulated recording takes place
with a tacit nod from the U.S.
                           Supreme Court, which has indicated again and
again that people have no
                           reasonable expectation of privacy in public
places.

                           Government agencies across the United States
are installing cameras in as
                           many public areas as possible, but they are
still behind the curve compared
                           with European cities, Ramos said.

                           In Los Angeles, surveillance devices
increasingly are used by government
                           to patrol public places. Several recently
installed cameras along Hollywood
                           Boulevard scan stretches popular with
tourists and criminals alike.

                           And, buoyed by the success of a surveillance
program at crime-plagued
                           MacArthur Park west of downtown, the LAPD
recently unveiled a camera
                           system capable of scanning thousands of
license plates per hour and
                           employing controversial facial-recognition
software to pinpoint known
                           criminals.

                           Once clunky and obtrusive, some surveillance
devices are now so small
                           they're nearly undetectable. And the days of
scratchy, black-and-white
                           images recorded on videotape are long gone.
Advances in technology
                           mean crystal-clear digital pictures that can
be reviewed in real time -- as
                           they occur.

                           "These are beautiful tools," said Ramos,
whose company sells 20 to 30
                           surveillance systems each month. "It's the
ability to be anywhere in the
                           world and see what's going on, and also
review what happened yesterday,
                           or last week, or last month."

                           Although the cameras raise the hackles of
privacy advocates, most people
                           don't mind being recorded everywhere they go,
said A. Michael Noll, a
                           communications professor at the University of
Southern California.

                           Graduate students polled about privacy issues
routinely rank surveillance
                           cameras nearly at the bottom of a long list
of concerns, he said.

                           "Most people just don't care about being on
camera," Noll said. "In Los
                           Angeles, they probably enjoy it. They
probably see it as a screen test."

                           Northridge resident Rochelle Matthews sees it
as an invasion of privacy.
                           The 37-year-old insurance agent said she
doesn't like being under constant
                           scrutiny.

                           "What are they looking for? I don't think
everything needs to be patrolled.
                           People need and deserve privacy."

                           Chatsworth resident Leanne Vince said she
doesn't mind being recorded
                           when she ventures out in public. Only
criminals need to worry about being
                           under surveillance, the 35-year-old music
company executive said.

                           "It doesn't bother me at all because I'm not
doing anything wrong," she
                           said. "If I'm at the grocery store and
they're following me, so what? It's
                           technology. You take the good with the bad."

                           But Weinstein cautioned that constant
surveillance can cause the shadow
                           of suspicion to fall on the innocent when
innocuous activities are
                           misinterpreted.

                           "A lot of people don't care, but they haven't
thought about it," he said.
                           "The dark side of this stuff isn't
discussed."

                           The benefits of surveillance cameras, such as
capturing Oklahoma City
                           bomber Timothy McVeigh on film just before he
picked up the rental truck
                           used in the bombing, far outweigh the privacy
concerns, Noll said.

                           And the concerns of those "screaming about
Big Brother" may be
                           overblown, Noll said.

                           "If someone were tracking me down the street,
I might care," he said. "But
                           there aren't enough people at the other end
to be watching all this
                           surveillance."

                           Armed with that knowledge, experts are now
developing software that
                           alerts authorities when certain types of
behavior are detected.

                           Weinstein cautioned that the practice of
recording people in nearly every
                           public place could escalate out of control.

                           "It's always a balancing act," he said. "It's
not to say you have a total
                           expectation of privacy in public places, but
there shouldn't be none.

                           "Unless we want to live in a pervasive
surveillance society where all of
                           your moves are tracked and recorded, we'd
better start putting rules in
                           place."




From iang at systemics.com  Tue Feb  8 13:47:19 2005
From: iang at systemics.com (Ian G)
Date: Tue, 08 Feb 2005 21:47:19 +0000
Subject: Identity thieves can lurk at Wi-Fi spots
In-Reply-To: <p06110454be2e9ad0376a@[68.167.57.91]>
References: <p06110454be2e9ad0376a@[68.167.57.91]>
Message-ID: <42093367.9090807@systemics.com>

R.A. Hettinga wrote:

><http://www.usatoday.com/tech/news/2005-02-06-evil-twin-usat_x.htm>
>
>
>The facility uses software and sensors to monitor 480 wireless devices used
>by medical personnel at 110 access points. Last month, it stopped about 120
>attempts to steal financial information from medical personnel and patients
>- double the number of incidents from a few months earlier.
>
>The recent surge in evil-twin attacks parallels phishing scams ...
>

Has anyone seen any case details on any of these
attacks?  The few articles I read all seemed to start
out saying it was happening, and then ended with
limp descriptions of how it *could* happen.  That is,
more FUD.

The above though seems to be a claim that it has
happened.  Now, what exactly did happen?  Was it
a hack attack?  An eavesdropping attack?  An MITM?

Was there indeed even an attack, or was it just the
software indicating a couple of funny connects?

Last year, those 2 kids were caught doing the wireless
thing in front of the hardware store - but again, what
they did was to hack (well, walk) into the systems and
install a program.

iang, still on the trail of the elusive MITM...

-- 
News and views on what matters in finance+crypto:
        http://financialcryptography.com/




From eugen at leitl.org  Tue Feb  8 14:14:49 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 8 Feb 2005 23:14:49 +0100
Subject: [i2p] weekly status notes [feb 8] (fwd from jrandom@i2p.net)
Message-ID: <20050208221449.GE1404@leitl.org>

----- Forwarded message from jrandom <jrandom at i2p.net> -----


From jamesd at echeque.com  Wed Feb  9 09:09:56 2005
From: jamesd at echeque.com (James A. Donald)
Date: Wed, 09 Feb 2005 09:09:56 -0800
Subject: What is a cypherpunk?
In-Reply-To: <200502070318.j173Ihwa023849@marco.aarg.net>
Message-ID: <4209D364.29070.1A0DC2F@localhost>

    --
On 6 Feb 2005 at 19:18, D. Popkin wrote:
> Yes, but Big Brother governments are not the only way such
> "wisdom" gets imposed.  Bill Gates came close to imposing it
> upon all of us, and if it hadn't been for Richard Stallman
> and Linus Torvalds, we might all be suffering under that yoke
> today.

There is nothing stopping you from writing your own operating
system, so Linus did.

If, however, you decline to pay taxes, men with guns will
attack you.

That is the difference between private power and government
power.


    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     IQOesrdAqVhLdsZtGiFJzVPm4eKemvE0rvMznIRG
     4e37sO5HcxzRajhvHvVBldBgvI0YdW75A0FNQwWi9




From rah at shipwright.com  Wed Feb  9 07:59:54 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 9 Feb 2005 10:59:54 -0500
Subject: Standards for Efficient Cryptography Group (SECG) Announce New 
  Initiatives
Message-ID: <p0611047abe2fe115ff5f@[68.167.57.91]>

<http://www.newswire.ca/en/releases/archive/February2005/09/c2130.html?view=print>

Canada NewsWire Group

CERTICOM CORP. Attention Business Editors:

 Standards for Efficient Cryptography Group (SECG) Announce New Initiatives
    Elliptic Curve Cryptography protocol test site and test certificate
    authority to promote interoperability and facilitate faster time
    to-market

    MISSISSAUGA, ON, Feb. 9 /CNW/ - Two new initiatives being spearheaded by
the Standards for Efficient Cryptography Group (SECG) will help developers
quickly and effectively test elliptic curve cryptography (ECC)-based
implementations to facilitate faster time-to-market, according to Certicom, a
founding member of SECG. Announced today, an ECC protocol test site and
certificate authority (CA) will be available to SECG members in the spring of
2005.
    The SECG, an industry consortium, was founded in 1998 to develop
commercial standards that facilitate the adoption of efficient cryptography
and interoperability across a wide range of computing platforms. Where
standards already exist, SECG may promote a refined, peer-reviewed profile of
the broader standard to promote adoption and interoperability. The SECG also
provides guidance to governments and organizations that are developing
cryptographic standards.

    The initiatives announced today include:

    -  ECC protocol test site: developers will be able to vet their protocol
       implementations against reference implementations to test
       interoperability. Each test - such as Transport Layer Security (TLS)
       and S/MIME protocols - has been peer-reviewed by the leading ECC and
       protocol authorities.

    -  ECC-based certificate authority: the group will issue free ECC-based
       certificates for testing and prototyping.

    "SECG's role is to make it easier to use ECC by promoting practical
standards, interoperability and by providing mechanisms to test
implementations and prototypes," said William Lattin, chair of SECG. "Recent
developments, such as advances in the cryptographic world and U.S. government
security initiatives, have elevated the need for ECC and for resources like
ours."
    "The work of SECG is valuable resource for companies committed to ECC,"
says Gloria Navarre, senior architect, Unisys Global Security Practice. "As
Unisys develops next-generation ECC applications, such as our solutions to
help banks embrace image exchange in check processing, and transform payments
operations as a whole, we can take advantage of the expertise,
interoperability and testing standards that SECG offers to provide new levels
of security to our clients and their customers."
    "SECG enables access to proven and effective algorithms and protocols to
secure a communication channel between computers. It is particularly important
when communicating computers have limiting computational resources and when
the bandwidth of the channel has limiting capacity. This is the case of
important mailing applications where Pitney Bowes has established a strong
leadership position worldwide. In addition SECG allows to have a common
foundation for all communication security needs regardless of the limiting
factors. This in turn enables interoperability between a broad variety of
applications," said Dr. Leon Pintsov, Pitney Bowes Fellow and vice president,
International Standards and Advanced Technology.
    ECC, a computationally efficient form of cryptography, is used in a
growing number of sectors ranging from consumer electronics, embedded devices
and semiconductors to government and financial services. Several changes have
spurred the adoption of ECC. The first is the need for a stronger public-key
cryptosystem that doesn't affect performance. For example, a high security
encryption algorithm like the Advanced Encryption Standard (AES) demands
equivalent security for the accompanying digital signatures and key exchanges.
To achieve this level of security without overwhelming the processors of most
mobile devices, developers would need ECC, which offers equivalent security to
other competing technologies but with much smaller key sizes. The second is
the National Security Agency's recent decision to name ECC the public-key
cryptosystem needed to meet the new, stronger security requirements under its
crypto modernization program.
    The SECG is open to all interested parties who are willing to contribute
to the ECC standards development process. To become a member of the SECG,
simply send an email to the SECG mailing list
(secg-talk-request at lists.certicom.com) with the word "SUBSCRIBE" in the
subject line. To find out more about SECG and to download the latest
standards, visit www.secg.org, or visit us at the RSA conference, in the
Certicom booth No. 430, February 14-18, Moscone Center, San Francisco.

    About SECG
    The Standards for Efficient Cryptography Group (SECG) is an industry
consortium for the development of standards based upon Elliptic Curve
Cryptography (ECC). It was chartered to develop commercial standards that
specify the basis for creating interoperable, cost-effective security
solutions across a wide range of computing platforms. The SECG was founded in
1998 by Certicom and currently includes member companies such as: Entrust,
Fujitsu, Pitney Bowes, Unisys and Visa International. Visit www.secg.org.

    About Certicom
    Certicom Corp. (TSX: CIC) is the authority for strong, efficient
cryptography required by software vendors and device manufacturers to embed
security in their products. Adopted by the US government's National Security
Agency (NSA), Certicom technologies for Elliptic Curve Cryptography (ECC)
provide the most security per bit of any known public key scheme, making it
ideal for constrained environments. Visit www.certicom.com.

    About Pitney Bowes
    Pitney Bowes is the world's leading provider of integrated mail and
document management systems, services and solutions. The $5 billion company
helps organizations of all sizes efficiently and effectively manage their
mission-critical mail and document flow in physical, digital and hybrid
formats. Its solutions range from addressing software and metering systems to
print stream management, electronic bill presentment and presort mail
services. With approximately 33,000 employees worldwide, Pitney Bowes serves
more than 2 million businesses through direct and dealer operations. For more
information about Pitney Bowes please visit http://www.pb.com.

    About Unisys
    Unisys is a worldwide information technology services and solutions
company. Our people combine expertise in consulting, systems integration,
outsourcing, infrastructure and server technology with precision thinking and
relentless execution to help clients, in more than 100 countries, quickly and
efficiently achieve competitive advantage. For more information, visit
www.unisys.com.

    Certicom, Certicom Security Architecture, Certicom CodeSign, Security
    Builder, Security Builder Middleware, Security Builder API, Security
    Builder Crypto, Security Builder SSL, Security Builder PKI, Security
    Builder NSE and Security Builder GSE are trademarks or registered
    trademarks of Certicom Corp. All other companies and products listed
    herein are trademarks or registered trademarks of their respective
    holders.

    Except for historical information contained herein, this news release
    contains forward-looking statements that involve risks and uncertainties.
    Actual results may differ materially. Factors that might cause a
    difference include, but are not limited to, those relating to the
    acceptance of mobile and wireless devices and the continued growth of
    e-commerce and m-commerce, the increase of the demand for mutual
    authentication in m-commerce transactions, the acceptance of Elliptic
    Curve Cryptography (ECC) technology as an industry standard, the market
    acceptance of our principal products and sales of our customer's
    products, the impact of competitive products and technologies, the
    possibility of our products infringing patents and other intellectual
    property of fourth parties, and costs of product development. Certicom
    will not update these forward-looking statements to reflect events or
    circumstances after the date hereof. More detailed information about
    potential factors that could affect Certicom's financial results is
    included in the documents Certicom files from time to time with the
    Canadian securities regulatory authorities.

    %SEDAR: 00003865E



For further information: please contact: Tim Cox, Zing Public Relations,
(650) 369-7784, tim at zingpr.com; Brendan Ziolo, Certicom Corp.,
(613) 254-9267, bziolo at certicom.com



CERTICOM CORP.

 CERTICOM CORP. - More on this organization
 Quotes & Charts


News Releases
(79)

Webcast
Company Earnings
CIC.(TSX)


STANDARDS FOR EFFICIENT CRYPTOGRAPHY GROUP

 STANDARDS FOR EFFICIENT CRYPTOGRAPHY GROUP - More on this organization


News Releases
(1)



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Wed Feb  9 08:01:47 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 9 Feb 2005 11:01:47 -0500
Subject: Group Aims to Make Internet Phone Service Secure
Message-ID: <p06110465be2fc2c8e566@[68.167.57.91]>

<http://online.wsj.com/article_print/0,,SB110790485798349353,00.html>

The Wall Street Journal

      February 9, 2005

 TELECOMMUNICATIONS


Group Aims to Make
 Internet Phone Service Secure
Alliance of Tech Companies Looks for Ways
 To Head Off Attacks by Hackers, Viruses

By RIVA RICHMOND
DOW JONES NEWSWIRES
February 9, 2005; Page D4


A group of more than 20 technology companies and computer-security
organizations has gone on the offensive to protect the burgeoning Internet
telephone service from hackers, viruses and other security problems.

The VOIP Security Alliance, which was announced earlier this week, will
focus on uncovering security problems and promoting ways to reduce the risk
of attack for voice over Internet protocol, or VOIP, technology.

The group, known as VOIPSA, includes companies such as 3Com Corp., Alcatel
SA, Avaya Inc., Siemens AG, Symantec Corp. and Ernst & Young LLP. Other
members include the National Institute of Standards and Technology, a
federal government agency; the SANS Institute, a research organization for
network administrators and computer-security professionals; and several
universities.

The group's goal is to help make VOIP as secure and reliable as traditional
telephone service. VOIP breaks voice into digital information and moves it
over the Internet. That can make phone service much cheaper, but it also
opens the door to the kind of security woes that have come to plague the
Internet.

VOIP enthusiasts worry that security and privacy problems could hamper
adoption of the technology.

"VOIP has a lot of great value propositions, but in order for it to be
successful, it has to be secured" and offer service quality that's on par
with the current phone system, said David Endler, chairman of the alliance
and an executive at TippingPoint, a security company that recently was
acquired by 3Com. "VOIPSA is a first step in doing that."

Internet telephone service is expected to be rolled out rapidly to
consumers and business customers, starting this year. Mr. Endler said many
network operators don't realize they need to alter their security
strategies when they add Internet phone service. For instance, traditional
firewalls cannot police VOIP traffic, he said, and so networks will need to
be upgraded with newer security technologies.

There's little understanding of what security problems VOIP might introduce
and what kind of defensive measures need to be taken. VOIPSA intends to
improve that situation by sponsoring research, uncovering vulnerabilities,
disseminating information about threats and security measures, and
providing open-source tools to test network-security levels.

Because VOIP will be dependent on the Internet, there's little hope that
security troubles can be avoided, said Alan Paller, director of research at
the SANS Institute, though early action by technology makers to address
problems is positive and welcome. "It's not a lightweight problem," he
said. "How well would you do with no phone?" If Internet attacks can
disrupt phone service, "you radically expand the number of victims," he
said.

"VOIP networks really inherit the same cyber-security threats that data
networks are today prone to, but those threats take greater severity in
some cases," Mr. Endler said.

For instance, a life-or-death emergency call to 911 might not get through
if a network is crippled by a hacker attack. Worse, a broad assault on the
phone system could become a national security crisis that causes economic
damage.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Wed Feb  9 08:20:16 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 9 Feb 2005 11:20:16 -0500
Subject: Tester claims 90% of VPNs open to hackers
Message-ID: <p0611044cbe2fc09f63c2@[68.167.57.91]>

<http://www.computerweekly.com/print/ArticlePrinterPage.asp?liArtID=136571&liFlavourID=1>


Printed from ComputerWeekly.com

IT Management: Security

by Antony Savvas
Tuesday 8 February 2005
Tester claims 90% of VPNs open to hackers
Security testing company NTA Monitor has claimed that 90% of virtual
private networks are open to hackers.

 Over a three-year period of testing VPNs at large companies, NTA Monitor
said 90% of remote access VPN systems have exploitable vulnerabilities,
even though many companies, including financial institutions, have in-house
security teams.

 Flaws include "user name enumeration vulnerabilities" that allow user
names to be guessed through a dictionary attack because they respond
differently to valid and invalid user names.

 Roy Hills, NTA Monitor technical director, said, "One of the basic
requirements of a user name/password authentication is that an incorrect
log-in attempt should not leak information as to whether the user name or
password is incorrect. However, many VPN implementations ignore this rule."

 The fact that VPN user names are often based on people's names or e-mail
addresses makes it relatively easy for an attacker to use a dictionary
attack to recover a number of valid user names in a short period of time,
said Hills.

 Passwords can also be made harder to crack by deploying a mixture of
characters and numbers. Hills said a six-character password can be cracked
in about 16 minutes using standard "brute force" cracking software.
However, a six-character password combining letters and numbers could take
two days to crack.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Wed Feb  9 08:21:00 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 9 Feb 2005 11:21:00 -0500
Subject: Hold the Phone, VOIP Isn't Safe
Message-ID: <p0611044dbe2fc15e90ab@[68.167.57.91]>

<http://www.wired.com/news/print/0,1294,66512,00.html>

Wired News


Hold the Phone, VOIP Isn't Safe 
By Elizabeth Biddlecombe?

Story location: http://www.wired.com/news/technology/0,1282,66512,00.html

02:00 AM Feb. 07, 2005 PT

In recognition of the fact that new technologies are just as valuable to
wrongdoers as to those in the right, a new industry group has formed to
look at the security threats inherent in voice over internet protocol.

 The VOIP Security Alliance, or VOIPSA, launches on Monday. So far, 22
entities, including security experts, researchers, operators and equipment
vendors, have signed up. They range from equipment vendor Siemens and phone
company Qwest to research organization The SANS Institute.


 They aim to counteract a range of potential security risks in the practice
of sending voice as data packets, as well as educate users as they buy and
use VOIP equipment. An e-mail mailing list and working groups will enable
discussion and collaboration on VOIP testing tools.

 VOIP services have attracted few specific attacks so far, largely because
the relatively small number of VOIP users doesn't make them a worthwhile
target. (A report from Point Topic in December counted 5 million VOIP users
worldwide.)

 But security researchers have found vulnerabilities in the various
protocols used to enable VOIP. For instance, CERT has issued alerts
regarding multiple weaknesses with SIP (session initiation protocol) and
with H.323.

 Over the past year, experts have repeatedly warned that VOIP abuse is
inevitable. The National Institute of Standards and Technology put out a
report last month urging federal agencies and businesses to consider the
complex security issues often overlooked when considering a move to VOIP.
NIST is a member of VOIPSA.

 "It is really just a matter of time before it is as widespread as e-mail
spam," said Michael Osterman, president of Osterman Research.

 Spammers have already embraced "spim" (spam over instant messaging), say
the experts. Dr. Paul Judge, chief technology officer at
messaging-protection company CipherTrust, says 10 percent of
instant-messaging traffic is spam, with just 10 to 15 percent of its
corporate clients using IM. "It is where e-mail was two and a half years
ago," said Judge.

 To put that in perspective, according to another messaging-protection
company, FrontBridge Technologies, 17 percent of e-mail was spam in January
2002. It put that figure at 93 percent in November 2004.

 So the inference is that "spit" (spam over internet telephony) is just
around the corner. Certainly, the ability to send out telemarketing
voicemail messages with the same ease as blanket e-mails makes for
appealing economics.

 Aside from the annoyance this will cause, the strain on network resources
when millions of 100-KB voicemail messages are transmitted, compared with
5- or 10-KB e-mails, will be considerable.

 But the threat shouldn't be couched solely within the context of unlawful
marketing practices. Users might also see the audio equivalent of phishing,
in which criminals leave voicemails pretending to be from a bank, said
Osbourne Shaw, whose role as president of ICG, an electronic forensics
company, has led him to try buying some of the goods advertised in spam.

 In fact, according to David Endler, chairman of the VOIP Security Alliance
and director of digital vaccines at network-intrusion company TippingPoint,
there are many ways to attack a VOIP system. First, VOIP inherits the same
problems that affect IP networks themselves: Hackers can launch distributed
denial of service attacks, which congest the network with illegitimate
traffic. This prevents e-mails, file transfers, web-page requests and,
increasingly, voice calls from getting through. Voice traffic has its own
sensitivities, which mean the user experience can easily be degraded past
the point of usability.

 Furthermore, additional nodes of the network can be attacked with VOIP: IP
phones, broadband modems and network equipment, such as soft switches,
signaling gateways and media gateways.

 Endler paints a picture in which an attack on a VOIP service could mean
people would eavesdrop on conversations, interfere with audio streams, or
disconnect, reroute or even answer other people's phone calls. This is a
concern to the increasing number of call centers that put both their voice
and data traffic on a single IP network. It is even more of a concern for
911 call centers.

 But Louis Mamakos, chief technology officer at broadband telephony
provider Vonage, says he and his team "spend a lot of time worrying about
security" but the problems the company has seen so far have centered on
"more pedestrian" threats like identity theft.

 Vonage has not yet signed up for the VOIP Security Alliance, said Mamakos,
and employees already spend a lot of time working on security issues with
technology providers.

 "I'm not sure if (VOIPSA) is a solution to a problem we don't have yet,"
he said. "We need to judge what the incremental value is in working with
another organization."

 He also talked about how hard it would be to break into Vonage's service.
Access to Vonage's signaling traffic requires authentication. The
infrastructure is much more distributed than the websites that have been
taken offline by denial of service attacks. And anyone wanting to eavesdrop
on a Vonage phone conversation would have to be physically very close to
the broadband connection leading to the target, as the farther away the
eavesdropper is, the more commingled the target's voice traffic will be
with other traffic on the network.

 Meanwhile Kelly Larrabee, a spokeswoman for the peer-to-peer VOIP provider
Skype, noted that Skype users control what information about themselves is
available and who can contact them. She also said end-to-end encryption is
used to protect voice conversations. The only vulnerability so far, aside
from uncertified third-party applications, is through file transfers -- and
again, this is under user control.

 But these words could be like a red rag to a bull. As one commentator put
it, a continuous duel is going on between network users and abusers, and
spammers and hackers could well be reading this article. This poses the
question of whether a group like the VOIP Security Alliance should refrain
from announcing its efforts in the media and from making its membership and
e-mail list free and open to all.

 In response, said VOIPSA's Endler, "The people we really have to worry
about are already thinking about (how to misuse VOIP)."

 Today's effort is to ensure that VOIP systems are reinforced "before it
gets to the point that there are easily available tools for the script
kiddies to use," he said.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Wed Feb  9 08:24:14 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 9 Feb 2005 11:24:14 -0500
Subject: Hack License
Message-ID: <p06110452be2fc17a9724@[68.167.57.91]>

<http://www.technologyreview.com/articles/05/03/issue/review_hack.asp?p=0>

Technology Review



TechnologyReview.com
Print

Hack License
By Simson Garfinkel March 2005



As cultural critic and New School University professor McKenzie Wark sees
things, today's battles over copyrights, trademarks, and patents are simply
the next phase in the age-old battle between the productive classes and the
ruling classes that strive to turn those producers into subjects. But
whereas Marx and Engels saw the battle of capitalist society as being
between two social classes-the proletariat and the bourgeoisie-Wark sees
one between two newly emergent classes: the hackers and a new group that
Wark has added to the lexicon of the academy: the "vectoralist class."


Wark's opus A Hacker Manifesto brings together England's Enclosure
Movement, Das Kapital, and the corporate ownership of information-a process
that Duke University law professor James Boyle called "the Second Enclosure
Movement"-to create a unified theory of domination, struggle, and freedom.
Hacking is not a product of the computer age, writes Wark, but an ancient
rite in which abstractions are created and information is transformed. The
very creation of private property was a hack, he argues-a legal hack-and
like many other hacks, once this abstraction was created, it was taken over
by the ruling class and used as a tool of subjugation.

So who are these vectoralists? They are the people who control the vectors
by which information flows throughout our society. Information wants to be
free, Wark writes, quoting (without attribution) one of the best-known
hacker aphorisms. But by blocking the free vectors and charging for use of
the others, vectoralists extract value from practically every human
endeavor.

 There is no denying that vectoralist organizations exist: by charging for
the distribution of newspapers or Web pages, such organizations collect
money whenever we inform ourselves. By charging for the distribution of
music, they collect money off the expression of human culture. 

 Yes, today many Web pages and songs can be accessed over the Internet for
free. But others cannot be. The essence of the successful vectoralist,
writes Wark, is in this person's ability to rework laws and technology so
that some vectors can flourish while other vectors-the free ones-are
systematically eliminated.

But does Wark have it right? By calling his little red book A Hacker
Manifesto, Wark hopes to remind us of Marx and Mao. Does this concept of
"vector" have what it takes to start a social movement? Are we on the cusp
of a Hacker Rebellion?

The Communists of the 1840s had more or less settled on the ground rules of
their ideology-the communal ownership of property and social payments based
on need-by the time Marx and Engels wrote their infamous tract. By
contrast, many individuals who identify themselves as hackers today are
sure to find Wark's description circumscribed and incomplete. 

 When I was an undergraduate at MIT in the 1980s, hackers were first and
foremost people who perpetrated stunts. It was a group of hackers that
managed to bury a self-inflating weather balloon near the 50-yard line at
the 1982 Harvard-Yale game; two years later, Caltech hackers took over the
electronic scoreboard at the Rose Bowl and displayed their own messages.
(Another group had hacked the Rose Bowl 21 years before, rewriting the
instructions left on 2,232 stadium seats so that Washington fans raising
flip-cards for their half-time show unknowingly spelled out "Caltech.")

Hackers were also spelunkers of MIT's tunnels, basements, and heating and
ventilation systems. These hackers could pick locks, scale walls, and
practically climb up moonbeams to reach the roofs of the Institute's
tallest buildings.

By the late 1980s, the media had seized on the word hacker-not to describe
a prankster, but as a person who breaks into computers and takes joyrides
on electronics networks. These hackers cracked computer systems, changed
school grades, and transferred millions of dollars out of bank accounts
before getting caught by the feds and sent to the pen.

 Finally, there were the kind of hackers  MIT professor Joseph Weizenbaum
had previously called "compulsive programmers." These gods of software saw
the H-word as their badge of honor. Incensed by the hacker stereotype
portrayed in the media, these geeky mathlings and compiler-types fought
back against this pejorative use of their word-going so far as to write in
The New Hacker's Dictionary that the use of "hacker" to describe "malicious
meddler" had been "deprecated" (hacker lingo meaning "made obsolete"). I
remember interviewing one of these computer scientists in 1989 for the
Christian Science Monitor: the researcher threatened to terminate the
interview if I used the word "hacker" to describe someone who engaged in
criminal activity.

 Although the researcher and others like him were largely successful in
reclaiming their beloved bit of jargon, they were never able to fully
disassociate the word from its negative connotations. Today, the word
"hacker" is widely accepted to have two meanings. One reason, of course, is
that malicious meddlers continue to call themselves hackers.

Both Hacking Exposed, a mammoth three-author, 750-page book about to be
published in its fifth edition, and Hacking: The Art of Exploitation seem
to suggest that use of the word to describe someone with criminal intent is
alive and well. There are very much two kinds of hackers: "white-hat
hackers," who follow the programmer ethic and help people to secure their
computers, and "black-hat hackers," who actually do the dirty business. The
fact that it is the black hats who create the market demand for the white
hats is something that most white hats fail to mention. Also overlooked is
the fact that many who wear white hats today once wore black hats in their
distant or not-so-distant past.

 The idealized hackers for whom Wark has written his manifesto also
routinely engage in criminal activity-by violating the vectorial
establishment's laws of intellectual property. Vectorialists are not the
only victims of these crimes. And Wark's hackers are the kind of people who
would use peer-to-peer networks to let a million of their closest friends
download Hollywood's latest movies before they are released in theaters-a
prime example of hacker power to defeat the evils of vectorial oppression.
On the other hand, hackers also rent time on other networks in order to
send out billions of spam messages hawking the latest in penis enlargement.
When it comes to the hacker pastime of criminal computer trespass, Wark is
silent.


Freedom versus Free Beer
Absent as well is any reference to hardware hacking-or, indeed, any
reference to hardware at all. To Wark, hacking is about bits, not atoms.
The power of Big Vector is its ability to control information networks like
the telegraph and the Internet, not transportation networks like FedEx. The
intellectual property that Wark is concerned about is the property of
abstraction: movies, programs, drugs. It's information that "wants to be
free." Wark comes down pretty hard on the patenting of genetic information,
but presumably the patents that apply to the design of piston engines or
wind turbines are another matter entirely.


Hacker philosophers such as Richard Stallman and Lawrence Lessig frequently
play up the fact that information can be given away without being
relinquished. It is this fundamental fact that makes information different
from other goods, they argue. It is why the old rules of property should
not apply in the digital domain.

Stallman wrote in 1985, "the golden rule requires that if I like a program
I must share it with other people who like it." Stallman continues,
"Software sellers want to divide the users and conquer them, making each
user agree not to share with others. I refuse to break solidarity with
other users in this way. I cannot in good conscience sign a nondisclosure
agreement or a software license agreement."

Stallman, more than anyone else, is rightfully credited with kicking off
what we now know as the "open source movement"-which he calls "Free
Software." That's "free" as in "freedom," not as in "free beer," Stallman
is quick to point out. The culture of sharing software was in danger of
dying out in the early 1980s when Stallman started the GNU Project and
wrote "The GNU Manifesto."

GNU stands for GNU's Not Unix-an all too clever recursive hacker acronym.
The original goal of the project was to create a free version of the Unix
operating system. But Stallman worked hard to extend the consciousness of
programmers beyond mere lines of code and into the world of
politics-specifically the politics of intellectual property. He staged a
hacker protest at the headquarters of Lotus when that company tried to
enforce copyright restrictions on user interfaces. He wrote and spoke,
rallying against copyright restrictions and software patents.

 Like "the Party" in 1984 and real-live Communists in China, Stallman
promotes his ideology in part by rewriting everyday speech. He went so far
as to publish an official list of "Confusing or Loaded Words and Phrases
that are Worth Avoiding"- words like "commercial," "consumer," "content,"
"creator," "open," and "intellectual property." For example, he writes,
instead of using the phrase "copyright protection," one should instead use
"copyright restrictions," as in the sentence: "Congress recently extended
the term of copyright restrictions by 20 years."

These tactics turned off supporters and were put to good use as
counterpropaganda by his detractors-such as a software executive who once
accused Stallman of being a Communist because of his collectivist software
ideology. The emergence of the term "open source" amounted to a slap in
Stallman's face: after all, it was a direct attempt to separate the
mechanism of Free Software from Stallman's barefoot politics of free love,
his vehement attacks on the beliefs and conduct of the Republican party,
and his vigorous defense of personal freedom.

 Using Wark's framework, this all makes a kind of sense. Stallman is not
opposed to big business and capitalism: he is opposed to big vector and the
vectoralist agenda of creating a body of intellectual property law that
eliminates the possibility of alternatives. Anyone committed to freedom
must be opposed to the vectoralist class, because it profits through
control.

>From this Wark-Stallman view that intellectual property is really just a
self-enriching tool evolves the conclusion that the world of computers
would be better off without the majority of patents, copyrights,
trademarks, and other legal means for restricting intellectual property. 

 Lessig, meanwhile, takes these mechanisms of restriction in a different
direction. In The Future of Ideas he argues that a combination of legal and
technical restrictions are fencing off our cultural heritage. In the
not-so-distant future, perhaps, the very phrase "free expression" will
become an oxymoron, as any self-respecting expression will necessarily have
to pay licensing fees for numerous ideas, phrases, images, and even
thoughts from well-funded copyright holders.

 Lessig failed in his attempt to fight the Sonny Bono Copyright Term
Extension Act in the U.S. Supreme Court-the act that will keep Mickey Mouse
out of the public domain for another 20 years. But despite this serious
setback, Lessig has succeeded in convincing thousands of professionals to
put their signatures on  his so-called "Creative Commons" licenses, which
allow colleagues and other professionals to freely cite from and reprint
one another's work, and even make derivative works.


Hardware Hacks
The problem here is that sharing may work for software, but it doesn't work
for hardware. Moore's Law has driven much of the computer revolution, but
it requires that companies like Intel spend more and more money each year
to create the next generation of superfast chips. Take away Intel's
copyright and patent protection, and knock-off companies would create clone
Intel processors for a fraction of the cost. These chips would be
dramatically cheaper than Intel's, and Intel would not have the money to
create the next generation of still-faster devices. Moore's Law depends
upon vectoral control.


Wark's opus doesn't just ignore hardware-it ignores hardware hacking, the
tradition of modifying circuits and computers to do things that the
original designers never intended. Hardware hackers are pros at both adding
new features and removing arbitrary restrictions-like the region codes on
DVD players that won't let European DVDs play in U.S. players. Yet
increasingly, hardware is where the action is. Books such as Hacking the
Xbox: An Introduction to Reverse Engineering are exposing secrets to the
masses that once were strictly the province of MIT and Caltech midnight
seminars. Hardware hackers are largely motivated by exactly the same
antivectoralist tendencies as the hackers creating file-sharing networks:
the desire to get around restrictions that have been artificially imposed
upon their beloved technology. Hackers are people who use technical means
to break restrictive rules and, as a result, create new possibilities. They
are agents of disruptive change, no matter whether they hack code,
networks, video-game consoles or copyright. By failing to address hardware
and its hackers, Wark's work once again falls short of its title.

And what of information yearning to be free? The quotation comes from
Stewart Brand, editor of the Whole Earth Catalog, speaking at the first
Hacker's Conference back in 1984. According to a transcript of the
conference printed in Brand's May 1985 issue, the full quotation was: "On
the one hand information wants to be expensive, because it's so valuable.
The right information in the right place just changes your life. On the
other hand, information wants to be free, because the cost of getting it
out is getting lower and lower all the time. So you have these two fighting
against each other."

 If I might be so bold as to rekngineer Brand's quotation while looking
through Wark's glasses, it's the hackers who want information to be free,
and it's the vectoralists who want information to be expensive. Having
known and admired Stallman for more than 20 years, I've long understood the
concept of the hacker. Wark's contribution in his misnamed volume is the
identification of the hacker's enemy, the vectoral class. It is a battle, I
fear, that we cannot win. But it is one that must be fought.
Simson Garfinkel is a researcher in the field of computer security. He is
the author of Database Nation: The Death of Privacy in the 21st Century
(2000). He is currently a doctoral candidate at MIT's Computer Science and
Artificial Intelligence Laboratory.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From camera_lumina at hotmail.com  Wed Feb  9 08:26:21 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Wed, 09 Feb 2005 11:26:21 -0500
Subject: RSA Conference, and BA Cypherpunks
In-Reply-To: <20050207171822.W59847@ubzr.zsa.bet>
Message-ID: <BAY24-F328ECFF01F8443043E8E879B750@phx.gbl>

How 'bout laying siege to May's compound as a Cypherpunk 'team-building' 
excersize?

-TD



>From: "J.A. Terranson" <measl at mfn.org>
>To: "Trei, Peter" <ptrei at rsasecurity.com>
>CC: cypherpunks at al-qaeda.net, cryptography at metzdowd.com
>Subject: Re: RSA Conference, and BA Cypherpunks
>Date: Mon, 7 Feb 2005 17:19:30 -0600 (CST)
>
>On Mon, 7 Feb 2005, Trei, Peter wrote:
>
> > Once again, the RSA Conference is upon us, and many of the
> > corrospondents on these lists will be in San Francisco. I'd like to
> > see if anyone is interested in getting together. We've done this
> > before.
>
>Yeah, but can we eat food, drink beer, shoot drugs and screw expensive
>hookers at Tim May's "compound"?
>
>
>--
>Yours,
>
>J.A. Terranson
>sysadmin at mfn.org
>0xBD4A95BF
>
>"Quadriplegics think before they write stupid pointless
>shit...because they have to type everything with their noses."
>
>	http://www.tshirthell.com/




From rah at shipwright.com  Wed Feb  9 08:46:06 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 9 Feb 2005 11:46:06 -0500
Subject: Cryptography Research to Provide Patented Security Technology
  to  Raytheon
Message-ID: <p06110401be2feeaf2f95@[68.167.57.91]>

<http://biz.yahoo.com/prnews/050209/sfw072_1.html?printer=1>

Yahoo! Finance

Press Release
Source: Cryptography Research, Inc.

Cryptography Research to Provide Patented Security Technology to Raytheon
Wednesday February 9, 9:03 am ET

Defense and Aerospace Systems Supplier Licenses CRI's Differential Power
Analysis Countermeasures

SAN FRANCISCO, Feb. 9 /PRNewswire/ -- Cryptography Research, Inc., a
worldwide leader in security systems, today announced that it has licensed
its Differential Power Analysis (DPA) countermeasure technologies to
Raytheon Company (NYSE: RTN - News). In addition, Raytheon also purchased a
tool suite and training for its personnel to establish an internal group
focused on DPA countermeasures.

"DPA can be used to break implementations of almost any symmetric or
asymmetric cryptography algorithm, including proprietary and heavily
modified industry standard algorithms. The widespread use of strong
cryptography in both software and hardware has given DPA attacks and
countermeasures an increased importance," said Paul Kocher, president and
chief scientist of CRI.

"We are pleased to be working with Raytheon Company, and that they selected
CRI for its leading-edge countermeasure technologies," said Kit Rodgers,
vice president of licensing.

About Cryptography Research, Inc.

Cryptography Research, Inc. provides technology to solve complex security
problems. In addition to security evaluation and applied engineering work,
CRI is actively involved in long-term research in areas including tamper
resistance, content protection, network security and financial services.
The company has a broad portfolio of patents covering countermeasures to
differential power analysis and other vulnerabilities, and is committed to
helping companies produce secure smart cards and other tamper resistant
devices.

Security systems designed by Cryptography Research engineers annually
protect more than $100 billion of commerce for wireless,
telecommunications, financial, digital television and Internet industries.
For additional information or to arrange a consultation with a member of
the technical staff, please contact Jen Craft at 415-397-0123, ext. 329 or
visit www.cryptography.com.

About Raytheon Company

Raytheon Company, with 2003 sales of $18.1 billion, is an industry leader
in defense and government electronics, space, information technology,
technical services, and business and special mission aircraft. With
headquarters in Waltham, Mass., Raytheon employs 78,000 people worldwide.



 Source: Cryptography Research, Inc.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From steve49152 at yahoo.ca  Wed Feb  9 13:03:58 2005
From: steve49152 at yahoo.ca (Steve Thompson)
Date: Wed, 9 Feb 2005 16:03:58 -0500 (EST)
Subject: What is a cypherpunk?
In-Reply-To: <20050209172845.GN1404@leitl.org>
Message-ID: <20050209210358.53403.qmail@web51803.mail.yahoo.com>

 --- Eugen Leitl <eugen at leitl.org> wrote: 
> On Wed, Feb 09, 2005 at 09:09:56AM -0800, James A. Donald wrote:
> 
> > There is nothing stopping you from writing your own operating
> > system, so Linus did.
> 
> Yes. Corporate lawyers descending upon your ass, because you --
> allegedly --
> are in violation of some IP somewhere. See you in court.
> 
> > If, however, you decline to pay taxes, men with guns will
> > attack you.
> 
> If you ignore a kkkorporate cease & desist, men with guns will get you,
> too.
> Eventually. Corporations can play the system, whether they hire bandits,
> or
> use the legal system, or buy a politician to pass a law.
> 
> > That is the difference between private power and government
> > power.
> 
> There is no difference. Both are coercive. Some of the rules are good
> for
> you, some are good for the larger assembly of agents, some are broken on
> arrival.
> 
> We need smarter agents.

Too late.  Stupidity is an entrenched aspect of the system.

If you try to remove stupidity (assuming for the moment that
it could be done in principle) stupid men with guns will 
hunt you down and shoot you in order to protect their
jealously guarded stupidity _and_ ignorance.  For as we
all know, and particularly in non-trivial fields of 
knowledge, knowledge often implies or demands action of
a particular kind, according to the logic of the situation.

Strategic ignorance is therefore extremely valuable -- 
particularly to corrupt government and corporate officers.


Regards,

Steve


______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca




From jamesd at echeque.com  Wed Feb  9 16:58:22 2005
From: jamesd at echeque.com (James A. Donald)
Date: Wed, 09 Feb 2005 16:58:22 -0800
Subject: What is a cypherpunk?
In-Reply-To: <20050209172845.GN1404@leitl.org>
References: <4209D364.29070.1A0DC2F@localhost>
Message-ID: <420A412E.27923.382DD0@localhost>

    --
James A. Donald wrote:
> > There is nothing stopping you from writing your own
> > operating system, so Linus did.

Eugen Leitl wrote
> Yes. Corporate lawyers descending upon your ass, because you
> -- allegedly -- are in violation of some IP somewhere. See
> you in court.

Corporate lawyers did not descend on Linux until there were
enough wealthy linux users to see them in court, and send in
their own high priced lawyers to give them the drubbing they
deserved.

> > If, however, you decline to pay taxes, men with guns will 
> > attack you.

> If you ignore a kkkorporate cease & desist, men with guns
> will get you, too.

You live in a world of your own.

In civil court, the guy with no assets has a huge advantage
over the guy with huge assets -because the guy with huge assets
*cannot* send men with guns to beat him up and put him in jail
- he can only seize the (nonexistent) assets of the guy with no
assets.   So what we instead see is frivolous and fraudulent
lawsuits by people with no assets against big corporations, for
example the silicone scam.

It is in criminal court where the guy with no assets goes
unjustly to jail, and that is the doing of the state, not the
corporation. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     LHaZt4XXRKhPMhtKPS5CggL+KGd7QTAqTuygm1P1
     45bORHg+DoDEtRSoju+baDDEgsaWOIrgPHd/pMAuj




From rah at shipwright.com  Wed Feb  9 15:18:46 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 9 Feb 2005 18:18:46 -0500
Subject: GNFC launches Indian Digital Certification services
Message-ID: <p0611042cbe304a75b1eb@[68.167.57.91]>

Gujarat Narmada Valley Fertilizer Company???

;-)

Cheers,
RAH
-------


<http://www.deepikaglobal.com/ENG5_sub.asp?newscode=92273&catcode=ENG5&subcatcode=>


deepikaglobal.com - Business News Detail

Thursday, February 10, 2005  


 
Good Evening to you



Business News



GNFC launches nationwide Digital Certification services
Mumbai, Feb 9 (UNI) Gujarat Narmada Valley Fertilizer Company (GNFC)
promoted (n)Code Solutions today launched its nationwide services for
providing ''Digital certificates to individuals and organisations aimed at
boosting efforts for implementation of e-governance and e-commerce in the
country''.

Digital certificates can be explained as digital passports that help in
authentication of the bearer on the net, while maintaining privacy and
integrity of the net-based transactions. It is accorded the same value as
paper-based signatures of the physical world by the Indian IT Act 2000 and
each of these transactions help bring trust in the Internet-based
transactions.

Launching the services, Nasscom President Kiran Karnik said, ''The presence
of a large number of credible public sector organisation in this domain
will futher boost the efforts for implementation of e-governance in the
country.'' He said that the safety and security of net-based transactions
would enable to usher in higher levels of exellence at lower costs.

Having carved an enviable reputation for itself in managing large and
complex projects successfully, Mr Karnik said ''GNFC will duplicate its
success in this IT venture as well.'' A K Luke, Managing Director of GNFC
and another state-PSU Gujarat State Fertiliser Corporation, on this
occasion, said ''The (n)Code Solutions infrastructure, set up for the
purpose is at par with the best in the world.'' He said the GNFC was
committed to diversifications in the emerging fields of IT like e-security.
(n)Code Solutions has put in motion a nation-wide machinery to support
different market segments like banking and financial institutions, public
and private sector enterprises besides State and Central Government
organisations, he added.

He said the IT company of GNFC had simultaneously released a suite of
applications like (n)Procure, (n)Sign, (n)Form and (n)Pay that make use of
digital signatures to ensure safety and security in the virtual world in
various ways.

Mr Luke said these applications will address a wide spectrum of needs of
the internet-dependent business world, ranging from online procurement to
signing and sending web forms and enabling online payments to securing web
servers or VPN devices.

GNFC is a Rs 1800 crore fertiliser and chemicals company of the Gujarat
Government.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From eugen at leitl.org  Wed Feb  9 09:28:45 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 9 Feb 2005 18:28:45 +0100
Subject: What is a cypherpunk?
In-Reply-To: <4209D364.29070.1A0DC2F@localhost>
References: <200502070318.j173Ihwa023849@marco.aarg.net>
  <4209D364.29070.1A0DC2F@localhost>
Message-ID: <20050209172845.GN1404@leitl.org>

On Wed, Feb 09, 2005 at 09:09:56AM -0800, James A. Donald wrote:

> There is nothing stopping you from writing your own operating
> system, so Linus did.

Yes. Corporate lawyers descending upon your ass, because you -- allegedly --
are in violation of some IP somewhere. See you in court.

> If, however, you decline to pay taxes, men with guns will
> attack you.

If you ignore a kkkorporate cease & desist, men with guns will get you, too.
Eventually. Corporations can play the system, whether they hire bandits, or
use the legal system, or buy a politician to pass a law.

> That is the difference between private power and government
> power.

There is no difference. Both are coercive. Some of the rules are good for
you, some are good for the larger assembly of agents, some are broken on
arrival.

We need smarter agents.

--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From skquinn at speakeasy.net  Wed Feb  9 20:38:05 2005
From: skquinn at speakeasy.net (Shawn K. Quinn)
Date: Wed, 09 Feb 2005 22:38:05 -0600
Subject: What is a cypherpunk?
In-Reply-To: <4209D364.29070.1A0DC2F@localhost>
References: <4209D364.29070.1A0DC2F@localhost>
Message-ID: <1108010286.6546.12.camel@xevious>

On Wed, 2005-02-09 at 09:09 -0800, James A. Donald wrote:
>     --
> On 6 Feb 2005 at 19:18, D. Popkin wrote:
> > Yes, but Big Brother governments are not the only way such
> > "wisdom" gets imposed.  Bill Gates came close to imposing it
> > upon all of us, and if it hadn't been for Richard Stallman
> > and Linus Torvalds, we might all be suffering under that yoke
> > today.
> 
> There is nothing stopping you from writing your own operating
> system, so Linus did.

Linus Torvalds didn't write the GNU OS. He wrote the Linux kernel, which
when added to the rest of the existing GNU OS, written by Richard
Stallman among others, allowed a completely free operating system.
Please don't continue to spread the misconception that Linus Torvalds
wrote the entire (GNU) operating system.

-- 
Shawn K. Quinn <skquinn at speakeasy.net>




From mv at cdc.gov  Wed Feb  9 22:42:27 2005
From: mv at cdc.gov (Major Variola (ret))
Date: Wed, 09 Feb 2005 22:42:27 -0800
Subject: What is a cypherpunk?
Message-ID: <420B0253.9D1F92B3@cdc.gov>

At 10:38 PM 2/9/05 -0600, Shawn K. Quinn wrote:
>On Wed, 2005-02-09 at 09:09 -0800, James A. Donald wrote:
>> There is nothing stopping you from writing your own operating
>> system, so Linus did.
>
>Linus Torvalds didn't write the GNU OS. He wrote the Linux kernel,
which
>when added to the rest of the existing GNU OS, written by Richard
>Stallman among others, allowed a completely free operating system.
>Please don't continue to spread the misconception that Linus Torvalds
>wrote the entire (GNU) operating system.

Who gives a fuck?  RMS was fermenting in his own philosophical stew, to
put
it politely.  The shame is that BSD didn't explode like L*nux did, and
that
all that work had to be re-done, and with a nasty ATT flavor to boot
(no pun intended).




From mv at cdc.gov  Wed Feb  9 22:55:38 2005
From: mv at cdc.gov (Major Variola (ret))
Date: Wed, 09 Feb 2005 22:55:38 -0800
Subject: What is a cypherpunk?
Message-ID: <420B056A.FDE298C9@cdc.gov>

A cypherpunk is one who is amused at the phrase "illicit
Iraqi passports".  Given that the government of .iq has been
replaced by a conquerer's puppet goverment, who exactly has authority
to issue passports there?  And why does this belief about the
1-to-1-ness of passports to meat puppets or other identities fnord
persist?

A CP is not an anarchist; and anarchists are ill defined by current
authors, since the word merely means no head, rather than no rules,
as Herr May frequently reminded.
(In fact, the rules would de facto be set by the local gangster, rather
than
a DC based gang claiming to be the head.  A better form is libertarian
archy, but that is perhaps another thread.)

A CP, removing arguable claims about political idealogy,
is one who understands the potential effects of certain
techs on societies, for good or bad.  And is not, like
a good sci fi writer, afraid to consider the consequences.

And, ideally, a CP is one who can write code, and does so,
code that might be useful for free sentients, not even
necessarily free (in the beer sense) code.  (Albeit 'tis hard to
write useful code in the uninspectable sense of not-free,
and inspectability facilitates beer-free copying )
But this is an ideal, and perhaps three meanings of "free" in
one rant is too many for most readers.


At 12:04 PM 2/7/05 -0500, R.A. Hettinga wrote:
>While officials in Baghdad and Washington berate Iraq's neighbours for
>failing to block insurgency movements across their borders, one of the
most
>dangerous security lapses thrives in Baghdad's heart - a trade in
illicit
>Iraqi passports.




From jtrjtrjtr2001 at yahoo.com  Thu Feb 10 04:45:15 2005
From: jtrjtrjtr2001 at yahoo.com (Sarad AV)
Date: Thu, 10 Feb 2005 04:45:15 -0800 (PST)
Subject: GNFC launches Indian Digital Certification services
In-Reply-To: <p0611042cbe304a75b1eb@[68.167.57.91]>
Message-ID: <20050210124515.72294.qmail@web21202.mail.yahoo.com>

Never heard of it though the website mentions that it
is an enterprise of the gujarat state government.
Strange indeed!

Sarad.



--- "R.A. Hettinga" <rah at shipwright.com> wrote:

> Gujarat Narmada Valley Fertilizer Company???
> 
> ;-)
> 
> Cheers,
> RAH
> -------
> 
> 
>
<http://www.deepikaglobal.com/ENG5_sub.asp?newscode=92273&catcode=ENG5&subcatcode=>
> 
> 
> deepikaglobal.com - Business News Detail
> 
> Thursday, February 10, 2005  
> 
> 
>  
> Good Evening to you
> 
> 
> 
> Business News
> 
> 
> 
> GNFC launches nationwide Digital Certification
> services
> Mumbai, Feb 9 (UNI) Gujarat Narmada Valley
> Fertilizer Company (GNFC)
> promoted (n)Code Solutions today launched its
> nationwide services for
> providing ''Digital certificates to individuals and
> organisations aimed at
> boosting efforts for implementation of e-governance
> and e-commerce in the
> country''.
> 
> Digital certificates can be explained as digital
> passports that help in
> authentication of the bearer on the net, while
> maintaining privacy and
> integrity of the net-based transactions. It is
> accorded the same value as
> paper-based signatures of the physical world by the
> Indian IT Act 2000 and
> each of these transactions help bring trust in the
> Internet-based
> transactions.
> 
> Launching the services, Nasscom President Kiran
> Karnik said, ''The presence
> of a large number of credible public sector
> organisation in this domain
> will futher boost the efforts for implementation of
> e-governance in the
> country.'' He said that the safety and security of
> net-based transactions
> would enable to usher in higher levels of exellence
> at lower costs.
> 
> Having carved an enviable reputation for itself in
> managing large and
> complex projects successfully, Mr Karnik said ''GNFC
> will duplicate its
> success in this IT venture as well.'' A K Luke,
> Managing Director of GNFC
> and another state-PSU Gujarat State Fertiliser
> Corporation, on this
> occasion, said ''The (n)Code Solutions
> infrastructure, set up for the
> purpose is at par with the best in the world.'' He
> said the GNFC was
> committed to diversifications in the emerging fields
> of IT like e-security.
> (n)Code Solutions has put in motion a nation-wide
> machinery to support
> different market segments like banking and financial
> institutions, public
> and private sector enterprises besides State and
> Central Government
> organisations, he added.
> 
> He said the IT company of GNFC had simultaneously
> released a suite of
> applications like (n)Procure, (n)Sign, (n)Form and
> (n)Pay that make use of
> digital signatures to ensure safety and security in
> the virtual world in
> various ways.
> 
> Mr Luke said these applications will address a wide
> spectrum of needs of
> the internet-dependent business world, ranging from
> online procurement to
> signing and sending web forms and enabling online
> payments to securing web
> servers or VPN devices.
> 
> GNFC is a Rs 1800 crore fertiliser and chemicals
> company of the Gujarat
> Government.
> 
> 
> -- 
> -----------------
> R. A. Hettinga <mailto: rah at ibuc.com>
> The Internet Bearer Underwriting Corporation
> <http://www.ibuc.com/>
> 44 Farquhar Street, Boston, MA 02131 USA
> "... however it may deserve respect for its
> usefulness and antiquity,
> [predicting the end of the world] has not been found
> agreeable to
> experience." -- Edward Gibbon, 'Decline and Fall of
> the Roman Empire'
> 
> 



		
__________________________________ 
Do you Yahoo!? 
The all-new My Yahoo! - Get yours free! 
http://my.yahoo.com 




From justin-cypherpunks at soze.net  Wed Feb  9 21:38:07 2005
From: justin-cypherpunks at soze.net (Justin)
Date: Thu, 10 Feb 2005 05:38:07 +0000
Subject: What is a cypherpunk?
In-Reply-To: <1108010286.6546.12.camel@xevious>
References: <4209D364.29070.1A0DC2F@localhost>
  <1108010286.6546.12.camel@xevious>
Message-ID: <20050210053807.GB1295@arion.soze.net>

On 2005-02-09T22:38:05-0600, Shawn K. Quinn wrote:
> On Wed, 2005-02-09 at 09:09 -0800, James A. Donald wrote:
> >     --
> > There is nothing stopping you from writing your own operating
> > system, so Linus did.
> 
> Linus Torvalds didn't write the GNU OS. He wrote the Linux kernel, which
> when added to the rest of the existing GNU OS, written by Richard
> Stallman among others, allowed a completely free operating system.
> Please don't continue to spread the misconception that Linus Torvalds
> wrote the entire (GNU) operating system.

I think everyone who reads Cypherpunks knows what Linus did and did not
do, and that "operating system" in JAD's post means "kernel".

-- 
Certainly there is no hunting like the hunting of man, and those
who have hunted armed men long enough and liked it, never really
care for anything else thereafter. --Hemingway, Esquire Apr/1936




From rah at shipwright.com  Thu Feb 10 04:37:51 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 10 Feb 2005 07:37:51 -0500
Subject: What is a cypherpunk?
In-Reply-To: <420B056A.FDE298C9@cdc.gov>
References: <420B056A.FDE298C9@cdc.gov>
Message-ID: <p0611040abe3105f3e048@[68.167.57.91]>

At 10:55 PM -0800 2/9/05, Major Variola (ret) wrote:
>A cypherpunk is one who is amused at the phrase "illicit
>Iraqi passports".

:-).

I prefer to call them "fungible identification", myself...

Cheers,
RAH

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From eugen at leitl.org  Thu Feb 10 01:56:01 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 10 Feb 2005 10:56:01 +0100
Subject: What is a cypherpunk?
In-Reply-To: <420A412E.27923.382DD0@localhost>
References: <4209D364.29070.1A0DC2F@localhost>
  <420A412E.27923.382DD0@localhost>
Message-ID: <20050210095601.GW1404@leitl.org>

On Wed, Feb 09, 2005 at 04:58:22PM -0800, James A. Donald wrote:

> Corporate lawyers did not descend on Linux until there were

Corporations never saw Linux coming. Now that FOSS is on the radar
screen, you'll see lots of very obvious ramming through of IP protection in
software.

You haven't noticed the software patent charade happening in EU
right now? It is not at all obvious who's going to win.

> enough wealthy linux users to see them in court, and send in
> their own high priced lawyers to give them the drubbing they
> deserved.

You're misinterpreting the events. Industry has so far been fighting with
propagada only. Outside of FOSS IP wars are the rule.

> > > If, however, you decline to pay taxes, men with guns will
> > > attack you.
>
> > If you ignore a kkkorporate cease & desist, men with guns
> > will get you, too.
>
> You live in a world of your own.
>
> In civil court, the guy with no assets has a huge advantage
> over the guy with huge assets -because the guy with huge assets

What a nice boolean universe you live in. Fact is that FOSS can be easily
DoSed by lawyers of a party with deeper pockets (basically, any party with
deeper pocket than a couple of bearded hackers).

> *cannot* send men with guns to beat him up and put him in jail
> - he can only seize the (nonexistent) assets of the guy with no
> assets.   So what we instead see is frivolous and fraudulent

Excellent strawman. Where are you getting these? I need to order a couple.

> lawsuits by people with no assets against big corporations, for
> example the silicone scam.
>
> It is in criminal court where the guy with no assets goes
> unjustly to jail, and that is the doing of the state, not the
> corporation.

Again, neither state nor the corporate has your wellbeing as optimization
criterium. It does frequently happen that superpersonal organization units
result in a better world than the alternatives. Then, quite often not.

We need smarter agents.

--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From camera_lumina at hotmail.com  Thu Feb 10 08:32:39 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Thu, 10 Feb 2005 11:32:39 -0500
Subject: Team Building?? WIMPS!!
In-Reply-To: <420ABA8D.3080303@rxcbc.org>
Message-ID: <BAY24-F326FF84ED26A96A303C05B9B760@phx.gbl>

Well, I didn't say it would be easy. We'd definitely need to split up into 
teams...one to handle the alarm systems, one to handle the landmines, one to 
somehow fend off May's bullets. And then, even if we somehow capture May, 
I'd bet he's got all sorts of dead-man stuff like poison gas and whatnot. 
It'd be like a big game of D&D, not that any Cypehrpunk knows what THAT is!

And yeah, there's a good chance someone's not gonna make it. But think of it 
like this: Those genes were slowing down our species anyway.

The only problem is, what do we do once we're in? Throw a big-ass drinking, 
whoring Shriners-like party? (I say we need a bevvy of black hookers.) Break 
into May's survivalist supplies?

Oh, and we DEFINITELY need video.

-TD

>From: joe cypherpunk <cypherpunk at rxcbc.org>
>To: Tyler Durden <camera_lumina at hotmail.com>,  
>cypherpunks-moderated-request at minder.net
>Subject: Team Building?? WIMPS!!  Re: RSA Conference, and BA Cypherpunks
>Date: Wed, 09 Feb 2005 17:36:13 -0800
>
>Not unless you wish to meet YahWah , Allah, Jesus,Buddha(pick your favorite 
>deity!) early :)
>
>Tim is a  VERY GOOD shot and the property is watched and alarmed.
>
>
>    so My opinion Tyler?
>     Feel free to win  Darwins Award!!..
>
>     A cypherpunk
>
>ps. Tim has an Excellent Taxidermist, Your pelt and head will be displayed 
>in grand fashion:)
>
>
>BTW a spell checker  would be a good gift to yourself(think about 
>thunderbird)
>
>
>    ie "Cypherpunk 'team-building' excersize? "
>
>psps let me know when you plan to try so I can shoot live video of the 
>Firefight, should be worth at least 1k to the local TV stations :)
>
>also think about a vest of tubes of tannerite(exploding targets), that way 
>when Tim scores, the viewers of the video will know you have been hit!!
>
>
>   think of it as evolution in action
>
>
>
>
>
>Tyler Durden wrote:
>
>>How 'bout laying siege to May's compound as a Cypherpunk 'team-building' 
>>excersize?
>>
>>-TD
>>
>>
>>
>>>From: "J.A. Terranson" <measl at mfn.org>
>>>To: "Trei, Peter" <ptrei at rsasecurity.com>
>>>CC: cypherpunks at al-qaeda.net, cryptography at metzdowd.com
>>>Subject: Re: RSA Conference, and BA Cypherpunks
>>>Date: Mon, 7 Feb 2005 17:19:30 -0600 (CST)
>>>
>>>On Mon, 7 Feb 2005, Trei, Peter wrote:
>>>
>>> > Once again, the RSA Conference is upon us, and many of the
>>> > corrospondents on these lists will be in San Francisco. I'd like to
>>> > see if anyone is interested in getting together. We've done this
>>> > before.
>>>
>>>Yeah, but can we eat food, drink beer, shoot drugs and screw expensive
>>>hookers at Tim May's "compound"?
>>>
>>>
>>>--
>>>Yours,
>>>
>>>J.A. Terranson
>>>sysadmin at mfn.org
>>>0xBD4A95BF
>>>
>>>"Quadriplegics think before they write stupid pointless
>>>shit...because they have to type everything with their noses."
>>>
>>>     http://www.tshirthell.com/




From bbrow07 at students.bbk.ac.uk  Thu Feb 10 03:36:03 2005
From: bbrow07 at students.bbk.ac.uk (ken)
Date: Thu, 10 Feb 2005 11:36:03 +0000
Subject: What is a cypherpunk?
In-Reply-To: <4209D364.29070.1A0DC2F@localhost>
References: <4209D364.29070.1A0DC2F@localhost>
Message-ID: <420B4723.9080702@students.bbk.ac.uk>

James A. Donald wrote:

> If, however, you decline to pay taxes, men with guns will
> attack you.
> 
> That is the difference between private power and government
> power.

But in most places at most times the state is run at least partly 
by and for the rich and the owners of property and  supports and 
privileges their continuing private power.

And there are circumstances where private individuals send men 
with guns to attack you if you  cross them.    Quite a lot of 
them, from the feudal barons, to drug-dealers in modern cities, to 
  just about anywhere out of easy reach of the state's police.

And there are places where corporations do that as well. Even 
well-run respectable British or American corporations that have 
annual reports and  shareholder's meetings.

State power and private power are different but not distinct, and 
everywhere more or less mixed up with each other and involved with 
each other, and in most places the same sorts of people have both. 
Economic power is a kind of political power.




From camera_lumina at hotmail.com  Thu Feb 10 08:37:25 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Thu, 10 Feb 2005 11:37:25 -0500
Subject: What is a cypherpunk?
In-Reply-To: <p0611040abe3105f3e048@[68.167.57.91]>
Message-ID: <BAY24-F1598D9643B4D5AE460A7BC9B760@phx.gbl>

Which reminds me...they apparently found those nickels buried in some guy's 
back yard:

http://www.sun-sentinel.com/news/local/palmbeach/sfl-pdnickels05feb05,0,5206467.story?coll=sfla-news-palm

-TD

>From: "R.A. Hettinga" <rah at shipwright.com>
>To: cypherpunks at al-qaeda.net
>Subject: Re: What is a cypherpunk?
>Date: Thu, 10 Feb 2005 07:37:51 -0500
>
>At 10:55 PM -0800 2/9/05, Major Variola (ret) wrote:
> >A cypherpunk is one who is amused at the phrase "illicit
> >Iraqi passports".
>
>:-).
>
>I prefer to call them "fungible identification", myself...
>
>Cheers,
>RAH
>
>--
>-----------------
>R. A. Hettinga <mailto: rah at ibuc.com>
>The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
>44 Farquhar Street, Boston, MA 02131 USA
>"... however it may deserve respect for its usefulness and antiquity,
>[predicting the end of the world] has not been found agreeable to
>experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Thu Feb 10 09:43:57 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 10 Feb 2005 12:43:57 -0500
Subject: Desire safety on Net? (n) code has the solution
Message-ID: <p0611043fbe314c836afc@[68.167.57.91]>

I'm starting get the hang of this. I mean, fertilizer...crypto,
crypto...fertilizer: They're both *munitions*, right?

Right?

:-)

Cheers,
RAH
--------

<http://cities.expressindia.com/fullstory.php?newsid=117201#>

Express India 

Desire safety on Net? (n) code has the solution

Express News Service

Ahmedabad, February 9:  ADDRESSING a wide spectrum of needs of the
Net-dependent business world ranging from online buying to signing and
sending web forms, (n) code solutions, promoted by IT branch of the Gujarat
Narmada Valley Fertilizer Company Limited, has launched its nationwide
services at NASSCOM, India Leadership Forum 2005.

 (n) code solutions has been recently licensed by the IT ministry as
certifying authority for providing digital signature certificates to
individuals and organisations.

Digital certificates can be explained as digital passports, which help in
authentication of the bearer on the Internet. This also helps maintain,
privacy and integrity of Net-based transactions. Digital signatures are
accorded the same value as paper-based signatures of the physical world by
the Indian IT Act 2000. Each of these functions help bring trust in
Net-based transactions.

 (n) code has simultaneously released a suite of applications like, (n)
procure, (n) sign, (n) form and (n) pay to make use of digital signatures
to ensure safety and security in the virtual world in various ways. (n)
code has also put in motion, nationwide machinery to support different
market segments like banking and financial institutions, public and private
sector enterprises and state and central government organisation.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Thu Feb 10 10:07:56 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 10 Feb 2005 13:07:56 -0500
Subject: Parents protest student computer ID tags
Message-ID: <p06110443be314e1aca48@[68.167.57.91]>

<http://www.usatoday.com/tech/news/surveillance/2005-02-10-id-tag-protest_x.htm>

USA Today


Parents protest student computer ID tags
By Lisa Leff, Associated Press
SUTTER, Calif. - The only grade school in this rural town is requiring
students to wear radio frequency identification badges that can track their
every move. Some parents are outraged, fearing it will take away their
children's privacy.

The badges introduced at Brittan Elementary School on Jan. 18 rely on the
same radio frequency and scanner technology that companies use to track
livestock and product inventory. Similar devices have recently been used to
monitor youngsters in some parts of Japan.

But few American school districts have embraced such a monitoring system,
and civil libertarians hope to keep it that way.

"If this school doesn't stand up, then other schools might adopt it,"
Nicole Ozer, a representative of the American Civil Liberties Union, warned
school board members at a meeting Tuesday night. "You might be a small
community, but you are one of the first communities to use this technology."

The system was imposed, without parental input, by the school as a way to
simplify attendance-taking and potentially reduce vandalism and improve
student safety. Principal Earnie Graham hopes to eventually add bar codes
to the existing ID's so that students can use them to pay for cafeteria
meals and check out library books.

But some parents see a system that can monitor their children's movements
on campus as something straight out of Orwell.

"There is a way to make kids safer without making them feel like a piece of
inventory," said Michael Cantrall, one of several angry parents who
complained. "Are we trying to bring them up with respect and trust, or tell
them that you can't trust anyone, you are always going to be monitored, and
someone is always going to be watching you?"

Cantrall said he told his children, in the 5th and 7th grades, not to wear
the badges. He also filed a protest letter with the board and alerted the
ACLU.

Graham, who also serves as the superintendent of the single-school
district, told the parents that their children could be disciplined for
boycotting the badges - and that he doesn't understand what all their angst
is about.

"Sometimes when you are on the cutting edge, you get caught," Graham said,
recounting the angry phone calls and notes he has received from parents.

Each student is required to wear identification cards around their necks
with their picture, name and grade and a wireless transmitter that beams
their ID number to a teacher's handheld computer when the child passes
under an antenna posted above a classroom door.

Graham also asked to have a chip reader installed in locker room bathrooms
to reduce vandalism, although that reader is not functional yet. And while
he has ordered everyone on campus to wear the badges, he said only the 7th
and 8th grade classrooms are being monitored thus far.

In addition to the privacy concerns, parents are worried that the
information on and inside the badges could wind up in the wrong hands and
endanger their children, and that radio frequency technology might carry
health risks.

Graham dismisses each objection, arguing that the devices do not emit any
cancer-causing radioactivity, and that for now, they merely confirm that
each child is in his or her classroom, rather than track them around the
school like a global-positioning device. The 15-digit ID number that
confirms attendance is encrypted, he said, and not linked to other personal
information such as an address or telephone number.

What's more, he says that it is within his power to set rules that promote
a positive school environment: If he thinks ID badges will improve things,
he says, then badges there will be.

"You know what it comes down to? I believe junior high students want to be
stylish. This is not stylish," he said.

This latest adaptation of radio frequency ID technology was developed by
InCom Corp., a local company co-founded by the parent of a former Brittan
student, and some parents are suspicious about the financial relationship
between the school and the company. InCom plans to promote it at a national
convention of school administrators next month.

InCom has paid the school several thousand dollars for agreeing to the
experiment, and has promised a royalty from each sale if the system takes
off, said the company's co-founder, Michael Dobson, who works as a
technology specialist in the town's high school. Brittan's technology aide
also works part-time for InCom.

Not everyone in this close-knit farming town northwest of Sacramento is
against the system. Some said they welcomed the IDs as a security measure.

"This is not Mayberry. This is Sutter, California. Bad things can happen
here," said Tim Crabtree, an area parent.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From eugen at leitl.org  Thu Feb 10 04:40:46 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Thu, 10 Feb 2005 13:40:46 +0100
Subject: Precedent for Warrantless Net Monitoring Set
Message-ID: <20050210124046.GK1404@leitl.org>

>From the somebody-needs-killing dept.

Link: http://slashdot.org/article.pl?sid=05/02/10/0044214
Posted by: samzenpus, on 2005-02-10 05:40:00

   from the only-bad-people-need-privacy dept.
   highcon writes "According to this editorial from SecurityFocus, a
   recent case of a drug dog which pushed the limits of "reasonable
   search" may have [1]implications for Internet communications in the
   U.S. This Supreme Court case establishes a precendent whereby
   "intelligent" packet filters may be deployed which, while scanning the
   contents of network traffic indiscriminently, only "bark" at
   communication indicative of illegal activity."

References

   1. http://www.securityfocus.com/columnists/297

----- End forwarded message -----

Of Dog Sniffs and Packet Sniffs
Why a Supreme Court decision on canine-assisted roadside searches opens the
door to a new regime of Internet surveillance.
By Mark Rasch Feb 08 2005 11:21AM PT
Click here for Core Impact!
The Fourth Amendment to the U.S. Constitution is supposed to be the one that
protects people and their "houses, places and effects" against "unreasonable
searches." Forty-two years ago, the U.S. Supreme Court held that attaching a
listening device to a public pay phone violated this provision because the
Constitution protects people, not places, and because the Fourth Amendment
prohibits warrantless searches without probable cause if the target enjoys a
reasonable expectation of privacy.

Last month the U.S. Supreme Court effectively decimated this principle in a
case that could have a profound impact on privacy rights online.

The case, decided by the court on January 24th, had nothing to do with the
Information Superhighway, but rather an ordinary interstate highway in
Illinois. Roy Caballes was pulled over by the Illinois State Police for
speeding. While one officer was writing him a ticket, another officer in
another patrol car came by with a drug sniffing dog.

There was absolutely no reason to believe that Caballes was a drug courier --
no profile, no suspicious activity, no large amounts of cash. The driver
could have been a soccer mom with a minivan filled with toddlers. Under
established Supreme Court precedent, while the cops could have looked in the
window to see what was in "plain view," the officers had neither probable
cause nor reasonable suspicion to search Caballes' car, trunk, or person.

Well, you know what happened next -- the dog "sniff" indicated that there
might be drugs in the trunk, which established probable cause to open the
trunk, where the cops found some marijuana.
The government may soon deploy "intelligent" packet search filters that will
seek out only those communications that relate to criminal activity.
Now here is where things get dicey for the Internet. In upholding the dog's
sniff-search of the trunk, the Supreme Court held that it did not "compromise
any legitimate interest in privacy." Why? Because, according to the court,
"any interest in possessing contraband cannot be deemed 'legitimate.'" The
search was acceptable to the court because it could only reveal the
possession of contraband, the concealment of which "compromises no legitimate
privacy interest."

The expectation "that certain facts will not come to the attention of the
authorities" is not the same as an interest in "privacy that society is
prepared to consider reasonable," the court wrote.

In other words, the search by the dog into, effectively, the entire contents
of a closed container inside a locked trunk, without probable cause, was
"reasonable" even though the driver and society would consider the closed
container "private" because the search only revealed criminal conduct.

The same reasoning could easily apply to an expanded use of packet sniffers
for law enforcement.

Currently, responsible law enforcement agencies limit their warrantless
Internet surveillance to the "wrapper" of a message, i.e., e-mail addresses
or TCP/IP packet headers, unless they have a court order permitting a more
intrusive search. Looking at the "outside" of the communication has been
treated as similar to looking at the outside of a vehicle -- and maybe
peering into the window a bit. To peek inside the communication -- read the
content -- required that you first get someone in a black robe involved.

The experiences of Mr. Caballes (the soccer mom, or me or you ) changed all
that. The government is practically invited to peek inside Internet traffic
and sniff out evidence of wrongdoing. As long as the technology -- like a
well-trained dog -- only alerts when a crime is detected, it's now legal.

As context-based search technology improves, the government may soon have the
ability to take Carnivore one better and deploy "intelligent" packet search
filters that will seek out only those communications that relate to criminal
activity. They may already have it.

Although these packet sniffing dogs sniff the packets of sinner and saint
alike, they only bark at the sinner's e-mails. Thus, according to the new
Supreme Court precedent, the sinner has no privacy rights, and the saint's
privacy has not been invaded. In fact, the saint would not even know the
search had taken place -- Internet surveillance is less noticeable than a dog
sniff.

I think Sun Microsystems' president Scott McNealy was only slightly ahead of
his time when he said, "You already have zero privacy, get over it." We could
pass a aconstitutional amendment to protect our privacy rights, but I thought
we did that on Dec 15th, 1791 when the Bill of Rights was ratified.

Hopefully, this case will be limited to a dark dessert highway, and not find
its way onto the Infobahn. But somehow I doubt it.

--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From dan at doxpara.com  Thu Feb 10 10:42:36 2005
From: dan at doxpara.com (Dan Kaminsky)
Date: Thu, 10 Feb 2005 13:42:36 -0500
Subject: Desire safety on Net? (n) code has the solution
In-Reply-To: <p0611043fbe314c836afc@[68.167.57.91]>
References: <p0611043fbe314c836afc@[68.167.57.91]>
Message-ID: <420BAB1C.2020801@doxpara.com>

>Digital certificates can be explained as digital passports, which help in
>authentication of the bearer on the Internet. This also helps maintain,
>privacy and integrity of Net-based transactions. Digital signatures are
>accorded the same value as paper-based signatures of the physical world by
>the Indian IT Act 2000. Each of these functions help bring trust in
>Net-based transactions.
>  
>
This passed by without too many people noticing:

http://www.cfo.com/article.cfm/3597911/c_3597966?f=home_todayinfinance

===
The SEC also asserts that the company's 10-Q bore an unauthorized 
electronic signature of Guccione -- who was Penthouse's principal 
executive officer and principal financial officer at the time. The 
signature indicated that Guccione had reviewed and signed the filing and 
the accompanying Sarbanes-Oxley certification. This representation was 
false, the SEC stated in its complaint.
===

"You got your SOX in my Digital Signature Repudiation!"
"You got your Digital Signature Repudiation in my SOX!"
"Someone order a failed porn empire?"

--Dan




From rah at shipwright.com  Thu Feb 10 12:50:01 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 10 Feb 2005 15:50:01 -0500
Subject: Vegas casino bets on RFID
Message-ID: <p06110479be317915dd58@[68.167.57.91]>

<http://news.com.com/2102-7355_3-5568288.html?tag=st.util.print>



 Vegas casino bets on RFID

 By Alorie Gilbert


Casino mogul Steve Wynn has pulled out all the stops for his new $2.7
billion mega-resort in Las Vegas: an 18-hole championship golf course, a
private lake and mountain, and a bronze tower housing 2,700 plush guest
rooms.

 But when its doors open in April, the Wynn Las Vegas will have one unique
feature that few visitors are likely to notice--high-tech betting chips
designed to deter counterfeiting, card-counting and other bad behavior.

 The fancy new chips look just like regular ones, only they contain radio
devices that signal secret serial numbers. Special equipment linked to the
casino's computer systems and placed throughout the property will identify
legitimate chips and detect fakes, said Rick Doptis, vice president of
table games for the Wynn.
News.context

What's new:
 Betting chips are getting a high-tech RFID makeover designed to deter
counterfeiting and misbehavior at the tables.

Bottom line:Despite this, RFID technology is still relatively rare in
casinos--until that killer application arrives.

More stories on RFID

"Security-wise, it will be huge for us," Doptis said.

 The technology behind these chips is known as radio frequency
identification, or RFID, and it's been used for years to track livestock,
enable employee security badges and pay tolls.

 The casino industry is just the latest to find new uses for RFID
technology. Retail chains, led by Wal-Mart Stores, are using it to monitor
merchandise. Libraries are incorporating it into book collections to speed
checkouts and re-shelving. The United States and other nations are
incorporating it into passports to catch counterfeits. One company even
offers to inject people with RFID chips linked to their medical records to
ensure they receive proper medical care.

 In casinos, RFID technology is still relatively rare and in search of a
killer application to spur adoption. Yet some tech-savvy casino executives
envision RFID transforming the way they operate table games, including
blackjack, craps and roulette, over the next four or five years.

 For one thing, there's the counterfeiting problem, on which there is scant
data. The Nevada Gaming Commission gets about a dozen complaints every year
related to counterfeit chips, said Keith Copher, the agency's chief of
enforcement. Last year, a casino in Reno quickly lost $26,000 in such a
scheme--one of the biggest hits reported to the commission in recent years.
And counterfeiting is on the rise at overseas casinos, Copher noted. The
RFID technology would let dealers or cashiers see when the value of the
chips in front of them don't match the scanners' tally.


 However, financial losses due to counterfeit chips are usually minor, and
few perpetrators get away with it, Copher said.

 Perhaps that's why the Wynn has found a dual purpose for the high-tech
chips: The casino is also using the chips to help account for the chips
they issue on credit to players, since managing credit risk is a huge part
of any big casino's operations.

 The Wynn plans to take note of the serial numbers of the chips they lend
and of the name of players who cash them in. If someone else returns the
chips, it could signal that the original player is using their credit line
with the casino to make loans to others--something casinos generally frown
upon.

 That sort of security doesn't come cheap: The Wynn is spending about $2
million on the chips. That's about double the price of regular chips, and
doesn't include addition equipment the Wynn will need to purchase, such as
RFID readers, computers and networking gear.

Eye in the sky
 The technology could also help casinos catch card players who sneak extra
betting chips onto the table after hands are dealt or players who count
cards. That's one reason the Hard Rock Hotel and Casino in Las Vegas plans
to switch on a new set of RFID-equipped betting chips and tables next month.

The casino is installing RFID readers and PCs at game tables. With antennas
placed under each player's place at the table, dealers can take a quick
inventory of chips that have been wagered at the push of a button. The PCs
display all the initial bets, deterring players from sneaking extra chips
into their pile after hands are dealt.

 Yet the benefits of RFID go beyond security. It may also help casinos
boost profits through savvier marketing.

 "Vegas has a little bit of a wait-and-see attitude... They want to make
sure the product is bulletproof."
 --Tim Richards, vice-president of marketing, Progressive Gaming International

Take the Hard Rock Hotel. In addition to monitoring wagers, the casino
plans to use its new RFID system to "rate players"--monitor gamblers to
reward them with free rooms, meals and other perks based on how much and
how often they wager. As the technology advances, RFID could also help
track how well they play. The casinos generally reserve the most enticing
rewards for their most "valuable" players--those that bet and lose the
most--to keep them coming back.

 At the moment, these incentive programs are somewhat limited, because the
process of rating players is so labor-intensive. Casinos employ special
staff to observe the tables and take note (by hand) of how much players bet
and how well they play--typically focusing on high-stakes players. In
addition, such ratings are often inaccurate. As a result, casinos overshoot
the perks they lavish on players by 20 to 30 percent.

 RFID could change that by giving casinos a more accurate and efficient
tool to rate players and by allowing them to enlist more table-game players
to participate in incentive or "comp" programs. Such programs are roughly
the equivalent of an airline's frequent flyer program or a grocery chain's
loyalty card, encouraging repeat business.

 "It will allow casinos to be more aggressive from a marketing standpoint,"
said Tim Richards, vice-president of marketing at Progressive Gaming
International, a supplier of the next-generation betting chips.

 Many in the gaming industry point to the lowly slot machine--which has
evolved into a fancy computer--as the desirable model. With slots, casinos
have made a science over the last decade of monitoring players and keeping
them interested in the machines with a constant stream of rewards and
freebies.

 In part, that development has helped slots generate the lion's share of
casinos' revenue--up to 80 or 90 percent in a typical casino, according to
Richards.

 "We're trying to bring that same kind of thinking to table games," said
Bart Pestrichello, vice president of casino operations at the Hard Rock
Hotel and Casino in Las Vegas. "It's to reward players based on their
actual bets and decisions."

 Keeping a closer eye on table wagers could also help casinos crack down on
card counting. Armed with all kinds of data, RFID systems could analyze
game activity against statistical models and alert management of a
suspicious winning streak. The technology can also be used to catch dealer
mistakes, check dealer productivity and deter chip theft.

Still on the drawing board
 Despite all the promises of RFID, few casinos have yet to put it to use.
Part of the problem is that the technology is expensive. The cost hovers
around $8,000 per table, Progressive Gaming's Richards said. That's just
for the chips and readers, and doesn't include the extra computers and
networking equipment.

 Then there are technical problems. It takes about seven seconds for an
RFID-equipped game table to read 100 chips--far too slow to capture quick
table action.

 But Progressive Gaming and a competitor called Shuffle Master are
developing systems that take closer to two or three seconds per
reading--fast enough to capture the outcome of each hand. This year, the
companies each plan to release new versions of their RFID systems that are
faster and more affordable than today's models.

 "Vegas has a little bit of a wait-and-see attitude," Richards said. "They
very much view themselves as the primetime casinos, and they want to make
sure the product is bulletproof."


Progressive Gaming's goal is to sell at least 5,000 RFID-enabled gaming
tables by 2010. It's wiring up the Hard Rock--one of the first casinos in
Las Vegas to adopt RFID betting chips.

 Shuffle Master is making big bets too. The Las Vegas company acquired key
two RFID-related patents last year for $12.5 million and has teamed up with
RFID equipment maker Gaming Partners International to develop new products.
Gaming Partners is supplying the Wynn with its RFID system.

 Executives at both companies say broader adoption is coming but is about
five years off.

 Yet another potential barrier to RFID at casinos is concern over privacy.
Wherever it goes, RFID seems to generate objections from consumer
activists, who worry that the technology will give corporations and
governments too much power to pry into people's lives.

 But few people expect total privacy at casinos, where surveillance cameras
might easily outnumber the cocktail waitresses roaming the floor. With
casinos already keeping such a close eye on their visitors, would RFID
chips really be much cause for concern? In addition, RFID systems only
recognize people who use player's cards. The cards are part of
complimentary programs, which are completely voluntary.

 Still, you can imagine some disturbing scenarios. For instance, an RFID
reader might make a nifty tool for a thief, who could covertly scan people
strolling along the Strip for his next hold-up victim. Could casinos be
setting their patrons up for this kind of trouble?

 The question seemed to stump Rick Doptis at the Wynn. "I would have no
idea as to that," Doptis said. "We go to great lengths to protect customer
safety. Our parking lots and grounds are surveyed like no other on the
planet. We do everything we can to protect our guests. But theft is a
factor."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Thu Feb 10 14:01:30 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 10 Feb 2005 17:01:30 -0500
Subject: Polanski wins video link battle
Message-ID: <p0611047abe318a01d4a7@[68.167.57.91]>

<http://news.bbc.co.uk/2/low/entertainment/4253457.stm>

The BBC

Thursday, 10 February, 2005, 12:51 GMT

 Polanski wins video link battle

Film director Roman Polanski will give evidence in a libel case via video
link from France, the Law Lords have ruled.

Mr Polanski is bringing libel action against the magazine Vanity Fair in
the English High Court.

 But to avoid the risk of extradition to the US, where he is wanted on an
outstanding child sex offence, the director will give evidence from Paris.

 The Law Lords ruled on Thursday that Mr Polanski should not be denied
access to justice because of extradition fears.

 "  Despite his fugitive status, a fugitive from justice is entitled to
invoke the assistance of the court "
 Lord Nicholls

 Mr Polanski, 71, fled the US more than 25 years ago after admitting having
sex with 13-year-old girl.

 As a French citizen, Mr Polanski cannot be extradited to the US from
France, but that protection would not apply were he to travel to the UK.

 Mr Polanski has issued libel proceedings against Conde Naste, publishers
of Vanity Fair, over an article published in July 2002.

 After issuing his libel writ, Mr Polanski sought a High Court order
allowing him to give evidence via a video conferencing (VCF) link from
France.

 In granting the order, Mr Justice Eady said that, although the reason
underlying the application was unattractive, this did not justify depriving
Mr Polanski of the chance to have his case heard.

 That decision was overturned by the Court of Appeal, but restored on
Thursday by the House of Lords in a 3-2 majority ruling.

 Constitutional right

Lord Nicholls said: "Despite his fugitive status, a fugitive from justice
is entitled to invoke the assistance of the court and its procedures in
protection of his civil rights."

 The fact that Mr Polanski was guilty of a serious crime and feared
extradition did not take the case outside the general rule.

 Lord Hope said the director had an undoubted constitutional right, as a
citizen of France, not to be extradited.

 "That is his right and he wishes to exercise it," he said.

 "He is not trying to hide from anybody. It is incorrect, then, to say that
his sole aim in seeking this order is to avoid being extradited."

 'Quite wrong'

Baroness Hale said there was a strong public interest in allowing a claim
to be properly litigated.

 She said: "New technology such as VCF is not a revolutionary departure
from the norm to be kept strictly in check, but simply another tool for
securing effective access to justice for everyone."

 "If we had a rule that people such as the appellant were not entitled to
access to justice at all, then of course that tool should be denied him.
But we do not and it should not."

 Disagreeing, Lord Slynn said the video link facility should be refused
where the sole reason for asking for it was to escape a criminal conviction
or sentence.

 Lord Carswell said it would be "quite wrong" to allow him to give his
evidence in a special way to avoid the consequences of his criminal act.

 Roman Polanski won a best director Oscar for The Pianist in 2003,
following earlier nominations for Chinatown (1974) and Tess (1979), and a
best adapted screenplay nomination for Rosemary's Baby (1968).

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From bill.stewart at pobox.com  Thu Feb 10 17:31:06 2005
From: bill.stewart at pobox.com (Bill Stewart)
Date: Thu, 10 Feb 2005 17:31:06 -0800
Subject: Desire safety on Net? (n) code has the solution
In-Reply-To: <p0611043fbe314c836afc@[68.167.57.91]>
References: <p0611043fbe314c836afc@[68.167.57.91]>
Message-ID: <6.0.3.0.0.20050210172923.03ade990@pop.idiom.com>

At 09:43 AM 2/10/2005, R.A. Hettinga wrote:
>I'm starting get the hang of this. I mean, fertilizer...crypto,
>crypto...fertilizer: They're both *munitions*, right?
>
>Right?

Well, sometimes they're both munitions,
but sometimes they're both bullshit.
I have no reason to assume they're not producing a quality product,
but it's certainly a field where independent verification is necessary.




From rah at shipwright.com  Thu Feb 10 14:35:05 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 10 Feb 2005 17:35:05 -0500
Subject: Data, Net tax plan divides Republicans
Message-ID: <p061104b4be3190b3666b@[68.167.57.91]>

<http://news.com.com/2102-1028_3-5569545.html?tag=st.util.print>

CNET News


 Data, Net tax plan divides Republicans

 By Declan McCullagh

A recent congressional report saying that new taxes could be levied on all
Internet and data connections is pitting two influential groups of
Republicans against each other.

Sixteen members of Congress have slammed a suggestion from Congress' Joint
Committee on Taxation that a tax originally created to pay for the
Spanish-American War could be extended to all Internet and data connections
this year.

 In a letter to the committee sent Tuesday, the House members said they
were "perplexed" that the committee would "gratuitously suggest tax
increases" that would slow the growth of the U.S. economy. The committee is
headed by two Republicans, Sen. Charles Grassley of Iowa and Rep. William
Thomas of California.

 "Consumers who now enjoy freedom from regressive taxes on Internet access
are not tax cheats," the letter says. It charges the committee with finding
ways to justify tax hikes when its report was supposed to be about
identifying people who were dodging taxes.

 "I think the problem lies not with the senators but with staff that is
involving itself gratuitously in proposals to raise taxes on the Internet,"
Rep. Chris Cox, a California Republican who signed the letter, said in a
telephone interview with CNET News.com.

 George Yin, the tax committee's chief of staff, was not immediately
available for comment.

 Currently, the 3 percent excise tax applies only to traditional telephone
service. But because of technological convergence and the dropping
popularity of landlines, the Joint Committee on Taxation said extending the
century-old tax to broadband and data links was an "option."

 The committee's report, published in late January, said that tax law could
be rewritten so the telecommunications levy would cover "all data
communications services to end users," including broadband; dial-up; fiber;
cable modems; cellular; voice over Internet Protocol (VoIP) and DSL, or
digital subscriber line, links. Another option it listed was extending the
tax only to VoIP providers, including Internet-only ones like Skype.

 Congress enacted the so-called "luxury" excise tax at 1 cent a phone call
to pay for the Spanish-American War back in 1898, when only a few thousand
phone lines existed in the country. It was repealed in 1902, but was
reimposed at 1 cent a call in 1914 to pay for World War I and eventually
became permanent at a rate of 3 percent in 1990.


Republicans signing the letter to the tax committee include Chris Cannon,
R-Utah; Walter Jones, R-N.C.; Chip Pickering, R-Miss.; Ron Paul, R-Texas;
Jeff Miller, R-Fla.; Mark Foley, R-Fla.; Mike Rogers, R-Mich.; Fred Upton,
R-Mich; Patrick McHenry, R-N.C.; Jerry Weller, R-Ill.; Rob Simmons,
R-Conn.; Charles Bass, R-N.H.; and Vito Fossella, R-N.Y.

 Two Democrats, John Lewis, D-Ga. and Anna Eshoo, D-Calif. also signed the
letter.

 Members of the Joint Committee on Taxation include Orrin Hatch, R-Utah;
Max Baucus, D-Mont.; John Rockefeller, D-W.Va.; and representatives Bill
Thomas, R-Calif.; and Charles Rangel, D-N.Y.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From steve49152 at yahoo.ca  Thu Feb 10 15:43:33 2005
From: steve49152 at yahoo.ca (Steve Thompson)
Date: Thu, 10 Feb 2005 18:43:33 -0500 (EST)
Subject: Hack License
In-Reply-To: <p06110452be2fc17a9724@[68.167.57.91]>
Message-ID: <20050210234333.32378.qmail@web51805.mail.yahoo.com>

--- "R.A. Hettinga" <rah at shipwright.com> quoted: 
><http://www.technologyreview.com/articles/05/03/issue/review_hack.asp?p=0>
> 
> Hack License
> By Simson Garfinkel March 2005
[snip]
>
> Stallman wrote in 1985, "the golden rule requires that if I like a
> program
> I must share it with other people who like it." Stallman continues,
> "Software sellers want to divide the users and conquer them, making each
> user agree not to share with others. I refuse to break solidarity with
> other users in this way. I cannot in good conscience sign a
> nondisclosure
> agreement or a software license agreement."
[snip]

Interestingly enough, Stallman expects people to use one of the GNU
software licenses when they release a product.  Big deal.  Ideology and 
people change.  Today the significance of the open source 'movement' being
in conflict with the 'vectorialists', or rather the commercial and
proprietary software community is that the polarization of the industry is
limited to two poles:  commercial, for-pay software or free open-source
software.  Alternatives, or hybrid licensing agreements are generally
unknown to the computing public at large. 

Thus the software industry largely resembles the basic structure of the
United States federal political system.  Republican, or democrat : open
source, or commercial software.

Code that I have that is waiting for completion and formal release (some
of it has been stolen and distributed in advance of its completion) I
intend presently to license under a hybrid license that essentialy grants
unrestricted use for non-commercial and non-military purposes, but which
requires a license agreement for any commercial use.  

My thinking was that under the existing arrangement, commercial vendors
largely benefited from the efforts of many thousands of open-source
developers, thus reducing R&D costs, without necessarily returning
anything either to the community, or to the developers themselves. 
Furthermore, unless one is a high-profile open-source developer it is next
to impossible to make a living writing code that is given away to free to
all takers.  Of this last problem, it may become moot one day if the world
economy moves away from the use of money as an intermediate medium of
value exchange, but today it is necessary to have money so the developer
can pay his rent and buy food and purchase computer hardware tools.  Of
the former problem, some few vendors have recently exposed their
proprietary software to the open source community.  Sun Microsystems has
recently put their operating system on the table; the NSA released SE
Linux, and of course many smaller examples abound.

There are other considerations that remain largely unaddressed by the
present status quo, however, and I wanted to address some of them.  For
instance, I wanted to stop my software from being used by a military force
in the process of developing proprietary (and presumably classified)
weapons of mass destruction or weapons designed to be used against
[domestic] civilian populations.  Of course, I wouldn't also want my
software to be used by terrorists such as the Ted Kaczinski's of the
world.  As an individual developer, I didn't realistically expect that I
would actually halt the unlicensed use of my software for, say, illegal
purposes, but I did expect to force such people and organisations to
actually have to _steal_ the software rather than handing to them on a
sliver platter, with my tacit blessing.  While the existing judicial and
legislative environment doesn't seem to be friendly to the idea of people
taking responsibility for the purposes that their creations are put to, I
think that software professionals should put some thought to the moral
dimension of the application of their products.

The concept of "know your customer" exists today, however badly it is
deployed by extant legislation.  I believe it may be done well by
intelligent people, and surely it can also be abused.  A group of Klansmen
might release software that contained a licensing agreement restricting
its [free] use to aryans.  I think Tim might say that they should be free
to do so, because "coloured" people as well as concerned caucasions would
have the ability and right to produce nominally equivalent software to
compete with the Klansman's code.  However this view relies on the
minimalist view of government regulation, a point of view that is not much
in favour today.

Whatever the particulars of any given scenario, the point remains that the
two-pole system that dominates the software community has some rather
large holes. 

I expect that one day I will be able to afford to replace the computer(s)
that were stolen by the local "authorities", despite their ongoing and
malicious interference and harassment.  Then, I may end up finishing off a
few things for release; some of it certainly under the scheme I touch on
above, and some perhaps under a 'true' open-source license.  Some of said
software may even be useful to a non-trivial population of users.  At that
time, I expect to see how well a hybrid licensing scheme works at this
stage of the computer industry's maturation.  Until then, however, There
isn't much to be said about the flexibility of the existing choices:  it's
pretty much either all or nothing.  Ultimately, I don't think that simple
black and white choices will suffice for my purposes.



Regards,

Steve


> Simson Garfinkel is a researcher in the field of computer security. He
> is
> the author of Database Nation: The Death of Privacy in the 21st Century
> (2000). He is currently a doctoral candidate at MIT's Computer Science
> and
> Artificial Intelligence Laboratory.


By the way.  I am entirely unconcerned if the concensus view of current
Cypherpunks subscribers, not to mention Usenet posters, is such that it is
believed that replies to my messages -- if any -- need to be tangential
and distracting, if not oughtright hostile, for whatever reason.  But if
the consensus view is that my thoughts and opinions are to be discounted
by tacit fiat, I would greatly appreciate it if the people who feel
strongly about it would reply in public with a statement to the effect of
"fuck off, we don't want your kind around here" or a statement phrased to
acheive the requisite degree of accuracy given the feeling of the moment. 
But until I am "voted off the island", as it were, I do not plan on simply
going away merely because of a little unacknowledged and unjustified
intellectual apartheid.

______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca




From dshaw at jabberwocky.com  Thu Feb 10 17:00:17 2005
From: dshaw at jabberwocky.com (David Shaw)
Date: Thu, 10 Feb 2005 20:00:17 -0500
Subject: [Announce] Attack against OpenPGP encryption
Message-ID: <mailman.1172.1576007655.31620.cypherpunks-legacy@lists.cpunks.org>



From jamesd at echeque.com  Thu Feb 10 21:04:34 2005
From: jamesd at echeque.com (James A. Donald)
Date: Thu, 10 Feb 2005 21:04:34 -0800
Subject: What is a cypherpunk?
In-Reply-To: <20050210095601.GW1404@leitl.org>
References: <420A412E.27923.382DD0@localhost>
Message-ID: <420BCC62.14907.1C3D189@localhost>

    --
James A. Donald:
> > Corporate lawyers did not descend on Linux until there were 
> > enough wealthy linux users to see them in court, and send
> > in their own high priced lawyers to give them the drubbing
> > they deserved.

Eugen Leitl
> You're misinterpreting the events. Industry has so far been
> fighting with propagada only. Outside of FOSS IP wars are the
> rule.

What has happened so far is that "corporate lawyers" have lost,
and linux has won - that is to say, corporations using linux
have successfully defended their right to do so.  Compare with
what happens to tax evaders.

The state is your enemy.  The corporation is your friend.  It
was corporations that defended linux in court, and created
substantial parts of linux - for example a lot of linux was
written by IBM employees on IBM salary - presumably as an anti
microsoft measure.   Corporations deal with competition by
creating stuff, governments deal with competition by shooting
it.

The corporation is free and voluntary association.  The
alternative is state imposed association. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     mCPvNIMCElEgaF3RT8krDyySbf6TRivdp5TOTL3/
     45fmEJA1E7SZ6GhiXjBjgr5i6tT7dfRXf3teVziId




From rah at shipwright.com  Thu Feb 10 18:11:38 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 10 Feb 2005 21:11:38 -0500
Subject: [Announce] Attack against OpenPGP encryption
Message-ID: <p06110415be31c4b496d6@[68.167.57.91]>

--- begin forwarded text



From jamesd at echeque.com  Thu Feb 10 21:44:55 2005
From: jamesd at echeque.com (James A. Donald)
Date: Thu, 10 Feb 2005 21:44:55 -0800
Subject: What is a cypherpunk?
In-Reply-To: <420B4723.9080702@students.bbk.ac.uk>
References: <4209D364.29070.1A0DC2F@localhost>
Message-ID: <420BD5D7.4248.1E8C0E4@localhost>

    --
James A. Donald wrote:
> > If, however, you decline to pay taxes, men with guns will 
> > attack you.
> >
> > That is the difference between private power and government 
> > power.

ken wrote:
> But in most places at most times the state is run at least
> partly by and for the rich and the owners of property and
> supports and privileges their continuing private power.

The state was created to attack private property rights - to
steal stuff.  Some rich people are beneficiaries, but from the
beginning, always at the expense of other rich people.

> And there are circumstances where private individuals send
> men with guns to attack you if you  cross them.

Compare mafia "extortion" with government "taxation".  The
mafia charges are small in proportion as their power is small.
The Gangsta disciples charged drug dealers thirty dollars a
month for protection, and, unlike the state, actually provided
protection.   The mafia cannot afford to seriously piss off its
customers, because there is no large difference between
customer firepower and mafia firepower.  The government, on the
other hand, can afford to seriously piss of its subjects.

The federal government established its monopoly of force by
burning Atlanta and Shenendoah.  Al Capone did the Saint
Valentine's day massacre.  Big difference.

> Quite a lot of them, from the feudal barons, to drug-dealers
> in modern cities, to just about anywhere out of easy reach of
> the state's police.

Again, compare the burning of Shenendoah with the Saint
Valentine's day massacre.  There is just no comparison.
Governmental crimes are stupendously larger, and much more
difficult to defend against.

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     sE92+Z9bMSzulF42TGzG/hIjoDv+qod3IBzFehdT
     4O/i5gQElpUPn6EYOMIETP8gkc9EP5DSN2QYuq83i




From rah at shipwright.com  Fri Feb 11 08:24:59 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 11 Feb 2005 11:24:59 -0500
Subject: What is a cypherpunk?
In-Reply-To: <420BD5D7.4248.1E8C0E4@localhost>
References: <4209D364.29070.1A0DC2F@localhost> 
  <420BD5D7.4248.1E8C0E4@localhost>
Message-ID: <p06110432be328c7769a3@[68.167.57.91]>

At 9:44 PM -0800 2/10/05, James A. Donald wrote:
>The state was created to attack private property rights - to
>steal stuff.

"A prince is a bandit who doesn't move." -- Mancur Olsen


Cheers,
RAH

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"Camels, fleas, and princes exist everywhere."  -- Persian proverb




From rst at ai.mit.edu  Fri Feb 11 09:42:21 2005
From: rst at ai.mit.edu (rst at ai.mit.edu)
Date: Fri, 11 Feb 2005 12:42:21 -0500
Subject: [FoRK] Google
Message-ID: <mailman.1173.1576007655.31620.cypherpunks-legacy@lists.cpunks.org>

Lucas Gonze writes:

 > > P.S. Maybe I just hate the Google hype, of which there is much.
 >
 > The creepy all-seeing eye is what gets me.  They can surely use my
 > verification email for gmail to cross-ref me to google groups, my blog,
 > and eventually all the way back to my ftp traces from the 80s.  It hurts
 > to think about.

I never understood why the privace fuss over gmail centered on their
target ads.  Use of tracking cookies across multiple Google services
is a lot more worrisome.

Playing with gmail without getting tracked is tricky at best -- last
I checked, it just didn't work unless you took a search-tracking
cookie as well.  You could try to deal with that by setting up a
browser profile with its own cookie jar, and using it for gmail and
nothing else.  But I think you'd still need a securely pseudonymous
throwaway email address to set up the gmail account.  And the lack of
searches on that cookie would let them know, at least, that they're
dealing with a privacy freak.

FWIW, I'm really not sure what level of paranoia to adopt wrt Google.
"Don't be evil" is a nice slogan, though "evil" is to some extent in
the eye of the beholder.  They don't seem too upset to put a few more
bricks in the Great Firewall of China, for instance:

   http://news.zdnet.co.uk/internet/security/0,39020375,39167942,00.htm

But that makes them no different from a lot other American companies,
like Yahoo and Cisco, which have also been happy to cooperate, in
their own ways.  It's hard to make a case for Google as being uniquely
evil or dangerous based so far on public misdeeds.

But here, for what it's worth, is the most paranoid case I can easily
concot.  Suppose you were genuinely, unabashedly evil.  And suppose
you wanted to accumulate as much information as you could.  (If people
give you the information for free, so much the better).  And suppose
you wanted to get a lot of very smart people to make it easy to search
and access that information for your nefarious purposes.  (They, of
course, wouldn't need to know what they are ultimately working on).
You'd want access to everything at Google.  But you wouldn't
necessarily want to be up front and center promoting it in public.
Better by far to let some genuine idealists be the public face --
while your agents quietly hang out inside, subverting the place.

rst


_______________________________________________
FoRK mailing list
http://xent.com/mailman/listinfo/fork

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From Downsizer-Dispatch at DownsizeDC.org  Fri Feb 11 09:43:52 2005
From: Downsizer-Dispatch at DownsizeDC.org (Downsizer-Dispatch at DownsizeDC.org)
Date: Fri, 11 Feb 2005 12:43:52 -0500
Subject: National ID bill vote results and more
Message-ID: <mailman.1174.1576007655.31620.cypherpunks-legacy@lists.cpunks.org>

D o w n s i z e r - D i s p a t c h

|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|


We have two important bits of news to share with you
today.

One has to do with the House ID Card vote. We have
the results, what they mean, and what comes next.

The other has to do with a new, hip, pro-liberty
radio show now broadcasting on several stations. We
want you to know about them. Why? Well, the hosts
are DC Downsizers and the program broadcasts our
radio spots.

Please read on...

House approves electronic ID cards

Declan McCullagh of CNET News.com reported late
yesterday, "The U.S. House of Representatives
approved on Thursday a sweeping set of rules aimed at
forcing states to issue all adults federally approved
electronic ID cards, including driver's licenses.
Under the rules, federal employees would reject
licenses or identity cards that don't comply, which
could curb Americans' access to airplanes, trains,
national parks, federal courthouses and other areas
controlled by the federal government. The bill was
approved by a 261-161 vote."
See McCullagh's full report: http://tinyurl.com/586xq

McCullagh went on to write, "Thursday's vote mostly
fell along party lines. About 95 percent of the House
Republicans voted for the bill, which had been
prepared by the judiciary committee chairman, F.
James Sensenbrenner, a Wisconsin Republican. More
than three-fourths of the House Democrats opposed
it."

So have we lost? NO!

These are exactly the same provisions we fought when
the House passed HR 10 last Fall. If you recall, the
Senate opposed these provisions, and they were
dropped from the final bill. The fight will now
return to the Senate - where we must win because the
President has publicly thrown his weight behind it.

The odds are decent that we can stop this bill.

In the meantime, you can note how your Representative
voted. Did they vote your interests? Check it out for
yourself.
http://clerk.house.gov/evs/2005/roll031.xml

Free Talk Live & Downsize DC

Free Talk Live is talk radio unlike any other. In an
industry where shows are either pro-republican or
pro-democrat, Free Talk Live is unabashedly pro-
FREEDOM.

Typical talk radio is heavy on call-screening. Some
hosts are afraid of certain issues. Free Talk Live is
not. The show is called Free Talk Live because
listeners are Free to call in and Talk about anything
from the political to the personal. You can hear it
Live 6 days per week.

Who is Free Talk Live? Ian & Manwich, and the other
co-hosts are all hard-core DC Downsizers.

Free Talk Live has only been syndicated for 2 months.
So far, they're on in 4 markets. The complete list is
here: http://freetalklive.com/affiliates.php

Free Talk Live has been running Downsize DC's radio
spots for a long time now - since the days when they
were just a local show in Tampa Bay. These days,
Downsize DC spots run as "fill" on the show. That
means if that if they have unsold inventory, the
spots run at least once per hour. Currently, most of
the inventory is unsold, and Downsize DC is getting
at least 17 airings per week.

Imagine the exposure Downsize DC would get if Free
Talk Live were on in 20, 50, or 100 markets! It will
happen eventually, but it will happen sooner if you
would do the following:

Help get the show on in your market. This whole
process only takes a couple of minutes.

  1. Go to http://radio-locator.com.  Type in your
     city and state, and find all the "News/Talk"
     and "Talk" stations in your area.

  2. Call each one, and ask to speak with the Program
     Director. Tell him that you want to hear Free
     Talk Live 6 nights (or days depending on your
     time zone) per week!

  3. While you're at it, ask him or her to add Harry
     Browne on Saturday nights as well. Both shows
     are broadcast on the Genesis Communications
     Network (gcnlive.com). And Harry Browne also
     plays the Downsize DC radio spots.

For Liberty,

Jim Babka
President
DownsizeDC.org, Inc.


|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|*|


D o w n s i z e r - D i s p a t c h
is the official email list of
http://www.DownsizeDC.org.

CONTRIBUTE to this project at
http://www.downsizedc.org/contribute.shtml

http://www.DownsizeDC.org is sponsored by
DownsizeDC.org, Inc. -- a non-profit
educational organization promoting the ideas of
individual liberty, personal responsibility,
free markets, and small government.

VISIT the Foundation's web site at
http://www.DownsizeDC.org

UNSUBSCRIBE from this list by sending a text only (no HTML)
email to distribution-request at DownsizeDC.org with the word
   unsubscribe
on the first line of the body of the message.
Please leave the rest of the message blank.

SUBSCRIBE to this list by sending a text only (no HTML)
email to distribution-request at DownsizeDC.org with the word
   subscribe
on the first line of the body of the message.
Please leave the rest of the message blank.

CHANGE your subscription address by subscribing your
new address and unsubscribing your old address.

You are encouraged to forward this message to
friends and business associates, and permission is
hereby granted to reproduce any items herein as
long as attribution is provided for articles and
the subscription instructions above are included.

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 11 11:15:10 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 11 Feb 2005 14:15:10 -0500
Subject: National ID bill vote results and more
Message-ID: <p06110460be32b4acd643@[68.167.57.91]>

--- begin forwarded text



From rah at shipwright.com  Fri Feb 11 11:18:40 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 11 Feb 2005 14:18:40 -0500
Subject: House backs major shift to electronic IDs
Message-ID: <p06110461be32b553fd45@[68.167.57.91]>

<http://news.com.com/2102-1028_3-5571898.html?tag=st.util.print>

CNET News


 House backs major shift to electronic IDs

 By Declan McCullagh

 Story last modified Thu Feb 10 17:46:00 PST 2005



The U.S. House of Representatives approved on Thursday a sweeping set of
rules aimed at forcing states to issue all adults federally approved
electronic ID cards, including driver's licenses.

Under the rules, federal employees would reject licenses or identity cards
that don't comply, which could curb Americans' access to airplanes, trains,
national parks, federal courthouses and other areas controlled by the
federal government. The bill was approved by a 261-161 vote.

 The measure, called the Real ID Act, says that driver's licenses and other
ID cards must include a digital photograph, anticounterfeiting features and
undefined "machine-readable technology, with defined minimum data elements"
that could include a magnetic strip or RFID tag. The Department of Homeland
Security would be charged with drafting the details of the regulation.


 Republican politicians argued that the new rules were necessary to thwart
terrorists, saying that four of the Sept. 11, 2001, hijackers possessed
valid state-issued driver's licenses. "When I get on an airplane and
someone shows ID, I'd like to be sure they are who they say they are," said
Rep. Tom Davis, a Virginia Republican, during a floor debate that started
Wednesday.

 States would be required to demand proof of the person's Social Security
number and confirm that number with the Social Security Administration.
They would also have to scan in documents showing the person's date of
birth and immigration status, and create a massive store "so that the
(scanned) images can be retained in electronic storage in a transferable
format" permanently.

 Another portion of the bill says that states would be required to link
their DMV databases if they wished to receive federal funds. Among the
information that must be shared: All data fields printed on drivers'
licenses and identification cards, and complete drivers' histories,
including motor vehicle violations, suspensions and points on licenses.

 The Bush administration threw its weight behind the Real ID Act, which has
been derided by some conservative and civil liberties groups as tantamount
to a national ID card. The White House said in a statement this week that
it "strongly supports House passage" of the bill.

 Thursday's vote mostly fell along party lines. About 95 percent of the
House Republicans voted for the bill, which had been prepared by the
judiciary committee chairman, F. James Sensenbrenner, a Wisconsin
Republican. More than three-fourths of the House Democrats opposed it.

 Rep. Eleanor Holmes Norton, a Democrat from Washington, D.C., charged that
Republicans were becoming hypocrites by trampling on states' rights. "I
thought the other side of the aisle extols federalism at all times," Norton
said. "Yes, even in hard times, even when you're dealing with terrorism. So
what's happening now? Why are those who speak up for states whenever it
strikes their fancy doing this now?"


 Civil libertarians and firearm rights groups condemned the bill before the
vote. The American Civil Liberties Union likened the new rules to a "de
facto national ID card," saying that the measure would force "states to
deny driver's licenses to undocumented immigrants" and make DMV employees
act as agents of the federal immigration service.

 Because an ID is required to purchase a firearm from a dealer, Gun Owners
of America said the bill amounts to a "bureaucratic back door to
implementation of a national ID card." The group warned that it would
"empower the federal government to determine who can get a driver's
license--and under what conditions."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 11 11:59:22 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 11 Feb 2005 14:59:22 -0500
Subject: [osint] Indonesia Off Money Laundering List
Message-ID: <p0611046abe32bf0442cb@[68.167.57.91]>

--- begin forwarded text


To: "Bruce Tefft" <btefft at community-research.com>
Thread-Index: AcUQb3dHsLUt0QFdTjyUpZpa+PkdQA==
From: "Bruce Tefft" <btefft at community-research.com>
Mailing-List: list osint at yahoogroups.com; contact osint-owner at yahoogroups.com
Delivered-To: mailing list osint at yahoogroups.com
Date: Fri, 11 Feb 2005 14:25:38 -0500
Subject: [osint] Indonesia Off Money Laundering List
Reply-To: osint at yahoogroups.com


http://www.laksamana.net/vnews.cfm?ncat=3
<http://www.laksamana.net/vnews.cfm?ncat=3&news_id=7907> &news_id=7907



Indonesia Off Money Laundering List
February 12, 2005 01:43 AM,
Laksamana.Net -  The government is expecting the nation's investment ratings
to be upgraded after an international anti-corruption group removed
Indonesia from a list of countries known for money laundering.

The Financial Action Task Force on Money Laundering (FATF) this week removed
Indonesia, the Philippines and the Cook Islands from its list of countries
deemed non-cooperative in efforts to halt money laundering.

FATF in 2001 blacklisted Indonesia and 18 other countries, making it more
costly for their banks to conduct international transactions. FATF was
established by the G7 group of industrialized nations following the
September 11, 2001, terror attacks on the US in an effort to track the flow
of funds to terrorist organizations.

Indonesia passed an anti-money laundering law in April 2002, but FATF said
much still needed to be done before the country could be withdrawn from the
blacklist.

Trade Minister Mari Pangestu said Friday (11/2/05) the removal of Indonesia
from the list was due to intense lobbying by herself and three other
ministers.

She said Indonesia had complied with 40 requirements made by FATF's member
countries. "They see that the set of measures they required has been
fulfilled, including the establishment of the Finance Transaction Analysis
Report Center and the compliance audit," she was quoted as saying by state
news agency Antara.

Coordinating Minister for the Economy Aburizal Bakrie said Indonesia's
country risk would decline and its investment ratings would increase
accordingly. "As such, payments for interest on state and private debts will
decline. And no one will suspect that any financial transaction with us is
money laundering," he said.

Separately, Finance Minister Jusuf Anwar said Australia and New Zealand had
expressed their appreciation of Indonesia's efforts to fight money
laundering.

Several agencies, including Standard and Poor's and Fitch, raised
Indonesia's ratings after last year's general elections bolstered hopes for
further macroeconomic stability and economic reforms.

Further credit upgrades will make it cheaper for Indonesia to raise funds in
the wake of the December earthquake and tsunamis that killed more than
240,000 people in northern Sumatra.

Despite Indonesia's anti-money laundering legislation, experts say corrupt
individuals and organizations still set up bogus accounts with brokerage
houses and use such them to move huge sums of money from sources such as
corruption, drug dealing, prostitution and gambling.
<http://www.laksamana.net/vnews.cfm?ncat=3&news_id=7907#top> back to top



[Non-text portions of this message have been removed]



------------------------ Yahoo! Groups Sponsor --------------------~-->
DonorsChoose. A simple way to provide underprivileged children resources
often lacking in public schools. Fund a student project in NYC/NC today!
http://us.click.yahoo.com/EHLuJD/.WnJAA/cUmLAA/TySplB/TM
--------------------------------------------------------------------~->

--------------------------
Want to discuss this topic?  Head on over to our discussion list,
discuss-osint at yahoogroups.com.
--------------------------
Brooks Isoldi, editor
bisoldi at intellnet.org

http://www.intellnet.org

  Post message: osint at yahoogroups.com
  Subscribe:    osint-subscribe at yahoogroups.com
  Unsubscribe:  osint-unsubscribe at yahoogroups.com


*** FAIR USE NOTICE. This message contains copyrighted material whose use
has not been specifically authorized by the copyright owner. OSINT, as a
part of The Intelligence Network, is making it available without profit to
OSINT YahooGroups members who have expressed a prior interest in receiving
the included information in their efforts to advance the understanding of
intelligence and law enforcement organizations, their activities, methods,
techniques, human rights, civil liberties, social justice and other
intelligence related issues, for non-profit research and educational
purposes only. We believe that this constitutes a 'fair use' of the
copyrighted material as provided for in section 107 of the U.S. Copyright
Law. If you wish to use this copyrighted material for purposes of your own
that go beyond 'fair use,' you must obtain permission from the copyright
owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/osint/

<*> To unsubscribe from this group, send an email to:
    osint-unsubscribe at yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/


--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 11 12:12:07 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 11 Feb 2005 15:12:07 -0500
Subject: Quantum leap
Message-ID: <p06110471be32c176d58a@[68.167.57.91]>

<http://www.canada.com/components/printstory/printstory4.aspx?id=deca9b6c-4f85-4475-87eb-1d2277bffaa0>
 

Quantum leap
A chance encounter between a computer-science professor and a physicist
launches new field of quantum cryptography

 

ALISON MACGREGOR

The Gazette

Friday, February 11, 2005


CREDIT: MARIE-FRANCE COALLIER, THE GAZETTE

Universite de Montreal's Gilles Brassard has made Canada a world leader in
the fast-growing quantum cryptography field.


It began 25 years ago in the warm coastal waters of Puerto Rico when a
stranger swam over to Gilles Brassard and struck up a conversation about
using quantum physics to make bank notes impossible to counterfeit.

"I had no idea who he was," recalled Brassard, then a 24-year-old prodigy
and computer-science professor at the Universite de Montreal. "He just
started talking nonsense about quantum physics."

The stranger turned out to be U.S. physicist Charles H. Bennett. Their
chance meeting while attending a theoretical computer science conference
would end up revolutionizing the art of code making, also known as
cryptography.

Together, Brassard and Bennett would go on to found a field of science -
quantum information processing - whose effects on society some say could
even rival the impact that the steam engine had in its time.

Already, experts agree, Brassard and Bennett's most famous invention, a
technique known as quantum cryptography, is set to eliminate terrifying
vulnerabilities that could soon arise in the way governments, banks, the
military, business and the public use computers and the Internet to
communicate and store data.

Some observers see the technology as one day making the Internet secure
enough that medical professionals could share confidential health data
online in ways that would be insecure now.

Yet for all its promise, this invention is also making governments nervous.

The ability to send unbreakable coded messages could just as easily be
exploited, authorities fear, by criminals and terrorists who now lack a
foolproof way of avoiding having their messages cracked.

In the midst of all this excitement and controversy is Montreal-based
Brassard, who has made Canada a world leader in his fast-growing field.

Because of him, Canada "has turned out to be the best place in the world"
to do research in quantum information processing, says physicist Raymond
Laflamme, a leading figure in the field who recently returned to Canada
from a post with the U.S. Department of Energy's Los Alamos National
Laboratory.

"All of this is thanks to Gilles," he says.

Barry Sanders, a quantum physicist who recently returned to Canada from a
research post in Australia, agrees, saying Brassard has played a key role
in making this country "the world leader in this field."

Brassard and Bennett's invention sprung from their discovery of how
principles from the previously unlinked fields of quantum physics and
computer science could be combined to establish an unbreakable secret key.

Instead of transmitting information along cables via electronic signals,
they use polarized photons - tiny particles of light - that are so
sensitive that when intercepted, they immediately become corrupted. This
renders the message unintelligible and tips off both sender and intended
recipient to the spying attempt.

What's causing particular excitement now is that the way that applications
of Brassard and Bennett's technology have just been commercialized and put
to market.

Since late 2003, consumers have been able to acquire quantum cryptographic
systems that make short-haul computer links unbreakable to spies. The
systems are being sold by two competitors in Geneva and New York for as
little as $70,000 U.S. Both firms' devices use Brassard and Bennett's
seminal insight.

But that's only a start, Laflamme says. "The potential is absolutely enormous."

- - -

Intrigued during their chance encounter off the shores of Puerto Rico by
the idea of impossible-to-forge bank notes, the two men repaired to
air-conditioned restaurants and cafes where they tossed it around some more.

They left the island firm friends, returning, respectively, to Montreal and
Croton-on-Hudson, a village just north of New York City, where they
continued their brainstorming.

While the anti-counterfeiting idea ultimately proved impractical, both
scientists soon realized that one of its underlying principles - a theory
that exploited the unique properties of photons - could be applied more
broadly to code making.

Cryptography has always been a race between code-makers and code-breakers.

Today's most sophisticated codes, used for the protection of information on
computers, rely on hugely complex mathematical calculations that
present-day computers aren't believed to be powerful enough to solve.

Yet as Brassard explains, it's possible someone has already figured out how
to crack these codes. If so, such a person might want to keep this quiet so
as to benefit personally, Brassard remarked, although there could also be
an altruistic reason for doing so.

The reason?

"Society would collapse, electronic commerce would collapse," Brassard
says. "There would be chaos. I would keep quiet - just as I would if I
found a new weapon of mass destruction."

But the biggest fear in the cryptographic world is that a new kind of
super-powerful "quantum computer" could soon be constructed that would have
the capacity to quickly solve the kinds of code-breaking problems that
today's computers are stumped by.

Already, experts say, a U.S. mathematician, Peter Shor, has developed a
formula that could be used by a quantum computer, once one has been built,
to crack current encryption technology.

The prospect of such a computer being constructed obviously worries
governments, business and the military - and should be of concern to all
who value their privacy.

It would be "a nuclear bomb to the Internet," says Barry Sanders, director
of the University of Calgary's Institute for Quantum Information Science.
"All of the security that we rely on when we use the Internet would be
obsolete."

And this is why Brassard and Bennett's invention is causing such a stir:
theirs is the first practical form of cryptography that could not be
broken, even by some yet-to-be-built quantum computer.

The key to the security of a quantum cryptography code, Laflamme explains,
is that it "does not involve solving a mathematical problem; it would
involve breaking the laws of physics."

Brassard and Bennett's collaboration has led to another breakthrough, too.
In an invention reminiscent of Star Trek, the two physicists and their
colleagues have developed a "quantum teleportation" technology that can
dissemble a particle of matter in one location and beam it for reassembly
in another.

This technique was invented in 1992, first tested experimentally four years
later with photons and is still being tested by scientists around the world.

(One of the co-inventers of the technique was Brassard's former student
Claude Crepeau, who now directs his own research team in quantum
information processing at McGill University.)

In 1999, the invention inspired a best-selling novel - Timeline, by Michael
Crichton - and a spinoff Hollywood movie of the same name.

Filmed in Montreal and released two years ago, the storyline features
protagonists being quantum-teleported back to the Middle Ages.

- - -

Brassard and Bennett's inventions have also generated enormous attention
from the world science media. An October 1992 cover story in Scientific
American magazine gave the duo's quantum cryptography technique its first
burst of stardom.

Now, a second wave of coverage has come as experiments prove the commercial
viability of their cryptography technique and fledgling new products make
their way to market.

Most recently, Brassard and Bennett's cryptography technique was again the
subject of a cover story - this time in the January issue of Scientific
American. They've also drawn coverage from Britain's New Scientist and as
well as in German, Australian and Japanese media outlets, among others.

Yet the technology still faces serious distance limitations. Photons can
only travel so far before they fade. They require amplification at regular
intervals if they're to be transmitted over long distances - something that
has not yet proved feasible. Scientists are working hard to overcome this
limitation.

So far, the record for transmitting coded messages through fibre-optic
cables is 100 kilometres; the maximum distance reached to date through the
air is 23 kilometres between two mountaintops.

This latter achievement is of particular significance because it's
generally considered harder to transmit photons through the thicker air
found near the Earth's surface than up toward space, where there's less
atmospheric interference.

That's why scientists are hopeful they'll soon be able to send photons to
satellites, which typically orbit 150 kilometres above the Earth. Such a
development would set the stage for the launch of the world's first truly
global unbreakable encrypted communications system.

So promising is the field of quantum information processing that
governments and corporations around the world are investing millions of
dollars in research in the field.

The first-ever local quantum-encrypted network of computers is now up and
running in Cambridge, Mass., where it is managed by the pioneering Internet
firm BBN Technologies Inc.

And the Los Alamos National Laboratory's quantum cryptography team has
joined with six European research institutions to push the field further.
In December, the team tied with another group to snag one of the world's
most prestigious science prizes - the European Union's $1.3-million (U.S.)
Descartes research prize - for its project to build a secure global quantum
cryptographic communications system.

In Canada, Research in Motion founder and co-chief executive Mike Lazaridis
put up $100 million of his own money in 1999 to fund the non-profit and
independent Perimeter Institute of Theoretical Physics in Waterloo, now a
leading centre of quantum information research. (Two more RIM executives
have since contributed another $20 million, while Ottawa and Ontario have
kicked in another $54 million.)

Last month, the University of Calgary got into the act, launching its
Institute for Quantum Information Science.

There have been commercial developments, too.

In 2003, a Swiss firm, id Quantique SA of Geneva, became the first to sell
a quantum cryptography system to the public. Another company, New York
City's MagiQ Technologies Inc., soon followed.

Yet Brassard and Bennett haven't made a penny from these ventures; they've
chosen not to patent their discovery in the hopes of fostering an
environment where colleagues can feel unhindered in their efforts to
develop the field.

Other companies with projects in the works include IBM - where Bennett is a
research fellow at the company's Yorktown Heights, N.Y., research centre -
and Japanese computing giants NEC, Fujitsu and Toshiba.

So great is the interest among potential buyers that industry analyst
Martin Illsley predicts the technology will be widespread in business and
government settings in as little as five years.

Early adopters will likely be financial institutions, governments and
telecommunications firms, said Illsley, an associate partner at consulting
firm Accenture Inc., in a telephone interview from France.

Others share that optimism. In a report, International Data Corp. has
predicted the market for quantum cryptography products will be about $30
million U.S. within three years - and about $300 million within 10 years.

- - -

Brassard has gathered a devoted group of researchers and students at the
Universite de Montreal's computer science department.

Now 49, he grew up in Ahuntsic, where his father was an accountant and his
mother taught yoga.

He credits his three older brothers - all scientists as well - with
inspiring him to pursue his precocious interest in math, a precursor to his
fascination with computers and physics.

A brilliant student, Brassard had entered secondary school by age 10 and
was already doing his undergraduate studies at the Universite de Montreal
by age 13.

At the time, he recalls, he thought there was "nothing unusual" about
attending university so young. He said other students treated him well
"even though I looked rather small and young for my age."

Now living in Outremont with his two daughters, Brassard says he reads,
cooks and listens to classical music in his spare time.

He used to play squash and go cross-country skiing too. But these days, he
says wistfully, there's no time for that. All the attention swirling about
him - and the fast pace of developments in his field - keeps Gilles
Brassard a very busy man.

amacgregor at thegazette.canwest.com

Further Readings

Bennett, C. H., Brassard, G. and Ekert, A. K., Quantum cryptography,
Scientific American, October 1992, pp. 50-57.

Stix, G., Best-Kept Secrets, Scientific American, January 2005, pp. 78-83.

Singh, S., The Code Book: The Science of Secrecy from Ancient Egypt to
Quantum Cryptography, Random House Inc., 1999.

Web Sites

Gilles Brassard: http://www.iro.umontreal.ca/~brassard

Charles Bennett: http://www.research.ibm.com/people/b/bennetc/home.html

Claude Crepeau: http://www.cs.mcgill.ca/~crepeau/

Raymond Laflamme: http://www.iqc.ca/people/rlaflamme/

Barry Sanders: http://qis.ucalgary.ca/~bsanders/Institutions

Universite de Montreal: Laboratoire d'Informatique Theorique et Quantique -
http://www.iro.umontreal.ca/labs/theorique/

McGill University: Crypto and Quantum info lab - http://crypto.cs.mcgill.ca/

Perimeter Institute of Theoretical Physics: http://www.iqc.ca/

University of Calgary's Institute for Quantum Information Science:
http://www.iqis.org/Commercial products

id Quantique SA: http://www.idquantique.com/

MagiQ Technologies Inc.: http://www.magiqtech.com/

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 11 12:17:35 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 11 Feb 2005 15:17:35 -0500
Subject: Security show set to spark debate
Message-ID: <p0611046cbe32c166d200@[68.167.57.91]>

<http://www.vnunet.com/print/it/1161190>



 Security show set to spark debate

Catch it if you can
Roger Howorth, IT Week 11 Feb 2005

The RSA Conference 2005, hosted by security specialist RSA, kicks off in
San Francisco on Monday. Keynote speakers include Bill Gates of Microsoft
and fraud author Frank W Abagnale.

Roundtable discussions will cover possible legislation affecting vendor
liability for security products. Some observers argue that the number of
flaws in computer products might be reduced if vendors were held legally
accountable for damage caused. Gates is unlikely to cover vendor liability
in his keynote, but could face a stiff grilling on the matter by attendees.

Personal identity theft is one of the fastest growing types of crimes, and
also one that is ripe for tackling at the event with emerging technologies
based around biometrics and encryption.

Other briefings will cover a range of industry topics, including
compliance, cryptography, web services and new ideas about mobile &
wireless security.

Computer Associates will also unveil details around the next phase of
integration between its own products and those acquired with last year's
purchase of identity management firm Netegrity.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From camera_lumina at hotmail.com  Fri Feb 11 12:20:18 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Fri, 11 Feb 2005 15:20:18 -0500
Subject: [FoRK] Google (fwd from rst@ai.mit.edu)
In-Reply-To: <20050211181043.GN1404@leitl.org>
Message-ID: <BAY24-F16A6BE4CFD4987F06E4609B770@phx.gbl>

  But I think you'd still need a securely pseudonymous
>throwaway email address to set up the gmail account.  And the lack of
>searches on that cookie would let them know, at least, that they're
>dealing with a privacy freak.

Hum...I've been thinking about that...seems to me one could set up anonymity 
using even Hotmail and Yahoo by a careful selection of completely improbably 
emails addresses. The timing might be tricky, though:

1. Think up two email addresses no one would have utilized...a random list 
of letters and numbers.
2. Go to Yahoo mail and sign up using one the email addresses. Plug in the 
other as the 'reference' and point it at, say, hotmail.
3. Open another browser to hotmail, do the reverse.
4. Hit send.
5. Hit send.

This should cause the two email accounts to reference each other. Mightn't 
this work? If not, perhaps there's some way to delay one of the emails.

-TD




From rah at shipwright.com  Fri Feb 11 12:31:42 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 11 Feb 2005 15:31:42 -0500
Subject: Studios Settle Copyright Suit Against Web-Site Operator
Message-ID: <p06110472be32c67b02cd@[68.167.57.91]>

<http://online.wsj.com/article_print/0,,SB110814951191552648,00.html>

The Wall Street Journal

      February 11, 2005 2:21 p.m. EST

 E-COMMERCE/MEDIA



Studios Settle Copyright Suit
 Against Web-Site Operator

Associated Press
February 11, 2005 2:21 p.m.


LOS ANGELES -- Hollywood movie studios have settled a copyright lawsuit
against a Web site operator they say had helped people find pirated copies
of films for download.

The Web site, LokiTorrent.com, hosted "torrents," or file markers used by
online file-swapping programs like BitTorrent to comb the Internet for
other computer users sharing a given file.

Edward Webber, who ran the site, agreed to pay a "substantial" fine to
settle the lawsuit and agreed to turn over copies of his computer server
logs and data, the Motion Picture Association of America said Thursday.
Those records might prove to be even more valuable to the trade group as a
way to ferret out individual computer users who had visited the site, which
had more than 750,000 registered users downloading thousands of files, said
John Malcolm, head of the MPAA's antipiracy division.

The MPAA also took over the LokiTorrent.com domain name and posted a
warning against trading movie files online with the slogan "You can click,
but you can't hide."

The settlement is the first announced by the MPAA following an unspecified
number of lawsuits filed by Hollywood studios in December against operators
of more than 100 computer servers in the United States and Europe.

The MPAA also announced a second round of litigation against U.S. sites
that host indexes for BitTorrent, eDonkey and DirectConnect and against
individual computer users, but Mr. Malcolm declined to identify who the
defendants are or how many. Calls to Mr. Webber's attorney weren't
immediately returned Friday.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From hal at finney.org  Fri Feb 11 16:14:14 2005
From: hal at finney.org (Hal Finney)
Date: Fri, 11 Feb 2005 16:14:14 -0800 (PST)
Subject: Cypherpunk help with Hal Finney demo
Message-ID: <20050212001414.D24E057EBA@finney.org>

Here's a semi-urgent request.  I introduced the RPOW project last year
on this list, rpow.net.  It provides a sort of play-money form of digital
cash, an implementation of Nick Szabo's concept of "bit gold".

I am giving a talk at CodeCon, www.codecon.org, on this system, in about
an hour(!) and I could use some help from you.

One of the things I have done to demo a possible use is to make a
patched version of BitTorrent, the widely used file sharing program, that
exchanges RPOW data objects in order to reward people for uploading and
seeding files.  In exchange, people with RPOWs can get priority on future
downloads, so by seeding today you can get a better download tomorrow.
That's the concept, although at this point it is just an experiment.

What I need is to have a dozen or so people doing regular BitTorrent
downloads of a file I will offer during the demo, which will be at
about 5:15 PM Pacific Standard Time, 8:15 PM EST, 1:15 AM GMT.  That's 1
hour from now.  You don't need to use any special RPOW software, just
the regular BitTorrent client.

If you have a BitTorrent client and know how to use it, could you start
up and leave running a download of the following .torrent file:

http://www.finney.org/~hal/ArkyMovie.mpg.torrent

This is fully legal, it's just a home movie of my dog Arky playing on
the beach with his brother.

Nothing will happen with the download until I start the demo after 5.
But if you could start up your BitTorrent client before then and just
leave it running, it would be a big help for me.

If you are able to do this, please send me an email when you start up your
BT client, at hal at finney.org.  If you've never used BT, don't bother to
try downloading and figuring it out.  I only really need a minimum of
4 or 5 people doing it, but as I said a dozen or more would be great.

Sorry about the last minute notice; I know that most people won't see
this until too late, but if anyone sees it now and you know how to use
BT I'd appreciate your help.

Thanks!

Hal Finney




From rah at shipwright.com  Fri Feb 11 14:16:21 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 11 Feb 2005 17:16:21 -0500
Subject: [osint] Arab Bank Announces Withdrawal from the U.S.
Message-ID: <p0611047fbe32df2dcc8b@[68.167.57.91]>

--- begin forwarded text


To: "Bruce Tefft" <btefft at community-research.com>
Thread-Index: AcUQg90Ntm4eZXoQRjGRmZ+BhzYIgw==
From: "Bruce Tefft" <btefft at community-research.com>
Mailing-List: list osint at yahoogroups.com; contact osint-owner at yahoogroups.com
Delivered-To: mailing list osint at yahoogroups.com
Date: Fri, 11 Feb 2005 16:51:38 -0500
Subject: [osint] Arab Bank Announces Withdrawal from the U.S.
Reply-To: osint at yahoogroups.com



Arab Bank Announces Withdrawal from the U.S.


Yesterday Arab Bank PLC, Jordan's largest bank, announced that it intends to
withdraw from the United States. Arab Bank, which maintains a branch on
Madison Avenue, is currently under federal regulatory investigation,
reportedly for failing to abide by U.S. anti-money laundering laws. Arab
Bank also faces a flurry of allegations from over 800 U.S. and Israeli
victims of Palestinian terrorism who allege that the Arab Bank, including
specifically the New York branch, facilitated systematic payments to the
families of Palestinian suicide bombers and to HAMAS front organizations
(see prior
<http://counterterror.typepad.com/the_counterterrorism_blog/2005/01/arab_ban
k_as_te.html>  post here). For purposes of full disclosure, I am serving as
Special Counsel to the largest such suit. In announcing the retreat, a
statement from Jordan's Central Bank said: "The climate of operating in the
United States at present is not expedient with the bank's strategy and
vision."

Unlike al Qaeda financing, the financing of the second intifada has been
conducted openly and in plain sight. According to the suits, much of the
money that moved through Arab Bank originated in Saudi Arabia, as part of an
organized undertaking known as the Saudi Committee in Support of the
Intifada Al Quds (later renamed the Saudi Committee for Relief of the
Palestinian People). The Saudi Committee helpfully posts its records
(updated through the Spring of 2002) on the web at www.alquds-saudi.org.

The web site even makes clear that contributions to the Saudi Committee are
sent via Arab Bank, and includes records of disbursements of approximately
$5300 each made to the families of numerous known terrorist operatives,
including, for example, suicide bombers responsible for the August 2001
attack on the Sbarro pizzeria in Jerusalem and the June 2001 attack on the
Dolphinarium disco in Tel Aviv.

Those attacks killed or injured many innocent civilians, including scores of
Americans. According to the suits, payments knowingly made by and through
Arab Bank have provided an incentive for these and other acts of terrorism
since September 2000.

The payoffs are remarkable, as is the decision of the bank to withdraw from
the United States in a clear attempt to avoid further scrutiny and possible
massive liability. As Rep. Sue Kelly (R-NY), the Vice-Chair of the House
Financial Services committee, stated: "Americans would be appalled by the
notion that the families of Al-Qaeda murderers were being rewarded through a
financial institution located in New York."

Ron Motley and Gary Osen, lead attorneys for Israeli and American victims,
respectively, yesterday said that they would take immediate steps to make
sure that relevant documents and records remain in the United States as Arab
Bank flees for safer jurisdictions.

The U.S. government should also take immediate steps to assure moral and
legal accountability for the financing of the second intifada as, we hope,
prospects for peace in the Middle East continue to improve and the terror of
the last four years recedes.

http://counterterror.typepad.com/



[Non-text portions of this message have been removed]



------------------------ Yahoo! Groups Sponsor --------------------~-->
Give underprivileged students the materials they need to learn.
Bring education to life by funding a specific classroom project.
http://us.click.yahoo.com/FHLuJD/_WnJAA/cUmLAA/TySplB/TM
--------------------------------------------------------------------~->

--------------------------
Want to discuss this topic?  Head on over to our discussion list,
discuss-osint at yahoogroups.com.
--------------------------
Brooks Isoldi, editor
bisoldi at intellnet.org

http://www.intellnet.org

  Post message: osint at yahoogroups.com
  Subscribe:    osint-subscribe at yahoogroups.com
  Unsubscribe:  osint-unsubscribe at yahoogroups.com


*** FAIR USE NOTICE. This message contains copyrighted material whose use
has not been specifically authorized by the copyright owner. OSINT, as a
part of The Intelligence Network, is making it available without profit to
OSINT YahooGroups members who have expressed a prior interest in receiving
the included information in their efforts to advance the understanding of
intelligence and law enforcement organizations, their activities, methods,
techniques, human rights, civil liberties, social justice and other
intelligence related issues, for non-profit research and educational
purposes only. We believe that this constitutes a 'fair use' of the
copyrighted material as provided for in section 107 of the U.S. Copyright
Law. If you wish to use this copyrighted material for purposes of your own
that go beyond 'fair use,' you must obtain permission from the copyright
owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/osint/

<*> To unsubscribe from this group, send an email to:
    osint-unsubscribe at yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/


--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 11 14:47:46 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 11 Feb 2005 17:47:46 -0500
Subject: Blinky, etc.: [osint] Terrorists' Tricks and Counter-Measures
Message-ID: <p06110481be32e675818c@[68.167.57.91]>

--- begin forwarded text


To: "Bruce Tefft" <btefft at community-research.com>
Thread-Index: AcUQicQJIaX+jMBUTx2fNeBGtdezfw==
From: "Bruce Tefft" <btefft at community-research.com>
Mailing-List: list osint at yahoogroups.com; contact osint-owner at yahoogroups.com
Delivered-To: mailing list osint at yahoogroups.com
Date: Fri, 11 Feb 2005 17:33:53 -0500
Subject: [osint] Terrorists' Tricks and Counter-Measures
Reply-To: osint at yahoogroups.com


http://www.pbs.org/wgbh/pages/frontline/shows/front/special/techsidebar.html



The Terrorist's Tricks and Counter-Measures

+ Tricks

+  Two terrorists on opposite sides of the globe might agree to open 30
anonymous web-based e-mail accounts with 30 different passwords. On the
first of the month the first account is used, on the second of the month the
second account is used and so on, until each account is used once.

"It's very difficult to catch, because there is no pattern of use," former
U.S. counter-terrorism czar Richard Clarke says. "One-time anonymous
accounts are extremely difficult to monitor."

+  One terrorist drafts a Web-based e-mail and instead of sending it, saves
it to the draft folder, accessible online from anywhere in the world. The
other terrorist can open the same account, read the message, and delete it.
The e-mail has never been sent, and cannot be tracked.

+  Many e-mails are sent on public computers, for example in libraries or
cyber cafis, making them even more difficult to trace.

+  The language in the e-mails can also be cloaked, says Dale Watson, a
24-year veteran of the FBI who served as the first executive assistant
director for counterterrorism. In preparing for the Sept. 11 attacks,
suspected hijacker and pilot Mohamed Atta and alleged 9/11 conspirator Ramzi
bin al-Shibh pretended to be students as they exchanged e-mails, talking
about "architecture" (the World Trade Center), "arts" (the Pentagon), "law"
(the Capitol) and "politics" (the White House).



+ Counter-Measures

+  If a jihadist site hosted in another country is not taken down by the
government in that country, the U.S. needs to hack the site and bring it
down, Clarke says.

+  The U.S. can use active and passive attacks to disrupt terrorists'
electronic networks. Active attacks include using computer viruses to infect
enemy computers. Passive attacks monitor e-mails and transferred data, and
watch traffic patterns.

+  The viruses used in active attacks wouldn't do damage or send mass
mailings, but rather selectively collect data and discreetly send the e-mail
back to U.S. intelligence. That could include getting address books, or
collecting the "cookies" written to the computer's hard drive when the
terrorist visits certain Web sites. There are also ways to monitor
keystrokes, even if a terrorist uses encryption. Counterfeit e-mails can
also used to confuse or subvert communications.

"They certainly can be very effective," the University of Maryland's Lee
Strickland says of active attacks. "To escape, [terrorists] have to be lucky
every day. We only have to be lucky once."

+  Passive attacks aim to monitor the terrorists' information network, not
overtly disrupt it. That includes watching electronic banking transactions,
for example, and following e-mail traffic patterns and other data exchanges.
Doing so may arouse suspicion and force terrorists to use less efficient
modes of communication. "The goal is not only to acquire information in the
terrorists' possession, but also to force them to use other forms of
communication -- perhaps slower and less effective, or perhaps someone that
may be easier to intercept or that may provide more information upon
intercept," Strickland wrote in a 2002 report called "Fighting Terrorism
with Information."





[Non-text portions of this message have been removed]



------------------------ Yahoo! Groups Sponsor --------------------~-->
Give underprivileged students the materials they need to learn.
Bring education to life by funding a specific classroom project.
http://us.click.yahoo.com/FHLuJD/_WnJAA/cUmLAA/TySplB/TM
--------------------------------------------------------------------~->

--------------------------
Want to discuss this topic?  Head on over to our discussion list,
discuss-osint at yahoogroups.com.
--------------------------
Brooks Isoldi, editor
bisoldi at intellnet.org

http://www.intellnet.org

  Post message: osint at yahoogroups.com
  Subscribe:    osint-subscribe at yahoogroups.com
  Unsubscribe:  osint-unsubscribe at yahoogroups.com


*** FAIR USE NOTICE. This message contains copyrighted material whose use
has not been specifically authorized by the copyright owner. OSINT, as a
part of The Intelligence Network, is making it available without profit to
OSINT YahooGroups members who have expressed a prior interest in receiving
the included information in their efforts to advance the understanding of
intelligence and law enforcement organizations, their activities, methods,
techniques, human rights, civil liberties, social justice and other
intelligence related issues, for non-profit research and educational
purposes only. We believe that this constitutes a 'fair use' of the
copyrighted material as provided for in section 107 of the U.S. Copyright
Law. If you wish to use this copyrighted material for purposes of your own
that go beyond 'fair use,' you must obtain permission from the copyright
owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/osint/

<*> To unsubscribe from this group, send an email to:
    osint-unsubscribe at yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/


--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 11 15:15:28 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 11 Feb 2005 18:15:28 -0500
Subject: [osint] Technology and Terror: The New Modus Operandi
Message-ID: <p06110489be32ecec0592@[68.167.57.91]>

--- begin forwarded text


To: "Bruce Tefft" <btefft at community-research.com>
Thread-Index: AcUQiaDiEfkM6EBiRXa/4exIK6zyqQ==
From: "Bruce Tefft" <btefft at community-research.com>
Mailing-List: list osint at yahoogroups.com; contact osint-owner at yahoogroups.com
Delivered-To: mailing list osint at yahoogroups.com
Date: Fri, 11 Feb 2005 17:32:54 -0500
Subject: [osint] Technology and Terror: The New Modus Operandi
Reply-To: osint at yahoogroups.com


http://www.pbs.org/wgbh/pages/frontline/shows/front/special/tech.html



Technology and Terror: The New Modus Operandi By Andrew Becker
For all the fear that cyber terrorists will turn the Internet into a weapon
of mass disruption, many intelligence experts contend the Web is most
effective (or detrimental) as it was designed to be -- as a way to
communicate and create community. This essay explores how jihadis are using
the Web, plus some of the cyber "tricks" used by terrorists to avoid
detection and how the authorities can respond.



It was all laid out in a polished, 25-minute training video: how to make an
explosive belt to blow yourself up and kill as many people as possible.

This particular video, first posted on a jihadist message board in December
2004, presented the necessary explosives, shrapnel and vest for a suicide
bomber. It demonstrated how to assemble the materials and wear the belt. And
then the video showed a test of the explosive belt, with a simulated
detonation aboard a crowded bus.

As translated on a Web site
<http://siteinstitute.org/bin/articles.cgi?ID=publications13804&Category=pub
lications&Subcategory=0>  that tracks Islamic terrorist organizations, the
producers analyzed the bomb's impact on the mock victims:



We notice that the following 2 seats were not directly hit. This is due to
the fact that, when the person who will be wearing this explosive vest goes
on the bus, and wants to blow himself up, he must be facing the front with
his back towards the back. There is a possibility that the 2 seats on his
right and his left might not be hit with the shrapnel, however, the
explosion will surely kill the passengers in those seats.

Such Web sites and training videos, which are often posted then quickly
removed to avoid detection, have multiplied after Sept. 11. In doing so,
they opened perhaps the widest front in the war on terror: cyberspace.

In essence, the Internet is the perfect communication tool for terrorists,
and it mirrors the framework of their operations: decentralized, anonymous,
and offering fast communication to a potentially large audience. The
Internet is used to plot and claim responsibility for terrorist acts, to
address sympathizers and enemies alike, and to raise money and attract new
recruits. It has created a virtual "umma" -- Arabic for the larger Muslim
community as a whole -- and like the actual umma, the cyber umma encompasses
both moderate Muslims and Islamic fundamentalists.

For all the fear that cyber terrorists will turn the Internet into a weapon
of mass disruption, many intelligence experts contend the Web is most
effective (or detrimental) as it was designed to be -- as a way to
communicate and to create community.

In a keynote speech at a security conference for government agencies in
Washington, retired CIA director George Tenet called for tightening security
of the Internet, which he said was "a potential Achilles' heel." Tenet
acknowledged that it would be "controversial in this age when we still think
the Internet is a free and open society," but "ultimately the Wild West must
give way to governance and control."

But, as Gabriel Weimann writes in the United States Institute of Peace
report "How <http://www.usip.org/pubs/specialreports/sr116.html>  Modern
Terrorism Uses the Internet," the restriction of the Internet under the
guise of counterterrorism measures, particularly by authoritarian
governments, can infringe on privacy, limit freedom of speech, and impede
the free flow of information, in turn placing restrictions on the open
society that makes the Western world strong.

"There's just no question that if the Internet wasn't there, the terrorists
would have loved to invent it," says Jeffrey Simon, a former terrorism
analyst for the RAND Corp., author of The Terrorist Trap and a consultant
who has studied terrorism for 20 years. "It's always a technological battle
with terrorists. The technology is always out there for everyone to take
advantage of."



+ Hosting terror at home

Although a number of extremist sites are located abroad, in many cases,
terrorists take advantage of the technology inside the U.S.

Recently, more jihadist Web sites in Europe have switched to U.S. computer
servers -- mostly because they can, says Rita Katz, director of the
Washington-based Search for International <http://www.siteinstitute.org/>
Terrorist Entities (SITE) Institute. American Web hosting is cheap, easy to
access and U.S. servers are technologically among the best in the world. To
avoid detection, terrorists frequently change Web addresses and often squat
undetected on other Web sites or Internet servers. Katz believes the most
hard-core Al Qaeda and jihadist Web sites are hosted in the U.S. because of
freedom of speech protections.

Katz points to the August 2004 arrest of Babar Ahmad, a British citizen
charged in the U.S. with providing material support to terrorists,
conspiring to kill people in a foreign country, and money laundering,
because Web sites that he ran from the U.K. were hosted by an Internet
service provider in Connecticut. The indictment alleges that through the Web
sites and other means, Ahmad provided "expert advice and assistance,
communications equipment, military items, lodging, training, false
documentation, transportation, funding, personnel and other support designed
to assist the Chechen mujahideen, the Taliban and associated groups."

"The Internet today is really 'command central' for all terrorist
organizations," says Katz, who wrote a memoir The Terrorist Hunter and has
tracked international terrorists since the 1990s. "You don't really need to
be in Afghanistan anymore. It's all on the Internet."

She keeps edited examples of terrorist training manuals, videos, newsletters
and communiquis on the SITE Institute's subscriber-based Web site, including
the suicide bomber instructional video. The information on these Web sites
can vary from how to set up a safehouse to instructions for using
rocket-propelled grenades.

"If you know where to look, [they're] not difficult to find. Not for an
Arabic speaker," she says. The Internet is "something we set up for our use
to make our life better, but terrorists have hijacked the Internet
literally."



+ Increasing sophistication

In the summer of 2004, Lee S. Strickland, director of the Center for
Information Policy at the University of Maryland and a career senior
intelligence officer and computer specialist, oversaw a study that examined
terrorists' use of the Internet.

The study found that the terrorist sites tend to be as sophisticated and
efficacious as many mainstream Western corporate sites. The researchers used
26 variables of highly effective Web sites including design, content and how
often they are updated.

"You're really seeing a growing sophistication of video and the Web,"
Strickland says.

The study examined a number of terrorist linked sites, ranging from Al Qaeda
and Hamas to the Tamil Tigers. When compared with Microsoft.com, Hamas'
site, for instance, shared 23 of these 26 highly valuable design features,
such as search engines, mission statements, a "what's new" section and a
frequently asked questions page. There were even job boards, online
applications for recruitment, testimonials, an online store and chat rooms.
If the sites aren't directly recruiting, many solicit funds.

Strickland says these sites employ an effective array of interactive games,
cartoons, jokes, and even bedtime stories that appeal to children. They
recruit young adults ages 14 to 24 with videos and music: For example, in
early 2004, a Muslim rapper in Great Britain named Sheik Terra released a
video for his song "Dirty Kuffar" (Infidel) in which he carries a copy of
the Quran and a pistol and calls for the death of all non-Muslims.



+ Reconnaissance

With the abundance of information available on the Internet, terrorists also
use the Web for reconnaissance, especially with the availability of public
information on things like electrical grids and other infrastructure -- a
problem highlighted by George Tenet late last year. Terrorists regularly
search the Internet for data mining purposes to facilitate financial
transactions and crime, according to former counterterrorism czar Richard
Clarke.

Clarke says the government should limit what information is available by
first examining the content on government Web sites. If they don't,
reconnaissance of potential targets by terrorists will continue.

"The Pentagon has done this. It's generally a good idea for any company or
government to do," he says. "There's way too much information available."

An Al Qaeda training manual recovered in Afghanistan confirms that the group
researched critical infrastructure online. The manual explained that at
least 80 percent of the information gathered on the enemy was done through
open and legal methods. Whether it's GIS mapping of the electrical and
cyberoptic infrastructure of New York City or major dams, much of the
information is still openly available, according to Strickland.

"You can get information anonymously, store it in a database and apply data
mining tools to it," he says. "And the tools to exploit are commercial
tools!"



+ Avoiding detection

For years intelligence experts and officials have suspected that some Al
Qaeda operatives are technological whizzes who use espionage tools like
encryption or the practice of hiding messages within other messages known as
steganography.

Encryption works by altering letters or numbers with software. It is illegal
to export encryption software to certain countries overseas, but the
programs can be easily downloaded.

Arrests of Al Qaeda members and computers captured in U.S. raids have turned
up evidence of encrypted e-mails dating to the 1990s, including the 1998
bombings of U.S. embassies in East Africa. Wadih
<http://www.pbs.org/wgbh/pages/frontline/shows/binladen/upclose/elhage.html>
El Hage, an associate of Osama bin Laden who was convicted for his role in
the 1998 bombing of U.S. embassies in Kenya and Tanzania, encrypted e-mails
while plotting the attacks. Ramzi Yousef, the mastermind behind the 1993
World Trade Center attack, used encryption from his base in the Philippines
in the mid-1990s when he plotted to blow up 11 U.S. airplanes over the
Pacific.

More recently, U.S. officials believe the Al Qaeda Web site www.alneda.com
used encrypted information to link Al Qaeda members to more secure sites,
according to Weimann's report.

Steganography dates to ancient Greece and was widely used by Allies and the
Axis during World War II. Russ Rogers, a security researcher and CEO of
security services company Security Horizon, Inc., says there are more than
100 tools readily available on the Web that can help hide information inside
documents such as JPEG image files using algorithms to modify the pixels in
a file without altering the visible image. There are even Web sites and
programs that can transform a message to make it look like spam e-mail or a
play script.



+ The virtual politics of violence

The Web's use as a propaganda and political tool may be its biggest asset to
terrorists.

An intelligence aide to a U.S. senator, who spoke on condition of anonymity
says, "The Internet is the poor man's television network. Buy a $300 video
camera and a PC and you're in business. You can communicate in a very
powerful medium almost instantaneously, almost undetectable and free."

One of the more striking examples of terrorists' political use of the
Internet involves a document that argued for an attack against Spanish
forces months before March 11. Written in early December 2003, the document
titled "Jihadi Iraq, Hopes and Dangers" called for attacks in order to
influence the parliamentary elections.

A few weeks after the document was published, Brynjar Lia, senior analyst at
the Norwegian Defense Research Establishment, found the document on a
jihadist Web site while making his usual rounds on the Internet.

"It was interesting to me for two reasons -- the document's sophisticated
strategic analysis and its specific recommendations," Lia says. "Many of the
documents are religious and propagandist in tone and entirely devoted to
providing justifications for jihad. If you've read one or two, you've read
them all."

But this document was different. It mentioned the Spanish elections, which
were four months away, and recommended "painful strikes" in the run-up to
the election in order to influence its outcome. The author lays out the
argument as for why an attack against Spain would be most effective. There
wasn't a specific call for an attack in Europe, Lia says, but rather the
terms called for an attack against Spanish forces. As translated
<http://www.mil.no/felles/ffi/start/article.jhtml?articleID=71589>  by Lia
and his colleague Thomas Hegghammer, the document contends:

We think that the Spanish government could not tolerate more than two,
maximum three blows, after which it will have to withdraw as a result of
popular pressure. If its troops still remain in Iraq after these blows, then
the victory of the Socialist Party is almost secured, and the withdrawal of
the Spanish forces will be on its electoral programme.

"Like everyone else, I assumed all the intelligence agencies in the world
were monitoring these Web sites and checking them out," Lia says. "I didn't
think to alert anyone. It seemed obvious. I thought they must have been
read."



+ Monitoring Web sites

The U.S. government doesn't actively monitor Web sites, according to Richard
Clarke. Some ISPs and Web hosts might, although currently there is no legal
obligation to do so.

"You're treading on dangerous ground when you start limiting content, unless
the site is clearly linked to a violation of the law," he says.

But while First Amendment concerns exist, it is the sheer volume of Web
sites and e-mail traffic that mostly hampers monitoring.

"Unless there is a specific complaint, [Web hosting companies] don't have
the wherewithal to monitor the content or the responsibility," says FBI
agent Mike Rolince, of the Washington, D.C. field office.

The same issue of resources prohibits the Department of Justice from
monitoring Web sites says Department of Justice spokesman Bryan Sierra.

"We don't have the manpower or the desire to sit around and monitor the Web
24-7," Sierra says. "We're not the guys out there trying to determine what
is on the Internet. That's not our goal. Our goal is to determine what is
illegal."

California-based Yahoo! spokeswoman Mary Osako would not comment on how
aggressively Yahoo! monitors the content of the Web sites it hosts, but the
company investigates every complaint it receives. She says that the company
has the "ability across languages" to scrutinize sites but for the most part
Yahoo! relies on its members to report any inappropriate use. Osako would
not disclose how many reports the company has received regarding
terrorist-related material.

In the end, taking down a Web site isn't going to solve the problem. "The
opposition sees that as nothing more than a temporary inconvenience,"
according to Rolince.

Going forward, Dale Watson, former special agent in charge of
counter-terrorism in the Washington bureau of the FBI, expects the bureau to
continue to use the e-mail equivalent of telephone wiretaps as a
surveillance tool.

Since March 2004, the European Union has discussed imposing requirements on
Internet service providers (ISPs) and cell phone companies to keep permanent
records accessible to law enforcement. The European Council will vote on the
matter in June 2005.

For the Department of Justice, the main obstacle and main challenge will be
keeping up with the emerging technologies terrorists use, Sierra says. But
the intelligence aide to the U.S. senator believes that the cyber age and
"all the cool tools" shouldn't dazzle law enforcement.

"There is an increasing need for old-fashioned, shoe-leather spying, human
intelligence and agents who will tell us things about the bad guys," he
says. "It's face-to-face where we can really make strides against
terrorism."



Andrew Becker is a student at the Graduate School of Journalism at
University of California, Berkeley. His articles have appeared in the Boston
Globe, the San Francisco Chronicle, and FRONTLINE.





[Non-text portions of this message have been removed]



------------------------ Yahoo! Groups Sponsor --------------------~-->
DonorsChoose. A simple way to provide underprivileged children resources
often lacking in public schools. Fund a student project in NYC/NC today!
http://us.click.yahoo.com/EHLuJD/.WnJAA/cUmLAA/TySplB/TM
--------------------------------------------------------------------~->

--------------------------
Want to discuss this topic?  Head on over to our discussion list,
discuss-osint at yahoogroups.com.
--------------------------
Brooks Isoldi, editor
bisoldi at intellnet.org

http://www.intellnet.org

  Post message: osint at yahoogroups.com
  Subscribe:    osint-subscribe at yahoogroups.com
  Unsubscribe:  osint-unsubscribe at yahoogroups.com


*** FAIR USE NOTICE. This message contains copyrighted material whose use
has not been specifically authorized by the copyright owner. OSINT, as a
part of The Intelligence Network, is making it available without profit to
OSINT YahooGroups members who have expressed a prior interest in receiving
the included information in their efforts to advance the understanding of
intelligence and law enforcement organizations, their activities, methods,
techniques, human rights, civil liberties, social justice and other
intelligence related issues, for non-profit research and educational
purposes only. We believe that this constitutes a 'fair use' of the
copyrighted material as provided for in section 107 of the U.S. Copyright
Law. If you wish to use this copyrighted material for purposes of your own
that go beyond 'fair use,' you must obtain permission from the copyright
owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/osint/

<*> To unsubscribe from this group, send an email to:
    osint-unsubscribe at yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/


--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From eugen at leitl.org  Fri Feb 11 10:10:43 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 11 Feb 2005 19:10:43 +0100
Subject: [FoRK] Google (fwd from rst@ai.mit.edu)
Message-ID: <20050211181043.GN1404@leitl.org>

----- Forwarded message from rst at ai.mit.edu -----


From rah at shipwright.com  Sat Feb 12 04:54:34 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sat, 12 Feb 2005 07:54:34 -0500
Subject: Break-In At SAIC Risks ID Theft
Message-ID: <p061104d2be334f4b13fd@[68.167.57.91]>

<http://www.washingtonpost.com/ac2/wp-dyn/A17506-2005Feb11?language=printer>

The Washington Post

washingtonpost.com
Break-In At SAIC Risks ID Theft
Computers Held Personal Data on Employee-Owners

 By Griff Witte
 Washington Post Staff Writer
 Saturday, February 12, 2005; Page E01

 Some of the nation's most influential former military and intelligence
officials have been informed in recent days that they are at risk of
identity theft after a break-in at a major government contractor netted
computers containing the Social Security numbers and other personal
information about tens of thousands of past and present company employees.

 The contractor, employee-owned Science Applications International Corp. of
San Diego, handles sensitive government contracts, including many in
information security. It has a reputation for hiring Washington's most
powerful figures when they leave the government, and its payroll has been
studded with former secretaries of defense, CIA directors and White House
counterterrorism advisers.

Those former officials -- along with the rest of a 45,000-person workforce
in which a significant percentage of employees hold government security
clearances -- were informed last week that their private information may
have been breached and they need to take steps to protect themselves from
fraud.

 David Kay, who was chief weapons inspector in Iraq after nearly a decade
as an executive at SAIC, said he has devoted more than a dozen hours to
shutting down accounts and safeguarding his finances. He said the
successful theft of personal data, by thieves who smashed windows to gain
access, does not speak well of a company that is devoted to keeping the
government's secrets secure.

"I just find it unexplainable how anyone could be so casual with such vital
information. It's not like we're just now learning that identity theft is a
problem," said Kay, who lives in Northern Virginia.

 About 16,000 SAIC employees work in the Washington area.

Bobby Ray Inman, former deputy director of the CIA and a former director at
SAIC, agreed. "It's worrisome," said Inman, who also received notification
of the theft last week. "If the security is sloppy, it raises questions."

Ben Haddad, an SAIC spokesman, said yesterday that the Jan. 25 theft, which
the company announced last week, occurred in an administrative building
where no sensitive contracting work is performed. Haddad said the company
does not know whether the thieves targeted specific computers containing
employee information or if they were simply after hardware to sell for
cash. In either case, the company is taking no chances.

 "We're taking this extremely seriously," Haddad said. "It's certainly not
something that would reflect well on any company, let alone a company
that's involved in information security. But what can I say? We're doing
everything we can to get to the bottom of it."

Gary Hassen of the San Diego Police Department said there are, at the
moment, "no leads."

 Haddad said surveillance cameras are in the building where the theft took
place, but he did not know whether they caught the perpetrators on tape. He
also did not know whether the information that was on the pilfered
computers had been encrypted.

 The stolen information included names, Social Security numbers, addresses,
telephone numbers and records of financial transactions. It was stored in a
database of past and present SAIC stockholders. SAIC is one of the nation's
largest employee-owned companies, with workers each receiving the option to
buy SAIC stock through an internal brokerage division known as Bull Inc.

 Haddad said the company has been trying through letters and e-mails to get
in touch with everyone who has held company stock within the past decade,
though he acknowledged that hasn't been easy since many have since left the
company.

 He said the company would take steps to ensure stockholder information is
better protected in the future, but he declined to be specific.

 The theft comes at a time when the company, which depends on the federal
government for more than 80 percent of its $7 billion annual revenue, is
already under scrutiny for its handling of several contracts.

 Last week on Capitol Hill, FBI Director Robert S. Mueller III testified
that the company had botched an attempt to build software for the bureau's
new Virtual Case File system. The $170 million upgrade was supposed to
allow agents to sift through different cases electronically, but the FBI
has said the new system is so outdated that it will probably be scrapped.

 In San Antonio, SAIC is fighting the government over charges that the
company padded its cost estimates on a $24 million Air Force contract. The
case prompted the Air Force to issue an unusual alert to its contracting
officials late last year, warning them that "the Department of Justice
believes that SAIC is continuing to submit defective cost or pricing data
in support of its pricing proposals."

 SAIC has defended its work for the FBI and the Air Force. Haddad said that
criticisms are inevitable for a such a large company and that there is no
pattern of poor performance.

"I know people will try to jump to that kind of conclusion, but it's not an
accurate reflection of how well this company is doing," he said. "This
company has always prided itself on strong ethics."

 The company's alumni list reads like a roll call of the nation's
highest-profile former officials, including former defense secretaries
William J. Perry and Melvin R. Laird and former CIA director John Deutch.
Current directors of the company include former chief counterterrorism
adviser Gen. Wayne A. Downing.

 Founded by a group of scientists in 1969, SAIC has been growing in recent
years at a rapid clip, right along with the government's appetite for
high-tech services in information technology and national defense. The
company named a new chief executive, Kenneth C. Dahlberg, in 2003, and he
has set a goal of doubling the company's value within three to five years,
Haddad said.

 Philip Finnegan, director of corporate analysis with the Teal Group Corp.,
said SAIC is trying to push into the top tier of contractors -- a rarefied
club that includes Boeing Co. and Lockheed Martin Corp. -- and that there
are bound to be bumps along the way.

"It's inevitable that they'll face problems," he said.

 Others are less sure the company's recent difficulties don't add up to
something more. "Is [the break-in] saying something about the quality of
the company?" Kay said. "It's hard to say that. It's probably just random
luck. But multiple occurrences of bad luck are often more than bad luck."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From camera_lumina at hotmail.com  Sat Feb 12 07:15:24 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Sat, 12 Feb 2005 10:15:24 -0500
Subject: Break-In At SAIC Risks ID Theft
In-Reply-To: <p061104d2be334f4b13fd@[68.167.57.91]>
Message-ID: <BAY24-F28FC08B19B83EC397FC8A39B680@phx.gbl>

I worked for a subsidiary of SAIC for a number of years. Their "Private 
Stock" always seemed like a pyramid scheme to us engineers. And they 
couldn't manage us worth a damn.

Doesn't really suprise me, given the way they operate. I'd bet someone 
brought the risks to their attention, too and made a conscious decison that 
the risk wasn't worth the necessary expenditure.

-TD

>From: "R.A. Hettinga" <rah at shipwright.com>
>To: cryptography at metzdowd.com, cypherpunks at al-qaeda.net
>Subject: Break-In At SAIC Risks ID Theft
>Date: Sat, 12 Feb 2005 07:54:34 -0500
>
><http://www.washingtonpost.com/ac2/wp-dyn/A17506-2005Feb11?language=printer>
>
>The Washington Post
>
>washingtonpost.com
>Break-In At SAIC Risks ID Theft
>Computers Held Personal Data on Employee-Owners
>
>  By Griff Witte
>  Washington Post Staff Writer
>  Saturday, February 12, 2005; Page E01
>
>  Some of the nation's most influential former military and intelligence
>officials have been informed in recent days that they are at risk of
>identity theft after a break-in at a major government contractor netted
>computers containing the Social Security numbers and other personal
>information about tens of thousands of past and present company employees.
>
>  The contractor, employee-owned Science Applications International Corp. 
>of
>San Diego, handles sensitive government contracts, including many in
>information security. It has a reputation for hiring Washington's most
>powerful figures when they leave the government, and its payroll has been
>studded with former secretaries of defense, CIA directors and White House
>counterterrorism advisers.
>
>Those former officials -- along with the rest of a 45,000-person workforce
>in which a significant percentage of employees hold government security
>clearances -- were informed last week that their private information may
>have been breached and they need to take steps to protect themselves from
>fraud.
>
>  David Kay, who was chief weapons inspector in Iraq after nearly a decade
>as an executive at SAIC, said he has devoted more than a dozen hours to
>shutting down accounts and safeguarding his finances. He said the
>successful theft of personal data, by thieves who smashed windows to gain
>access, does not speak well of a company that is devoted to keeping the
>government's secrets secure.
>
>"I just find it unexplainable how anyone could be so casual with such vital
>information. It's not like we're just now learning that identity theft is a
>problem," said Kay, who lives in Northern Virginia.
>
>  About 16,000 SAIC employees work in the Washington area.
>
>Bobby Ray Inman, former deputy director of the CIA and a former director at
>SAIC, agreed. "It's worrisome," said Inman, who also received notification
>of the theft last week. "If the security is sloppy, it raises questions."
>
>Ben Haddad, an SAIC spokesman, said yesterday that the Jan. 25 theft, which
>the company announced last week, occurred in an administrative building
>where no sensitive contracting work is performed. Haddad said the company
>does not know whether the thieves targeted specific computers containing
>employee information or if they were simply after hardware to sell for
>cash. In either case, the company is taking no chances.
>
>  "We're taking this extremely seriously," Haddad said. "It's certainly not
>something that would reflect well on any company, let alone a company
>that's involved in information security. But what can I say? We're doing
>everything we can to get to the bottom of it."
>
>Gary Hassen of the San Diego Police Department said there are, at the
>moment, "no leads."
>
>  Haddad said surveillance cameras are in the building where the theft took
>place, but he did not know whether they caught the perpetrators on tape. He
>also did not know whether the information that was on the pilfered
>computers had been encrypted.
>
>  The stolen information included names, Social Security numbers, 
>addresses,
>telephone numbers and records of financial transactions. It was stored in a
>database of past and present SAIC stockholders. SAIC is one of the nation's
>largest employee-owned companies, with workers each receiving the option to
>buy SAIC stock through an internal brokerage division known as Bull Inc.
>
>  Haddad said the company has been trying through letters and e-mails to 
>get
>in touch with everyone who has held company stock within the past decade,
>though he acknowledged that hasn't been easy since many have since left the
>company.
>
>  He said the company would take steps to ensure stockholder information is
>better protected in the future, but he declined to be specific.
>
>  The theft comes at a time when the company, which depends on the federal
>government for more than 80 percent of its $7 billion annual revenue, is
>already under scrutiny for its handling of several contracts.
>
>  Last week on Capitol Hill, FBI Director Robert S. Mueller III testified
>that the company had botched an attempt to build software for the bureau's
>new Virtual Case File system. The $170 million upgrade was supposed to
>allow agents to sift through different cases electronically, but the FBI
>has said the new system is so outdated that it will probably be scrapped.
>
>  In San Antonio, SAIC is fighting the government over charges that the
>company padded its cost estimates on a $24 million Air Force contract. The
>case prompted the Air Force to issue an unusual alert to its contracting
>officials late last year, warning them that "the Department of Justice
>believes that SAIC is continuing to submit defective cost or pricing data
>in support of its pricing proposals."
>
>  SAIC has defended its work for the FBI and the Air Force. Haddad said 
>that
>criticisms are inevitable for a such a large company and that there is no
>pattern of poor performance.
>
>"I know people will try to jump to that kind of conclusion, but it's not an
>accurate reflection of how well this company is doing," he said. "This
>company has always prided itself on strong ethics."
>
>  The company's alumni list reads like a roll call of the nation's
>highest-profile former officials, including former defense secretaries
>William J. Perry and Melvin R. Laird and former CIA director John Deutch.
>Current directors of the company include former chief counterterrorism
>adviser Gen. Wayne A. Downing.
>
>  Founded by a group of scientists in 1969, SAIC has been growing in recent
>years at a rapid clip, right along with the government's appetite for
>high-tech services in information technology and national defense. The
>company named a new chief executive, Kenneth C. Dahlberg, in 2003, and he
>has set a goal of doubling the company's value within three to five years,
>Haddad said.
>
>  Philip Finnegan, director of corporate analysis with the Teal Group 
>Corp.,
>said SAIC is trying to push into the top tier of contractors -- a rarefied
>club that includes Boeing Co. and Lockheed Martin Corp. -- and that there
>are bound to be bumps along the way.
>
>"It's inevitable that they'll face problems," he said.
>
>  Others are less sure the company's recent difficulties don't add up to
>something more. "Is [the break-in] saying something about the quality of
>the company?" Kay said. "It's hard to say that. It's probably just random
>luck. But multiple occurrences of bad luck are often more than bad luck."
>
>--
>-----------------
>R. A. Hettinga <mailto: rah at ibuc.com>
>The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
>44 Farquhar Street, Boston, MA 02131 USA
>"... however it may deserve respect for its usefulness and antiquity,
>[predicting the end of the world] has not been found agreeable to
>experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From macavity at well.com  Sat Feb 12 04:58:11 2005
From: macavity at well.com (Will Morton)
Date: Sat, 12 Feb 2005 12:58:11 +0000
Subject: [FoRK] Google (fwd from rst@ai.mit.edu)
In-Reply-To: <BAY24-F16A6BE4CFD4987F06E4609B770@phx.gbl>
References: <BAY24-F16A6BE4CFD4987F06E4609B770@phx.gbl>
Message-ID: <dcfe163e80cb5aeb93537ae644bc0795@well.com>

On 11 Feb 2005, at 20:20, Tyler Durden wrote:

> Hum...I've been thinking about that...seems to me one could set up 
> anonymity using even Hotmail and Yahoo by a careful selection of 
> completely improbably emails addresses. The timing might be tricky, 
> though:
>
> 1. Think up two email addresses no one would have utilized...a random 
> list of letters and numbers.
> 2. Go to Yahoo mail and sign up using one the email addresses. Plug in 
> the other as the 'reference' and point it at, say, hotmail.
> 3. Open another browser to hotmail, do the reverse.
> 4. Hit send.
> 5. Hit send.
>
	Seems like a lot of work... why not just use www.mytrashmail.com or 
one of the many identical sites?  (Need to change your hotmail password 
right away, obviously)

	W




From rah at shipwright.com  Sat Feb 12 17:07:50 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sat, 12 Feb 2005 20:07:50 -0500
Subject: TI Tackles Need for Secure Wireless Environment
Message-ID: <p061104fbbe3458bb4bc2@[68.167.57.91]>

<http://i-newswire.com/goprint6541.html>


I-Newswire

TI Tackles Need for Secure Wireless Environment with Industry-Leading
Security Solution

(2005-02-13)

 Texas Instruments (TI) [NYSE:TXN] today announced it will be demonstrating
with Orange and Trusted Logic a wireless security handset mechanism
designed to eliminate unauthorized handset use and fraud. The demonstration
also features a 128-bit secure contactless payment application and a
customer loyalty application, powered by TI-RFidTM technology. As wireless
evolves to 3G technology, the need for reliable security around
applications handling sensitive high-value data becomes critical; in
parallel, consumer demand for convenient transactions also becomes
significant. With TI4s security technology at the core of TI4s OMAPTM
processors, the solution provides one of the highest levels of handset
security in the marketplace today.

 The first in the industry to provide a hardware-based system-level
security solution three years ago, TI continues to address growing security
concerns and needs by collaborating with industry leaders such as worldwide
mobile operator Orange and Trusted Logic, a leading provider of secure
software components for embedded systems. Together with Orange and Trusted
Logic, TI will be demonstrating secure mobile payment and secure digital
rights management (DRM) at 3GSM World Congress 2005 in Cannes, France,
February 14-17.

 "Typically, mobile phones and user identities are secured by software
cryptography. However, with mobile phone hacking and fraud on the rise, and
as subscribers increasingly use their mobile phones to conduct wireless
transactions and to download high-value multimedia, software security alone
is insufficient to protect users and mobile data," said Edgar Auslander, TI
general manager of worldwide strategy and corporate development, Wireless
Terminals Business Unit. "TI provides a hardware-based security system
designed to meet stringent security requirements set by mobile operators
and financial services and content providers."

 "As new applications, business models and revenue opportunities arise in
the mobile device market, so do the risks posed by hackers and malicious
attacks to handsets to operator and third-party assets," said Laurent
Coureau, strategic advisor, Orange. "TI's complete system-level security
technology, combined with our standard based security middleware OVM,
brings end-to-end security in an open and secure environment, leveraging
trusted hardware and software components and building the foundation for
new, value-added services based on enhanced customer trust."

 In the TI booth, Hall 2, Booth E19, TI will showcase consumer value-added
secure services, enabled by TI's security technology in OMAP processors,
Orange Operator Virtual Machine (OVM) and Trusted Logic Security Module,
including contactless financial transactions and a contactless customer
relationship management (CRM) application. The demo will use Orange OMA DRM
v2.0 compliant secure multimedia contents downloads, rights management,
decryption and play, as well as TI-RFid technology secured by 128-bit 3DES
cryptography, as the air interface.

 "Users are growing more comfortable with carrying out transactions
wirelessly, hence the need for a secure environment becomes even more
critical," said Dominique Bolignano, Trusted Logic president and chief
executive officer. "By leveraging each others' features, Trusted Logic's
Security Module, which fully complies with the OVM specifications, and TI's
security technology work synergistically to exponentially strengthen
overall system security. This enables operators in providing consumers with
a secure, trusted environment for financial services and protected mobile
data."

 Together, Texas Instruments, Orange and Trusted Logic are working to
reduce handset fraud while addressing new security services for the
wireless environment, including DRM and verification; music, video, games
and other application downloads; remote terminal management; m-commerce
transactions; and over-the-air (OTA) provisioning of new services and "bug"
fixes using the mobile phone. TI is committed to an open, non-proprietary
approach to the wireless marketplace and actively works with technology,
applications and security standards bodies to drive open standards and
wireless innovation.



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rsw at jfet.org  Sun Feb 13 05:51:35 2005
From: rsw at jfet.org (Riad S. Wahby)
Date: Sun, 13 Feb 2005 07:51:35 -0600
Subject: Team Building?? WIMPS!!
In-Reply-To: <0502131239470.13948@somehost.domainz.com>
References: <BAY24-F326FF84ED26A96A303C05B9B760@phx.gbl>
  <0502131239470.13948@somehost.domainz.com>
Message-ID: <20050213135135.GA7617@positron.jfet.org>

Thomas Shaddack <shaddack at ns.arachne.cz> wrote:
> On Thu, 10 Feb 2005, Tyler Durden wrote:
> > And then, even if we somehow capture May, I'd bet he's got all sorts of 
> > dead-man stuff like poison gas and whatnot. It'd be like a big game of 
> > D&D, not that any Cypehrpunk knows what THAT is!
> 
> It would be closer to a LARP.

Considering its origins, and our own, I'd like to think that we could
make the whole thing as close to a Shadowrun[1] as possible.

[1] http://en.wikipedia.org/wiki/Shadowrun

-- 
Riad S. Wahby
rsw at jfet.org




From shaddack at ns.arachne.cz  Sun Feb 13 04:22:43 2005
From: shaddack at ns.arachne.cz (Thomas Shaddack)
Date: Sun, 13 Feb 2005 13:22:43 +0100 (CET)
Subject: Team Building?? WIMPS!!
In-Reply-To: <BAY24-F326FF84ED26A96A303C05B9B760@phx.gbl>
References: <BAY24-F326FF84ED26A96A303C05B9B760@phx.gbl>
Message-ID: <0502131239470.13948@somehost.domainz.com>

On Thu, 10 Feb 2005, Tyler Durden wrote:

> Well, I didn't say it would be easy. We'd definitely need to split up into
> teams...one to handle the alarm systems,

Teamwork is essential here.

Maybe attract a lightning with a rocket on a wire[1], the induced current 
will do the job with the sensors around. Optionally annoy the sensors with 
spurious alarms until they get written off as unreliable[2]. Keep 
disabling the technicians that come to check/repair them[3], until the 
base staff either runs out of technicians or writes off the sensors. 
Technology can be a strength, but overreliance on it is a weakness.

[1] I believe lightning researchers do this, in addition to having labs on 
tops of skyscrapers. See eg. <http://bat.nmt.edu/galeski/>.

[2] US agents did it with sugar pellets shot at the windows of the 
Russian embassy in Washington, DC, during the thunderstorms that are 
frequent there. The vibration sensors were causing false alarms, so they 
were disconnected. Then one night the agents successfully penetrated the 
object. Same with rebels in Afghanistan attacking Russian bases. (Bruce 
Schneier, Beyond Fear, page 56:
<http://www.granneman.com/personal/commonplacebook/security/bruceschneiersbeyondfear.htm>)

[3] I think it was used during WW2. The comm wires were cut, then the 
soldier dispatched to check the failure was ambushed. Used frequently by 
guerrillas fighting Germans in the mountains.

> one to handle the landmines,

Optionally just add couple more mines and then wait.[4]

[4] As a classic joke says. A farmer had a pumpkin field. Neighbourhood 
boys were stealing them. One day, he put up a sign: "One of the pumpkin is 
laced with cyanide." In the evening, he found scribbled there: "Now they 
are two".

> one to somehow fend off May's bullets.

History books are full of prior art.

Or just drive a remotely controlled tank in.

Or modify the strategy. As Sun Tzu says, the best battles are the ones won 
without fighting.

> And then, even if we somehow capture May, I'd bet he's got all sorts of 
> dead-man stuff like poison gas and whatnot. It'd be like a big game of 
> D&D, not that any Cypehrpunk knows what THAT is!

It would be closer to a LARP.

> And yeah, there's a good chance someone's not gonna make it. But think of it
> like this: Those genes were slowing down our species anyway.

The best fun often has the highest price.

> The only problem is, what do we do once we're in? Throw a big-ass drinking,
> whoring Shriners-like party? (I say we need a bevvy of black hookers.) Break
> into May's survivalist supplies?

Don't worry. Look at the Iraq Desert Adventure planning stage. Who needs a 
post-victory plan?




From rah at shipwright.com  Sun Feb 13 12:01:55 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 13 Feb 2005 15:01:55 -0500
Subject: How to Stop Junk E-Mail: Charge for the Stamp
Message-ID: <p06110405be35622481b2@[68.167.57.91]>

Actually, it's not just "sender pays", it's "a whitlist for my friends, all
other others pay cash", but "sender pays" will do for a start. :-)

Cheers,
RAH
-------


<http://www.nytimes.com/2005/02/13/business/yourmoney/13digi.html?th=&pagewanted=print&position=>

The New York Times

February 13, 2005
DIGITAL DOMAIN

How to Stop Junk E-Mail: Charge for the Stamp
 By RANDALL STROSS


OMPARE our e-mail system today with the British General Post Office in
1839, and ours wins. Compare it with the British postal system in 1840,
however, and ours loses.

 In that year, the British introduced the Penny Black, the first postage
stamp. It simplified postage - yes, to a penny - and shifted the cost from
the recipient to the sender, who had to prepay. We look back with wonder
that it could have ever been otherwise. Recipient pays? Why should the
person who had not initiated the transaction be forced to pay for a message
with unseen contents? What a perverse system.

Today, however, we meekly assume that the recipient of e-mail must bear the
costs. It is nominally free, of course, but it arrives in polluted form.
Cleaning out the stuff once it reaches our in-box, or our Internet service
provider's, is irritating beyond words, costly even without per-message
postage. This muck - Hotmail alone catches about 3.2 billion unsolicited
messages a day - is a bane of modern life.

Even the best filters address the problem too late, after this sludge has
been discharged without cost to the polluter. In my case, desperation has
driven me to send all my messages sequentially through three separate
filter systems. Then I must remember to check the three junk folders to see
what failed to get through that should have. Recipient pays.

Do not despair. We can now glimpse what had once seemed unattainable:
stopping the flow at its very source. The most promising news is that
companies like  Yahoo,  EarthLink, America Online,  Comcast and  Verizon
have overcome the fear that they would prompt antitrust sanctions if they
joined forces to reclaim the control they have lost to spammers.

 They belong to an organization called the Messaging Anti-Abuse Working
Group, formed only last year. It shares antispam techniques and lobbies
other e-mail providers to adopt policies that protect the commons. Civic
responsibility entails not merely screening incoming mail to protect one's
own customers but also screening outgoing mail that could become someone
else's problem.

Carl Hutzler, AOL's director of antispam operations, has been an especially
energetic campaigner, urging all network operators to "cut off the
spammer's oxygen supply," as he told an industry gathering last fall. And
those operators who do not "get smart soon and control the sources of spam
on their networks," he said, will find that they "will not have
connectivity" to his provider and others who are filtering outgoing e-mail.

 He did not spell out the implications for customers, but he doesn't need
to: we can select a service provider from the group with a spam-free zone,
or one that has failed to do the necessary self-policing required for
joining the gated community and is banished to the wilds of anything-goes.

One measure backed by advocates like Mr. Hutzler is already having a
positive impact: "Port 25 blocking," which prevents an individual PC from
running its own mail server and blasting out e-mail on its own. With the
block in place, all outgoing e-mail must go through the service provider's
mail server, where high-volume batches of identical mail can be detected
easily and cut off.

 Internet service providers are also starting to stamp outgoing messages
with a digital signature of the customer's domain name, using strong
cryptography so the signature cannot be altered or counterfeited. This is
accomplished with software called DomainKeys, originally developed by
Yahoo. It is now offered in open-source form and was recently adopted by
EarthLink and some other major services. A digital signature is what we
will want to see on all incoming e-mail.

 If your Internet service provider is not on the working group's roster,
you can insist that it take the oath of good citizenship. This month,  MCI
found itself criticized because a Web site that sells Send-Safe software
gets Internet services from a company that's an MCI division customer.
Send-Safe is spamware that offers bulk e-mail capability, claiming "real
anonymity"; it hijacks other machines that have been infected with a
complementary virus. Anyone can try it out for $50 and spray 400,000
messages. MCI, for its part, argues that it has an exemplary record in
shutting down spammers, but that the sale of bulk e-mail software is not,
ipso facto, illegal.

Unfortunately, there has been no good news on the legal front. When the
first batch of antispam bills was introduced in Congress in 1999, one could
have reasonably expected that legislators were ready to stamp out
unsolicited e-mail, just as they had banned unsolicited faxes with the
Telephone Consumer Protection Act of 1991. While spam-filled e-mail boxes
do not entail monetary costs in the form of fax paper and toner, they cost
us dearly in time. Surely Congress would not be so literal-minded when
comparing e-mail with faxes as to miss the parallel and equally offensive
notion of "recipient pays"?

The years passed, the antispam bills multiplied, hearings were held and
more bills were introduced, with each session's bills weaker than the
previous ones. In the end, in 2003, we got the Controlling the Assault of
Non-Solicited Pornography and Marketing Act, or Can-Spam. Its backers took
a brave stand against deceptive subject lines and false headers and then
went home.

 The law did not prohibit unsolicited commercial e-mail and has turned out
to be worse than useless. "Before Can-Spam, the legal status of spam was
ambiguous," said Professor David E. Sorkin, an associate professor at the
Center for Information Technology and Privacy Law at the John Marshall Law
School in Chicago. "Now, it's clear: it's regarded as legal."

 Only fraudulent representations in unsolicited bulk e-mail are verboten,
but "unsolicited" has now been blessed, and so, too, has "bulk." Katie, bar
the door!

Instead of giving marketers access to our e-mail boxes only if we expressly
indicate that their attention would be welcome, which is an "opt in"
system, Can-Spam gives the direct marketers the gift of an "opt out"
system, where the onus is on us to notify each sender, one by one, that we
do not wish to be on its list. Recipient pays, again and again.

If one goes back and reads the transcripts of the hearings held in the
summer of 2003, before the bill's passage, one is treated to an edifying
"how a bill becomes law" lesson. An especially enlightening moment was when
Representative Richard Burr, a North Carolina Republican since elected to
the Senate, spoke passionately about unsolicited commercial e-mail: "I
think there is one thing that we can all agree on. One, we would all like
to get the discount airfare offers, we would like to get the discount hotel
offers. We never know when they are going to be advantageous to us."

Looking to the future, let's not count on Congress to do any better in
spurning the blandishments of the Direct Marketing Association. And let's
not count on authentication technologies like DomainKeys as a panacea. Even
when most mail is properly authenticated, we will still have to figure out
whether to trust names that are unfamiliar to us.

What we need is a way to make all bulk e-mailers pay for the privilege of
using our e-mail boxes. That would make legitimate businesses focus on the
best prospects, just as bulk mailers of ordinary junk must do. And it would
force spammers to shell out for an expense unfamiliar to them: buying
"stamps." That would bring a swift, permanent end to their activities.

 What we need, in other words, is what was proposed in 1992 at the
International Cryptology Conference. In a paper titled "Pricing Via
Processing, or Combating Junk Mail," two computer scientists, Cynthia Dwork
and Moni Naor, came up with a way to force a sender to pay every time a
message was sent - payment not in money, but in time, by applying the
computer's resources to a computational puzzle, devised on the fly for that
particular message.

Ms. Dwork now works at Microsoft Research in Silicon Valley and has
continued to work on the project. It has yet to be adopted in a commercial
e-mail service, but it shows promise in its current form. The puzzle uses
an intricate design involving the way a computer gains access to memory and
resists a quick solution by speedy processors, requiring about 10 seconds.
It is not so long that you'd notice it for the occasional outgoing message,
but if you have eight million Viagra messages queued up, good luck in
getting each one "stamped."

 Use of the system would always be voluntary, and wholly unnecessary when
sending to friends and family. On the receiving end, your e-mail program
could be set to filter incoming messages arriving from unfamiliar senders
on the basis of proof of completion of the assigned problem. No stamp, no
entry.

Ms. Dwork and her colleagues have named this the Penny Black Project.

 Sender pays.

 Randall Stross is a historian and author based in Silicon Valley.
E-mail:ddomain at nytimes.com.

Copyrigh
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Sun Feb 13 15:00:20 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 13 Feb 2005 18:00:20 -0500
Subject: U.S. Said to Pay Iraq Contractors in Cash
Message-ID: <p0611040bbe358bdb48ca@[68.167.57.91]>

<http://news.yahoo.com/news?tmpl=story&cid=542&u=/ap/iraq_loose_cash&printer=1>

Yahoo!


U.S. Said to Pay Iraq Contractors in Cash



 1 hour, 4 minutes ago

By LARRY MARGASAK, Associated Press Writer

WASHINGTON -  U.S. officials in postwar Iraq (news - web sites) paid a
contractor by stuffing $2 million worth of crisp bills into his gunnysack
and routinely made cash payments around Baghdad from a pickup truck, a
former official with the U.S. occupation government says.


 Because the country lacked a functioning banking system, contractors and
Iraqi ministry officials were paid with bills taken from a basement vault
in one of Saddam Hussein (news - web sites)'s palaces that served as
headquarters for the Coalition Provisional Authority, former CPA official
Frank Willis said.

 Officials from the CPA, which ruled Iraq from June 2003 to June 2004,
would count the money when it left the vault, but nobody kept track of the
cash after that, Willis said.

 "In sum: inexperienced officials, fear of decision-making, lack of
communications, minimal security, no banks, and lots of money to spread
around. This chaos I have referred to as a 'Wild West,'" Willis said in
testimony he prepared to give Monday before a panel of Democratic senators
who want to spotlight the waste of U.S. funds in Iraq.

 A senior official in the 1980s at the State and Transportation departments
under then-President Ronald Reagan (news - web sites), Willis provided The
Associated Press with a copy of his testimony and answered questions in an
interview.

 James Mitchell, spokesman for the special inspector general for Iraq
reconstruction, told the AP that cash payments in Iraq were a problem when
the occupation authority ran the country and they continue during the
massive U.S.-funded reconstruction.

 "There are no capabilities to electronically transfer funds," Mitchell
said. "This complicates the financial management of reconstruction projects
and complicates our ability to follow the money."

 The Pentagon (news - web sites), which had oversight of the CPA, did not
immediately comment in response to requests Friday and over the weekend.
But the administrator of the former U.S. occupation agency, L. Paul Bremer
III, in response to a recent federal audit criticizing the CPA, strongly
defended the agency's financial practices.

 Bremer said auditors mistakenly assumed that "Western-style budgeting and
accounting procedures could be immediately and fully implemented in the
midst of a war."

 When the authority took over the country in 2003, Bremer said, there was
no functioning Iraqi government and services were primitive or nonexistent.
He said the U.S. strategy was "to transfer to the Iraqis as much
responsibility as possible as quickly as possible, including responsibility
for the Iraqi budget."

 Iraq's economy was "dead in the water" and the priority "was to get the
economy going," Bremer said.

 Also in response to that audit, Pentagon spokesman Bryan Whitman had said,
"We simply disagree with the audit's conclusion that the CPA provided less
than adequate controls."

 Willis served as a senior adviser on aviation and communications matters
for the CPA during the last half of 2003 and said he was responsible for
the operation of Baghdad's airport.

 Describing the transfer of $2 million to one contractor's gunnysack,
Willis said: "It was time for payment. We told them to come in and bring a
bag." He said the money went to Custer Battles of Middletown, R.I., for
providing airport security in Baghdad for civilian passengers.

 Willis said a coalition driver would go around the Iraqi capital and
disburse money from the a pickup truck formerly belonging to the grounded
Iraqi Airways airline. The reason is because officials "wanted to meld into
the environment," he said.

 Willis' allegations follow by two weeks an inspector general's report that
concluded the occupying authority transferred nearly $9 billion to Iraqi
government ministries without any financial controls.

 The money was designated for financing humanitarian needs, economic
reconstruction, repair of facilities, disarmament and civil administration,
but the authority had no way to verify that it went for those purposes, the
audit said.

 Sen. Byron Dorgan (news, bio, voting record), head of the Democratic group
that is holding Monday's hearing, said he arranged for Willis' testimony
because majority Republicans have declined to investigate the suspected
misuse of funds in Iraq.

 "This isn't penny ante. Millions, perhaps billions of dollars have been
wasted and pilfered," Dorgan, D-N.D., said in an interview ahead of the
Senate Democratic Policy Committee's session.

 Willis concluded that "decisions were made that shouldn't have been,
contracts were made that were mistakes, and were poorly, if at all,
supervised, money was spent that could have been saved, if we simply had
the right numbers of people. ... I believe the 500 or so at CPA
headquarters should have been 5,000."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From justin-cypherpunks at soze.net  Sun Feb 13 10:01:40 2005
From: justin-cypherpunks at soze.net (Justin)
Date: Sun, 13 Feb 2005 18:01:40 +0000
Subject: Team Building?? WIMPS!!
In-Reply-To: <0502131239470.13948@somehost.domainz.com>
References: <BAY24-F326FF84ED26A96A303C05B9B760@phx.gbl>
  <0502131239470.13948@somehost.domainz.com>
Message-ID: <20050213180140.GA30069@arion.soze.net>

On 2005-02-13T13:22:43+0100, Thomas Shaddack wrote:
> On Thu, 10 Feb 2005, Tyler Durden wrote:
> 
> > Well, I didn't say it would be easy. We'd definitely need to split up into
> > teams...one to handle the alarm systems,
> 
> Teamwork is essential here.
> ...
> Optionally just add couple more mines and then wait.[4]

Why not wait for him to leave the house and then pick him off?  If
necessary, jam one of his video cameras or shoot it with a silenced
rifle from afar.  When he ventures forth to determine what's wrong with
it, shoot him in the head.

Once he's dead, frustrating the alarm company is even easier.  Then you
have all the time you want to disarm mines, ransack the compound, hold
an Iraqi/Libyan hooker party, and prank call the White House and the NSA
(just before closing time; no sense in being around when the feds show
up, though perhaps they'd give everyone a reward for eliminating TCM).

-- 
Certainly there is no hunting like the hunting of man, and those who
have hunted armed men long enough and liked it, never really care for
anything else thereafter.           --Hemingway, Esquire, April 1936




From rah at shipwright.com  Sun Feb 13 19:02:58 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 13 Feb 2005 22:02:58 -0500
Subject: Despite Opposition, Might the Web Need New Government Jolt?
Message-ID: <p06110449be35c3ad5e22@[68.167.57.91]>

"We're from the government, and we're here to..."

Cheers,
RAH
-------

<http://online.wsj.com/article_print/0,,SB110833554526853450,00.html>

The Wall Street Journal

      February 14, 2005

 PORTALS
 By LEE GOMES



Despite Opposition,
 Might the Web Need
 New Government Jolt?
February 14, 2005

The birth of the Internet resulted from a famous example of government
involvement in the economy a generation ago, when the Defense Department
funded college researchers interested in computer networking. Since then,
the Web has been an epic success, and the number of U.S. households
connected to it continues to grow.

But the speeds at which these houses can link up has plateaued at current
DSL and cable rates, badly lagging behind the speeds available in many
other countries, notably in Asia. Might it require another bit of
government involvement to prod things along?

That's one of the questions being raised in connection with the plans of a
growing number of American cities to sponsor municipal wireless networks to
provide Internet access to residents. Philadelphia, the biggest and
best-known of these examples, is in the middle of unveiling such a plan; it
hopes to blanket the metropolitan area with a wireless network that will
provide speeds of at least one megabit for both uploading and downloading.

That's not as fast as what residents of Hong Kong and South Korea enjoy,
but it is faster than what many Americans have, especially for uploading
data from PCs back to the Internet. Many home connections going in this
direction are now just a tenth as fast.

There is, however, much less consensus about these sorts of government
projects today than there was during the heyday of federal support for
high-technology research back in the 1970s and 1980s. The Philadelphia
proposal, like other municipal plans, has become controversial -- in large
part simply because of the considerable role being played by the city
government.

Last month, the latest in a series of harshly critical reports about these
municipal network proposals was published by the New Millennium Research
Council, a Washington, D.C., lobby and policy group. The council has ties
to both local phone companies, which view these networks as competition and
have lobbied in state legislatures to outlaw them, and conservative
Washington think tanks, which tend to oppose activist-government
initiatives.

These sorts of ideological political tussles over the Web are increasingly
common. For example, conservative groups, along with many members of
Congress, are working hard to keep the Internet a tax-free zone, whether
that involves taxation of Internet telephony or a sales tax for merchants
like Amazon. On the opposite side of these disputes one usually finds state
and county elected officials -- many of them Republican -- who are trying
to provide traditional government services in a new era.

When it comes to municipal networks, critics contend that cities will be
using scarce tax money to build networks that compete with systems already
offered by telephone and cable companies. What's more, they say, any
network a city would build will quickly grow outdated because of rapidly
changing technology.

Philadelphia city officials respond that their network won't require
taxpayer funds at all; instead, they say, it will be built and operated by
for-profit private companies under a business plan developed by the city
and its consultants. The goal, says Dianah Neff, the city's chief
information officer, is to offer wireless-based connectivity throughout the
city that will be free in some areas and cost roughly $20 a month in others.

Ms. Neff says that her city would defer to private enterprise if it could,
but that existing cable and phone providers either won't bring connectivity
to the city's poorer neighbors at all, or won't do it for the city's $20
target price. The biggest contribution the city will make to the network
will be in providing access to city infrastructure, such as utility poles,
to house the wireless transmitters needed to bring the network to life. A
private company will operate the network once it starts running, Ms. Neff
says, and taxpayers won't be on the hook if business doesn't live up to
expectations.

As envisioned by city planners, the Philadelphia network won't have
anything close to the blazing speeds common in Asia, where the Internet is
so fast that residents can get their television signals through it. Its
main goal, says Ms. Neff, is making a basic level of Web connectivity
available to everyone.

But because Philadelphia will be able to take advantage of new kinds of
wireless technologies like WiMax, it may end up offering faster bandwidth
than is enjoyed by many regular cable and DSL subscribers. Because of new
technology, these networks can be installed with relatively small capital
investments; the estimate for Philadelphia is roughly $10 million.

Incumbent players don't usually have an incentive to build these faster new
networks because they are tied to their wired networks, which also deliver
telephone and television services. And that's one reason that networking
speeds in the U.S. are stuck in the rut they are in.

It's easy to bash city governments as being full of maladroit bureaucrats
eager to manhandle a new technology, and even economists who support
municipal networks say cities shouldn't rush into them. But
well-thought-out city plans could help everyone by acting as a catalyst and
shaking up the status quo. Some might even call that competition.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From eugen at leitl.org  Sun Feb 13 23:44:02 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 14 Feb 2005 08:44:02 +0100
Subject: MPAA Developing Digital Fingerprinting Technology 
Message-ID: <20050214074402.GS1404@leitl.org>

>From the ha-ha-ha dept.

Link: http://slashdot.org/article.pl?sid=05/02/13/229229
Posted by: Zonk, on 2005-02-13 23:42:00

   from the following-in-your-tracks dept.
   Danathar writes "The MPAA is looking to use [1]digital fingerprinting
   technologies that in conjunction with legislation will enable and
   force ISPs to look for network traffic that matches the signatures. "
   From the article: " Once completed, Philips' technology--along with
   related tools from other companies--could be a powerful weapon in
   Hollywood's increasingly aggressive attempts to choke off the flood of
   films being traded online."

References

   1.
http://news.com.com/Movie+blackout+for+P2P+networks/2100-1025_3-5571057.html?
tag=nefd.lede

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From rah at shipwright.com  Mon Feb 14 07:40:39 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 14 Feb 2005 10:40:39 -0500
Subject: Fighting Net crime with code / Surge in phishing e-mails to
  take  spotlight at cryptography conference
Message-ID: <p06110482be3676ea6142@[68.167.57.91]>

<http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2005/02/14/BUG3NB9UTL1.DTL&type=printable>

 
          www.sfgate.com          Return to regular view
Fighting Net crime with code
 Surge in phishing e-mails to take spotlight at cryptography conference
 - Carrie Kirby, Chronicle Staff Writer
 Monday, February 14, 2005

Every year, a bunch of cryptographers throw a big party, business mixer and
study session in the Bay Area.

 In their effort to make the world love the science of code making and
breaking as much as they do, they invoke dramatic historical uses of
cryptography: the etchings of the ancient Maya, the Navajo code talkers of
World War II.

 This time, the RSA Conference, opening today at Moscone Center in San
Francisco, has crime as its theme. The 11,000 attendees will hear the tale
of how federal agent Elizebeth Smith Friedman brought down a major ring of
rum runners by cracking their sophisticated codes.

 The timing couldn't be more apt. More people than ever are not just
shopping but conducting their finances online, with 45 percent of Americans
paying bills over the Internet in 2004, according to research group
Gartner. That's a 70 percent increase from 2003, a shift that is making the
Internet more attractive than ever to criminals.

 "Crime on the Internet is probably the fastest-growing business there,"
said Ken Silva, vice president of networking and information security at
VeriSign, the Mountain View company that secures Web sites and Internet
transactions.

 Phishing e-mails -- those little fraudulent notes asking you to "confirm"
your bank account number, credit card number, ATM password or locker
combination -- have been growing by 38 percent a month on average,
according to the industry's Anti-Phishing Working Group. Gartner warns that
phishing will erode the growth of e-commerce if nothing is done.

 The folks gathering at the Moscone Center this week are the ones who do
battle with all that, using -- you guessed it -- cryptography.

 They're software developers, marketers, academics, business leaders --
including conference speakers Bill Gates of Microsoft, John Chambers of
Cisco, Symantec's John Thompson and VeriSign's Stratton Sclavos -- and a
few current and former government officials, such as Amit Yoran, who
resigned in October after one year as the nation's top cyber security
official.

 Because phishing has shown the downside of using just a user name and
password to access an online bank account, a panel featuring Yoran and
other experts will look at safer ways for consumers to identify themselves
on the Internet.

 Another panel will address businesses' fear that adding more security
could make e-commerce and e-banking sites too cumbersome for consumers to
use.

 Another topic will be whether software companies should be held liable
when bugs in their products allow theft to happen and whether the
government should regulate software safety as the Federal Aviation
Administration regulates airline safety. Because most hackers and viruses
get into computers through holes in Microsoft's nearly ubiquitous Windows
software, Microsoft is always central in such discussions.

 But that is not a favorite topic for Microsoft leaders, and the preview
blurb for Gates' speech, scheduled for Tuesday morning, makes no mention of
that controversy. Instead, Gates is to discuss "his perspective on the
state of security today, the importance of continued innovation, and
advances in Microsoft's platform, products and technologies designed to
better protect customers."

 The conference is run by Bedford, Mass., cryptography company RSA
Security, which also has an office in San Mateo.

 E-mail Carrie Kirby at ckirby at sfchronicle.com.

 Page E - 2
URL:
http://sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2005/02/14/BUG3NB9UTL1.DTL

 )2005 San Francisco Chronicle | Feedback | FAQ



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb 14 07:42:06 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 14 Feb 2005 10:42:06 -0500
Subject: RSA(R) Conference 2005 Commences In San Francisco With Record 
  Attendance And Keynotes By Bill Gates, John Chambers And John Thompson
  -  Attendee Number Expected To Exceed 11,000
Message-ID: <p06110483be36771b6ce8@[68.167.57.91]>

<http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/02-14-2005/0003019485&EDATE=>

RSA(R) Conference 2005 Commences In San Francisco With Record Attendance
And Keynotes By Bill Gates, John Chambers And John Thompson - Attendee
Number Expected To Exceed 11,000
                         

14th Annual Event Kicks-Off With Second Annual Executive Security Action Forum
  and Town Hall Meetings Featuring 9/11 Commissioner Jamie Gorelick and U.S.
                     Secret Service Director Ralph Basham

    SAN FRANCISCO, Feb 14 /PRNewswire/ -- RSA(R) CONFERENCE -- The 14th annual
RSA(R) Conference 2005, the world's leading information security event, opened
today at San Francisco's Moscone Center to an expected record attendance of
over 11,000. Attendees include security practitioners, academics, developers,
IT professionals, industry leaders, and policy makers discussing the latest
developments in technology, mathematics, public policy, and best practices in
information security. The Conference keynotes will commence with featured
speakers Bill Gates, chairman and chief software architect of Microsoft;
followed by John Chambers, president and chief executive officer of Cisco
Systems, Inc.; and John Thompson, chairman and chief executive officer of
Symantec Corporation. This year's event features over 275 vendors
demonstrating the latest technologies in more than 162,000 square feet of
exhibit space. Monday's agenda kicks-off with the Second Annual Executive
Security Action Forum, followed by four days of over 200 conference sessions
including enterprise and common criteria tutorials and the Town Hall Meetings.
    "Over the past year information security has been elevated on the priority
list of professionals, government officials and corporations alike, as a
result of advanced threats, issues of liability and new regulations that
require compliance," said Sandra Toms LaPedis, area vice president and general
manager of the RSA Conferences. "The solid increase in our registration
numbers compared to the last few years continues to show that RSA Conference
is a valuable forum for balanced discussions and priceless networking
opportunities for all attendees across the board. This year's event offers one
of the most prestigious line-ups in Conference history as well as new events
including Town Hall meetings that will cover critical trends and world issues
on the minds of our attendees."
    Information security has grown to become a critical issue for both
enterprises and individuals. Conference attendees gain vital information with
their access to more than 200 educational presentations and class sessions
throughout the week. The conference will conclude Friday, February 18th with a
presentation by Frank Abagnale, industry consultant and best-selling author of
"Catch Me If You Can."

    Other highlights include:
    Executive Security Action Forum
    The Executive Security Action Forum will be held on Monday, February 14,
prior to the start of RSA(R) Conference 2005. The Forum is a continuous,
independent commission that includes key business and government security
policy and technology implementers - as well as security industry executives.
Members of the Forum include CIOs, CSOs and CISOs from Fortune 500 companies
such as Bank of America, eBay, Ford, Microsoft, Motorola, Pepsico, Safeway,
Wachovia and Washington Mutual. During the forum, executives discussed ideas
to improve information security in the private and public sectors. Other
topics included the best practices and issues with funding of information
security, enforcing security with outsourcers, balancing security and privacy,
product liability, legislation and public policy and how to connect business,
government and technology.

    Town Hall Meetings
    The Cyber Security Industry Alliance (CSIA) will host a Town Hall Meeting
to discuss homeland security, critical infrastructure protection, and cyber
security in the post-9/11 era, and what steps are being taken to enhance
security measures. Featured speakers include: 9/11 Commissioner Jamie Gorelick
and Dick Clarke, former US cyber security czar. This session will take place
on Wednesday, February 16, 12:45 p.m. - 1:45 p.m., Gateway 104 Attendees
interested in attending must RSVP for this session to
csiatownhall at csialliance.org.
    Business Software Alliance (BSA) will sponsor the second Town Hall Meeting
scheduled for Thursday, February 17, noon - 1:30 p.m., Gateway 104.BSA
President and CEO, Robert Holleyman will host this session. The U.S. Secret
Service Director, Ralph Basham, will open the discussion on the emergence of
modern day "rum runners." The session will be moderated by Jon Swartz, USA
TODAY technology reporter, who will focus on the threat of organized crime on
the Internet along with a prestigious panel of experts on the forefront of
this emerging criminal phenomenon. Attendees interested in attending must RSVP
for this session at townhallrsvp at bsa.org.

    RSA Conference First Time Attendee Briefing
    RSA Conference first time attendees are invited to the Conference First
Time Attendee Briefing to hear from past attendees on planning agendas and
sessions to attend and to gain general information. This session takes place
in Esplanade 302 on Monday from 6-7 p.m.

    Cryptographers' Panel
    The Cryptographers' Panel is one of the most widely attended and eagerly
awaited sessions during the RSA Conference. Burt Kaliski, vice president of
research at RSA Security and chief scientist of RSA Laboratories, will
moderate this year's cryptographers' panel, which will look at past panel
predictions and how they turned out, as well as looking ahead at the future of
cryptography and information security. Other participants providing insights
into future information security developments include: Dr. Whitfield Diffie,
Sun Microsystems; Paul Kocher, Cryptography Research; Professor Ronald Rivest,
MIT Laboratory for Computer Science; and Professor Adi Shamir, Weizmann
Institute. This panel is scheduled for Tuesday, February 15 at 11:10 a.m.

    Sponsors, Registration and Attendance
    Platinum Sponsors exhibiting at the conference include: Cisco Systems,
Computer Associates, Microsoft, Qualys, RSA Security, Sun Microsystems,
Symantec, Tipping Point and VeriSign.
    Full Conference fees include access to all four days of general sessions
and class tracks, exhibits, evening receptions and giveaways. Qualified
members of the media receive complimentary admission. A list of confirmed
exhibitors is available at http://www.rsaconference.com. For more
information about
RSA Conference 2005 or to register, visit the web site at
http://www.rsaconference.com or call 1-866-518-2076.

    About the RSA Conference
    Now in its 14th year, the RSA Conference brings together decision-makers
and influencers from all major markets, including consumer, education,
financial, government, computer networking, telecommunications, Wall Street
and the media for one of the industry's premier e-security and cryptography
events.  Later in the year, RSA Conference 2005 continues in Japan and in
Europe. RSA Conference will also be holding one-day regional events throughout
the year including: September 13, 2005 in Chicago and September 15, 2005 in
New York. For more information, visit http://www.rsaconference.com.

    RSA is a registered trademark or trademark of RSA Security Inc. in the
United States and/or other countries.  All other products and services
mentioned are trademarks of their respective companies.

     Media Contact:                Sponsor & Exhibit Contact:
     Tamara Burnett                Don Rosette
     McGrath Power                 Nth Degree
     408-375-7190                  617-848-8766
     tamarac at mcgrathpower.com      drosette at nthdegree.com


 SOURCE RSA Conference
 Web Site: http://www.rsasecurity.com

More news from PR Newswire...

Issuers of news releases and not PR Newswire are solely responsible for the
accuracy of the content.
Terms and conditions, including restrictions on redistribution, apply.
 Copyright ) 1996-2004 PR Newswire Association LLC. All Rights Reserved.
 A United Business Media company.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb 14 07:42:21 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 14 Feb 2005 10:42:21 -0500
Subject: Cryptography Research Security Experts to Speak at RSA
  Conference  2005
Message-ID: <p06110484be36774275ed@[68.167.57.91]>

<http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/02-14-2005/0003019483&EDATE=>

Cryptography Research Security Experts to Speak at RSA Conference 2005
                         

        Company's Security Experts Chosen to Participate in Conference

    SAN FRANCISCO, Feb. 14 /PRNewswire/ -- RSA CONFERENCE 2005 --
Strengthening its reputation within the security industry, Cryptography
Research, Inc. today detailed its participation in the RSA Conference 2005
program being held here this week in the Moscone Convention Center.  Security
experts Paul Kocher, Benjamin Jun, Nate Lawson and Carter Laren are scheduled
to speak in various lecture sessions and panel discussions over the course of
the largest and most comprehensive event created for information security
professionals.
    Paul Kocher joins industry notables Whitfield Diffie, Burt Kaliski, Ronald
Rivest and Adi Shamir in "The Cryptographers' Panel," one of the most widely
attended and eagerly awaited sessions during the RSA Conference.  Representing
some of the leading minds in the field, this panel will look back at past
panel predictions and how they turned out, and again look ahead at the future
of cryptography and information security.
    In another panel discussion, "Inside-Out Security Strategy - Architecting
an Effective Defense for Vulnerabilities in the Stored Data Environment,"
Kocher and the panel will look at a new, inside-out security architecture that
protects valuable information by focusing on the stored data itself.  The
panel will look at common vulnerabilities and innovative approaches to
securing data throughout the IT environment.
    In "Stalemate Security Problems," Kocher considers the perpetual arms race
between attackers and defenders, where frequent updates are required to guard
against network attacks, fraud, piracy, spam and other security problems.
Kocher will explore challenges, successes, catastrophic failures and open
problems in managing these stalemates.
    Carter Laren joins senior executives from major Hollywood studios, Fox and
Warner Bros., in a roundtable discussion of new strategies and weapons in the
war against next-generation digital piracy.  Moderated by Newsweek reporter,
Steven Levy, "Hollywood's Last Chance - Getting it Right on Digital Piracy"
will highlight the threat sophisticated digital pirates present to the movie
industry's economic viability and how Hollywood executives are fighting to
make tomorrow's high-definition content safe from the piracy that has
devastated the music industry.
    From CSS to credit card fraud and P2P to Y2K, Benjamin Jun exposes "Ten
Bugs That Cost Our Customers Billions."  This fascinating look into security
blunders will reveal how these bugs happened, why they caused serious problems
and what could have been done to prevent them.
    Jun also explores the nature of high-threat systems protecting digital
content, cash and access privileges in his session, "Fragile Secrets - Handle
with Care!"  Jun will show how smart cards, content protection systems and
trusted computing environments protect secrets against motivated attackers -
often the very users and device holders they serve - and why it is important
for developers to consider real-world attacks, design principles for tamper
resistance and validation strategies.
    Nate Lawson will be leading a discussion titled "Open-Source Security
Tools," focusing on the design, use and customization of tools for evaluating
and improving system security.  Topics will include the benefits and
challenges of open vs. closed source, current maturity levels and
customization approaches.

    About the Presenters
    Paul Kocher, president and chief scientist, has gained an international
reputation for his consulting work and academic research in cryptography. An
active contributor to major conferences and standards bodies, Paul has
designed many cryptographic applications and protocols, including SSL v3.0.
His development of timing attacks to break RSA and other algorithms received
front-page coverage in several major publications. More recently he has led
research to develop Differential Power Analysis and designs for securing smart
cards and other devices against these attacks, as well as to design a record-
breaking DES Key Search machine. Paul holds a B.S. degree from Stanford
University.
    Benjamin Jun, vice president, heads the consulting practice and the
company's Content Security Research Initiative. He leads engineering groups in
the design, evaluation and repair of high-assurance security modules for
software, ASIC and embedded systems. Ben holds B.S. and M.S. degrees from
Stanford University, where he is a Mayfield Entrepreneurship Fellow.
    Carter Laren is Cryptography Research's technical liaison to Hollywood
studios, content owners and consumer electronics manufacturers. Known as the
"Anti-Pirate," he has extensive experience designing and evaluating secure
communication and pay-television systems, tamper-resistant devices and content
protection technology. Carter holds a B.S. degree in electrical engineering
from the University of Pittsburgh, where he was awarded the elite Chancellor's
Scholarship.
    Nate Lawson, senior security engineer at Cryptography Research, is focused
on the design and analysis of network security devices. He is the original
developer of ISS's RealSecure and the first version of Decru's fibre channel
appliance. Nate holds a B.S. computer science degree from Cal Poly and is a
member of USENIX and SMPTE.

     Cryptography Research Conference Talk Schedule
    Tuesday, February 15, 2005
      11:10 a.m. - The Cryptographers' Panel, Paul Kocher
    Thursday, February 17, 2005
      7:00 a.m. - Open Source Security Tools, Nate Lawson
      8:00 a.m. - Hollywood's Last Chance - Getting it Right on Digital
                  Piracy, Carter Laren
      2:00 p.m. - Inside-Out Security Strategy - Architecting an Effective
                  Defense for Vulnerabilities in the Stored Data Environment,
                  Paul Kocher
      3:25 p.m. - Stalemate Security Problems, Paul Kocher
      4:50 p.m. - Ten Bugs That Cost Our Customers Billions, Benjamin Jun
    Friday, February 18, 2005
      11:10 a.m. - Fragile Secrets - Handle with Care!, Benjamin Jun

    About Cryptography Research, Inc.
    Cryptography Research, Inc. provides consulting services and technology to
solve complex security problems. In addition to security evaluation and
applied engineering work, CRI is actively involved in long-term research in
areas including tamper resistance, content protection, network security and
financial services. The company has a broad portfolio of patents covering
countermeasures to differential power analysis and other vulnerabilities, and
is committed to helping companies produce secure smart cards and other tamper
resistant devices.
    Security systems designed by Cryptography Research engineers annually
protect more than $100 billion of commerce for wireless, telecommunications,
financial, digital television and Internet industries. For additional
information or to arrange a consultation with a member of the technical staff,
please contact Jen Craft at 415-397-0123, ext. 329 or visit
http://www.cryptography.com.


 SOURCE Cryptography Research, Inc.
 Web Site: http://www.cryptography.com

More news from PR Newswire...

Issuers of news releases and not PR Newswire are solely responsible for the
accuracy of the content.
Terms and conditions, including restrictions on redistribution, apply.
 Copyright ) 1996-2004 PR Newswire Association LLC. All Rights Reserved.
 A United Business Media company.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb 14 08:04:43 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 14 Feb 2005 11:04:43 -0500
Subject: China shut down 12,000 Internet bars in 2004
Message-ID: <p0611048ebe367c6bab9a@[68.167.57.91]>

<http://uk.news.yahoo.com/050213/323/fce29.html>

Yahoo!


Sunday February 13, 10:35 PM

China shut down 12,000 Internet bars in 2004
Click to enlarge photo

 BEIJING (AFP) - Chinese authorities shut down more than 12,000 Internet
bars last year, state media said.
 As part of moves to "create a safer environment for young people," the
government in 2004 closed 12,575 illegal Internet bars, 2,861 dance clubs,
and 3,434 video halls, Xinhua news agency said.

 According to several government ministries, Chinese parents had complained
that the businesses, mainly located near schools, had "severely affected
students' cultural lives," it said.

 China has an Internet population of 87 million with about half of the web
users under the age of 24.

 China welcomes the Internet, as it helps the economy leapfrog into the
21st century, but at the same time it is worried about the way it enables
people to access information that is considered subversive.

 In reaction, the government has cracked down hard on Internet cafes,
closing down many, and is also monitoring online traffic for content that
might be deemed politically sensitive.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb 14 08:07:02 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 14 Feb 2005 11:07:02 -0500
Subject: From high-tech driver's licenses to national ID cards?
Message-ID: <p06110492be367cd3c3e9@[68.167.57.91]>

<http://news.com.com/2102-1028_3-5573414.html?tag=st.util.print>

CNET News


 From high-tech driver's licenses to national ID cards?

 By Declan McCullagh

 Story last modified Mon Feb 14 04:00:00 PST 2005

A recent vote in Congress endorsing standardized, electronically readable
driver's licenses has raised fears about whether the proposal would usher
in what amounts to a national ID card.

In a vote that largely divided along party lines, the U.S. House of
Representatives approved a Republican-backed measure that would compel
states to design their driver's licenses by 2008 to comply with federal
antiterrorist standards. Federal employees would reject licenses or
identity cards that don't comply, which could curb Americans' access to
everything from airplanes to national parks and some courthouses.

 The congressional maneuvering takes place as governments are growing more
interested in implanting technology in ID cards to make them smarter and
more secure. The U.S. State Department soon will begin issuing passports
with radio frequency identification, or RFID, chips embedded in them, and
Virginia may become the first state to glue RFID tags into all its driver's
licenses.
 News.context

What's new:
 A recent vote in Congress endorsing standardized, electronically readable
driver's licenses has raised fears about whether the proposal would usher
in what amounts to a national ID card.

 Bottom line:Proponents of the Real ID Act say it's needed to frustrate
both terrorists and illegal immigrants. Critics say it imposes more
requirements for identity documents on states, and gives the Department of
Homeland Security carte blanche to do nearly anything else "to protect the
national security interests of the United States."

 More stories on privacy and national security

"Supporters claim it is not a national ID because it is voluntary," Rep.
Ron Paul of Texas, one of the eight Republicans to object to the measure,
said during the floor debate this week. "However, any state that opts out
will automatically make nonpersons out of its citizens. They will not be
able to fly or to take a train."

 Paul warned that the legislation, called the Real ID Act, gives unfettered
authority to the Department of Homeland Security to design state ID cards
and driver's licenses. Among the possibilities: biometric information such
as retinal scans, fingerprints, DNA data and RFID tracking technology.

 Proponents of the Real ID Act say it adheres to the recommendations of the
9/11 Commission and is needed to frustrate both terrorists and illegal
immigrants. Only a portion of the legislation regulates ID cards; the rest
deals with immigration law and asylum requests. "American citizens have the
right to know who is in their country, that people are who they say they
are, and that the name on the driver's license is the real holder's name,
not some alias," F. James Sensenbrenner, R-Wisc., said last week.

 "If these commonsense reforms had been in place in 2001, they would have
hindered the efforts of the 9/11 terrorists, and they will go a long way
toward helping us prevent another tragedy like 9/11," said House Majority
Leader Tom DeLay, R-Texas.

 Now the Real ID Act heads to the Senate, where its future is less certain.
Senate rules make it easier for politicians to derail legislation, and an
aide said Friday that Sen. Patrick Leahy, the top Democrat on the Judiciary
Committee, was concerned about portions of the bill.

 Sen. Dianne Feinstein of California, the top Democrat on a terrorism
subcommittee, said "I basically support the thrust of the bill" in an
e-mail to CNET News.com on Friday. "The federal government should have the
ability to issue standards that all driver's licenses and identification
documents should meet."

 "Spy-D" cards?
 National ID cards are nothing new, of course. Many European, Asian and
South American countries require their citizens to carry such documents at
all times, with legal punishments in place for people caught without them.
Other nations that share the English common law tradition, including
Australia and New Zealand, have rejected such schemes.

 A host of political, cultural and even religious concerns has prevented a
national ID from being adopted in the United States, even during the
tumultuous days after the Sept. 11, 2001, attacks that ushered in the
Patriot Act.

 Conservatives and libertarians typically argue that a national ID card
will increase the power of the government, and they fear the dehumanizing
effects of laws enacted as a result. Civil liberties groups tend to worry
about the administrative problems, the opportunities for criminal mischief,
and the potential irreversibility of such a system.

  Some evangelical Christians have likened such a proposal to language in
the Bible warning "that no man might buy or sell, save he that had the
mark, or the name of the beast, or the number of his name." That mark is
the sign of the "end times," according to evangelical thinking, which
predicts that anyone who accepts the mark will be doomed to eternal torment.

 Those long-standing concerns have become more pointed recently, thanks to
the opportunity for greater tracking--as well as potentially greater
security for ID documents--that technologies such as RFID provide. Though
the Real ID act does not specify RFID or biometric technology, it requires
that the Department of Homeland Security adopt "machine-readable
technology" standards and provides broad discretion in how to do it.

 An ad hoc alliance of privacy groups and technologists recently has been
fighting proposals from the International Civil Aviation Organization to
require that passports and other travel documents be outfitted with
biometrics and remotely readable RFID-type "contact-less integrated
circuits."

 The ICAO, a United Nations organization, argues the measures are necessary
to reduce fraud, combat terrorism and improve airline security. But its
critics have raised questions about how the technology could be misused by
identity thieves with RFID readers, and they say it would "promote
irresponsible national behavior."

 In the United States, the federal government is planning to embed RFID
chips in all U.S. passports and some foreign visitor's documents. The U.S.
State Department is now evaluating so-called e-passport technology from
eight different companies. The agency plans to select a supplier and issue
the first e-passports this spring, starting in Los Angeles, and predicts
that all U.S. passport agencies will be issuing them within a year.

 The high-tech passports are supposed to deter theft and forgeries, as well
as accelerating immigration checks at airports and borders. They'll contain
within their covers a miniscule microchip that stores basic data, including
the passport holder's name, date of birth and place of birth. The chip,
which can transmit information through a tiny included antenna, also has
enough room to store biometric data such as digitized fingerprints,
photographs and iris scans.


 Border officials can compare the information on the chip to that on the
rest of the passport and to the person actually carrying it. Discrepancies
could signal foul play.

 In a separate program, the Department of Homeland Security plans to issue
RFID devices to foreign visitors that enter the country at the Mexican and
Canadian borders. The agency plans to start a yearlong test of the
technology in July at checkpoints in Arizona, New York and Washington state.

 The idea is to aid immigration officials in tracking visitors' arrivals
and departures and snare those who overstay their visas. Similar to
e-passports, the new system should speed up inspection procedures. It's
part of the US-VISIT program, a federal initiative designed to capture and
share data such as fingerprints and photographs of foreign visitors.

 A "Trojan horse"
 The legislation approved by the House last Thursday follows a related
measure President Bush signed into law in December. That law gives the
Transportation Department two years to devise standard rules for state
licenses, requires information to be stored in "machine-readable" format,
and says noncompliant ID cards won't be accepted by federal agencies.

 But critics fret that the new bill goes even further. It shifts authority
to the Department of Homeland Security, imposes more requirements for
identity documents on states, and gives the department carte blanche to do
nearly anything else "to protect the national security interests of the
United States."

 "In reality, this bill is a Trojan horse," said Paul, the Republican
congressman. "It pretends to offer desperately needed border control in
order to stampede Americans into sacrificing what is uniquely American: our
constitutionally protected liberty."

 Unlike last year's measure, the Real ID Act "doesn't even mention the word
'privacy,'" said Marv Johnson, a lobbyist for the American Civil Liberties
Union.

 "What I think the House is planning on doing is attaching this bill to
tsunami relief or money to the troops," Johnson says. "When they send it to
the Senate, the Senate will have to either fish or cut bait. They can
approve it or ask for a conference committee, at which point the House can
say 'they're playing games with national security.'"

 In response to a question about a national ID card, White House spokesman
Scott McClellan told reporters on Friday that "the president supports the
legislation that just passed the House." McClellan pointed to a statement
from the White House earlier in the week that endorsed it.

 Another section of the Real ID Act that has raised alarms is the linking
of state Department of Motor Vehicles databases, which was not part of last
year's law. Among the information that must be shared: "All data fields
printed on drivers' licenses and identification cards" and complete
drivers' histories, including motor vehicle violations, suspensions and
points on licenses.

 Some senators have indicated they may rewrite part of the measure once
they begin deliberations.

 Sen. Jon Kyl, R-Ariz., chairman of a terrorism subcommittee, is readying
his own bill that will be introduced within a few weeks, spokesman Andrew
Wilder said on Friday. "He has been at work on his own version of things,"
Wilder said. "Senator Kyl does support biometric identifiers."

 CNET News.com's Alorie Gilbert contributed to this report.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From camera_lumina at hotmail.com  Mon Feb 14 08:22:49 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Mon, 14 Feb 2005 11:22:49 -0500
Subject: Team Building?? WIMPS!!
In-Reply-To: <20050213180140.GA30069@arion.soze.net>
Message-ID: <BAY24-F262AF1FC21C66FAD6E69C69B6A0@phx.gbl>

Well, I'd consider killing May as a big de-merit...if he's alive and 
conscious we can get video of his reaction to our monkeying around with all 
his stuff (including perhaps mass-mailing his PGP keys to feds and whatnot).

Or else maybe just get a black drag queen to give the ole coot a lapdance.

-TD

>From: Justin <justin-cypherpunks at soze.net>
>To: cypherpunks at al-qaeda.net
>Subject: Re: Team Building?? WIMPS!!
>Date: Sun, 13 Feb 2005 18:01:40 +0000
>
>On 2005-02-13T13:22:43+0100, Thomas Shaddack wrote:
> > On Thu, 10 Feb 2005, Tyler Durden wrote:
> >
> > > Well, I didn't say it would be easy. We'd definitely need to split up 
>into
> > > teams...one to handle the alarm systems,
> >
> > Teamwork is essential here.
> > ...
> > Optionally just add couple more mines and then wait.[4]
>
>Why not wait for him to leave the house and then pick him off?  If
>necessary, jam one of his video cameras or shoot it with a silenced
>rifle from afar.  When he ventures forth to determine what's wrong with
>it, shoot him in the head.
>
>Once he's dead, frustrating the alarm company is even easier.  Then you
>have all the time you want to disarm mines, ransack the compound, hold
>an Iraqi/Libyan hooker party, and prank call the White House and the NSA
>(just before closing time; no sense in being around when the feds show
>up, though perhaps they'd give everyone a reward for eliminating TCM).
>
>--
>Certainly there is no hunting like the hunting of man, and those who
>have hunted armed men long enough and liked it, never really care for
>anything else thereafter.           --Hemingway, Esquire, April 1936




From rah at shipwright.com  Mon Feb 14 08:32:20 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 14 Feb 2005 11:32:20 -0500
Subject: Certicom and Beep Science Partner to Provide Advanced Security 
  for Digital Rights Management
Message-ID: <p06110473be36604d148e@[68.167.57.91]>

<http://biz.yahoo.com/prnews/050214/to126_2.html?printer=1>

Yahoo! Finance

Press Release
Source: Certicom Corp.

Certicom and Beep Science Partner to Provide Advanced Security for Digital
Rights Management
Monday February 14, 7:00 am ET

Device manufacturers can implement DRM as part of overall Certicom Security
Architecture

MISSISSAUGA, ON and OSLO, Norway, Feb. 14 /PRNewswire-FirstCall/ - Certicom
Corp. (TSX: CIC - News), the authority for strong, efficient cryptography,
and Beep Science, a leading provider of Open Standard DRM technology, today
announced a partnership agreement to enable Certicom to integrate and
resell Beep Science's digital rights management (DRM) software solution.
The move supports Certicom's objective to provide a comprehensive,
integrated security platform that addresses the evolving needs of device
manufacturers.

The robust and secure OMA DRM v2 Agent from Beep Science will become part
of the Certicom Security Architecture, which consists of a modular set of
security protocol toolkits and software cryptographic providers that are
unified by a single, intuitive application programming interface. The Beep
Science DRM solution (client- and server-side) is fully compliant with the
digital rights management standard from the Open Mobile Alliance (OMA) and
supports the distribution of high value content to a wide spectrum of
devices, including multimedia capable mobile phones, handheld devices,
consumer electronic devices, and set-top boxes.

"Certicom is uniquely positioned to address the evolving security needs of
device manufacturers. Our focus on strong security, our experience with
resource-constrained devices, and now our partnership with Beep Science,
the DRM expert, combine to make a powerful offering," said Jim Alfred,
director of product management at Certicom. "As devices become more
complex, coordinated efforts, such as our partnership with Beep Science,
become critical to helping device manufacturers meet the evolving needs of
their customers."

"For device manufacturers to succeed, they need to consider security at the
design stage. It's for this reason that we have chosen to partner with
Certicom, a leader and experienced player in embedded security. By working
with Certicom, our DRM technology becomes part of comprehensive security
architecture," said Markku Mehtala, VP business development at Beep
Science. "This agreement represents new opportunities for both companies
and a complete solution for device manufacturers."

To learn more about the partnership please visit Beep Science at 3GSM World
Congress in Cannes, France (stand J5&6 Hall 3,) and Certicom at RSA
Conference 2005 in San Francisco (booth No. 430).

About Beep Science

Beep Science is a leading provider of client and server side Digital Rights
Management (DRM) software solutions fully compliant with the Industry
Standard from Open Mobile Alliance (OMA).

The Beep Science OMA v2 DRM client product for device manufacturers and
media player vendors is a total solution that applies to the strict
performance and robustness requirements while providing flexible business
models and enhanced end-user experience. The Beep Science OMA DRM Server
integrates with existing service delivery infrastructure and automates the
content protection and license management for digital content providers.

The company represents one of the largest specialist resource centers
within the field of Mobile Digital Rights Management and has world-class
brands as customers. Visit www.beepscience.com

About Certicom

Certicom Corp. (TSX: CIC - News) is the authority for strong, efficient
cryptography required by software vendors and device manufacturers to embed
security in their products. Adopted by the US government's National
Security Agency (NSA), Certicom technologies for Elliptic Curve
Cryptography (ECC) provide the most security per bit of any known public
key scheme, making it ideal for constrained environments. Certicom products
and services are currently licensed to more than 300 customers including
Motorola, Oracle, Research In Motion, Terayon, Texas Instruments and
Unisys. Founded in 1985, Certicom is headquartered in Mississauga, ON,
Canada, with offices in Ottawa, ON; Reston, VA; San Mateo, CA; and London,
England. Visit www.certicom.com.

Certicom, Certicom Security Architecture, Certicom CodeSign, Security
Builder, Security Builder Middleware, Security Builder API, Security
Builder Crypto, Security Builder SSL, Security Builder PKI, Security
Builder NSE and Security Builder GSE are trademarks or registered
trademarks of Certicom Corp. All other companies and products listed herein
are trademarks or registered trademarks of their respective holders.

Except for historical information contained herein, this news release
contains forward-looking statements that involve risks and uncertainties.
Actual results may differ materially. Factors that might cause a difference
include, but are not limited to, those relating to the acceptance of mobile
and wireless devices and the continued growth of e-commerce and m-commerce,
the increase of the demand for mutual authentication in m-commerce
transactions, the acceptance of Elliptic Curve Cryptography (ECC)
technology as an industry standard, the market acceptance of our principal
products and sales of our customer's products, the impact of competitive
products and technologies, the possibility of our products infringing
patents and other intellectual property of fourth parties, and costs of
product development. Certicom will not update these forward-looking
statements to reflect events or circumstances after the date hereof. More
detailed information about potential factors that could affect Certicom's
financial results is included in the documents Certicom files from time to
time with the Canadian securities regulatory authorities.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From bbrow07 at students.bbk.ac.uk  Mon Feb 14 05:18:19 2005
From: bbrow07 at students.bbk.ac.uk (ken)
Date: Mon, 14 Feb 2005 13:18:19 +0000
Subject: What is a cypherpunk?
In-Reply-To: <420BD5D7.4248.1E8C0E4@localhost>
References: <4209D364.29070.1A0DC2F@localhost>
  <420BD5D7.4248.1E8C0E4@localhost>
Message-ID: <4210A51B.5050901@students.bbk.ac.uk>

James A. Donald wrote:


> The state was created to attack private property rights - to
> steal stuff.  Some rich people are beneficiaries, but from the
> beginning, always at the expense of other rich people.

More commonly states defend the rich against the poor.  They are 
what underpins property rights, in the  sense of "great property" 
- until the industrial revolution that was mostly rights to land 
other people farm or live on. Every society we know about has had 
laws and customs defending personal property (more or less 
successfully) but it takes political/military power to defend the 
right to exact rent from a large estate, and state power to defend 
that right for thousands or millions of landowners.


> Again, compare the burning of Shenendoah with the Saint
> Valentine's day massacre.  There is just no comparison.
> Governmental crimes are stupendously larger, and much more
> difficult to defend against.

True.

The apposite current comparison is 9/11 the most notorious piece 
of private-enterprise violence in recent years, and the far more 
destructive  US revenge on Afghanistan and Iraq. Which was 
hundreds of times more destructive but hundreds of thousands of 
times more expensive, so far less cost-effective - but in a a war 
of attrition that might not matter so much. Of course the 
private-enterprise AQ & their friends the Taliban booted 
themselves into a state, of sorts in Afghanistan, with a little 
help from their friends in Pakistan and arguable amounts of US 
weaponry. Not that Afghanistan was the sort of place from which 
significant amounts of tax could be collected to fund further 
military adventures.

States can get usually get control of far larger military 
resources than private organisations, and have fewer qualms about 
wasting them.  Not that it makes much difference to the victims - 
poor peasants kicked off land wanted for oilfields in West Africa 
probably neither know nor care whether the troops who burned their 
houses were paid by the oil companies or the local government.




From jamesd at echeque.com  Mon Feb 14 18:29:11 2005
From: jamesd at echeque.com (James A. Donald)
Date: Mon, 14 Feb 2005 18:29:11 -0800
Subject: What is a cypherpunk?
In-Reply-To: <4210A51B.5050901@students.bbk.ac.uk>
References: <420BD5D7.4248.1E8C0E4@localhost>
Message-ID: <4210EDF7.20051.453C2F4@localhost>

    --
James A. Donald wrote:
> > The state was created to attack private property rights - 
> > to steal stuff.  Some rich people are beneficiaries, but 
> > from the beginning, always at the expense of other rich 
> > people.

On 14 Feb 2005 at 13:18, ken wrote:
> More commonly states defend the rich against the poor.  They 
> are what underpins property rights, in the  sense of "great 
> property"

Observe that rich people around the world are hiding their 
money in America, despite the fact that progressive taxes, 
speculative lawsuits and money laundering laws show the 
American government is no friend of the rich.  Still less is 
any other government a friend of the rich, or even the 
moderately well off, any more than a wolf is the friend of the 
deer.

As governments were created to smash property rights, they are 
always everywhere necessarily the enemy of those with property, 
and the greatest enemy of those with the most property.

> - until the industrial revolution that was mostly rights to 
> land other people farm or live on. Every society we know 
> about has had laws and customs defending personal property 
> (more or less successfully) but it takes political/military 
> power to defend the right to exact rent from a large estate, 
> and state power to defend that right for thousands or 
> millions of landowners.

For thousands indeed - but not for millions - which is why only 
massive state confiscation of property can create a society 
where landowners number in the mere thousands.

The old west, and australian squatters, show that fairly large
estates, texan size, can exist even in the face of active
hostility from a state that refuses to recognize those property
rights, and actively seeks to destroy them. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     NSa2rHCplLHx15v3Gnuif4Ikp13vGHgGAD4FsQ/L
     4sfxn6VBdoXUsN8RPTiWcftpni6ER6qYlKqWLq0Ys




From rah at shipwright.com  Mon Feb 14 16:28:46 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 14 Feb 2005 19:28:46 -0500
Subject: NSA May Be 'Traffic Cop' for U.S. Networks
Message-ID: <p061104d2be36f29c5fc8@[68.167.57.91]>

<http://www.kansascity.com/mld/kansascity/news/politics/10898954.htm?template=contentModules/printstory.jsp>

Posted on Mon, Feb. 14, 2005

NSA May Be 'Traffic Cop' for U.S. Networks

TED BRIDIS
Associated Press

WASHINGTON - The Bush administration is considering making the National
Security Agency - famous for eavesdropping and code breaking - its "traffic
cop" for ambitious plans to share homeland security information across
government computer networks, a senior NSA official says.

Such a decision would expand NSA's responsibility to help defend the
complex network of data pipelines carrying warnings and other sensitive
information. It would also require significantly more money for the
ultra-secret spy agency.

The NSA's director for information assurance, Daniel G. Wolf, was expected
to outline his agency's potential role during a speech Wednesday at the RSA
technology conference in San Francisco. In an interview preceding his
speech, Wolf told The Associated Press that computer networks at U.S.
organizations are like medieval castles, each protected by different-size
walls and moats.

As the U.S. government moves increasingly to share sensitive security
information across agencies, weaknesses inside one department can become
opportunities for outsiders to penetrate the entire system, Wolf warned.
Attackers could steal sensitive information or deliberately spread false
information.

"If someone isn't working on being a traffic cop, giving guidance on how
secure they need to be, a risk that is taken by one castle is really shared
by other castles," Wolf said. "Who's defining the standards? Who says how
high the walls should be?"

The NSA already helps protect systems deemed vital to the nation's
security, such as those involved in intelligence, cryptography and weapons.
Wolf said the administration is considering whether to designate its
fledgling information-sharing efforts also under the NSA's purview.

The White House Office of Management and Budget currently directs efforts
by civilian agencies to secure their computer networks.

The NSA's information security programs are highly regarded among experts.
"Bring it on. This clearly ought to be done," said Paul Kurtz, a former
White House cybersecurity adviser and head of the Washington-based Cyber
Security Industry Alliance, a trade group. "This will raise the bar across
the federal government to a far more secure infrastructure."

Congress has directed the NSA and the Department of Homeland Security to
study the architecture and policies of computers for sharing sensitive
homeland security information.

In the latest blueprint for U.S. intelligence spending, lawmakers warned
that attackers always search for weak links and that connecting distant
systems "will further increase the vulnerability of networks that
originally were developed to be susbstantially isolated from one another."

It's unclear how the NSA's efforts would affect private companies, which
own and operate many of the electrical, water, banking and other systems
vital to government. Wolf said the agency already works to secure such
systems important to military installations, but he denied that NSA would
have any new regulatory authority over private computers.

"When we talk about being the traffic cop, we're not in charge of these
networks," Wolf said. "We're not running these networks."

It also was unclear how much the effort might cost.

"If you're going to have a network that everyone in government can get
into, that means some agencies are going to have to come up to meet new,
higher standards, and that's expensive," said James Lewis, director of
technology policy at the Center for Strategic and International Studies, a
conservative think-tank.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From ryan at venona.com  Mon Feb 14 12:44:10 2005
From: ryan at venona.com (Ryan Lackey)
Date: Mon, 14 Feb 2005 20:44:10 +0000
Subject: U.S. Said to Pay Iraq Contractors in Cash
In-Reply-To: <p0611040bbe358bdb48ca@[68.167.57.91]>
References: <p0611040bbe358bdb48ca@[68.167.57.91]>
Message-ID: <20050214204410.GA5165@metacolo.com>

Everyone does this openly over here.  Anything less than $500k or so
isn't even worth thinking about, since as a kidnap victim, you're sold
for about that much.

I really don't see why it's worthy of an article.

I've been buying cash from other contractors, as well as providing
cash on a short-term loan or wire basis, and these activities are
common as well.

It would be a good environment to deploy various electronic payment
systems, but nothing is really up to snuff for the kind of things
people do here -- large sums, and making purchases from existing
online vendors.

Quoting R. A. Hettinga <rah at shipwright.com>:
> <http://news.yahoo.com/news?tmpl=story&cid=542&u=/ap/iraq_loose_cash&printer=1>
> 
> Yahoo!
> 
> 
> U.S. Said to Pay Iraq Contractors in Cash
> 
> 
> 
>  1 hour, 4 minutes ago
> 
> By LARRY MARGASAK, Associated Press Writer
> 
> WASHINGTON -  U.S. officials in postwar Iraq (news - web sites) paid a
> contractor by stuffing $2 million worth of crisp bills into his gunnysack
> and routinely made cash payments around Baghdad from a pickup truck, a
> former official with the U.S. occupation government says.
> 
> 
>  Because the country lacked a functioning banking system, contractors and
> Iraqi ministry officials were paid with bills taken from a basement vault
> in one of Saddam Hussein (news - web sites)'s palaces that served as
> headquarters for the Coalition Provisional Authority, former CPA official
> Frank Willis said.
> 
>  Officials from the CPA, which ruled Iraq from June 2003 to June 2004,
> would count the money when it left the vault, but nobody kept track of the
> cash after that, Willis said.
> 
>  "In sum: inexperienced officials, fear of decision-making, lack of
> communications, minimal security, no banks, and lots of money to spread
> around. This chaos I have referred to as a 'Wild West,'" Willis said in
> testimony he prepared to give Monday before a panel of Democratic senators
> who want to spotlight the waste of U.S. funds in Iraq.
> 
>  A senior official in the 1980s at the State and Transportation departments
> under then-President Ronald Reagan (news - web sites), Willis provided The
> Associated Press with a copy of his testimony and answered questions in an
> interview.
> 
>  James Mitchell, spokesman for the special inspector general for Iraq
> reconstruction, told the AP that cash payments in Iraq were a problem when
> the occupation authority ran the country and they continue during the
> massive U.S.-funded reconstruction.
> 
>  "There are no capabilities to electronically transfer funds," Mitchell
> said. "This complicates the financial management of reconstruction projects
> and complicates our ability to follow the money."
> 
>  The Pentagon (news - web sites), which had oversight of the CPA, did not
> immediately comment in response to requests Friday and over the weekend.
> But the administrator of the former U.S. occupation agency, L. Paul Bremer
> III, in response to a recent federal audit criticizing the CPA, strongly
> defended the agency's financial practices.
> 
>  Bremer said auditors mistakenly assumed that "Western-style budgeting and
> accounting procedures could be immediately and fully implemented in the
> midst of a war."
> 
>  When the authority took over the country in 2003, Bremer said, there was
> no functioning Iraqi government and services were primitive or nonexistent.
> He said the U.S. strategy was "to transfer to the Iraqis as much
> responsibility as possible as quickly as possible, including responsibility
> for the Iraqi budget."
> 
>  Iraq's economy was "dead in the water" and the priority "was to get the
> economy going," Bremer said.
> 
>  Also in response to that audit, Pentagon spokesman Bryan Whitman had said,
> "We simply disagree with the audit's conclusion that the CPA provided less
> than adequate controls."
> 
>  Willis served as a senior adviser on aviation and communications matters
> for the CPA during the last half of 2003 and said he was responsible for
> the operation of Baghdad's airport.
> 
>  Describing the transfer of $2 million to one contractor's gunnysack,
> Willis said: "It was time for payment. We told them to come in and bring a
> bag." He said the money went to Custer Battles of Middletown, R.I., for
> providing airport security in Baghdad for civilian passengers.
> 
>  Willis said a coalition driver would go around the Iraqi capital and
> disburse money from the a pickup truck formerly belonging to the grounded
> Iraqi Airways airline. The reason is because officials "wanted to meld into
> the environment," he said.
> 
>  Willis' allegations follow by two weeks an inspector general's report that
> concluded the occupying authority transferred nearly $9 billion to Iraqi
> government ministries without any financial controls.
> 
>  The money was designated for financing humanitarian needs, economic
> reconstruction, repair of facilities, disarmament and civil administration,
> but the authority had no way to verify that it went for those purposes, the
> audit said.
> 
>  Sen. Byron Dorgan (news, bio, voting record), head of the Democratic group
> that is holding Monday's hearing, said he arranged for Willis' testimony
> because majority Republicans have declined to investigate the suspected
> misuse of funds in Iraq.
> 
>  "This isn't penny ante. Millions, perhaps billions of dollars have been
> wasted and pilfered," Dorgan, D-N.D., said in an interview ahead of the
> Senate Democratic Policy Committee's session.
> 
>  Willis concluded that "decisions were made that shouldn't have been,
> contracts were made that were mistakes, and were poorly, if at all,
> supervised, money was spent that could have been saved, if we simply had
> the right numbers of people. ... I believe the 500 or so at CPA
> headquarters should have been 5,000."
> 

-- 
Ryan Lackey [RL960-RIPE AS24812]   ryan at venona.com   +1 800 723 0127
OpenPGP DH 4096: B8B8 3D95 F940 9760 C64B   DE90 07AD BE07 D2E0 301F




From rah at shipwright.com  Mon Feb 14 20:18:24 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 14 Feb 2005 23:18:24 -0500
Subject: Alleged mobsters guilty in vast Net, phone fraud
Message-ID: <p061104e8be37128ddc3c@[68.167.57.91]>

<http://www.msnbc.msn.com/id/6928696/print/1/displaymode/1098/>
  MSNBC.com

Alleged mobsters guilty in vast Net, phone fraud
Mafia scheme said to have netted $659 million over 7 years
By Mike Brunker
Reporter
MSNBC
Updated: 8:22 p.m. ET Feb. 14, 2005


Writing a sudden ending to what authorities say is one of the biggest
consumer fraud cases ever prosecuted, alleged members of one of New York's
most notorious Mafia families pleaded guilty Monday to conspiracy and fraud
charges stemming from an Internet and phone billing caper that bilked
consumers out of more than $650 million.

Prosecutors say the principals of the scheme, which ran from 1996 to 2003,
are members of the Gambino crime family, an outfit better known for such
muscle-and-blood criminal enterprises as gambling, loan sharking,
protection rackets and creative bookkeeping for construction projects and
garbage collection.

But in this case, prosecutors said, the hoods targeted phone customers and
Internet users, tricking them into responding to too-good-to-be-true offers
of free porn, psychic readings, dating services and sports picks, and then
putting the hurt on their pocketbooks with a series of unauthorized credit
card and telephone charges.

The mobsters also ripped off two federally supervised funds that subsidize
rural phone companies through another billing scam.

Alleged mastermind, Gambino 'capo' enter pleas
Among those who entered guilty pleas Monday in U.S. District Court in
Brooklyn - on the day jury selection was to have begun - were the alleged
mastermind of the scheme, Richard Martino, 45, known in the New York
tabloids as the "X-rated mobster," and 45-year-old Salvatore Locascio,
described by authorities as a Gambino "capo," or captain.

 Under the plea bargain, Martino pleaded guilty to one count of conspiracy
to commit mail and wire fraud and one count of extortion for forcefully
trying to extract a $1 million payment from a porn industry rival. Martino
faces up to 10 years in prison and agreed to forfeit $15 million under the
deal.

Locascio entered a guilty plea to a single count of  money laundering and
also faces up to 10 years in prison and forfeiture of $4.7 million.

Three other alleged mob associates - Dennis Martino, brother of Richard
Martino, Thomas Pugliese and Andrew Campos - pleaded guilty to a count of
conspiracy to commit mail and wire fraud. A fourth man, Zev Mustafa,
pleaded guilty to money laundering in connection with the scheme.

Daniel Martino, Pugliese and Campos each face up to five years in prison
and agreed to forfeit a total of $2.1 million, while Mustafa faces up to 10
years in prison and will forfeit $1.7 million.

Prosecutors allege that Richard Martino, a Gambino "soldier," directed the
scheme and paid $8 million of the proceeds directly to Locascio, the leader
of his "crew," and funneled at least $40 million more into Gambino family
coffers.

Bank, phone company purchased
The elaborate scheme brought in so much money that the defendants and
various co-conspirators were able to purchase a telephone company and bank
in Missouri, according to court documents. They also created at least 64
shell companies and opened a host of foreign bank accounts through which to
pass their ill-gotten gains, the documents said.

 In an indictment returned in March 2003, prosecutors alleged a two-headed
scheme:

People who called 1-800 phone numbers advertising free samples of phone
sex, psychic hot lines and dating services unwittingly triggered recurring
monthly charges that appeared on their phone bills as "voice-mail services"
and other innocuous services.

At the same time, the scheme trapped Web surfers seeking adult content on
the Internet by enticing them to enter their credit card information for
"free" tours, only to begin billing them between $20 and $90 a month.

 The defendants routinely changed corporate billing names and merchant
banks to stay one step ahead of authorities and foil Visa USA's
fraud-detection system, according to court documents. In 1999, they began
processing credit transactions in Guatemala to further muddy the waters,
the documents said.

Prosecutors charged that the Web sites used in the Internet scam were part
of a joint venture formed in 1996 between Crescent Publishing Group Inc., a
Manhattan company that published such high-profile adult magazines as
Playgirl and High Society, and Lexitrans Inc. of Overland Park, Kan., a Web
hosting company that they said was secretly controlled by Richard Martino.

 Surprise guilty pleas
The surprise guilty pleas on Monday, following negotiations that lasted
through the weekend, pre-empted what would have been one of the most
closely watched mob trials in years.

Using the power of plea bargains, prosecutors already had peeled off a
number of alleged co-conspirators who were expected to testify against
Martino and Locascio, including:
Norman Chanes, a 58-year-old millionaire advertising executive and movie
producer (co-producer of the 2000 film "Blue Moon," starring Ben Gazzara,
Rita Moreno and "Sopranos" cast member Vincent Pastore), who allegedly
advertised the 1-800 phone numbers used in the telephone fraud in magazines
and newspapers around the country.
Bruce Chew, 57, who was CEO of Crescent Publishing Co. Chew was a defendant
in a Federal Trade Commission lawsuit against Crescent Publishing that led
to a $30 million settlement in November 2001.
 Kenneth Matzdorff, a 48-year-old Missouri businessman who allegedly acted
as a front man to purchase the Cass County Telephone Co. in Peculiar, Mo.,
and the Garden City Bank in Garden City, Mo., on behalf of Richard Martino
and others. Matzdorff pleaded guilty in January to conspiracy to commit
mail and wire fraud charges under a plea agreement.

Another figure in the case who might have been called to testify is Carl
Ruderman, a 60-something-year-old publisher and philanthropist who
reportedly was the secret owner of Crescent Publishing.

 'The invisible man' of porn
Ruderman, dubbed "the invisible man" of porn by fellow skin magazine
publisher Al Goldstein in 1989 for his low profile, was never charged with
any crime, reportedly because he told authorities that he delegated
responsibility for day-to-day operations of Crescent Publishing to Chew and
had no knowledge of the billing scam.

 One former Crescent employee said that Ruderman certainly lived up to the
"invisible man" sobriquet at the company's Manhattan offices.

"We used to call him the Wizard of Oz, because you never saw the guy," said
the employee, who spoke with MSNBC.com on condition of anonymity. "I saw
him twice the whole time I worked for him."

Former Gambino crime boss John Gotti Sr., forever known as the "Dapper
Don," also had been expected to testify from the grave.

Longtime New York newspaper crime reporter Jerry Capeci, who now publishes
his work on the Ganglandnews.com Web site, said prosecutors had planned to
play a tape of a wiretapped conversation from January 1990 in which Gotti
sings the praises of newly minted mobsters Martino and Locascio, who had
just been inducted into the Gambino family.

'I like the Richies'

"I want guys that done more than killing," Capeci quotes Gotti as saying on
the tape, obtained from a listening device planted in an apartment above
the Ravenite Social Club in Manhattan's Little Italy. "I like the Richies.

 They're young - twenty-something, thirty-something -- 
 They're beautiful
guys. 
 Ten years from now, these young guys we straightened out, they're
going to be really proud of them."

Gotti died in prison at the age of 61 on June 10, 2002, from complications
of head and neck cancer while serving a sentence of life without parole for
murder and racketeering.

The criminal case was filed more than three years after the FTC announced
that it had filed suit, along with the New York attorney general's office,
to stop Crescent Publishing from "illegally billing thousands of consumers
for services that were advertised as 'free,' and for billing other
consumers who never visited the Web sites at all." The suit did not address
the phone billing portion of the scam.

In announcing the suit in August 2000, the FTC estimated that the "free
tour Web sites" had generated income of $188 million between 1997 and
October 1999, including $141 million in the first 10 months of 1999 alone.

According to Luke Ford, a pioneer blogger and keen observer of the Internet
porn scene, the scheme was able to roll up such huge numbers because of
deals Crescent made with two Internet traffic brokers - Serge Birbrair and
Yishai Habari - that resulted in millions of porn-seeking surfers a day
being directed to the sites.

Traffic brokers allegedly 'made millions'
"Yishai and Serge made millions off the scam and escaped FTC prosecution
because they only functioned as traffic brokers," Ford wrote on his Web
site.

Neither Birbrair nor Habari responded to e-mail requests for comment.

In November 2001, the FTC announced that Crescent Publishing and the
company's principal officers, Chew and David Bernstein, had agreed to pay
$30 million to settle the suit. The settlement also barred the company from
"charging, debiting or billing consumers" for any Web site services without
first obtaining a $10 million bond that could be used "to satisfy any
judgment entered against the defendants" following trial.

 Doug Wolfe, an FTC attorney who worked on the case, said that despite the
settlement, many victims never received compensation.

"Our biggest problem was we had to rely on the company's data to link
individuals to cards," he said. As of late 2004, the redress center
established to administer claims had issued refund checks to 189,646
accounts but had been unable to match names and credit card information for
887,793 others, he said.

Wolfe said the agency never uncovered any link between Crescent and
organized crime, but there were signs that this wasn't your run-of-the-mill
Internet fraud case.

 "It certainly was unique in my experience in terms of the number of
entities through which the money appeared to be moving," Wolfe told
MSNBC.com. "At the same time there were some unusual legal maneuvers.
Individuals on the eve of testifying would suddenly fire their lawyers 

and there was a general reluctance on the other side to engage in civil
discovery."

Phone bill 'cramming' comes under scrutiny
While the Internet operation was taking a hit, the scheme in which
consumers' phone bills were being improperly charged - a practice known as
"cramming" - also was coming under scrutiny.

Martino et al bought the Cass County Telephone Co.,or CassTel, a county
telephone company in Peculiar, Mo., (pop. 2,600) with 8,000 customers,
using Matzdorff as a front man and hiring him to run the company, according
to the indictment. Martino also gave Matzdorff $3 million in February 2001
to buy the Garden City Bank in Garden City, Mo., for purposes of credit
card processing, it said.

At the same time, prosecutors say Martino also formed a billing company
called USP&C to place the bogus charges on customers' phone bills and
charge the credit cards of surfers who visited Crescent Publishing's porn
sites.

 Matzdorff told prosecutors in New York that USP&C set up a call center to
handle complaints from outraged customers that handled an average of 17,000
calls a week at the height of the scheme.

Though USP&C billed telephone customers on behalf of numerous companies and
gave varying descriptions of the services allegedly provided, the billing
agent's high charge-back rate began to attract attention from phone
regulators.

Complaints prompted wave of refunds
In 1999, the California Public Utilities Commission investigated USP&C's
business conduct and found that of $51.5 million in billings to California
customers over the previous 18 months, 52 percent were refunded after
customers complained. The PUC eventually fined USP&C $1.75 million for
improper billing, but it was never able to collect it.

Estimates of the amount netted by the scam have grown steadily since the
March 2003 indictment was unsealed, when prosecutors estimated that the
Internet end of the operation netted $230 million while the phone scam
brought in approximately $200 million in revenue.

Later, federal charges filed in Kansas added $9 million to that tally,
money that prosecutors said the mob-run companies stole by overbilling two
federally supervised telecommunications funds - the Universal Service
Administrative Co. and the National Exchange Carriers Association.

But sources familiar with the case told MSNBC.com that the estimate swelled
recently when prosecutors obtained more information indicating that the
phone "cramming" actually generated at least $420 million, bringing the
overall total to $659 million.

Given the riches the Gambino family allegedly struck in what experts say
apparently was its first major foray into Internet crime, it is surprising
that authorities say the Crescent Publishing case is still the exception to
the Cosa Nostra rule.

Dave Thomas, chief of the FBI's Computer Intrusion Section, said in an
interview published Nov. 29, 2004, by the trade publication Network World
Fusion that there is no evidence indicating that the Mafia has moved into
Internet crime in a big way.

No 'big move' to Internet
"We haven't seen a big move with the traditional Italian-based Mafia groups
to the Internet ... not like we have with the Eastern European hacking
groups," he said. "But as the money (to be made) becomes more and more
widely publicized, they probably will."

Capeci, the crime reporter who specializes in the mob, said there should be
no doubt about that.

"There's no question Locascio's crew is a bit more advanced or
sophisticated than many other mob families, but the trend among the
gangsters is to move away from the stuff that the law enforcement community
is well aware of and to move into new things," he said. "And there's
nothing they won't do if they can figure out how to do it."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb 14 20:19:13 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 14 Feb 2005 23:19:13 -0500
Subject: J.P. Morgan Paying $2.1M in Settlement
Message-ID: <p061104e7be37112e8a07@[68.167.57.91]>

<http://www.forbes.com/home/feeds/ap/2005/02/14/ap1826161.html>

Forbes


Associated Press
Update 1: J.P. Morgan Paying $2.1M in Settlement
 02.14.2005, 06:02 PM

The securities arm of J.P. Morgan Chase & Co. has agreed to pay $2.1
million to settle regulators' charges that it failed to preserve e-mails
sought by the authorities in their 2002-2003 investigation of alleged
conflicts of interest at Wall Street investment houses.

J.P. Morgan Securities Inc. is paying $700,000 in civil fines in each of
three separate settlements with the Securities and Exchange Commission, the
New York Stock Exchange and the National Association of Securities Dealers,
which is the brokerage industry's self-policing organization. The
investment firm neither admitted nor denied the allegations of violating
record-keeping rules.

J.P. Morgan spokesmen declined comment.

J.P. Morgan was among ten of Wall Street's biggest firms that paid a total
$1.4 billion and adopted reforms as a result of the investigation, in which
regulators found that they issued biased ratings on stocks to lure
investment-banking business. J.P. Morgan's share of the industrywide
settlement, reached in April 2003, was $80 million.

In the course of the investigation, begun in April 2002, J.P. Morgan told
the regulators that all the relevant e-mails had been provided, the SEC
said. In fact, the agency, said, the firm's systems and procedures for
retaining e-mails "were inadequate to ensure that all electronic
communications relating to (its) business were preserved for three years
and for the first two years in an easily accessible place" as required by
the rules.

Companies' retention of internal documents took on new importance after the
Enron scandal, in which key papers were shredded, and the landmark
anti-fraud law enacted in July 2002 created new penalties for document
destruction.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb 14 20:22:40 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 14 Feb 2005 23:22:40 -0500
Subject: FEC May Tighten Restrictions On Internet Political Activity
Message-ID: <p061104e0be37112587f5@[68.167.57.91]>

<http://www.drudgereport.com/flash3fec.htm>

The Drudge Report



 FEC May Tighten Restrictions On Internet Political Activity
 Mon Feb 14 2005 10:38:41 ET

 The Federal Election Commission next month will begin looking at
tightening restrictions on political activities on the Internet, ROLL CALL
reports Monday.

 The FEC is planning to examine the question of how Internet activities,
when coordinated with candidates' campaigns, fit into the definition of
'public communications.

 Specifically, the FEC is planning to examine the question of how Internet
activities, when coordinated with candidates' campaigns, fit into the
definition of "public communications." While coordinated communications are
considered campaign contributions and therefore subject to strict
contribution limits, current FEC regulations adopted in 2002 carve out an
exemption for coordinated political communications that are transmitted
over the Internet.

 Developing...

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb 14 20:33:19 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 14 Feb 2005 23:33:19 -0500
Subject: Don't Trust Your Eyes or URLs (was Re: TidBITS#766/14-Feb-05)
In-Reply-To: <p0602041cbe36ebd2c88b@[192.168.111.3]>
References: <p0602041cbe36ebd2c88b@[192.168.111.3]>
Message-ID: <p06110400be372befcf56@[68.167.57.91]>

At 6:21 PM -0800 2/14/05, TidBITS Editors wrote:
>Don't Trust Your Eyes or URLs
>-----------------------------
>  by Glenn Fleishman <glenn at tidbits.com>
>
>  The clever folks at the Shmoo Group, a bunch of interesting
>  security folks who punch holes in assumptions about what's
>  secure on the Internet, have discovered a simple way to fool
>  most browsers into believing that they've connected to a secure
>  Web site when they've been spoofed into connecting to a rogue
>  location with a different name. It's ironic, but Internet Explorer
>  is entirely exempt from this spoof. Opera, Safari and KHTML-based
>  browsers, and all Mozilla and Firefox browsers suffer from this
>  weakness on all platforms.
>
><http://www.shmoo.com/>
><http://www.shmoo.com/idn/homograph.txt>
>
>  In brief, the Shmoos found that a poorly implemented method
>  of allowing international language encoding within domain names,
>  called International Domain Name (IDN) support, allows a malicious
>  party to display what appears to be one domain name in the
>  Location field of a browser while connecting you to another.
>  Phishing scams have just become more difficult to identify.
>
>  This exploit is made possible by a system called "punycode,"
>  which has been widely adopted according to the Shmoo Group.
>  Domain names that use characters outside of unaccented Western
>  alphabet letters via Unicode/UTF-8 are converted into a string
>  of Roman letters (see Matt Neuburg's "Two Bytes of the Cherry:
>  Unicode and Mac OS X" for more information on Unicode). This
>  conversion isn't a problem, per se: it means that domain names
>  outside of the English character set can be used freely without
>  confusing browsers and can be registered using simple English
>  characters for backwards compatibility within the domain naming
>  infrastructure.
>
><http://db.tidbits.com/getbits.acgi?tbser=1217>
>
>  The flaw is twofold: first, affected browsers display whatever the
>  encoded version of the character is, which might look identical to
>  another language's character. For instance, the Shmoos use the
>  Russian lower-case letter A, which is encoded as "&1072;" in UTF-8
>  using decimal (base 10) notation, and displays in browsers that
>  support IDN as a lower-case A indistinguishable from a Roman
>  lowercase A.
>
><http://www.fileformat.info/info/unicode/char/0430/>
>
>  The second problem leads from the first: it's possible
>  to have a legitimate SSL (Secure Sockets Layer) digital
>  certificate for the punycode-based domain name. Thus, in
>  an example that the Schmoos posted for a while (now replaced),
>  you see "https://www.paypal.com/" in your browser URL field,
>  and the SSL signals are all there - you get no warnings, the
>  lock icon is present, and Firefox's Security tab in the Page
>  Info window says the Web site's identity is verified.
>
>  Click View in that same tab in Firefox, and you'll see
>  the full punycode name of the Web site, however, which is
>  "www.xn--pypal-4ve.com". Copy the URL from the Location
>  field and paste it into Terminal, and you'll see the encoded
>  version in standard UTF-8 format, too, which looks like
>  "www.p&1072;ypal.com".
>
>  I don't know that there's an easy solution to this problem.
>  It's the result of choice by the developers of the various
>  browsers to display precisely what a Unicode character looks
>  like, which is reasonable enough. But at the same time they
>  use a kludgy, opaque hack in the background to map that Unicode
>  character to an English character to provide full backwards
>  compatibility with what was once a U.S.-centric domain naming
>  system, one that retains substantial vestiges of that history.
>
>  If you're a Firefox user, I recommend obtaining and installing
>  a utility called SpoofStick, which alerts you to what is being
>  called "homograph" spoofing; that is, the character or glyph looks
>  like another, unrelated glyph. If you visit the Shmoo site with
>  SpoofStick installed, you get a big lovely warning.
>
><http://www.corestreet.com/spoofstick/>
>
>  Trust has gone out the window when you follow links in email or
>  on Web sites. There's no longer a way to be sure that the domain
>  name you're visiting is the one you think you are unless you check
>  the URL out in Terminal or have SpoofStick installed.
>
>  Realistically, the upshot of this situation is that you must be
>  even more careful about following links you receive in email to
>  sites that ask for sensitive information. A message that purports
>  to be from PayPal customer service, for instance, may look right
>  and even use URLs that appear to connect to PayPal's site, but
>  could in fact be taking you to another site designed to capture
>  your username and password. The likelihood of falling victim to
>  a spoofed URL on the Web itself is less likely, assuming you start
>  from a site that's a relatively trusted source. When in doubt,
>  fall back on common sense and check the URL by pasting suspect
>  URLs into Terminal to see if they're concealing any unusual
>  Unicode characters. Hopefully we'll see browser fixes soon:
>  simply displaying the full punycode-based domain name alongside
>  its actual representation would at least highlight what's
>  happening behind the scenes without interfering with navigation
>  or Web pages.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb 14 20:41:17 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 14 Feb 2005 23:41:17 -0500
Subject: Making your IM secure--and deniable
Message-ID: <p06110404be372da9370b@[68.167.57.91]>

<http://news.com.com/2102-7355_3-5576246.html?tag=st.util.print>

CNET News


 Making your IM secure--and deniable

 By Robert Lemos

 Story last modified Mon Feb 14 17:05:00 PST 2005



SAN FRANCISCO--When you hit the Send button on an instant message, do you
really know who is on the other end?

Two researchers at the University of California at Berkeley have created an
add-on to instant messaging that they claim will enable the participants to
identify each other and have a secure conversation without leaving any
proof that the chat occurred.

 The result, dubbed off-the-record (OTR) messaging by security researchers
Ian Goldberg and Nikita Borisov, is a plug-in for the Gaim
instant-messaging client that enables encrypted messages sans leaving a
key--a sequence of characters--that could be used to verify that the
conversation happened. That attribute, known in cryptography as perfect
forward security, also prevents snoopers from reading any copies of the
conversation.

"If tomorrow, my computer is broken into and the encryption key is stolen,
the attacker can't read future messages," said Goldberg, a graduate of
Berkeley.

 In order for a secure and deniable IM conversation to occur, both parties
need to have the off-the-record program installed on Gaim or use America
Online's Instant Messenger with a server set up to be a proxy with software
also developed by Goldberg and Borisov, the researchers said.

 When a previously unregistered user wants to have an OTC conversation, a
dialog box will appear with a digital key, identifying the sender. If the
user accepts the credentials of the person contacting him, the key will be
stored on his computer so that in the future, the sender is considered to
be trusted. After that, the two participants can chat securely; the
conversation is encoded so that others cannot intercept and read it.

 Goldberg and Borisov presented their program at the annual CodeCon
gathering of developers Saturday. People worried about instant-messaging
security can download the software from the duo's site.


Goldberg said current messaging is insecure and criticized other solutions
for leaving around logs and encryption keys that could be used as proof
that a conversation happened. He said OTR messaging would give the
participants the security without leaving any more trace of the
conversation than today's instant-messaging clients--a worry for the
privacy-centric security community.

 "I would like to see this on by default," Goldberg said. "When you chat
today, the messages are going through the clear, and there is no proof of
who you are talking to."

 While both the OTR messaging plug-ins and today's instant-messaging
clients enable either participant to record logs of a conversation, those
logs mean little after the conversation, Goldberg argued. The logs could be
edited to add content.

That's why the two researchers avoided using digital signatures, Goldberg
said. That technology for encrypting messages would have also acted as a
digital signature and left a signed record of the conversation.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Tue Feb 15 04:42:04 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 15 Feb 2005 07:42:04 -0500
Subject: Alleged mobsters guilty in vast Net, phone fraud
Message-ID: <p06110430be379e98af9e@[68.167.57.91]>

<http://www.msnbc.msn.com/id/6928696/print/1/displaymode/1098/>
  MSNBC.com

Alleged mobsters guilty in vast Net, phone fraud
Mafia scheme said to have netted $659 million over 7 years
By Mike Brunker
Reporter
MSNBC
Updated: 8:22 p.m. ET Feb. 14, 2005


Writing a sudden ending to what authorities say is one of the biggest
consumer fraud cases ever prosecuted, alleged members of one of New York's
most notorious Mafia families pleaded guilty Monday to conspiracy and fraud
charges stemming from an Internet and phone billing caper that bilked
consumers out of more than $650 million.

Prosecutors say the principals of the scheme, which ran from 1996 to 2003,
are members of the Gambino crime family, an outfit better known for such
muscle-and-blood criminal enterprises as gambling, loan sharking,
protection rackets and creative bookkeeping for construction projects and
garbage collection.

But in this case, prosecutors said, the hoods targeted phone customers and
Internet users, tricking them into responding to too-good-to-be-true offers
of free porn, psychic readings, dating services and sports picks, and then
putting the hurt on their pocketbooks with a series of unauthorized credit
card and telephone charges.

The mobsters also ripped off two federally supervised funds that subsidize
rural phone companies through another billing scam.

Alleged mastermind, Gambino 'capo' enter pleas
Among those who entered guilty pleas Monday in U.S. District Court in
Brooklyn - on the day jury selection was to have begun - were the alleged
mastermind of the scheme, Richard Martino, 45, known in the New York
tabloids as the "X-rated mobster," and 45-year-old Salvatore Locascio,
described by authorities as a Gambino "capo," or captain.

 Under the plea bargain, Martino pleaded guilty to one count of conspiracy
to commit mail and wire fraud and one count of extortion for forcefully
trying to extract a $1 million payment from a porn industry rival. Martino
faces up to 10 years in prison and agreed to forfeit $15 million under the
deal.

Locascio entered a guilty plea to a single count of  money laundering and
also faces up to 10 years in prison and forfeiture of $4.7 million.

Three other alleged mob associates - Dennis Martino, brother of Richard
Martino, Thomas Pugliese and Andrew Campos - pleaded guilty to a count of
conspiracy to commit mail and wire fraud. A fourth man, Zev Mustafa,
pleaded guilty to money laundering in connection with the scheme.

Daniel Martino, Pugliese and Campos each face up to five years in prison
and agreed to forfeit a total of $2.1 million, while Mustafa faces up to 10
years in prison and will forfeit $1.7 million.

Prosecutors allege that Richard Martino, a Gambino "soldier," directed the
scheme and paid $8 million of the proceeds directly to Locascio, the leader
of his "crew," and funneled at least $40 million more into Gambino family
coffers.

Bank, phone company purchased
The elaborate scheme brought in so much money that the defendants and
various co-conspirators were able to purchase a telephone company and bank
in Missouri, according to court documents. They also created at least 64
shell companies and opened a host of foreign bank accounts through which to
pass their ill-gotten gains, the documents said.

 In an indictment returned in March 2003, prosecutors alleged a two-headed
scheme:

People who called 1-800 phone numbers advertising free samples of phone
sex, psychic hot lines and dating services unwittingly triggered recurring
monthly charges that appeared on their phone bills as "voice-mail services"
and other innocuous services.

At the same time, the scheme trapped Web surfers seeking adult content on
the Internet by enticing them to enter their credit card information for
"free" tours, only to begin billing them between $20 and $90 a month.

 The defendants routinely changed corporate billing names and merchant
banks to stay one step ahead of authorities and foil Visa USA's
fraud-detection system, according to court documents. In 1999, they began
processing credit transactions in Guatemala to further muddy the waters,
the documents said.

Prosecutors charged that the Web sites used in the Internet scam were part
of a joint venture formed in 1996 between Crescent Publishing Group Inc., a
Manhattan company that published such high-profile adult magazines as
Playgirl and High Society, and Lexitrans Inc. of Overland Park, Kan., a Web
hosting company that they said was secretly controlled by Richard Martino.

 Surprise guilty pleas
The surprise guilty pleas on Monday, following negotiations that lasted
through the weekend, pre-empted what would have been one of the most
closely watched mob trials in years.

Using the power of plea bargains, prosecutors already had peeled off a
number of alleged co-conspirators who were expected to testify against
Martino and Locascio, including:
Norman Chanes, a 58-year-old millionaire advertising executive and movie
producer (co-producer of the 2000 film "Blue Moon," starring Ben Gazzara,
Rita Moreno and "Sopranos" cast member Vincent Pastore), who allegedly
advertised the 1-800 phone numbers used in the telephone fraud in magazines
and newspapers around the country.
Bruce Chew, 57, who was CEO of Crescent Publishing Co. Chew was a defendant
in a Federal Trade Commission lawsuit against Crescent Publishing that led
to a $30 million settlement in November 2001.
 Kenneth Matzdorff, a 48-year-old Missouri businessman who allegedly acted
as a front man to purchase the Cass County Telephone Co. in Peculiar, Mo.,
and the Garden City Bank in Garden City, Mo., on behalf of Richard Martino
and others. Matzdorff pleaded guilty in January to conspiracy to commit
mail and wire fraud charges under a plea agreement.

Another figure in the case who might have been called to testify is Carl
Ruderman, a 60-something-year-old publisher and philanthropist who
reportedly was the secret owner of Crescent Publishing.

 'The invisible man' of porn
Ruderman, dubbed "the invisible man" of porn by fellow skin magazine
publisher Al Goldstein in 1989 for his low profile, was never charged with
any crime, reportedly because he told authorities that he delegated
responsibility for day-to-day operations of Crescent Publishing to Chew and
had no knowledge of the billing scam.

 One former Crescent employee said that Ruderman certainly lived up to the
"invisible man" sobriquet at the company's Manhattan offices.

"We used to call him the Wizard of Oz, because you never saw the guy," said
the employee, who spoke with MSNBC.com on condition of anonymity. "I saw
him twice the whole time I worked for him."

Former Gambino crime boss John Gotti Sr., forever known as the "Dapper
Don," also had been expected to testify from the grave.

Longtime New York newspaper crime reporter Jerry Capeci, who now publishes
his work on the Ganglandnews.com Web site, said prosecutors had planned to
play a tape of a wiretapped conversation from January 1990 in which Gotti
sings the praises of newly minted mobsters Martino and Locascio, who had
just been inducted into the Gambino family.

'I like the Richies'

"I want guys that done more than killing," Capeci quotes Gotti as saying on
the tape, obtained from a listening device planted in an apartment above
the Ravenite Social Club in Manhattan's Little Italy. "I like the Richies.

 They're young - twenty-something, thirty-something -- 
 They're beautiful
guys. 
 Ten years from now, these young guys we straightened out, they're
going to be really proud of them."

Gotti died in prison at the age of 61 on June 10, 2002, from complications
of head and neck cancer while serving a sentence of life without parole for
murder and racketeering.

The criminal case was filed more than three years after the FTC announced
that it had filed suit, along with the New York attorney general's office,
to stop Crescent Publishing from "illegally billing thousands of consumers
for services that were advertised as 'free,' and for billing other
consumers who never visited the Web sites at all." The suit did not address
the phone billing portion of the scam.

In announcing the suit in August 2000, the FTC estimated that the "free
tour Web sites" had generated income of $188 million between 1997 and
October 1999, including $141 million in the first 10 months of 1999 alone.

According to Luke Ford, a pioneer blogger and keen observer of the Internet
porn scene, the scheme was able to roll up such huge numbers because of
deals Crescent made with two Internet traffic brokers - Serge Birbrair and
Yishai Habari - that resulted in millions of porn-seeking surfers a day
being directed to the sites.

Traffic brokers allegedly 'made millions'
"Yishai and Serge made millions off the scam and escaped FTC prosecution
because they only functioned as traffic brokers," Ford wrote on his Web
site.

Neither Birbrair nor Habari responded to e-mail requests for comment.

In November 2001, the FTC announced that Crescent Publishing and the
company's principal officers, Chew and David Bernstein, had agreed to pay
$30 million to settle the suit. The settlement also barred the company from
"charging, debiting or billing consumers" for any Web site services without
first obtaining a $10 million bond that could be used "to satisfy any
judgment entered against the defendants" following trial.

 Doug Wolfe, an FTC attorney who worked on the case, said that despite the
settlement, many victims never received compensation.

"Our biggest problem was we had to rely on the company's data to link
individuals to cards," he said. As of late 2004, the redress center
established to administer claims had issued refund checks to 189,646
accounts but had been unable to match names and credit card information for
887,793 others, he said.

Wolfe said the agency never uncovered any link between Crescent and
organized crime, but there were signs that this wasn't your run-of-the-mill
Internet fraud case.

 "It certainly was unique in my experience in terms of the number of
entities through which the money appeared to be moving," Wolfe told
MSNBC.com. "At the same time there were some unusual legal maneuvers.
Individuals on the eve of testifying would suddenly fire their lawyers 

and there was a general reluctance on the other side to engage in civil
discovery."

Phone bill 'cramming' comes under scrutiny
While the Internet operation was taking a hit, the scheme in which
consumers' phone bills were being improperly charged - a practice known as
"cramming" - also was coming under scrutiny.

Martino et al bought the Cass County Telephone Co.,or CassTel, a county
telephone company in Peculiar, Mo., (pop. 2,600) with 8,000 customers,
using Matzdorff as a front man and hiring him to run the company, according
to the indictment. Martino also gave Matzdorff $3 million in February 2001
to buy the Garden City Bank in Garden City, Mo., for purposes of credit
card processing, it said.

At the same time, prosecutors say Martino also formed a billing company
called USP&C to place the bogus charges on customers' phone bills and
charge the credit cards of surfers who visited Crescent Publishing's porn
sites.

 Matzdorff told prosecutors in New York that USP&C set up a call center to
handle complaints from outraged customers that handled an average of 17,000
calls a week at the height of the scheme.

Though USP&C billed telephone customers on behalf of numerous companies and
gave varying descriptions of the services allegedly provided, the billing
agent's high charge-back rate began to attract attention from phone
regulators.

Complaints prompted wave of refunds
In 1999, the California Public Utilities Commission investigated USP&C's
business conduct and found that of $51.5 million in billings to California
customers over the previous 18 months, 52 percent were refunded after
customers complained. The PUC eventually fined USP&C $1.75 million for
improper billing, but it was never able to collect it.

Estimates of the amount netted by the scam have grown steadily since the
March 2003 indictment was unsealed, when prosecutors estimated that the
Internet end of the operation netted $230 million while the phone scam
brought in approximately $200 million in revenue.

Later, federal charges filed in Kansas added $9 million to that tally,
money that prosecutors said the mob-run companies stole by overbilling two
federally supervised telecommunications funds - the Universal Service
Administrative Co. and the National Exchange Carriers Association.

But sources familiar with the case told MSNBC.com that the estimate swelled
recently when prosecutors obtained more information indicating that the
phone "cramming" actually generated at least $420 million, bringing the
overall total to $659 million.

Given the riches the Gambino family allegedly struck in what experts say
apparently was its first major foray into Internet crime, it is surprising
that authorities say the Crescent Publishing case is still the exception to
the Cosa Nostra rule.

Dave Thomas, chief of the FBI's Computer Intrusion Section, said in an
interview published Nov. 29, 2004, by the trade publication Network World
Fusion that there is no evidence indicating that the Mafia has moved into
Internet crime in a big way.

No 'big move' to Internet
"We haven't seen a big move with the traditional Italian-based Mafia groups
to the Internet ... not like we have with the Eastern European hacking
groups," he said. "But as the money (to be made) becomes more and more
widely publicized, they probably will."

Capeci, the crime reporter who specializes in the mob, said there should be
no doubt about that.

"There's no question Locascio's crew is a bit more advanced or
sophisticated than many other mob families, but the trend among the
gangsters is to move away from the stuff that the law enforcement community
is well aware of and to move into new things," he said. "And there's
nothing they won't do if they can figure out how to do it."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Tue Feb 15 04:42:10 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 15 Feb 2005 07:42:10 -0500
Subject: FEC May Tighten Restrictions On Internet Political Activity
Message-ID: <p06110426be379e96af21@[68.167.57.91]>

<http://www.drudgereport.com/flash3fec.htm>

The Drudge Report



 FEC May Tighten Restrictions On Internet Political Activity
 Mon Feb 14 2005 10:38:41 ET

 The Federal Election Commission next month will begin looking at
tightening restrictions on political activities on the Internet, ROLL CALL
reports Monday.

 The FEC is planning to examine the question of how Internet activities,
when coordinated with candidates' campaigns, fit into the definition of
'public communications.

 Specifically, the FEC is planning to examine the question of how Internet
activities, when coordinated with candidates' campaigns, fit into the
definition of "public communications." While coordinated communications are
considered campaign contributions and therefore subject to strict
contribution limits, current FEC regulations adopted in 2002 carve out an
exemption for coordinated political communications that are transmitted
over the Internet.

 Developing...

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Tue Feb 15 04:42:11 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 15 Feb 2005 07:42:11 -0500
Subject: J.P. Morgan Paying $2.1M in Settlement
Message-ID: <p06110424be379e96af0a@[68.167.57.91]>

<http://www.forbes.com/home/feeds/ap/2005/02/14/ap1826161.html>

Forbes


Associated Press
Update 1: J.P. Morgan Paying $2.1M in Settlement
 02.14.2005, 06:02 PM

The securities arm of J.P. Morgan Chase & Co. has agreed to pay $2.1
million to settle regulators' charges that it failed to preserve e-mails
sought by the authorities in their 2002-2003 investigation of alleged
conflicts of interest at Wall Street investment houses.

J.P. Morgan Securities Inc. is paying $700,000 in civil fines in each of
three separate settlements with the Securities and Exchange Commission, the
New York Stock Exchange and the National Association of Securities Dealers,
which is the brokerage industry's self-policing organization. The
investment firm neither admitted nor denied the allegations of violating
record-keeping rules.

J.P. Morgan spokesmen declined comment.

J.P. Morgan was among ten of Wall Street's biggest firms that paid a total
$1.4 billion and adopted reforms as a result of the investigation, in which
regulators found that they issued biased ratings on stocks to lure
investment-banking business. J.P. Morgan's share of the industrywide
settlement, reached in April 2003, was $80 million.

In the course of the investigation, begun in April 2002, J.P. Morgan told
the regulators that all the relevant e-mails had been provided, the SEC
said. In fact, the agency, said, the firm's systems and procedures for
retaining e-mails "were inadequate to ensure that all electronic
communications relating to (its) business were preserved for three years
and for the first two years in an easily accessible place" as required by
the rules.

Companies' retention of internal documents took on new importance after the
Enron scandal, in which key papers were shredded, and the landmark
anti-fraud law enacted in July 2002 created new penalties for document
destruction.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Tue Feb 15 05:11:41 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 15 Feb 2005 08:11:41 -0500
Subject: TSA's Secure Flight (was Re: CRYPTO-GRAM, February 15, 2005)
In-Reply-To: <4.2.2.20050215062159.020c2850@10.0.0.205>
References: <4.2.2.20050215062159.020c2850@10.0.0.205>
Message-ID: <p06110437be37a56b4908@[68.167.57.91]>

At 6:23 AM -0600 2/15/05, Bruce Schneier wrote:
>                TSA's Secure Flight
>
>
>
>As I wrote last month, I am participating in a working group to study
>the security and privacy of Secure Flight, the U.S. government's
>program to match airline passengers with a terrorist watch list. In the
>end, I signed the NDA allowing me access to SSI (Sensitive Security
>Information) documents, but managed to avoid filling out the paperwork
>for a SECRET security clearance.
>
>Last month the group had its second meeting.
>
>At this point, I have four general conclusions. One, assuming that we
>need to implement a program of matching airline passengers with names
>on terrorism watch lists, Secure Flight is a major improvement -- in
>almost every way -- over what is currently in place. (And by this I
>mean the matching program, not any potential uses of commercial or
>other third-party data.)
>
>Two, the security system surrounding Secure Flight is riddled with
>security holes. There are security problems with false IDs, ID
>verification, the ability to fly on someone else's ticket, airline
>procedures, etc.  There are so many ways for a terrorist to get around
>the system that it doesn't provide much security.
>
>Three, the urge to use this system for other things will be
>irresistible. It's just too easy to say: "As long as you've got this
>system that watches out for terrorists, how about also looking for this
>list of drug dealers...and by the way, we've got the Super Bowl to
>worry about too." Once Secure Flight gets built, all it'll take is a
>new law and we'll have a nationwide security checkpoint system.
>
>And four, a program of matching airline passengers with names on
>terrorism watch lists is not making us appreciably safer, and is a
>lousy way to spend our security dollars.
>
>Unfortunately, Congress has mandated that Secure Flight be implemented,
>so it is unlikely that the program will be killed. And analyzing the
>effectiveness of the program in general, potential mission creep, and
>whether the general idea is a worthwhile one, is beyond the scope of
>the working group. In other words, my first conclusion is basically all
>that they're interested in hearing.
>
>But that means I can write about everything else.
>
>To speak to my fourth conclusion: Imagine for a minute that Secure
>Flight is perfect. That is, we can ensure that no one can fly under a
>false identity, that the watch lists have perfect identity information,
>and that Secure Flight can perfectly determine if a passenger is on the
>watch list: no false positives and no false negatives. Even if we could
>do all that, Secure Flight wouldn't be worth it.
>
>Secure Flight is a passive system. It waits for the bad guys to buy an
>airplane ticket and try to board. If the bad guys don't fly, it's a
>waste of money. If the bad guys try to blow up shopping malls instead
>of airplanes, it's a waste of money.
>
>If I had some millions of dollars to spend on terrorism security, and I
>had a watch list of potential terrorists, I would spend that money
>investigating those people. I would try to determine whether or not
>they were a terrorism threat before they got to the airport, or even if
>they had no intention of visiting an airport. I would try to prevent
>their plot regardless of whether it involved airplanes. I would clear
>the innocent people, and I would go after the guilty. I wouldn't build
>a complex computerized infrastructure and wait until one of them
>happened to wander into an airport. It just doesn't make security sense.
>
>That's my usual metric when I think about a terrorism security measure:
>Would it be more effective than taking that money and funding
>intelligence, investigation, or emergency response -- things that
>protect us regardless of what the terrorists are planning next. Money
>spent on security measures that only work against a particular
>terrorist tactic, forgetting that terrorists are adaptable, is largely
>wasted.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Tue Feb 15 05:36:01 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 15 Feb 2005 08:36:01 -0500
Subject: Paradigms for Paranoids
Message-ID: <p06110452be37a9a546af@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/14/codecon_paradigm_for_paranoids/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Software ; Developer ;


Paradigms for Paranoids
By Team Register (feedback at theregister.co.uk)
Published Monday 14th February 2005 22:15 GMT

Codecon 2005 The fourth annual CodeCon - "a workshop for developers of
real-world applications that support individual liberties" - convened
Friday afternoon (11 Feb) at Club NV (envy, not Nevada), amid ghostly
laptop panels hovering in violet-tinted danceclub murk.

First-day registrations reached a respectable 90 (at $80 each), with more
expected as the weekend progresses.

The highlight among the first day's five presentations was Ian Goldberg and
Nikita Borisov on Off-the-Record Messaging (http://www.cypherpunks.ca/otr/)
(OTR), where 'messaging' can be instant messaging in any of its various
formats, including online games, and "off the record" is meant to emulate
as closely as possible the realworld strategy of sneaking off somewhere
private, where you can talk with absolutely no record of what you said that
might come back later to haunt you. (I was reminded of Maxwell Smart's
ill-omened Cone of Silence.)

Conventional crypto technologies are optimised for (e.g.) enduring longterm
contracts, but OTR prefers that messages be written as if in sand, via
"perfect forward secrecy" (PFS) and "repudiable authentication". (Even if
your conversation is cracked and transcribed, the programmers have included
a "forgery toolkit" that allows you to repudiate such transcripts as
trivial to forge.)

With such glorious levels of intimate distrust, I was surprised Ian didn't
name his exemplary chatterers "Bill" and "Monica" - both Ian and Nikita
were witty presenters, with the former doing funny voices, and the latter
offering, when a projector bulb blew during their demo, to substitute an
interpretive dance.

Another maniacally brilliant twist is that they can invisibly solicit OTR
dialogs from strangers in chat by appending an inconspicuous all-whitespace
flag, consisting of a characteristic arrangement of 24 spaces and tabs. And
it was a pleasure, as well, to hear the consistently high level of followup
questions after their talk.

Other first-day presentations: Hal Finney on digital cash ("The owner of
the server is the enemy"), David Reid and Ben Laurie of Apache on adding
group-based access controls to the certification process, Walter Landry's
exhaustive comparative benchmarking of distributed version-control apps
(due to be posted here (http://www.nongnu.org/arx/)), and Cat Okita on
reputation management.

See the schedule (http://www.codecon.org/2005/schedule.html) and program
(http://www.codecon.org/2005/program.html) for details. .


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Tue Feb 15 05:43:43 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 15 Feb 2005 08:43:43 -0500
Subject: How to isolate DNA with salad-spinner
Message-ID: <p0611044abe37a99843ad@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/14/codecon_2005/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Security ; Network Security ;

 Original URL: http://www.theregister.co.uk/2005/02/14/codecon_2005/

How to isolate DNA with salad-spinner
By Jorn Barger (feedback at theregister.co.uk)
Published Monday 14th February 2005 16:25 GMT

CodeCon 2005 For sheer hackerly exuberance, the best-received presentation
at CodeCon 2005 was the closer by Dan Kaminsky of Doxpara
(http://doxpara.com/), showing the progress he's made on his DNS exploit
OzymanDNS since he presented it at Defcon last August.

At that time he offered to archive Knoppix across 35,000 DNS caches by
posting, to each cache, 80 records of 256 bytes each - he's now simplified
that to something more like five records of 4k each. It's still
untraceable, unblockable by firewalls, and allows effectively unlimited
simultaneous downloads, with the download speed limited primarily by how
fast your system can run his Perl script.

He calls this extremely versatile new trick "Fragile Router Protocol" and
warns security mavens they're going to have to start hustling to have any
hope of keeping up.

The flashiest demo of the day was Incoherence, a visualization tool for
helping record producers maximize the subjective separation between
instruments, and to fill the perceived space with a full range of
frequencies. This is available as a fun free download
(http://omgaudio.com/incoherence/) for various platforms.

Meredith Patterson of Integrated DNA Technology showed how to isolate DNA
at home using shampoo, meat tenderizer, and a salad-spinner, and assured
the audience that anthrax DNA could indeed theoretically be created using
the web tools offered by her company. And after the very first Sunday
presentation, one audience member claimed he found the new web programming
language Wheat "so beautiful, it's made me cry!"

The most stimulating concept of Day Two was arguably a programming
triviality - in order to raise the level of debate in their online
courseware, H2O, the Berkman Center of Harvard Law School introduced an
artificial delay (call it "positive community latency" perhaps), so that
posts were just as likely to be read if their authors took several days to
craft them, as if they jumped in immediately with something inane.

Slashdot is of course the canonical example of the inverse relation between
speed and seriousness - if a latency of even an hour or two were
introduced, and all posts made during that time displayed at once in order
of karmic reputation, the general level of debate would surely rise
substantially.

See the CodeCon site for more details
(http://www.codecon.org/2005/program.html). .


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Tue Feb 15 06:11:05 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 15 Feb 2005 09:11:05 -0500
Subject: Nigerians turn to vigilantes
Message-ID: <p06110457be37b30478e4@[68.167.57.91]>

<http://news.bbc.co.uk/2/low/africa/4265415.stm>

The BBC

Tuesday, 15 February, 2005, 12:38 GMT

 Nigerians turn to vigilantes
By Sola Odunfa
 BBC Africa Live, Lagos


Not so long ago, mangled bodies or charred remains of mob justice victims
littered the streets of Lagos, Nigeria's largest city.

Health workers could hardly cope with removing the bodies immediately.

 Many of the victims died in agony from burning tyre necklaces and others
were either stoned or beaten to death.

 Now, there are many fewer such gruesome deaths because well-organised
vigilante groups have scared many robbers away.

 The police were overwhelmed by the sheer number of the criminals. In
frustration and anger the public decided to take the law into their hands
in self-protection.

 Mob justice became popular in Nigeria during the years of military rule
when violent personal crimes rose uncontrollably.

 "How is your community dealing with crime? "


 Gangs of young men armed with guns and pick-axes rampaged the streets
night and day, robbing people with violence.

 Rape was a common feature in most robberies.

 Security committees

Frightened by the growing crime rate, the public responded by setting up
neighbourhood watch or market security committees who, in turn, engaged
vigilantes.

 "When armed men broke into my residence five years ago. They did terrible
things to my wife and children."
 Anonymous civil servant



They were well paid and armed with locally-made guns and charms.

 The vigilantes usually live in the neighbourhoods they protect; they know
the "bad boys" there.

 They will usually send word to suspects to leave the area or face their wrath.

 If their warning is not heeded, they are known to mount midnight raids on
the suspects' hideout. The result is often brutal death.

 A civil servant who sought anonymity for fear of reprisal, says no robber
should be spared.

 "When armed men broke into my residence five years ago. They did terrible
things to my wife and children."

 "I have not recovered from that psychological wound. Since then I have
been joining any mob anywhere to deal with any robbers caught. They don't
deserve to live," he says.

 Popular support

 Nowadays, most of the killings are carried out by vigilante groups set up
by communities and market traders' groups.

 The activities of the vigilantes are not supported by the police but not
much is done to curb them because they seem to enjoy popular support.

 In Lagos, the best known of the vigilantes are members of the Odua Peoples
Congress (OPC).

 They have a reputation for being ruthless in dealing with suspected
criminals and being incorruptible.

 Despite being outlawed by President Olusegun Obasanjo four years ago, the
OPC continues to enjoy a large measure of public support, not only in Lagos
but all over south-west Nigeria.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From mdpopescu at yahoo.com  Tue Feb 15 01:48:43 2005
From: mdpopescu at yahoo.com (Marcel Popescu)
Date: Tue, 15 Feb 2005 11:48:43 +0200
Subject: Don't Trust Your Eyes or URLs (was Re:
  TidBITS#766/14-Feb-05)
In-Reply-To: <p06110400be372befcf56@[68.167.57.91]>
Message-ID: <200502150947.j1F9lB13019549@positron.jfet.org>

> From: owner-cypherpunks at Algebra.COM [mailto:owner-cypherpunks at Algebra.COM]
> On Behalf Of R.A. Hettinga

> >Don't Trust Your Eyes or URLs
> >-----------------------------
> >  by Glenn Fleishman <glenn at tidbits.com>

> >  The likelihood of falling victim to
> >  a spoofed URL on the Web itself is less likely, assuming you start
> >  from a site that's a relatively trusted source.

Actually, as we've seen in probably the first example of this technique, you
can start from a bid on eBay which says "click here to pay with PayPal", and
get somewhere else; and one will likely assume the best, since he trusts
eBay.

Marcel


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.8.8 - Release Date: 2/14/2005




From rah at shipwright.com  Tue Feb 15 09:14:57 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 15 Feb 2005 12:14:57 -0500
Subject: 'Trustworthy' Computing Now Gates' Focus
Message-ID: <p06110476be37de6aa50d@[68.167.57.91]>

<http://news.yahoo.com/news?tmpl=story&cid=562&u=/ap/20050215/ap_on_hi_te/security_conference_6&printer=1>

Yahoo!


'Trustworthy' Computing Now Gates' Focus



 1 hour, 21 minutes ago

By MATTHEW FORDAHL, AP Technology Writer

SAN JOSE, Calif. -  Microsoft Corp. co-founder Bill Gates (news - web
sites) is expected to give his perspective Tuesday on computer security and
provide an update on the software giant's efforts to make computing more
"trustworthy."


 He will speak to an estimated 11,000 security experts gathered for the
weeklong RSA Conference, sponsored by RSA Security Inc., based in Bedford,
Mass.

 In the three years since Microsoft launched its initiative to improve the
security of its products, the company has changed how its software is
written, improved the mechanism for fixing bugs and released some tools for
removing virtual pests.

 So far, results have been mixed. While there have been no major attacks in
recent months, the number of worms and viruses continues to grow and other
headaches - such as spam, spyware and adware - are multiplying and quickly
becoming security threats themselves.

 Most still target Microsoft Windows, the world's dominant operating system.

 Since Gates (now the company's chairman and chief software architect)
spoke at the RSA Conference in 2004, Microsoft has issued a major security
upgrade to Windows XP (news - web sites) aimed at blocking malicious code
and protecting users from downloading programs that might carry a virus,
worm or other unwanted program.

 The company also has recently started releasing programs that remove a
limited number of worms and other pests. It's also giving away an early
version of Microsoft AntiSpyware, a program that removes unwanted programs
and helps protect new ones from being installed.

 But so far it's remained mum on when it will jump into the antivirus
software business and directly compete against companies that sell programs
designed to shore up Windows.

 Microsoft declined to comment in advance of the speech.

 "It may be something of a natural evolution for them, although ironic
given that it's a majority of their software is what they're having to
protect," said Vincent Gullotto, vice president of McAfee's Antivirus and
Vulnerability Emergency Response Team.

 "While they're building software to protect their software, they're also
building their software to be secure," he added. "It should prove to be
some interesting times."

 Meanwhile, Microsoft continues to be a target. Last week, a "Trojan horse"
program was detected that attempts to shut down its antispyware program as
well as steal online banking passwords.

 "This particular attempt appears to be the first by any piece of malware
to disable Microsoft AntiSpyware, but it may be the first of many such
future attacks," said Gregg Mastoras, senior security analyst at Sophos
PLC, a security firm.

 Meanwhile, other security software vendors aren't standing still.

 Symantec, for instance, has unveiled a new version of its corporate
computer security software that promises not only to remove traditional
viruses and worms but also adware and spyware. The updated programs are
expected to be available next month.

 "Customers are looking for spyware and adware protection from their
antivirus vendor, a partner they trust," said Brian Foster, Symantec's
senior director of product management for client and host security.

 McAfee Inc., another antivirus company, also is putting a greater focus on
spyware and adware with its McAfee Anti-Spyware Enterprise for
corporations. It will be available March 2.

 McAfee also is announcing that it will send out updates of its virus
definitions on a daily, rather than weekly basis. The new program starts
Feb. 24 for its corporate clients. The more frequent updates will be
available for its retail software in about three months, Gullotto said.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From jrandom at i2p.net  Tue Feb 15 12:52:27 2005
From: jrandom at i2p.net (jrandom)
Date: Tue, 15 Feb 2005 12:52:27 -0800
Subject: [i2p] weekly status notes [feb 15]
Message-ID: <mailman.1175.1576007656.31620.cypherpunks-legacy@lists.cpunks.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bonjour, sa cette fois de la semaine encore,

* Index
1) Net status
2) 0.5 status
3) i2p-bt 0.1.7
4) ???

* 1) Net status

While no new bugs have shown up in the network, last week we gained
some exposure on a popular French p2p website, which has led to an
increase both in users and in bittorrent activity.  At the peak, we
reached 211 routers on the net, though its hovering between 150 and
180 lately.  Reported bandwidth usage has been up as well, though
unfortunately the irc reliability has been degraded, with one of the
servers lowering their bandwidth limits due to the load.  There have
been a bunch of improvements to the streaming lib to help with this,
but they've been on the 0.5-pre branch, so not yet available to the
live net.

Another transient problem has been the outage of one of the HTTP
outproxies (www1.squid.i2p), causing 50% of outproxy requests to
fail.  You can temporarily remove that outproxy by opening up your
I2PTunnel config [1], editing the eepProxy, and changing the
"Outproxies:" line to contain only "squid.i2p".  Hopefully we'll
get that other one back online soon to increase redundancy.

[1] http://localhost:7657/i2ptunnel/index.jsp

* 2) 0.5 status

There has been lots of progress this past week on 0.5 (I bet you're
tired of hearing that, 'eh?).  Thanks to the help of postman,
cervantes, duck, spaetz, and some unnamed person, we've been running
a test network with the new code for nearly a week and have worked
through a good number of bugs that I hadn't seen in my local test
network.

For the past day or so now, the changes have been minor, and I don't
forsee any substantial code left before the 0.5 release goes out.
There is some additional cleaning, documentation, and assembly left,
and it doesn't hurt to let the 0.5 test network churn through in
case additional bugs are exposed over time.  Since this is going to
be a BACKWARDS INCOMPATIBLE RELEASE, to give you time to plan for
updating, I'll fix a simple deadline of THIS FRIDAY as when 0.5
will be released.

As bla mentioned on irc, eepsite hosts may want to take their site
down on Thursday or Friday and keep them down until Saturday when
many users will have upgraded.  This will help reduce the effect of
an intersection attack (e.g. if 90% of the network has migrated to
0.5 and you're still on 0.4, if someone reaches your eepsite, they
know you're one of the 10% of routers left on the network).

I could start to get into whats been updated in 0.5, but I'd end up
going on for pages and pages, so perhaps I should just hold off and
put that into the documentation which I should write up :)

* 3) i2p-bt 0.1.7

duck has put together a bugfix release to last week's 0.1.6 update,
and word on the street says its kickass (perhaps /too/ kickass,
given the increased network usage ;)  More info up @ the i2p-bt
forum [2]

[2] http://forum.i2p.net/viewtopic.php?t=300

* 4) ???

Lots of other things going on in the IRC discussions and on the
forum [3], too much to briefly summarize.  Perhaps the interested
parties can swing by the meeting and give us updates and thoughts?
Anyway, see y'all shortly

=jr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCEl/OGnFL2th344YRAkZQAKC5A+M6tX01BKKplopedAqvpV0QZQCgy+C7
Cbz/JT+3L2OfdhKAy8p/isQ=
=VUm2
-----END PGP SIGNATURE-----
_______________________________________________
i2p mailing list
i2p at i2p.net
http://i2p.dnsalias.net/mailman/listinfo/i2p

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From steve49152 at yahoo.ca  Tue Feb 15 10:20:14 2005
From: steve49152 at yahoo.ca (Steve Thompson)
Date: Tue, 15 Feb 2005 13:20:14 -0500 (EST)
Subject: What is a cypherpunk?
In-Reply-To: <4210A51B.5050901@students.bbk.ac.uk>
Message-ID: <20050215182014.28839.qmail@web51802.mail.yahoo.com>

 --- ken <bbrow07 at students.bbk.ac.uk> wrote: 
> James A. Donald wrote:
> 
> > The state was created to attack private property rights - to
> > steal stuff.  Some rich people are beneficiaries, but from the
> > beginning, always at the expense of other rich people.
> 
> More commonly states defend the rich against the poor.  They are 
> what underpins property rights, in the  sense of "great property" 

More of the usual bullshit, SOP for the quasi-anonymised defenders of
local trvth.

State _workers_ attack property rights; state _workers_ act to aid 'the
rich' in consolidating and concentrating property and property rights
against 'the poor'.  In exchange for a little job security, state
_workers_ have passivly evolved a neat little system which may be
exploited by knowledgeable insiders for their own malign purposes.  

Congratulations to the defenders of Truth, Freedom, and Democracy for in
effect rolling back property rights (to say nothing of human and civil
rights), in effect cancelling the legal advances brought about by the
Magna Carta and succeeding documents.  It is a testament to the success
and current fashion of reality simplification that state agents may
arbitrarily employ the tools of terrorism, appropriation and confiscation,
arbitrary detention, and not insignificantly, micromanage _de facto_
slaves according to their whims, or at least those of their privilaged
benefactors.  This is accomplished by the strategic use of pretexts --
some secret, others validated by tenets of pop culture; none of which may
be assailed by reasonable means -- to lend a veneer of legitimacy to the
acts of violence.  And in this vein I should not need to remind anyone of
the fact that theft, as much as a boot to the head or back of the neck, is
an act of violence; and no matter if it is perpetrated by seeming
officiousness by way in some farcical one-sided and secret legal process,
or by dint of a convenient and contrived necessity.  

> - until the industrial revolution that was mostly rights to land 
> other people farm or live on. Every society we know about has had 
> laws and customs defending personal property (more or less 
> successfully) but it takes political/military power to defend the 
> right to exact rent from a large estate, and state power to defend 
> that right for thousands or millions of landowners.

Uh-huh.  And what of the state of affairs where rights of property, for
example, may be subverted by fraud and the means of legal redress (no
matter how unjust, inefficient and ineffective they may be for practical
purposes) are closed off, one by one, so that the victims of state
violence are allowed NO OPTIONS or RELEIF, perhaps to start again from
scratch, but more likely to whither and die on the vine, ignored except
when it is necessary to reinforce the conditioning to ruin by the
application of a periodic boot to the back of the neck.
 
> > Again, compare the burning of Shenendoah with the Saint
> > Valentine's day massacre.  There is just no comparison.
> > Governmental crimes are stupendously larger, and much more
> > difficult to defend against.
> 
> True.
> 
> The apposite current comparison is 9/11 the most notorious piece 
> of private-enterprise violence in recent years, and the far more 
> destructive  US revenge on Afghanistan and Iraq. Which was 
> hundreds of times more destructive but hundreds of thousands of 
> times more expensive, so far less cost-effective - but in a a war 
> of attrition that might not matter so much. Of course the 
> private-enterprise AQ & their friends the Taliban booted 
> themselves into a state, of sorts in Afghanistan, with a little 
> help from their friends in Pakistan and arguable amounts of US 
> weaponry. Not that Afghanistan was the sort of place from which 
> significant amounts of tax could be collected to fund further 
> military adventures.
> 
> States can get usually get control of far larger military 
> resources than private organisations, and have fewer qualms about 
> wasting them.  Not that it makes much difference to the victims - 
> poor peasants kicked off land wanted for oilfields in West Africa 
> probably neither know nor care whether the troops who burned their 
> houses were paid by the oil companies or the local government.

And you all may cluck cluck safely in your ivory towers at the sorry state
of others affairs, pontificating (again, safely) at an intellectual remove
from the ground that is in conflict and at issue.  Obvioulsly the best way
to seem comitted to change and a solution to difficult problems without
actually risking engagement with the core matter.


This list is becoming a chore to read.  Would someone find out where Tim
May and Detwellier (for a start) are hiding, and please recommend them
back to Cypherpunks?   When such as they were active, we could be assured
of lively and entertaining debate.  These days, the air is rather too thin
to support vigorous and sincere exchange.


Regards,

Steve


______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca




From steve49152 at yahoo.ca  Tue Feb 15 10:23:37 2005
From: steve49152 at yahoo.ca (Steve Thompson)
Date: Tue, 15 Feb 2005 13:23:37 -0500 (EST)
Subject: What is a cypherpunk?
In-Reply-To: <4210EDF7.20051.453C2F4@localhost>
Message-ID: <20050215182338.5761.qmail@web51810.mail.yahoo.com>

 --- "James A. Donald" <jamesd at echeque.com> wrote: 
[snip]
> As governments were created to smash property rights, they are 
> always everywhere necessarily the enemy of those with property, 
> and the greatest enemy of those with the most property.

Uh-huh.  Perhaps you are using the term 'government' in a way that is not
common to most writers of modern American English?


Regards,

Steve


______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca




From rah at shipwright.com  Tue Feb 15 10:40:33 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 15 Feb 2005 13:40:33 -0500
Subject: Digital Water Marks Thieves
Message-ID: <p061104adbe37f1e7369a@[68.167.57.91]>

Until, of course, people figure out that taggants on everything do nothing
but confuse evidence and custody, not help it.

Go ask the guys in the firearms labs about *that* one.

Cheers,
RAH
-------

<http://www.wired.com/news/print/0,1294,66595,00.html>

Wired News


Digital Water Marks Thieves 
By Robert Andrews?

Story location: http://www.wired.com/news/technology/0,1282,66595,00.html

02:00 AM Feb. 15, 2005 PT

CARDIFF, Wales -- Crooked criminal hearts may have fluttered and skipped a
beat Monday when some of Britain's most notorious thieves opened a
valentine from an unwelcome secret admirer -- one of London's top female
police chiefs.

 But the greeting -- in which Chief Superintendent Vicki Marr wrote
"thinking of you and what you do" -- was not so much an amorous expression
to the underworld as part of a sting designed to catch hard-core burglars
using new chemical microdot crime-fighting technology.


 SmartWater is a clear liquid containing microscopic particles encoded with
a unique forensic signature that, when found coated on stolen property,
provides a precise trace back to the owner and, when detected on a suspect,
can conclusively implicate a felon.

 Likened to giving household items and vehicles a DNA of their own, the
fluid is credited with helping cut burglary in Britain to a 10-year low,
with some cities reporting drops of up to 85 percent.

 A decade in the making, SmartWater is the name for a suite of forensic
coding products. The first, Instant, is a property-marking fluid that, when
brushed on items like office equipment or motorcycles, tags them with
millions of tiny fragments, each etched with a unique SIN (SmartWater
identification number) that is registered with the owner's details on a
national police database and is invisible until illuminated by police
officers using ultraviolet light.

 A second product, the Tracer, achieves a similar goal by varying the blend
of chemical agents used in the liquid to produce one of a claimed 10
billion one-off binary sequences, encoded in fluid combinations themselves.

 SmartWater CEO Phil Cleary, a retired senior detective, hit upon the idea
after watching burglars he had apprehended walk free from court due to lack
of evidence.

 "It was born out of my frustration at arresting villains you knew full
well had stolen property, but not being able to prove it," he said.

 "Just catching someone with hot goods, or a police officer's gut belief a
suspect is guilty, are not enough to secure a conviction -- so we turned to
science."

 Cleary is reluctant to discuss "trade secret" details of a product he has
patented, but he concedes that, together with chemist brother Mike, he has
developed "a mathematical model that allows us to generate millions of
chemical signatures" -- an identifier he boasts is "better than DNA."

 But more than property can get tagged. In spray form, the fluid marks
intruders with a similarly unique code that, when viewed under UV in a
police cell, makes a red-faced burglar glow with fluorescent green and
yellow blotches. The resemblance to Swamp Thing and the forensic signature
found on his body are telltale signs the suspect has been up to no good at
a coded property.

 "It's practically impossible for a criminal to remove; it stays on skin
and clothing for months," Cleary added. "If a villain had stolen a watch,
they might try to scrape off the fluid -- but they would have to remove
every last speck, which is unlikely.

 "Sometimes burglars who know they are tagged with the liquid scrub
themselves so hard behind the ears to get it off, police arresting them end
up having to take them into hospital for skin complaints. But we don't have
much sympathy for them."

 Law enforcers are confident SmartWater can help improve Britain's mixed
fortunes on combating burglary. Nationwide, instances of the crime have
fallen by 42 percent since 1997, but the proportion of those resulting in
convictions has also halved, from 27 percent to just 13 percent. So, while
SmartWater is available commercially with a monthly subscription, many
police forces are issuing free kits to vulnerable households in crime hot
spots, hoping it can help put away more perps.

 The microdot tech could prove invaluable in a courtroom, but it is also an
effective deterrent. Most burglaries happen because criminals know there is
little chance of being arrested during a break-in, according to U.K.
government data (.pdf). But posters and stickers displayed in
SmartWater-coded cities and homes warn off would-be crooks.

 Word on the criminal grapevine, say police, is that anyone stealing from a
coded home is likely to leave the crime scene having pilfered an indelible
binary sequence that will lead only to jail time; it's not worth the risk.

 Marr sent her valentine -- reading "roses are red, violets are blue, when
SmartWater's activated, it's over for you" -- to known criminals in
Croydon, London, reinforcing the message in what Cleary said amounts to
"psychological warfare" against burglars.

 "Since we started using it in Croydon, burglaries are down by 27 percent,"
said Sgt. Phil Webb of the Metropolitan Police, which started testing the
product in the region in late 2003 and has given 2,000 packs to citizens.

 "It puts the fear back into the criminal -- we know who they are, and we
will use every new tool and technology at our disposal to bring them to
book."

 Other forces using SmartWater have reported burglary reductions of up to
65 percent, while Cleary said England's West Yorkshire force was due to
announce a decrease of 85 percent after testing the product in the northern
town of Halifax.

 Graham Gooch, a criminal investigations tutor at the University of Central
Lancashire and a former detective of 30 years, said the product is the
market leader, advancing crime-fighting efforts.

 "Now, if a suspect caught with a stolen VCR turns green, they can't claim
they got it from some bloke down the pub," he said.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From morlockelloi at yahoo.com  Tue Feb 15 13:44:56 2005
From: morlockelloi at yahoo.com (Morlock Elloi)
Date: Tue, 15 Feb 2005 13:44:56 -0800 (PST)
Subject: But does it pass Diehard?
In-Reply-To: <20050215182014.28839.qmail@web51802.mail.yahoo.com>
Message-ID: <20050215214457.80046.qmail@web40601.mail.yahoo.com>

Apologies for introducing crypto-related stuff: 

RNG that reads minds and predicts future:


http://www.rednova.com/news/display/?id=126649



Can This Black Box See Into the Future?

DEEP in the basement of a dusty university library in Edinburgh lies a
small black box, roughly the size of two cigarette packets side by side,
that churns out random numbers in an endless stream.

At first glance it is an unremarkable piece of equipment. Encased in
metal, it contains at its heart a microchip no more complex than the
ones found in modern pocket calculators.

But, according to a growing band of top scientists, this box has quite
extraordinary powers. It is, they claim, the 'eye' of a machine that
appears capable of peering into the future and predicting major world
events.

The machine apparently sensed the September 11 attacks on the World
Trade Centre four hours before they happened - but in the fevered mood
of conspiracy theories of the time, the claims were swiftly knocked back
by sceptics. But last December, it also appeared to forewarn of the
Asian tsunami just before the deep sea earthquake that precipitated the
epic tragedy.

Now, even the doubters are acknowledging that here is a small box with
apparently inexplicable powers.

'It's Earth-shattering stuff,' says Dr Roger Nelson, emeritus researcher
at Princeton University in the United States, who is heading the
research project behind the 'black box' phenomenon.

'We're very early on in the process of trying to figure out what's going
on here. At the moment we're stabbing in the dark.' Dr Nelson's
investigations, called the Global Consciousness Project, were originally
hosted by Princeton University and are centred on one of the most
extraordinary experiments of all time. Its aim is to detect whether all
of humanity shares a single subconscious mind that we can all tap into
without realising.

And machines like the Edinburgh black box have thrown up a tantalising
possibility: that scientists may have unwittingly discovered a way of
predicting the future.

Although many would consider the project's aims to be little more than
fools' gold, it has still attracted a roster of 75 respected scientists
from 41 different nations. Researchers from Princeton - where Einstein
spent much of his career - work alongside scientists from universities
in Britain, the Netherlands, Switzerland and Germany. The project is
also the most rigorous and longest-running investigation ever into the
potential powers of the paranormal.

'Very often paranormal phenomena evaporate if you study them for long
enough,' says physicist Dick Bierman of the University of Amsterdam.
'But this is not happening with the Global Consciousness Project. The
effect is real. The only dispute is about what it means.' The project
has its roots in the extraordinary work of Professor Robert Jahn of
Princeton University during the late 1970s. He was one of the first
modern scientists to take paranormal phenomena seriously. Intrigued by
such things as telepathy, telekinesis - the supposed psychic power to
move objects without the use of physical force - and extrasensory
perception, he was determined to study the phenomena using the most
up-to-date technology available.

One of these new technologies was a humble-looking black box known was a
Random Event Generator (REG). This used computer technology to generate
two numbers - a one and a zero - in a totally random sequence, rather
like an electronic coin-flipper.

The pattern of ones and noughts - 'heads' and 'tails' as it were - could
then be printed out as a graph. The laws of chance dictate that the
generators should churn out equal numbers of ones and zeros - which
would be represented by a nearly flat line on the graph. Any deviation
from this equal number shows up as a gently rising curve.

During the late 1970s, Prof Jahn decided to investigate whether the
power of human thought alone could interfere in some way with the
machine's usual readings. He hauled strangers off the street and asked
them to concentrate their minds on his number generator. In effect, he
was asking them to try to make it flip more heads than tails.

It was a preposterous idea at the time. The results, however, were
stunning and have never been satisfactorily explained.

Again and again, entirely ordinary people proved that their minds could
influence the machine and produce significant fluctuations on the graph,
'forcing it' to produce unequal numbers of 'heads' or 'tails'.

According to all of the known laws of science, this should not have
happened - but it did. And it kept on happening.

Dr Nelson, also working at Princeton University, then extended Prof
Jahn's work by taking random number machines to group meditations, which
were very popular in America at the time. Again, the results were
eyepopping. The groups were collectively able to cause dramatic shifts
in the patterns of numbers.

>From then on, Dr Nelson was hooked.

Using the internet, he connected up 40 random event generators from all
over the world to his laboratory computer in Princeton. These ran
constantly, day in day out, generating millions of different pieces of
data. Most of the time, the resulting graph on his computer looked more
or less like a flat line.

But then on September 6, 1997, something quite extraordinary happened:
the graph shot upwards, recording a sudden and massive shift in the
number sequence as his machines around the world started reporting huge
deviations from the norm. The day was of historic importance for another
reason, too.

For it was the same day that an estimated one billion people around the
world watched the funeral of Diana, Princess of Wales at Westminster
Abbey.

Dr Nelson was convinced that the two events must be related in some way.

Could he have detected a totally new phenomena? Could the concentrated
emotional outpouring of millions of people be able to influence the
output of his REGs. If so, how?

Dr Nelson was at a loss to explain it.

So, in 1998, he gathered together scientists from all over the world to
analyse his findings. They, too, were stumped and resolved to extend and
deepen the work of Prof Jahn and Dr Nelson. The Global Consciousness
Project was born.

Since then, the project has expanded massively. A total of 65 Eggs (as
the generators have been named) in 41 countries have now been recruited
to act as the 'eyes' of the project.

And the results have been startling and inexplicable in equal measure.

For during the course of the experiment, the Eggs have 'sensed' a whole
series of major world events as they were happening, from the Nato
bombing of Yugoslavia to the Kursk submarine tragedy to America's hung
election of 2000.

The Eggs also regularly detect huge global celebrations, such as New
Year's Eve.

But the project threw up its greatest enigma on September 11, 2001.

As the world stood still and watched the horror of the terrorist attacks
unfold across New York, something strange was happening to the Eggs.

Not only had they registered the attacks as they actually happened, but
the characteristic shift in the pattern of numbers had begun four hours
before the two planes even hit the Twin Towers.

They had, it appeared, detected that an event of historic importance was
about to take place before the terrorists had even boarded their fateful
flights. The implications, not least for the West's security services
who constantly monitor electronic 'chatter', are clearly enormous.

'I knew then that we had a great deal of work ahead of us,' says Dr
Nelson.

What could be happening? Was it a freak occurrence, perhaps?

Apparently not. For in the closing weeks of December last year, the
machines went wild once more.

Twenty-four hours later, an earthquake deep beneath the Indian Ocean
triggered the tsunami which devastated South-East Asia, and claimed the
lives of an estimated quarter of a million people.

So could the Global Consciousness Project really be forecasting the
future?

Cynics will quite rightly point out that there is always some global
event that could be used to 'explain' the times when the Egg machines
behaved erratically. After all, our world is full of wars, disasters and
terrorist outrages, as well as the occasional global celebration. Are
the scientists simply trying too hard to detect patterns in their raw
data?

The team behind the project insist not. They claim that by using
rigorous scientific techniques and powerful mathematics it is possible
to exclude any such random connections.

'We're perfectly willing to discover that we've made mistakes,' says Dr
Nelson. 'But we haven't been able to find any, and neither has anyone
else.

Our data shows clearly that the chances of getting these results by
fluke are one million to one against.

That's hugely significant.' But many remain sceptical.

Professor Chris French, a psychologist and noted sceptic at Goldsmiths
College in London, says: 'The Global Consciousness Project has generated
some very intriguing results that cannot be readily dismissed. I'm
involved in similar work to see if we get the same results. We haven't
managed to do so yet but it's only an early experiment. The jury's still
out.' Strange as it may seem, though, there's nothing in the laws of
physics that precludes the possibility of foreseeing the future.

It is possible - in theory - that time may not just move forwards but
backwards, too. And if time ebbs and flows like the tides in the sea, it
might just be possible to foretell major world events. We would, in
effect, be 'remembering' things that had taken place in our future.

'There's plenty of evidence that time may run backwards,' says Prof
Bierman at the University of Amsterdam.

'And if it's possible for it to happen in physics, then it can happen in
our minds, too.' In other words, Prof Bierman believes that we are all
capable of looking into the future, if only we could tap into the hidden
power of our minds. And there is a tantalising body of evidence to
support this theory.

Dr John Hartwell, working at the University of Utrecht in the
Netherlands, was the first to uncover evidence that people could sense
the future. In the mid-1970s he hooked people up to hospital scanning
machines so that he could study their brainwave patterns.

He began by showing them a sequence of provocative cartoon drawings.

When the pictures were shown, the machines registered the subject's
brainwaves as they reacted strongly to the images before them. This was
to be expected.

Far less easy to explain was the fact that in many cases, these dramatic
patterns began to register a few seconds before each of the pictures
were even flashed up.

It was as though Dr Hartwell's case studies were somehow seeing into the
future, and detecting when the next shocking image would be shown next.

It was extraordinary - and seemingly inexplicable.

But it was to be another 15 years before anyone else took Dr Hartwell's
work further when Dean Radin, a researcher working in America, connected
people up to a machine that measured their skin's resistance to
electricity. This is known to fluctuate in tandem with our moods -
indeed, it's this principle that underlies many lie detectors.

Radin repeated Dr Hartwell's 'image response' experiments while
measuring skin resistance. Again, people began reacting a few seconds
before they were shown the provocative pictures. This was clearly
impossible, or so he thought, so he kept on repeating the experiments.
And he kept getting the same results.

'I didn't believe it either,' says Prof Bierman. 'So I also repeated the
experiment myself and got the same results. I was shocked. After this I
started to think more deeply about the nature of time.' To make matters
even more intriguing, Prof Bierman says that other mainstream labs have
now produced similar results but are yet to go public.

'They don't want to be ridiculed so they won't release their findings,'
he says. 'So I'm trying to persuade all of them to release their results
at the same time. That would at least spread the ridicule a little more
thinly!' If Prof Bierman is right, though, then the experiments are no
laughing matter.

They might help provide a solid scientific grounding for such strange
phenomena as 'deja vu', intuition and a host of other curiosities that
we have all experienced from time to time.

They may also open up a far more interesting possibility - that one day
we might be able to enhance psychic powers using machines that can 'tune
in' to our subconscious mind, machines like the little black box in
Edinburgh.

Just as we have built mechanical engines to replace muscle power, could
we one day build a device to enhance and interpret our hidden psychic
abilities?

Dr Nelson is optimistic - but not for the short term. 'We may be able to
predict that a major world event is going to happen. But we won't know
exactly what will happen or where it's going to happen,' he says.

'Put it this way - we haven't yet got a machine we could sell to the
CIA.'

But for Dr Nelson, talk of such psychic machines - with the potential to
detect global catastrophes or terrorist outrages - is of far less
importance than the implications of his work in terms of the human race.

For what his experiments appear to demonstrate is that while we may all
operate as individuals, we also appear to share something far, far
greater - a global consciousness. Some might call it the mind of God.

'We're taught to be individualistic monsters,' he says. 'We're driven by
society to separate ourselves from each other. That's not right.

We may be connected together far more intimately than we realise.'



=====
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Easier than ever with enhanced search. Learn more.
http://info.mail.yahoo.com/mail_250




From bzs at world.std.com  Tue Feb 15 14:29:05 2005
From: bzs at world.std.com (Barry Shein)
Date: Tue, 15 Feb 2005 17:29:05 -0500
Subject: How to Stop Junk E-Mail: Charge for the Stamp
In-Reply-To: <p06110405be35622481b2@[68.167.57.91]>
References: <p06110405be35622481b2@[68.167.57.91]>
Message-ID: <16914.30641.697792.602776@world.std.com>

Oh no, the idiotic penny black idea rides again.

Like the movie "War Games" when a young Matthew Broderick saves the
world by causing the WOPR computer to be distracted into playing
itself tic-tac-toe rather than launching a pre-emptive nuclear strike.

It was a MOVIE, made in 1983 nonetheless, get over it.

More seriously, what attracts people to this penny black idea is that
they realize that the only thing which will stop spammers is to
interject some sort of economic constraint. The obvious constraint
would be something like stamps since that's a usage fee.

But the proposer (and his/her/its audience) always hates the idea of
paying postage for their own email, no, no, there must be a solution
which performs that economic miracle of only charging for the behavior
I don't like! An economic Maxwell's demon!

So, just like the terminal seeking laetrile shots or healing waters,
they turn to not even half-baked ideas such as penny black. Don't
charge you, don't charge me, charge that fellow behind the tree!

Oh well.

Eventually email will just collapse (as it's doing) and the RBOCs et
al will inherit it and we'll all be paying 15c per message like their
SMS services.

I know, we'll work around it. Of course by then they'll have a
multi-billion dollar messaging business to make sure your attempts to
by-step it are outlawed and punished. Consider what's going on with
the music-sharing world, as another multi-billion dollar business
people thought they could just defy with anonymous peer-to-peer
services...

The point: I think the time is long past due to "grow up" on this
issue and accept that some sort of limited, reasonable-usage-free,
postage system is necessary to prevent collapse into monopoly.

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*




From rah at shipwright.com  Tue Feb 15 15:42:31 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 15 Feb 2005 18:42:31 -0500
Subject: What is a cypherpunk?
In-Reply-To: <20050215214034.GA22191@arion.soze.net>
References: <4210EDF7.20051.453C2F4@localhost>  
  <20050215182338.5761.qmail@web51810.mail.yahoo.com> 
  <20050215214034.GA22191@arion.soze.net>
Message-ID: <p061104cabe3836da5fb5@[68.167.57.91]>

At 9:40 PM +0000 2/15/05, Justin wrote:
>I think it's fair to say that governments initially formed to protect
>property rights (although we have no historical record of such a
>government because it must have been before recorded history began).

BZZZT. Wrong answer. Governments first steal property, then control it.
Property is created when someone applies thought to matter and gets
something new. It is theirs until they exchange it for something that
someone else has, or discard it. But property is created by *individuals*,
not some collective fraud and extortion racket called a "government".


Governments are "founded" when someone creates a monopoly on force.
Actually, people use force against each other, and, in agrarian societies
at least, the natural tend in force 'markets' is towards monopoly.

We tend to get bigger governments (like political economist Mancur Olsen
says, "bandits who don't move") when people become sedentary and there's
more property to steal, and that hunter-gatherers are more anarchistic,
egalitarian, than "civilized" people. But that's more a function of the
resources a given group controls. The San bushmen, for instance, are much
more egalitarian than the Mongols, for instance, because the San have fewer
material goods to control than the Mongols did, especially after the
Mongols perfected warfare enough to control cities -- which, I suppose,
proves my point.

Property is like rights. We create it inherently, because we're human, it
is not bestowed upon us by someone else. Particularly if that property is
stolen from someone else at tax-time.

Cheers,
RAH

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From justin-cypherpunks at soze.net  Tue Feb 15 13:40:34 2005
From: justin-cypherpunks at soze.net (Justin)
Date: Tue, 15 Feb 2005 21:40:34 +0000
Subject: What is a cypherpunk?
In-Reply-To: <20050215182338.5761.qmail@web51810.mail.yahoo.com>
References: <4210EDF7.20051.453C2F4@localhost>
  <20050215182338.5761.qmail@web51810.mail.yahoo.com>
Message-ID: <20050215214034.GA22191@arion.soze.net>

On 2005-02-15T13:23:37-0500, Steve Thompson wrote:
>  --- "James A. Donald" <jamesd at echeque.com> wrote: 
> [snip]
> > As governments were created to smash property rights, they are 
> > always everywhere necessarily the enemy of those with property, 
> > and the greatest enemy of those with the most property.
> 
> Uh-huh.  Perhaps you are using the term 'government' in a way that is not
> common to most writers of modern American English?

I think it's fair to say that governments initially formed to protect
property rights (although we have no historical record of such a
government because it must have been before recorded history began).
They then developed into monarchies which were only really set up to
protect property rights of the ruler(s).

With the advent of various quasi-democratic forms of government, the law
has been compromised insofar as it protects property rights.  You no
longer have a right to keep all your money (taxes), no longer have a
right to grow 5' weeds in your front yard if you live in a city, and no
longer have a right to own certain evil things at all, at least not
without special governmental permission.  There were analogous
compromises in democratic Athens and quasi-democratic Rome.

When democratic states inevitably fold into tyranny, some of those
restrictions remain.  Right now most states have a strange mix of
property rights protections (e.g. the Berne convention and the DMCA) and
property rights usurpations (e.g. no right to own certain weapons; equal
protection).

-- 
Certainly there is no hunting like the hunting of man, and those who
have hunted armed men long enough and liked it, never really care for
anything else thereafter.           --Hemingway, Esquire, April 1936




From eugen at leitl.org  Tue Feb 15 13:01:19 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 15 Feb 2005 22:01:19 +0100
Subject: [i2p] weekly status notes [feb 15] (fwd from jrandom@i2p.net)
Message-ID: <20050215210118.GV1404@leitl.org>

----- Forwarded message from jrandom <jrandom at i2p.net> -----


From brimford at gmail.com  Tue Feb 15 19:16:12 2005
From: brimford at gmail.com (James Brim)
Date: Tue, 15 Feb 2005 22:16:12 -0500
Subject: SHA-1 broken?
Message-ID: <ab93f760050215191618f7af9@mail.gmail.com>

http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
damn chinese.




From osokin at osokin.com  Wed Feb 16 00:11:07 2005
From: osokin at osokin.com (Serguei Osokine)
Date: Wed, 16 Feb 2005 00:11:07 -0800
Subject: [p2p-hackers] SHA1 broken?
Message-ID: <mailman.1176.1576007656.31620.cypherpunks-legacy@lists.cpunks.org>

> #   * collisions in the the full SHA-1 in 2**69 hash operations,
> #     much less than the brute-force attack of 2**80 operations...

Okay, so the effective SHA-1 length is 138 bits instead of full
160 - so what's the big deal? It is still way more than, say, MD5
length. And MD5 is still widely used for stuff like content id'ing
in various systems, because even 128 bits is quite a lot, never
mind 138 bits.

	Best wishes -
	S.Osokine.
	16 Feb 2005.

-----Original Message-----
From: p2p-hackers-bounces at zgp.org [mailto:p2p-hackers-bounces at zgp.org]On
Behalf Of Gordon Mohr (@ Bitzi)
Sent: Tuesday, February 15, 2005 9:41 PM
To: p2p-hackers
Subject: [p2p-hackers] SHA1 broken?


Via Slashdot, as reported by Bruce Schneier:

     http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

Schneier writes:

#   SHA-1 Broken
#
# SHA-1 has been broken. Not a reduced-round version. Not a
# simplified version. The real thing.
#
# The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu
# (mostly from Shandong University in China) have been quietly
# circulating a paper announcing their results:
#
#   * collisions in the the full SHA-1 in 2**69 hash operations,
#     much less than the brute-force attack of 2**80 operations
#     based on the hash length.
#
#   * collisions in SHA-0 in 2**39 operations.
#
#   * collisions in 58-round SHA-1 in 2**33 operations.
#
# This attack builds on previous attacks on SHA-0 and SHA-1, and
# is a major, major cryptanalytic result. It pretty much puts a
# bullet into SHA-1 as a hash function for digital signatures
# (although it doesn't affect applications such as HMAC where
# collisions aren't important).
#
# The paper isn't generally available yet. At this point I can't
# tell if the attack is real, but the paper looks good and this
# is a reputable research team.
#
# More details when I have them.

- Gordon @ Bitzi
_______________________________________________
p2p-hackers mailing list
p2p-hackers at zgp.org
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

_______________________________________________
p2p-hackers mailing list
p2p-hackers at zgp.org
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From justin-cypherpunks at soze.net  Tue Feb 15 16:30:33 2005
From: justin-cypherpunks at soze.net (Justin)
Date: Wed, 16 Feb 2005 00:30:33 +0000
Subject: What is a cypherpunk?
In-Reply-To: <20050215214034.GA22191@arion.soze.net>
References: <4210EDF7.20051.453C2F4@localhost>      
  <20050215182338.5761.qmail@web51810.mail.yahoo.com>      
  <20050215214034.GA22191@arion.soze.net>
Message-ID: <20050216003033.GA21399@arion.soze.net>

On 2005-02-15T21:40:34+0000, Justin wrote:
> On 2005-02-15T13:23:37-0500, Steve Thompson wrote:
> >  --- "James A. Donald" <jamesd at echeque.com> wrote: 
> > [snip]
> > > As governments were created to smash property rights, they are 
> > > always everywhere necessarily the enemy of those with property, 
> > > and the greatest enemy of those with the most property.
> > 
> > Uh-huh.  Perhaps you are using the term 'government' in a way that is not
> > common to most writers of modern American English?
> 
> I think it's fair to say that governments initially formed to protect
> property rights (although we have no historical record of such a
> government because it must have been before recorded history began).
> They then developed into monarchies which were only really set up to
> protect property rights of the ruler(s).

It seems I've been brainwashed by classical political science.  What I
wrote above doesn't make any sense.  Judging from social dynamics and
civil advancement in the animal kingdom, monarchies developed first and
property rights were an afterthought.

-- 
Certainly there is no hunting like the hunting of man, and those who
have hunted armed men long enough and liked it, never really care for
anything else thereafter.           --Hemingway, Esquire, April 1936




From gojomo at bitzi.com  Wed Feb 16 01:10:13 2005
From: gojomo at bitzi.com (Gordon Mohr (@ Bitzi))
Date: Wed, 16 Feb 2005 01:10:13 -0800
Subject: [p2p-hackers] SHA1 broken?
Message-ID: <mailman.1177.1576007656.31620.cypherpunks-legacy@lists.cpunks.org>

Serguei Osokine wrote:
>>#   * collisions in the the full SHA-1 in 2**69 hash operations,
>>#     much less than the brute-force attack of 2**80 operations...
>
>
> Okay, so the effective SHA-1 length is 138 bits instead of full
> 160 - so what's the big deal?

If the results hold up:

SHA1 is not as strong as it was designed to be, and its effective
strength is being sent in the wrong direction, rather than being
confirmed, by new research.

Even while maintaining that SHA1 was unbroken and likely to
remain so just last week, NIST was still recommending that SHA1 be
phased out of government use by 2010:

   http://www.fcw.com/fcw/articles/2005/0207/web-hash-02-07-05.asp

One more paper from a group of precocious researchers anywhere in
the world, or unpublished result exploited in secret, could topple
SHA1 from practical use entirely. Of course, that's remotely possible
with any hash, but the pattern of recent results suggest that a
further break is now more likely with SHA1 (and related hashes)
than others.

So the big deal would be: don't rely on SHA1 in any applications
you intend to have a long effective life.

> It is still way more than, say, MD5
> length. And MD5 is still widely used for stuff like content id'ing
> in various systems, because even 128 bits is quite a lot, never
> mind 138 bits.

Just because it's widely used doesn't mean it's a good idea.

MD5 should not be used for content identification, given the ability
to create content pairs with the same MD5, with one version being
(and appearing and acquiring a reputation for being) innocuous, and
the other version malicious.

- Gordon @ Bitzi
_______________________________________________
p2p-hackers mailing list
p2p-hackers at zgp.org
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From ericm at lne.com  Wed Feb 16 07:31:23 2005
From: ericm at lne.com (Eric Murray)
Date: Wed, 16 Feb 2005 07:31:23 -0800
Subject: [p2p-hackers] SHA1 broken?
In-Reply-To: <p06110403be38f30179d7@[68.167.57.91]>; from
  rah@shipwright.com on Wed, Feb 16, 2005 at 07:55:15AM -0500
References: <p06110403be38f30179d7@[68.167.57.91]>
Message-ID: <20050216073123.A569@slack.lne.com>

On Wed, Feb 16, 2005 at 07:55:15AM -0500, R.A. Hettinga wrote:
> From: "Serguei Osokine" <osokin at osokin.com>
> To: "Peer-to-peer development." <p2p-hackers at zgp.org>
> Subject: RE: [p2p-hackers] SHA1 broken?
> Date: Wed, 16 Feb 2005 00:11:07 -0800
> 
> Okay, so the effective SHA-1 length is 138 bits instead of full
> 160 - so what's the big deal? It is still way more than, say, MD5

In applications where collisions are important, SHA1 is now
effectively 69 bits as opposed to 80.

That's not very much, and odds are there will be an improvement on
this attack in the near future. 

Eric




From rah at shipwright.com  Wed Feb 16 04:50:11 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 16 Feb 2005 07:50:11 -0500
Subject: New Factor in Iraq: Irregular Brigades Fill Security Void
Message-ID: <p06110401be38f1c9309c@[68.167.57.91]>

<http://online.wsj.com/article_print/0,,SB110851686697056047,00.html>

The Wall Street Journal

      February 16, 2005

 PAGE ONE


Bands of Brothers
 New Factor in Iraq:
 Irregular Brigades
 Fill Security Void
Jailed by Hussein, Gen. Thavit
 Is Leading Thousands Now;
 Questions About Loyalty
'Toughest Force We've Got'

By GREG JAFFE
Staff Reporter of THE WALL STREET JOURNAL
February 16, 2005; Page A1


BAGHDAD, Iraq -- In the battle against insurgents here, two kinds of Iraqi
military forces are emerging: the planned units and the pop-ups.

The planned units of the Iraq Army, about 57,000 soldiers strong, are the
result of careful preparation this summer between the U.S. and Iraqi
commanders. The pop-ups started to emerge last fall out of nowhere,
catching the American military by surprise. These dozen disconnected units
totaling as many as 15,000 soldiers are fast becoming one of the most
significant developments in the new Iraq security situation.

The unplanned units -- commanded by friends and relatives of cabinet
officers and tribal sheiks -- go by names like the Defenders of Baghdad,
the Special Police Commandos, the Defenders of Khadamiya and the Amarah
Brigade. The new units generally have the backing of the Iraqi government
and receive government funding.

While regular units of the Iraq Army have taken up residence on
rehabilitated army bases, the others camp out in places like looted
Ministry of Defense buildings, a former women's college, an old Iraqi war
monument and an abandoned aircraft hangar. Frequently, U.S. officials don't
find out about them until they stumble across them. Some Americans consider
them a welcome addition to the fight against the insurgency -- though
others worry about the risks.

"We don't call them militias. Militias are...illegal," says Maj. Chris
Wales, who spent most of January tracking down and finding these new
forces. "I've begun calling them 'Irregular Iraqi ministry-directed
brigades.' " The "pop up" label comes from other U.S. military officials in
Baghdad.

Troops who might have otherwise joined the regular Iraqi Army are drawn to
these units because they are often led by a particularly inspirational
commander or made up of people with similar tribal and religious
backgrounds. This makes the units more cohesive and potentially effective
against the insurgency. "Just show us where to go and we will eat the
insurgents alive," an Iraqi in one of these units told Maj. Wales earlier
this month when he tracked them down at a long-shuttered Baghdad airport.

Dangerous Uncertainty

The bad news is that these new units can inject dangerous uncertainty and
confusion into an already complex battlefield. On Election Day, the Special
Police Commandos were rushing one of their wounded soldiers to the hospital
when they accidentally ran into an Iraqi Army checkpoint. The Iraqi Army
officers opened fire on the Commandos' black SUV, killing the three people
in the car.
1
See complete coverage2 of The Fight for Iraq.

Some U.S. officials worry about the new units' allegiances, which often
seem split between their religious and tribal sponsors and the central
government, creating the risk that the units could be used as militias if
Iraq falls into civil war. U.S. military commanders in Baghdad are
especially concerned about the Defenders of Khadamiya, which is forming to
guard a major Shiite shrine on the city's northern edge at the behest of
Shiite cleric Hussein al Sadr. U.S. military officials worry that the
group, which now numbers about 120 men but plans to grow to more than 800,
could be used to settle internal Shiite scores or deployed in a
Sunni-Shiite conflict.

As these irregular units proliferate, U.S. officials face a thorny dilemma:
whether to encourage these forces, whose training and experience varies
wildly, or to try to rein them in. "There is a tension between on the one
hand encouraging and fostering initiative and on the other executing the
plan for the Iraqi Security Forces that everyone agreed on," says Lt. Gen.
David Petraeus, who is overseeing the massive U.S. effort to help train and
equip Iraqi military units. "To be candid, I would err on the side of
fostering initiative. I want to get the hell out of here."

The first of these military units, the Special Police Commandos, was formed
in September by Gen. Adnan Thavit, the uncle of Iraq's interim interior
minister. The unit started with about 1,000 soldiers. When Col. James
Coffman, a senior aide to Gen. Petraeus, found them they were occupying a
heavily damaged Republican Guard base a few miles from the U.S. embassy.
"It was basically 1,000 guys at the time living in a bombed-out building
with no electricity, no plumbing and no bathrooms," the colonel says.

Col. Coffman, however, was struck by the unit's arms room, which was
stocked with rocket-propelled-grenade launchers, mortar tubes and lots of
ammunition. "The weapons were clean and organized," he says. He immediately
went on a patrol with the unit and was impressed by both Gen. Thavit and
his troops. The soldiers seemed to have a discipline that many of the
U.S.-trained Iraqi Army units lacked.

The 63-year-old Gen. Thavit, an intelligence officer in the old Iraqi Air
Force, attended military academies in the former Soviet Union and former
Yugoslavia. In the mid-1990s he joined a small group of former officers
plotting to overthrow Saddam Hussein. In 1996 their plan unraveled and Gen.
Thavit was sentenced to life in Iraq's notorious Abu Ghraib prison. Gen.
Thavit and his second-in-command, Maj. Gen. Rashid Flayeh Mohammed, were
both released by Mr. Hussein along with thousands of other political
prisoners and common criminals just before the American invasion. One of
Gen. Thavit's former jailers, who gave him food and cigarettes, is now a
battalion commander in his new force.

The Second Defenders of Baghdad Brigade



On Col. Coffman's recommendation, Gen. Petraeus visited the Commandos' base
and was impressed with the troops. "When I saw them and where they were
living I decided this was a horse to back," the U.S. general says today. He
agreed to give the fledgling unit money to fix up its base and buy
vehicles, ammunition, radios and more weapons.

Unlike many of the U.S.-trained Army units, the Commandos, whose ranks
today include several thousand soldiers, have had few deserters. In early
January, insurgents crashed a car bomb into the gate of the unit's base,
killing six Iraqi recruits who hoped to join the Commandos and injuring
dozens more. Some of the injured went to the hospital, got bandaged up and
then returned to the base that afternoon still eager to join.

Forty-three Special Police Commandos have been killed in battles with
insurgents since September and about 300 have been wounded, U.S. officials
say.

Part of the reason that the unit inspires such allegiance is that all of
their recruits are hand-selected by Gen. Thavit and Gen. Mohammed. By
contrast, most Iraqis who join the regular Iraqi Army are recruited at a
half-dozen joint U.S.-Iraqi-run recruiting stations and lack the cohesive
bond and pride that grows out of being handpicked.

"The reason the Commandos are special is that a couple of great leaders at
the top have just flat out put their imprint on that organization," says
Gen. Petraeus.

Some U.S. military officials, however, worry that the Commandos' allegiance
is as much to their leader as it is to the Iraqi government. "If you tried
to replace Gen. [Thavit] he'd take his...brigades with him. He is a very
powerful figure. You wouldn't get that from other units," says Col. Dean
Franklin, a senior officer in Gen. Petraeus's command. "Pound for pound,
though, they are the toughest force we've got."

Gen. Thavit says that his only goal is to defend the democratically elected
Iraqi government against insurgents and criminals. "I could see that the
police were not able to withstand the terrorists. As a professional soldier
I believed it was my duty to help build a force that could work against the
terrorists," he says. "I am an old man right now. I should be retired."

In late November with the Iraqi elections approaching, homegrown units
similar to the Commandos began popping up all over Baghdad. First came the
Muthana Brigade, a unit formed by the order of Iraqi Prime Minister Ayad
Allawi. It set down roots at a long-abandoned airport in downtown Baghdad.
Like the Commandos, the unit appeared to be well-trained and was pressed
quickly into service. "They went from not even existing to being as viable
as any Iraqi Army unit out there in six weeks," says Col. Franklin.

The Defenders of Baghdad, a far less disciplined unit made up of Baghdad
Shiites, emerged in early January. The unit took up residence around
Baghdad's Martyr's Monument, which commemorates Iraqis who died in the war
with Iran.

A few days later Maj. Wales, ordered in December to track the units,
located the Amarah Brigade in a bombed-out former Ministry of Defense
building. The U.S. Army's First Cavalry Division had been renovating the
building for an Iraqi National Guard unit, but the Amarah brigade pushed
the contractors out.

The leader of the ragtag group of solders claimed to be a cousin of the
Iraqi defense minister and said the minister's tribe had purchased the
cooking equipment the troops were using to survive, according to Maj.
Wales's report on the group.

Over the next three weeks, Maj. Wales says, he tracked down five other new
Iraqi units -- most of them from Shiite-dominated southern Iraq. For a week
no new units popped up on his radar.

Then on Jan. 30, the day before the Iraqi elections, Maj. Wales got a tip
via his boss, Gen. Petraeus, that a new 2,000-man force calling itself the
Second Defenders of Baghdad Brigade had formed somewhere in the city under
the command of an Iraqi general named "Faris."

But Maj. Wales's usual American and Iraqi sources had never heard of the
unit -- or the general. "There are no generals named Faris in the Iraqi
Army," one senior Iraqi general in the Ministry of Defense told him.

Maj. Wales began to think Gen. Petraeus had been passed a bad tip. "There
is no way in the world there could be a Second Defenders of Baghdad
Brigade," Maj. Wales said. "It is just impossible. There is no place in
Baghdad left to put them."

Maj. Wales made a few more calls to U.S. liaison officers working with the
Iraqis and turned up nothing. Finally, he got in touch with Gen. Babakir
Zebari, Iraq's top general, who said the brigade had recently moved into
tents and a hangar bay at Baghdad's long-abandoned Muthana Airport.

On Feb. 1, Maj. Wales and a small team of American officers set out to find
them. After about 15 minutes of searching the airport grounds, they found
the brigade. About half of them were in civilian clothes. The other half
wore new Iraqi Army uniforms. All of the men seemed to be from one or two
Shiite-dominated towns in southern Iraq. Many said they were vetted by
Sheik Ali Shalan of the Al Shamer tribe in southern Iraq.

"I joined this unit as an expression of my love for my country," said
Wathiq Rahim, a skinny young recruit from Hilla who was clad in a black
Christian Dior T-shirt and rubber sandals.

A short while later, Maj. Gen. Fouad Faris, the commander of the brigade,
drove up in a white SUV. A small round man who trained at Sandhurst, the
British military academy, Gen. Faris said there were 1,300 men at the
airport under his command and an additional 1,500 on the way. "I am very
close to the minister of defense, which is why he chose me for this
mission," Gen. Faris said. The Americans later confirmed his account with
top Iraqi military officials.

It wasn't clear, however, what the troops were going to do. Initially the
brigade was supposed to help guard election polling places, but they
arrived in Baghdad two days too late. "I was just yelling at the men for
not arriving here in time for the elections," he explained.

Now the general suggested that his troops might be asked to guard the Green
Zone, where the U.S. embassy is based. In the near term, he needed to find
someplace better to house the men and set up a brigade headquarters. "This
is not a good situation here," he told Maj. Wales. "It is much too crowded."

The unit that has generated the most concern among American military
officials is the Defenders of Khadamiya, the unit forming in northern
Baghdad to guard the Shiite shrine.

There is good reason for the unit. The shrine at Khadamiya draws some
800,000 Shiite pilgrims each year and poses an attractive target for Sunni
terrorists like Abu Musab al-Zarqawi eager to set off a Sunni-Shiite civil
war. But some U.S. military officials worry it could be used in internecine
battles between rival Shiite clerics.

Because the Defenders of Khadamiya force appears so closely aligned with
prominent Shiite cleric Hussein al Sadr, some U.S. officers worry that
other Shiite clerics might use the unit to justify forming their own
unauthorized militias. In particular radical Shiite cleric Muqtada al Sadr
might try to revive his Mahdi militia, which U.S. troops battled in Najaf
and Sadr city this summer.

Some senior officers in Gen. Petraeus's command have suggested the
Americans ask the Iraqis to consolidate all the new units in Baghdad under
a single division headquarters, putting them more firmly under the control
of the central government and making it easier for U.S. forces to
coordinate with them.

But there are limits to U.S. influence. "There is no way we can stop the
Iraqis from doing something they want to do. This is their country and
their army now," says Lt. Col. James Bullion who works for Gen. Petraeus.
"We can't put that genie back in the bottle."


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From ericm at lne.com  Wed Feb 16 07:52:28 2005
From: ericm at lne.com (Eric Murray)
Date: Wed, 16 Feb 2005 07:52:28 -0800
Subject: How to Stop Junk E-Mail: Charge for the Stamp
In-Reply-To: <421366D1.9010802@systemics.com>; from iang@systemics.com
  on Wed, Feb 16, 2005 at 03:29:21PM +0000
References: <E1D1HtE-0000IW-00@medusa01.cs.auckland.ac.nz>
  <421366D1.9010802@systemics.com>
Message-ID: <20050216075228.B569@slack.lne.com>

On Wed, Feb 16, 2005 at 03:29:21PM +0000, Ian G wrote:
> Peter Gutmann wrote:
> 
> >Barry Shein <bzs at world.std.com> writes:
> >>Eventually email will just collapse (as it's doing) and the RBOCs et al will
> >>inherit it and we'll all be paying 15c per message like their SMS services.
> >
> >And the spammers will be using everyone else's PC's to send out their spam, so
> >the spam problem will still be as bad as ever but now Joe Sixpack will be
> >paying to send it.
> >
> >Hmmm, and maybe *that* will finally motivate software companies, end users,
> >ISPs, etc etc, to fix up software, systems, and usage habits to prevent this.
> >  
> 
> My view - as controversial as ever - is that the problem
> is unfixable, and mail will eventually fade away.  That
> which will take its place is p2p / IM / chat / SMS based.
> In that world, it is still reasonable to build ones own IM
> system for the needs of ones own community, and not
> to have to worry about standards.  Which means one can
> build in the defences that are needed, when they are
> needed.

Better start on those defenses now then-
there is already significant amounts of IM and SMS spam.

I would be suprised if the people designing IM and SMS systems
have learned much from the failures of SMTP et al.  


Eric




From rah at shipwright.com  Wed Feb 16 04:55:15 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 16 Feb 2005 07:55:15 -0500
Subject: [p2p-hackers] SHA1 broken?
Message-ID: <p06110403be38f30179d7@[68.167.57.91]>

--- begin forwarded text



From rah at shipwright.com  Wed Feb 16 04:56:02 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 16 Feb 2005 07:56:02 -0500
Subject: [p2p-hackers] SHA1 broken?
Message-ID: <p06110404be38f34b8b27@[68.167.57.91]>

--- begin forwarded text



From rah at shipwright.com  Wed Feb 16 05:37:09 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 16 Feb 2005 08:37:09 -0500
Subject: Passwords? We don't need no stinking passwords
Message-ID: <p0611041dbe38f8a0cb1d@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/16/rsa_consumer_survey/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Security ; Network Security ;

 Original URL: http://www.theregister.co.uk/2005/02/16/rsa_consumer_survey/

Passwords? We don't need no stinking passwords
By John Leyden (john.leyden at theregister.co.uk)
Published Wednesday 16th February 2005 01:41 GMT

RSA 2005 Concerns over online security are continuing to slow consumer
e-commerce growth. A quarter of the respondents in a recent survey have
reduced their online purchases in the past year and 21 per cent refuse to
conduct business with their financial institutions online because of
security fears. More than half (53 per cent) of the 1,000 consumers quizzed
believe that basic passwords fail to provide sufficient protection for
sensitive personal information.

According to the RSA Security-sponsored telephone survey, poor management
of PINs and passwords for access to online services, desktop computer
systems, ATMs and other electronic accounts is a major vulnerability. As a
major supplier of two-factor authentication products and services that
offer an alternative to traditional static passwords, the issues raised by
RSA Security's survey are more than a little self-serving. That doesn't
mean its analysis is necessarily wrong, though. More and more security
experts are lining up against the use of static passwords for e-banking; in
part because the technique makes consumers easy prey for phishers. Even so,
obituaries for the humble password may be premature.

Adi Shamir, professor at Israel's Weizmann Institute of Science and noted
cryptographer, said: "Passwords are not completely dead. For low level
security apps they are still sufficiently good. It depends on the
application".

One PIN to rule them all

More than two in three respondents (65 per cent) quizzed in RSA Security's
survey use fewer than five passwords for all electronic information access
and 15 percent use a single password for everything. These figures are
unchanged from a similar survey last year.

John Worrall, VP of worldwide marketing at RSA Security, said: "The
majority of consumers are aware of the problems associated with passwords,
but until they are presented with a reliable, easy-to-use alternative,
they're going to continue to exhibit poor password management practices." .


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Wed Feb 16 05:38:00 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 16 Feb 2005 08:38:00 -0500
Subject: Gates: security concerns propel IE7 launch
Message-ID: <p0611041cbe38f89fcadc@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/15/gates_rsa_2005/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Security ; Network Security ;

 Original URL: http://www.theregister.co.uk/2005/02/15/gates_rsa_2005/

Gates: security concerns propel IE7 launch
By John Leyden (john.leyden at theregister.co.uk)
Published Tuesday 15th February 2005 19:17 GMT

RSA 2005 Information security concerns have prompted Microsoft to release a
new version of Internet Explorer before the next version of Windows ships.
Contrary to previous plans, Microsoft will release IE7 as a beta in "early
summer" 2005. Longhorn, the next iteration of Windows, isdue late next year.

Microsoft chairman Bill Gates today said IE7 will offer Windows XP SP2
advances in defending against phishing and malware but failed to go into
any details. IE7 will also be included in Longhorn but its availability on
other platforms remains unclear.

In a keynote address at the RSA Conference in San Francisco, Gates singled
out spyware and social engineering such as phishing and spyware attacks as
the "fastest growing challenge".

"There's no exploit involved," he said. "Social engineering attacks take
the privilege of a user and fool them into running code they don't want to
run."

Microsoft has decided to make its Windows Anti-Spyware, released as a beta
earlier this year and downloaded by 5m users, available at no extra charge
to licensed Windows users, Gates announced. Microsoft also intends to
introduce a consumer-focused anti-virus product by the end of the year.

Gates repeatedly highlighted information security as a "top priority" for
Microsoft. "It's the one thing we need to make sure that we get absolutely
right to deliver the digital revolution," he said. Microsoft is spending
$2bn of its $6bn research and development budget on security.

Windows XP SP2 is a key building block in Microsoft's efforts to make its
software more resistant to attack. More than 170m users have downloaded the
product since its release late last year, Gates said. More users have
applied the update after obtaining it on a CD. To make it easier for
customers to apply patches, Microsoft intends to bring its separate Office
and Windows Update services under one umbrella from March 2005. This
service will be aimed at consumers and small businesses.

Gates appeared relaxed during his 45-minute keynote as RSA, even cracking a
decent joke. He produced a spoofed version of doodles he made at the recent
World Economic Forum, which were mistaken by a UK paper
(http://news.bbc.co.uk/1/hi/uk_politics/4220473.stm) for the jottings of
Prime Minister Tony Blair. The spoof notes contained remarks such as "Why
does Bill Clinton sit next to Angelina Jolie?" "Need cheeseburger" (a
reference perhaps to Gates' expanding waistline) and his "password".


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From eugen at leitl.org  Wed Feb 16 00:11:27 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Wed, 16 Feb 2005 09:11:27 +0100
Subject: California Wants GPS Tracking Device in Every Car 
Message-ID: <20050216081127.GY1404@leitl.org>

Link: http://slashdot.org/article.pl?sid=05/02/15/201217
Posted by: Zonk, on 2005-02-15 20:48:00

   from the now-this-is-a-good-use-of-engineering dept.
   [1]HTS Member writes "California has a new excuse for more taxes.
   Claiming losses due to fuel-efficient cars, such as Gasoline/Electric
   Hybrids, California is cooking-up a new system to punish people who
   aren't using enough gasoline. They want to [2]tax commuters by the
   mile. How would this be accomplished? By requiring everyone to install
   a GPS device in their vehicle, and charge them their "taxes" every
   time they fuel-up. From the article: 'Drivers will get charged for how
   many miles they use the roads, and it's as simple as that.. [a] team
   at Oregon State University equipped a test car with a global
   positioning device to keep track of its mileage. Eventually, every car
   would need one.'"


References

   1. http://www.hackthissite.org/
   2. http://www.cbsnews.com/stories/2005/02/14/eveningnews/main674120.shtml

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From dgerow at afflictions.org  Wed Feb 16 07:28:46 2005
From: dgerow at afflictions.org (Damian Gerow)
Date: Wed, 16 Feb 2005 10:28:46 -0500
Subject: How to Stop Junk E-Mail: Charge for the Stamp
In-Reply-To: <E1D1HtE-0000IW-00@medusa01.cs.auckland.ac.nz>
References: <16914.30641.697792.602776@world.std.com>
  <E1D1HtE-0000IW-00@medusa01.cs.auckland.ac.nz>
Message-ID: <20050216152846.GU708@afflictions.org>

Thus spake Peter Gutmann (pgut001 at cs.auckland.ac.nz) [16/02/05 01:04]:
: Hmmm, and maybe *that* will finally motivate software companies, end users,
: ISPs, etc etc, to fix up software, systems, and usage habits to prevent this.

Doubt it'll motivate the ISPs.  They'll be the ones making the 15c/msg.  If
they clean it up, that's lost income.




From atom at smasher.org  Wed Feb 16 08:13:23 2005
From: atom at smasher.org (Atom Smasher)
Date: Wed, 16 Feb 2005 11:13:23 -0500 (EST)
Subject: SHA1 broken?
Message-ID: <mailman.1178.1576007656.31620.cypherpunks-legacy@lists.cpunks.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Wed, 16 Feb 2005, David Shaw wrote:

> In terms of GnuPG: it's up to you whether you want to switch hashes or
> not.  GnuPG supports all of the SHA-2 hashes, so they are at least
> available.  Be careful you don't run up against compatibility problems:
> PGP doesn't support 384 or 512, and only recently started supporting
> 256.  GnuPG before 1.2.2 (2003-05-01), doesn't have any of the new
> hashes.  Finally, if you have a DSA signing key (most people do) you are
> required to use either SHA-1 or RIPEMD/160.  RSA signing keys can use
> any hash.
====================

there's more to it than that. openPGP specifies SHA-1 (and nothing else)
as the hash used to generate key fingerprints, and is what key IDs are
derived from.

a real threat if this can be extended into a practical attack is
substituting a key with a *different* key having the same ID and
fingerprint. it would be difficult for average users (and impossible for
the current openPGP infrastructure) to tell bob's key from mallory's key
that claims to be bob's.

it can also be used (if the attack becomes practical) to forge key
signatures. mallory can create a bogus key and "sign" it with anyone's
real key. this would turn the web of trust into dust.

the openPGP spec seemed to have assumed that SHA-1 just wouldn't fail.
ever. this was the same mistake made in the original version of pgp that
relied on md5. the spec needs to allow a choice of hash algorithms for
fingerprints and key IDs, or else we'll play this game every time someone
breaks a strong hash algorithm.


- --
         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"Any sufficiently advanced technology
 	 is indistinguishable from magic."
 		-- Arthur C. Clarke

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJCE3EoAAoJEAx/d+cTpVcinwsIAKnjw1AqwY0guPtdxMagoZC2
Rv7mCZt3QnpH4uEaWNLh5R3VImVwOBevW9VdYm+UdMwdmodD79Bc0MyPOaHDuUiP
okmo0PigWIht2vGWK7F6xLtUwLUlGyuAWO5w8g/hNCt0ftdb1jUam0wQtqnTTarM
B1kyTWU0sHsjyloSh0umQ8kC0nt9nNhLIasp84oIo+D3b0r6yKIWjMS7dHr1hIbx
2gXBdVw01HJng/BtF/THfZwAD2IE+OLNPg4Q6v6QnVf3BGBBPSiiD2mXrizuknA8
RevXGYgBc4plOWOlDmx2ydbRqFHe5obGMGFCk4muFh8veFhPbFxCKvfBwsawi+U=
=f0+g
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From jim.salters at fstc.org  Wed Feb 16 09:18:56 2005
From: jim.salters at fstc.org (Jim Salters)
Date: Wed, 16 Feb 2005 12:18:56 -0500
Subject: FSTC Project Update
Message-ID: <mailman.1179.1576007656.31620.cypherpunks-legacy@lists.cpunks.org>



From rah at shipwright.com  Wed Feb 16 09:33:49 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 16 Feb 2005 12:33:49 -0500
Subject: SHA1 broken?
Message-ID: <p06110431be39319c268f@[68.167.57.91]>

--- begin forwarded text



From camera_lumina at hotmail.com  Wed Feb 16 09:38:32 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Wed, 16 Feb 2005 12:38:32 -0500
Subject: How to Stop Junk E-Mail: Charge for the Stamp
In-Reply-To: <16914.30641.697792.602776@world.std.com>
Message-ID: <BAY24-F20F3592B7AD778E92ACDB39B6C0@phx.gbl>

Wrong. We already solved this problem on Cypherpunks a while back.

A spammer will have to pay to send you spam, trusted emails do not. You'll 
have a settable Spam-barrier which determines how much a spammer has to pay 
in order to lob spam over your barrier (you can set it to 'infinite' of 
course).

A new, non-spam mailer can request that their payment be returned upon 
receipt, but they'll have to include the payment unless you were expecting 
them.

This way, the only 3rd parties are those that validate the micropayments.

-TD

>From: Barry Shein <bzs at world.std.com>
>To: "R.A. Hettinga" <rah at shipwright.com>
>CC: cryptography at metzdowd.com, cypherpunks at al-qaeda.net
>Subject: Re: How to Stop Junk E-Mail: Charge for the Stamp
>Date: Tue, 15 Feb 2005 17:29:05 -0500
>
>Oh no, the idiotic penny black idea rides again.
>
>Like the movie "War Games" when a young Matthew Broderick saves the
>world by causing the WOPR computer to be distracted into playing
>itself tic-tac-toe rather than launching a pre-emptive nuclear strike.
>
>It was a MOVIE, made in 1983 nonetheless, get over it.
>
>More seriously, what attracts people to this penny black idea is that
>they realize that the only thing which will stop spammers is to
>interject some sort of economic constraint. The obvious constraint
>would be something like stamps since that's a usage fee.
>
>But the proposer (and his/her/its audience) always hates the idea of
>paying postage for their own email, no, no, there must be a solution
>which performs that economic miracle of only charging for the behavior
>I don't like! An economic Maxwell's demon!
>
>So, just like the terminal seeking laetrile shots or healing waters,
>they turn to not even half-baked ideas such as penny black. Don't
>charge you, don't charge me, charge that fellow behind the tree!
>
>Oh well.
>
>Eventually email will just collapse (as it's doing) and the RBOCs et
>al will inherit it and we'll all be paying 15c per message like their
>SMS services.
>
>I know, we'll work around it. Of course by then they'll have a
>multi-billion dollar messaging business to make sure your attempts to
>by-step it are outlawed and punished. Consider what's going on with
>the music-sharing world, as another multi-billion dollar business
>people thought they could just defy with anonymous peer-to-peer
>services...
>
>The point: I think the time is long past due to "grow up" on this
>issue and accept that some sort of limited, reasonable-usage-free,
>postage system is necessary to prevent collapse into monopoly.
>
>--
>         -Barry Shein
>
>Software Tool & Die    | bzs at TheWorld.com           | 
>http://www.TheWorld.com
>Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
>The World              | Public Access Internet     | Since 1989     *oo*




From rah at shipwright.com  Wed Feb 16 09:51:58 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 16 Feb 2005 12:51:58 -0500
Subject: Watching Outgoing E-mail
Message-ID: <p06110432be39389dcae0@[68.167.57.91]>

<http://www.forbes.com/2005/02/16/cx_ah_0216tentech_print.html>

Forbes



Ten O'Clock Tech
Watching Outgoing E-mail
Arik Hesseldahl,   02.16.05, 10:00 AM ET

Sometimes it's amazing that people in the business world continue to use
e-mail at all.

 Sure it's convenient and fast, but it's also an increasingly difficult
method of communication to manage, especially if your company is covered by
some of the new regulatory rules like Sarbanes-Oxley, HIPAA and the like.
There are new rules governing how long a company must store your e-mail,
and if someone takes your company to court, how quickly you must be able to
produce copies of e-mail messages covered by a subpoena.

 There are new standards coming in to play governing the level of an
employer's legal responsibility for the e-mail that their employees send
around the office. One case frequently cited is that of Chevron, now part
of ChevronTexaco (nyse:  CVX -  news  - people  ), which in 1995 paid a
$2.2 million out-of-court settlement to four female employees after the
women said that an e-mail circulating around the office containing some
tasteless jokes created a hostile work environment.

 A startup company called InBoxer, demonstrating a new software product
here at the Demo Conference this week, has shown that companies can and
will try to minimize their exposure to these kinds of legal risks by
screening the e-mails that employees attempt to send.

 InBoxer, which used to be called Audiotrieve, calls its new product
OutBoxer, and it scans outgoing e-mail messages looking for inappropriate
content, unauthorized disclosure of information and tries to encourage
senders to clean up their messages before they actually send them.

 CEO and Founder Roger Matus says as part of building its technology the
company scanned and analyzed more than a half million e-mail messages
written by senior executives at Enron. Those messages, which have been made
public as part of the investigation into Enron by the Federal Energy
Regulatory Commission, proved useful, he said, for the purpose of analysis
and testing an e-mail filtering technology.

 Matus says OutBoxer uses a technique called "linguistic processing" that
is in part derived from related work in speech recognition by his
co-founder and chief technologist, Sean True. Using its methods against the
Enron mails, the company found that 20% of those messages contained some
"non-business" content. Another 4% of the messages--or about one in 25--in
the Enron collection contained content that was either pornographic,
racially or ethnically insensitive or which contained questionable images.

 So, people pass around obnoxious e-mails. Big deal, right? Well, you may
have a thick skin or simply not be offended easily, but how about when it
comes to company secrets being passed around? What's to stop somebody who
just got passed over for a promotion from sending out some sensitive
information about your best customers to an old friend who happens to work
for a competitor?

 OutBoxer works with Microsoft's  (nasdaq:  MSFT -  news  -  people  )
Exchange server and will in time extend its reach to Research In Motion's
(nasdaq:  RIMM -  news  -  people  ) Blackberry wireless e-mail devices as
well. When it's running, it gives a range of responses to e-mails you try
to send that it thinks you should at least think twice about. In some cases
it will simply raise a red flag and point out that you may want to delete
something in the message.

 If nothing else, if gives you a chance to listen to second thoughts and
make sure you really want to send that e-mail. But in other cases it can be
configured to prevent a user from sending a particular e-mail entirely.

 What it misses--and this raises another set of information security
questions altogether--is the fact that many employees who would be likely
to e-mail sensitive company information around would also tend to be
naturally suspicious that their e-mail activity is already being watched by
the company, even though it probably isn't. If they really want to send
something they're not supposed to, they'll find a way to take it home and
send it from a personal e-mail account not subject to the screening process
in use at the office.

 OutBoxer is expected to be available this summer, and it will join
InBoxer's other product, an anti-spam screening product called InBoxer. A
price has yet to be set.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From steve49152 at yahoo.ca  Wed Feb 16 10:18:16 2005
From: steve49152 at yahoo.ca (Steve Thompson)
Date: Wed, 16 Feb 2005 13:18:16 -0500 (EST)
Subject: What is a cypherpunk?
In-Reply-To: <20050215214034.GA22191@arion.soze.net>
Message-ID: <20050216181816.80869.qmail@web51805.mail.yahoo.com>

 --- Justin <justin-cypherpunks at soze.net> wrote: 
> On 2005-02-15T13:23:37-0500, Steve Thompson wrote:
> >  --- "James A. Donald" <jamesd at echeque.com> wrote: 
> > [snip]
> > > As governments were created to smash property rights, they are 
> > > always everywhere necessarily the enemy of those with property, 
> > > and the greatest enemy of those with the most property.
> > 
> > Uh-huh.  Perhaps you are using the term 'government' in a way that is
> not
> > common to most writers of modern American English?
> 
> I think it's fair to say that governments initially formed to protect
> property rights (although we have no historical record of such a
> government because it must have been before recorded history began).

I think it's fair to say that governments were initially, and still
largely remain today, the public formalisation of religious rule applied
to the  civil sphere of existence.  It's more complicated than that, but
generally speaking, somewhat disparate religious populations (protestant,
catholic, jew, etc.) accepted the fiction of secular civil governance when
in reality religious groups have tended to dominate the shape and
direction of civil government, while professing to remain at arms-length.

'Fiction' is the operative term here, and I contend that nowhere is this
more evident in the closed world of clandestine affairs -- civilian OR
military.  Religion has always been about 'powerful' and educated in-sect
sub-populations organising civil and intellectuall affairs in such a way
as to mobilise the serfs to the advantage of the privilaged, all the while
presenting convenient systems of fiction to the masses that are expected
to suffice as the broad official reality of society; a reality fully
accessable to some who quite naturally use their position of possibly
intellectual privilage to order the affairs of the serf/slaves.

> They then developed into monarchies which were only really set up to
> protect property rights of the ruler(s).

If I'm not mistaken, it was in Germany where the concept of public
figureheads-as-leaders was evolved to a system in which the figurehead
(king, pontiff, leader) was presented as the soruce of state power, but
who in actuality was groomed, controlled, and ruled by a non-public
contingent of privilaged political and intellectual elite who, in general,
ran the affairs of state and/or religion from the back room, so to speak.

This way of organising the public affairs of government has, I think,
roots that date back to the ancient Greeks, but is also largely in favour
today.
 
> With the advent of various quasi-democratic forms of government, the law
> has been compromised insofar as it protects property rights.  You no
> longer have a right to keep all your money (taxes), no longer have a
> right to grow 5' weeds in your front yard if you live in a city, and no
> longer have a right to own certain evil things at all, at least not
> without special governmental permission.  There were analogous
> compromises in democratic Athens and quasi-democratic Rome.

It's rather different today.  
 
> When democratic states inevitably fold into tyranny, some of those
> restrictions remain.  Right now most states have a strange mix of
> property rights protections (e.g. the Berne convention and the DMCA) and
> property rights usurpations (e.g. no right to own certain weapons; equal
> protection).

Agreements and accords such as the Berne convention and the DCMA, to say
nothing of human-rights legislation, are hobbled by the toothlessness of
enforcement, pulic apathy to others' rights, and a load of convenient
exceptions to such rules made for the agents of state.  For instance, the
copyright on my computer software was blithely subverted by the fascist
ubermench involved and responsible for the surveillance detail that I have
suffered over the past two decades.  I listened to some of these people
make excuses for stealing my intellectual property, fashioning rumours to
lessen the wrong of their theft, or 'merely' applying pressure or making
plans to 'encourage' the release of my code in the public domain so their
prior theft could be buried.  Failing that, they have simply stolen all my
computer equipment and delayed my life, possibly so my code could be
`developed' by their own programmers and a history shown -- perhaps with
the partial aim of finally accusing me of stealing "their" intellectual
property after it is released in their own product.

These people are nothing more than jack-booted thugs, and whether they are
Nazis or not is immaterial to the fact that their methods and ideology
closely resemble a modernised version of it.   Whatever the EXCUSE
offered, it is a triumph of putocratic-fascist zeaotry in the sense that
nominally modern and democratic institutions and groups in this world have
acquired some of the memes that drove the Gestapo/SS/Abwher.  There is no
excuse, but since Orwellian political and intellectual abdications and
maneuvers are quite well in fashion today, it is obviously stylisn to
pretend that such things do not and cannot possibly occur.  Hence the
stupefying silence over what is bloody fucking obvious to anyone with half
a brain.

Have a nice day.


Regards,

Steve


______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca




From steve49152 at yahoo.ca  Wed Feb 16 10:31:14 2005
From: steve49152 at yahoo.ca (Steve Thompson)
Date: Wed, 16 Feb 2005 13:31:14 -0500 (EST)
Subject: What is a cypherpunk?
In-Reply-To: <p061104cabe3836da5fb5@[68.167.57.91]>
Message-ID: <20050216183114.29324.qmail@web51807.mail.yahoo.com>

 --- "R.A. Hettinga" <rah at shipwright.com> wrote: 
[snip]
> Property is like rights. We create it inherently, because we're human,
> it
> is not bestowed upon us by someone else. Particularly if that property
> is
> stolen from someone else at tax-time.

Bzzt.  I call you on your bullshit.

Supposedly by convention, individuals attach some of a set of symbol
relations to physical objects and ideas and processes.   Such relations,
when observed consistently, confer rights of posession and use to groups
or individuals.  Individuals employed by governments, as well as special
interest groups, are certainly no longer satisfied with a democratic
arrangement of property rights and have manufactured consent, as it were,
to establish a bunch of exceptions to property rights that allow for
`legalised' theft.

But as long as property rights are generally considered to be a tenet and
characteristic of society, excuses for officiated theft, for instance,
merely put a veneer of legitimacy over certain kinds of theft.  I doubt
that RMS will ever be framed, arrested and thrown in to the gulag, his
property confiscated; but for someone like myself, that is certainly an
option, eh?  


Regards,

Steve


______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca




From rah at shipwright.com  Wed Feb 16 10:43:06 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 16 Feb 2005 13:43:06 -0500
Subject: FSTC Project Update
Message-ID: <p06110438be3944a89d3f@[68.167.57.91]>

--- begin forwarded text



From rah at shipwright.com  Wed Feb 16 11:29:02 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 16 Feb 2005 14:29:02 -0500
Subject: SHA1 broken?
Message-ID: <p0611043abe394f64216b@[68.167.57.91]>

--- begin forwarded text



From jamesd at echeque.com  Wed Feb 16 14:44:42 2005
From: jamesd at echeque.com (James A. Donald)
Date: Wed, 16 Feb 2005 14:44:42 -0800
Subject: SHA1 broken?
In-Reply-To: <p0611043abe394f64216b@[68.167.57.91]>
Message-ID: <42135C5A.31592.2E217C6@localhost>

    --
> There is however a huge problem replace SHA-1 by something
> else from now to tomorrow: Other algorithms are not as well
> anaylyzed and compared against SHA-1 as for example AES to
> DES are; so there is no immediate successor of SHA-1 of whom
> we can be sure to withstand the possible new techniques.
> Second, SHA-1 is tightly integrated in many protocols without
> a fallback algorithms (OpenPGP: fingerprints, MDC, default
> signature algorithm and more).

They reduced the break time of SHA1 from 2^80 to 2^69.

Presumably they will succeed in reducing the break time of
SHA256 from 2^128 to a mere 2^109 or so.

So SHA256 should be OK.

2^69 is damn near unbreakable.  2^80 is really unbreakable. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     IQqit8pqSokARYxy1xVLrTaVRSKMAGvz2MXbQqXi
     4DAQZgw0sbP3OcD3kgO+x7f+VfsPD4E8EBsB96d/D




From rah at shipwright.com  Wed Feb 16 12:25:46 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 16 Feb 2005 15:25:46 -0500
Subject: Mudge Lives: China seeks hackers for information warfare,
  follows  Clinton's lead
Message-ID: <p06110445be395c9a3a42@[68.167.57.91]>

<http://www.worldtribune.com/worldtribune/05/breaking2453418.064583333.html>

World Tribune.com --


 China seeks hackers for information warfare, cites Clinton's example

 Special to World Tribune.com
EAST-ASIA-INTEL.COMWednesday, February 16, 2005

 Zhang Zhaozhong, director of the Military and Equipment Teaching and
Research Center of the National Defense University, said the government is
hoping to recruit computer hackers as part of its information warfare
operations.

 Zhang noted that former U.S. President Bill Clinton invited hackers to the
White House for a discussion of network security. China could also follow
this example to mine the skills of hackers, Zhang said.

 He said that recruiting hackers would enhance information security levels.

 The comments appeared in the Hong Kong newspaper Wen Wei Po. The newspaper
reported Feb. 10 that a well-known Chinese hacker organization, the Honker
Union, had disbanded. The group claimed thousands of members, including
network security professionals.

 The group claimed to have successfully attacked the White House Internet
site, and it was part of a joint Chinese effort to conduct attacks on U.S.
websites following the April 2001 mid-air collision of a Chinese F-8 jet
and U.S. EP-3 surveillance aircraft.

 Other hacker groups that reportedly took part in the attacks were the
Hacker Union for China and China Eagles.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From iang at systemics.com  Wed Feb 16 07:29:21 2005
From: iang at systemics.com (Ian G)
Date: Wed, 16 Feb 2005 15:29:21 +0000
Subject: How to Stop Junk E-Mail: Charge for the Stamp
In-Reply-To: <E1D1HtE-0000IW-00@medusa01.cs.auckland.ac.nz>
References: <E1D1HtE-0000IW-00@medusa01.cs.auckland.ac.nz>
Message-ID: <421366D1.9010802@systemics.com>

Peter Gutmann wrote:

>Barry Shein <bzs at world.std.com> writes:
>
>  
>
>>Eventually email will just collapse (as it's doing) and the RBOCs et al will
>>inherit it and we'll all be paying 15c per message like their SMS services.
>>    
>>
>
>And the spammers will be using everyone else's PC's to send out their spam, so
>the spam problem will still be as bad as ever but now Joe Sixpack will be
>paying to send it.
>
>Hmmm, and maybe *that* will finally motivate software companies, end users,
>ISPs, etc etc, to fix up software, systems, and usage habits to prevent this.
>  
>

My view - as controversial as ever - is that the problem
is unfixable, and mail will eventually fade away.  That
which will take its place is p2p / IM / chat / SMS based.
In that world, it is still reasonable to build ones own IM
system for the needs of ones own community, and not
to have to worry about standards.  Which means one can
build in the defences that are needed, when they are
needed.

Chat is already higher volume (I read somewhere) in
raw quantity of messages sent than email.

A fate for email is that as spam grows to take over more
of the share of the shrinking pie, but consumes more of
the bandwidth, the ISPs will start to charge people for
email, and not for IM.  Those left paying for it are going
to discover it is cheaper to ditch it and let the spammers
fight over the shreds.  That's just one plausible future,
tho.

iang

-- 
News and views on what matters in finance+crypto:
        http://financialcryptography.com/




From steve49152 at yahoo.ca  Wed Feb 16 12:41:09 2005
From: steve49152 at yahoo.ca (Steve Thompson)
Date: Wed, 16 Feb 2005 15:41:09 -0500 (EST)
Subject: What is a cypherpunk?
In-Reply-To: <20050216194139.GA29926@arion.soze.net>
Message-ID: <20050216204109.78445.qmail@web51801.mail.yahoo.com>

[snip]
> > Agreements and accords such as the Berne convention and the DCMA, to
> say
> > nothing of human-rights legislation, are hobbled by the toothlessness
> of
> > enforcement, pulic apathy to others' rights, and a load of convenient
> > exceptions to such rules made for the agents of state.
> 
> Okay.  So it's fair to say, then, that we have compromises between
> property rights protections and other (perceived yet imaginary?)
> property rights protections.  Which is really what it boils down to.

Absolutely.

> There's no property rights usurpation without some motive behind it.

Unless if it's by accident.

> And motives generally stem from wanting to redistribute property or deny
> it to another individual, group, or an entire nation.  Sometimes that
> property is land (the excuse for such property redistribution or denial
> of ownership is called "self determination")

Operative word:  excuse.

>                                              , sometimes it is
> intellectual property (the excuse is "information wants to be free")...

Or like maybe the NSA needs to steal something that they can't buy because
they "NEED" to conceal the project that requires the stolen item.  Or
maybe a wealthy interest has a commercial interest to protect and bribes
an official to steal land that threatens said interest.  Or maybe it's a
Klan member who thinks that niggers shouldn't own property, and so he
steals it.  Or perhaps it's a Xtian who believes it's God's will to deny
property rights to heathens, as a lesson in coming to God.  Or maybe it's
a bunch of fucking theives who use any excuse they have at hand to justify
their own greed.

> sometimes it's explosives (they're TOO DANGEROUS, and only terrorists
> have them... are you a terrorist?).

Sometimes it's a complete load of shit, and there's no real valid reason
that will stand intelligent scrutiny as to why some people are allowed to
do one thing that is denied to another people.

Personally, I believe that the people who run the US, the dirty ones, are
too well aware of the liabilities they have assumed as a matter of course
in their history, and who will do anything rather than face paying the
debt.  Anything.   And futher, this conclusion is not so foreign as to be
beyond comprehension, but rather represents a problem that no-one is
willing to deal with -- thus compounding the error.


Since you still aren't bothering to address messages I write in good
faith, I suggest that you should go fuck yourself.


Regards,

Steve


______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca




From jamesd at echeque.com  Wed Feb 16 15:44:26 2005
From: jamesd at echeque.com (James A. Donald)
Date: Wed, 16 Feb 2005 15:44:26 -0800
Subject: What is a cypherpunk?
In-Reply-To: <20050216003033.GA21399@arion.soze.net>
References: <20050215214034.GA22191@arion.soze.net>
Message-ID: <42136A5A.17860.318CB31@localhost>

    --
On 16 Feb 2005 at 0:30, Justin wrote:
> Judging from social dynamics and civil advancement in the 
> animal kingdom, monarchies developed first and property 
> rights were an afterthought.

Recently existent neolithic agricultural peoples, for example 
the New Guineans, seldom had kings, and frequently had no form 
of government at all other than that some people were 
considerably wealthier and more influential than others, but 
they always had private property.

This corresponds to the cattle herding people we read depicted 
in the earliest books of the old testament.  They had private 
property, wage labor, and all that from the beginning, but they 
do not develop kings until the book of Samuel, long after they 
had settled down and developed vineyards and other forms of 
sedentary agriculture: Judges 17:6 "In those days there was no 
king in Israel; every man did what was right in his own eyes"

Thus both our recent observation of primitive peoples, and our 
written historical record, shows that private property rights 
long preceded government.

Our observations of governments being formed show that 
governments are formed primarily for the purpose of attacking 
private property rights.   You want to steal something like 
land or women, you need a really big gang. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     of/pZSLkKATIjG0fWzPvEZnxIsBE/Q0Se80Gx178
     4LGYWiIfc2+Us4l38hwPX8mK0CR7hBpVkJ952v8/D




From jamesd at echeque.com  Wed Feb 16 15:44:26 2005
From: jamesd at echeque.com (James A. Donald)
Date: Wed, 16 Feb 2005 15:44:26 -0800
Subject: What is a cypherpunk?
In-Reply-To: <20050215214034.GA22191@arion.soze.net>
References: <20050215182338.5761.qmail@web51810.mail.yahoo.com>
Message-ID: <42136A5A.29696.318CAB9@localhost>

    --
James A. Donald
> > > As governments were created to smash property rights,
> > > they are always everywhere necessarily the enemy of those
> > > with property, and the greatest enemy of those with the
> > > most property.

Steve Thompson
> > Uh-huh.  Perhaps you are using the term 'government' in a
> > way that is not common to most writers of modern American
> > English?

Justin <justin-cypherpunks at soze.net>
> I think it's fair to say that governments initially formed to
> protect property rights

Where we have historical record, this is not the case.  Romulus
was made King in order that the Romans could abduct and rape
women.  William the bastard became William the conqueror by
stealing land and enserfing people.

After George Washington defeated the British, his next
operation was to crush the Whisky rebellion.   You could say
that he defeated the British in order to protect property
rights, but his next military operation was to violate property
rights, not uphold them. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     h5r7X0d4z7lq2vVpAOdecOCy2txrOnv9O/ymDY+3
     4VE2saGBeSH+48fFJ9nuHVOypb45jH6pBBteu3f+Z




From steve49152 at yahoo.ca  Wed Feb 16 12:45:06 2005
From: steve49152 at yahoo.ca (Steve Thompson)
Date: Wed, 16 Feb 2005 15:45:06 -0500 (EST)
Subject: What is a cypherpunk?
In-Reply-To: <20050216194805.GB29926@arion.soze.net>
Message-ID: <20050216204506.29851.qmail@web51809.mail.yahoo.com>

 --- Justin <justin-cypherpunks at soze.net> wrote: 
> On 2005-02-16T13:31:14-0500, Steve Thompson wrote:
> >  --- "R.A. Hettinga" <rah at shipwright.com> wrote: 
> > [snip]
> > > Property is like rights. We create it inherently, because we're
> human,
> > > it
> > > is not bestowed upon us by someone else. Particularly if that
> property
> > > is
> > > stolen from someone else at tax-time.
> > 
> > But as long as property rights are generally considered to be a tenet
> and
> > characteristic of society, excuses for officiated theft, for instance,
> > merely put a veneer of legitimacy over certain kinds of theft.  I
> doubt
> > that RMS will ever be framed, arrested and thrown in to the gulag, his
> > property confiscated; but for someone like myself, that is certainly
> an
> > option, eh?  
> 
> Is there a difference between property rights in a society like a pride
> of lions, and property rights that are respected independent of social
> status?  Or are they essentially the same?  They seem to be different,
> but I can't articulate why.  Obviously the latter needs enforcement,
> possibly courts, etc., but I can't identify a more innate difference,
> other than simply as I described it -- property rights depending on
> social status, and property rights not depending on social status.
> 
> I don't think any society has ever managed to construct a pure property
> rights system where nobody has any advantage.  Without government it's
> the strong.  With government, government agents have an advantage, and
> rich people have an advantage because they can hire smart lawyers to get
> unfair court decisions.  So maybe this is just silly, in which case I
> believe even more strongly that formal status-independent property
> rights are not the basis of government.

Whatever.  See the sentence I wrote last in my previous message.
When you grow the fuck up, drop me a line.


Regards,

Steve

______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca




From rah at shipwright.com  Wed Feb 16 12:56:05 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 16 Feb 2005 15:56:05 -0500
Subject: 'SS Jimma: The American Mystery Sub
Message-ID: <p0611045fbe396323c263@[68.167.57.91]>

Code-named "Killer Rabbit"...

Cheers,
RAH
------

<http://www.strategypage.com/search.asp?target=c:\inetpub\strategypageroot\fyeo\howtomakewar\docs\htsub.htm&search=carter>

StrategyPage.com

February 16, 2005

SUBMARINES: The American Mystery Sub


January 14, 2005: The USS Jimmy Carter (SSN 23),  a modified Seawolf-class
submarine, is used for missions the navy does not like to talk about. The
Carter displaces 12,151 tons submerged, is 100 feet longer than a baseline
Seawolf (453 feet compared to 353 feet). She is also slightly slower than a
baseline Seawolf (61.1 kilometers per hour compared to 64.8 for the
baseline Seawolf), and carries the same armament (eight 30-inch torpedo
tubes with fifty weapons).

 The Jimmy Carter, though, was not designed  for combat patrols. She is
officially a testbed, much like the Los Angeles-class submarine USS
Memphis. However, her real role is to eventually replace the Sturgeon-class
submarine USS Parche, which was taken out of service in October, 2004. The
USS Parche also has a 100-foot long extension - although that was installed
during a refit that lasted from 1987-1991. The Navy is very reluctant to
give out details about the Jimmy Carter, and she is often placed in a
covered drydock (to keep her away from prying eyes in space as well as on
the ground). This is not surprising. The methods and sources of
intelligence are protected very closely by the intelligence community, and
the Jimmy Carter is going to be one of the prime sources of intelligence.

 The Jimmy Carter is capable of carrying 50 special operations personnel,
but her primary mission will be intelligence gathering. The Navy doesn't
talk much about the intelligence-gathering missions it has carried out in
the past, or currently. One of the missions Parche carried out was the
maintenance of taps on undersea phone lines between the Russian naval bases
of Petropavalosk and Vladivostok (the famous "Ivy Bells" mission). Other
missions involved electronic intelligence. Submarines are ideal for this
mission - they can often supplement coverage by aircraft and satellites.
This supplementary coverage it vital. Aircraft can be detected and have
limited range and satellites have predictable orbits. Dummy transmissions
can be used to throw them off. Submarines, on the other hand, are
unpredictable things - particularly nuclear-powered submarines. There is no
way to know a submarine is there
 unless it either chooses to reveal its
presence (usually through the creation of a flaming datum) or something
goes wrong (a collision - like which happened with the USS Tautog).
Submarines often get data on new naval units - often shadowing them and
collecting "hull shots" (pictures of the hull of a ship or submarine) and a
very good idea of the ship's acoustic signature (for future identification).

 In time of war, the Jimmy Carter will provide support for various
missions, like raids by SEALs and other special operations units. Often,
these groups will split up for missions, which could run the gamut of raids
or advising partisans, or a single large mission could be carried out.
Often, their delivery will be by the Advanced SEAL Delivery System,
supported in a Dry Dock Shelter. She will also have additional command and
control facilities, and storage for additional munitions and fuel.

 You will not hear much about what the Jimmy Carter does if the United
States Navy has its way. The submarines are called the Silent Service. This
is doubly true for those submarines like Jimmy Carter and Parche - which
engage in intelligence gathering. Their successes remain secret - failures
will probably make the press. 


 
Seawolf
 Jimmy Carter
Parche

Length (feet)
 353
453
401.5

Displ. (tons)
 9,137
12,151
7,800

Speed (km/h)
 61.1
64.8
46.3

Crew
 130
 130+
 50 SF 179+

Torpedo tubes
8 30"
8 30"
4 21"

Weapons
50
50
23

 


 Comparison of special operations subs Jimmy Carter and Parche. Seawolf 
 included for comparison to Carter.- Harold C. Hutchison
(hchutch at ix.netcom.com)




-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From pgut001 at cs.auckland.ac.nz  Tue Feb 15 21:38:20 2005
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Wed, 16 Feb 2005 18:38:20 +1300
Subject: How to Stop Junk E-Mail: Charge for the Stamp
In-Reply-To: <16914.30641.697792.602776@world.std.com>
Message-ID: <E1D1HtE-0000IW-00@medusa01.cs.auckland.ac.nz>

Barry Shein <bzs at world.std.com> writes:

>Eventually email will just collapse (as it's doing) and the RBOCs et al will
>inherit it and we'll all be paying 15c per message like their SMS services.

And the spammers will be using everyone else's PC's to send out their spam, so
the spam problem will still be as bad as ever but now Joe Sixpack will be
paying to send it.

Hmmm, and maybe *that* will finally motivate software companies, end users,
ISPs, etc etc, to fix up software, systems, and usage habits to prevent this.

Peter.




From bzs at world.std.com  Wed Feb 16 16:28:22 2005
From: bzs at world.std.com (Barry Shein)
Date: Wed, 16 Feb 2005 19:28:22 -0500
Subject: How to Stop Junk E-Mail: Charge for the Stamp
In-Reply-To: <E1D1HtE-0000IW-00@medusa01.cs.auckland.ac.nz>
References: <16914.30641.697792.602776@world.std.com> 
  <E1D1HtE-0000IW-00@medusa01.cs.auckland.ac.nz>
Message-ID: <16915.58662.437085.341686@world.std.com>

Bingo, that's the whole point, spam doesn't get "fixed" until there's
a robust economics available to fix it. So long as it's treated merely
an annoyance or security flaw there won't be enough economic
backpressure.


On February 16, 2005 at 18:38 pgut001 at cs.auckland.ac.nz (Peter Gutmann) wrote:
 > Barry Shein <bzs at world.std.com> writes:
 > 
 > >Eventually email will just collapse (as it's doing) and the RBOCs et al will
 > >inherit it and we'll all be paying 15c per message like their SMS services.
 > 
 > And the spammers will be using everyone else's PC's to send out their spam, so
 > the spam problem will still be as bad as ever but now Joe Sixpack will be
 > paying to send it.
 > 
 > Hmmm, and maybe *that* will finally motivate software companies, end users,
 > ISPs, etc etc, to fix up software, systems, and usage habits to prevent this.
 > 
 > Peter.

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*




From justin-cypherpunks at soze.net  Wed Feb 16 11:41:39 2005
From: justin-cypherpunks at soze.net (Justin)
Date: Wed, 16 Feb 2005 19:41:39 +0000
Subject: What is a cypherpunk?
In-Reply-To: <20050216181816.80869.qmail@web51805.mail.yahoo.com>
References: <20050215214034.GA22191@arion.soze.net>
  <20050216181816.80869.qmail@web51805.mail.yahoo.com>
Message-ID: <20050216194139.GA29926@arion.soze.net>

On 2005-02-16T13:18:16-0500, Steve Thompson wrote:
>  --- Justin <justin-cypherpunks at soze.net> wrote: 
> > On 2005-02-15T13:23:37-0500, Steve Thompson wrote:
> > >  --- "James A. Donald" <jamesd at echeque.com> wrote: [snip]
> > > > As governments were created to smash property rights, they are
> > > > always everywhere necessarily the enemy of those with property,
> > > > and the greatest enemy of those with the most property.
> > > 
> > > Uh-huh.  Perhaps you are using the term 'government' in a way that
> > > is not common to most writers of modern American English?
> > 
> > I think it's fair to say that governments initially formed to
> > protect property rights (although we have no historical record of
> > such a government because it must have been before recorded history
> > began).

As I said, I think this is wrong.  Mammals other than primates recognize
property in a sense, but it depends entirely on social status.  There is
no recognition of property rights independent of social position.  If a
lion loses a fight, he loses all his property.

Chimp and gorilla communities have the beginnings of monarchy.  Yet they
don't care about religion, and their conception of property rights still
derives from their position in the social ladder.  If not primates, do
any animals besides humans recognize property rights independent of
social position?

> I think it's fair to say that governments were initially, and still
> largely remain today, the public formalisation of religious rule
> applied to the  civil sphere of existence.  It's more complicated than
> that, but generally speaking, somewhat disparate religious populations
> (protestant, catholic, jew, etc.) accepted the fiction of secular
> civil governance when in reality religious groups have tended to
> dominate the shape and direction of civil government, while professing
> to remain at arms-length.

I think it's fair to say that religion post-dates government, at least
informal government.  Maybe the first monarchs/oligarchs came up with
religious schemes to keep the peons in line, but I would think that was
incidental, as was the notion of property rights.  Both property rights
and religion depend heavily on the ability for communication, but
monarchy can be established without it.  All the monarch needs is a big
stick and an instinctual understanding of some of the principles much
later described by our good Italian friend Niccolo M.

> 'Fiction' is the operative term here, and I contend that nowhere is this
> more evident in the closed world of clandestine affairs -- civilian OR
> military.  Religion has always been about 'powerful' and educated in-sect
> sub-populations organising civil and intellectuall affairs in such a way

I think it's fair to say that religion may be more important than
property rights for keeping people in line.  But I think they're both
incidental.

> > When democratic states inevitably fold into tyranny, some of those
> > restrictions remain.  Right now most states have a strange mix of
> > property rights protections (e.g. the Berne convention and the DMCA) and
> > property rights usurpations (e.g. no right to own certain weapons; equal
> > protection).
> 
> Agreements and accords such as the Berne convention and the DCMA, to say
> nothing of human-rights legislation, are hobbled by the toothlessness of
> enforcement, pulic apathy to others' rights, and a load of convenient
> exceptions to such rules made for the agents of state.

Okay.  So it's fair to say, then, that we have compromises between
property rights protections and other (perceived yet imaginary?)
property rights protections.  Which is really what it boils down to.
There's no property rights usurpation without some motive behind it.
And motives generally stem from wanting to redistribute property or deny
it to another individual, group, or an entire nation.  Sometimes that
property is land (the excuse for such property redistribution or denial
of ownership is called "self determination"), sometimes it is
intellectual property (the excuse is "information wants to be free")...
sometimes it's explosives (they're TOO DANGEROUS, and only terrorists
have them... are you a terrorist?).

-- 
Certainly there is no hunting like the hunting of man, and those who
have hunted armed men long enough and liked it, never really care for
anything else thereafter.           --Hemingway, Esquire, April 1936




From justin-cypherpunks at soze.net  Wed Feb 16 11:48:05 2005
From: justin-cypherpunks at soze.net (Justin)
Date: Wed, 16 Feb 2005 19:48:05 +0000
Subject: What is a cypherpunk?
In-Reply-To: <20050216183114.29324.qmail@web51807.mail.yahoo.com>
References: <p061104cabe3836da5fb5@[68.167.57.91]>
  <20050216183114.29324.qmail@web51807.mail.yahoo.com>
Message-ID: <20050216194805.GB29926@arion.soze.net>

On 2005-02-16T13:31:14-0500, Steve Thompson wrote:
>  --- "R.A. Hettinga" <rah at shipwright.com> wrote: 
> [snip]
> > Property is like rights. We create it inherently, because we're human,
> > it
> > is not bestowed upon us by someone else. Particularly if that property
> > is
> > stolen from someone else at tax-time.
> 
> But as long as property rights are generally considered to be a tenet and
> characteristic of society, excuses for officiated theft, for instance,
> merely put a veneer of legitimacy over certain kinds of theft.  I doubt
> that RMS will ever be framed, arrested and thrown in to the gulag, his
> property confiscated; but for someone like myself, that is certainly an
> option, eh?  

Is there a difference between property rights in a society like a pride
of lions, and property rights that are respected independent of social
status?  Or are they essentially the same?  They seem to be different,
but I can't articulate why.  Obviously the latter needs enforcement,
possibly courts, etc., but I can't identify a more innate difference,
other than simply as I described it -- property rights depending on
social status, and property rights not depending on social status.

I don't think any society has ever managed to construct a pure property
rights system where nobody has any advantage.  Without government it's
the strong.  With government, government agents have an advantage, and
rich people have an advantage because they can hire smart lawyers to get
unfair court decisions.  So maybe this is just silly, in which case I
believe even more strongly that formal status-independent property
rights are not the basis of government.

-- 
Certainly there is no hunting like the hunting of man, and those who
have hunted armed men long enough and liked it, never really care for
anything else thereafter.           --Hemingway, Esquire, April 1936




From wk at gnupg.org  Wed Feb 16 10:54:35 2005
From: wk at gnupg.org (Werner Koch)
Date: Wed, 16 Feb 2005 19:54:35 +0100
Subject: SHA1 broken?
Message-ID: <mailman.1180.1576007656.31620.cypherpunks-legacy@lists.cpunks.org>

On Wed, 16 Feb 2005 11:57:36 -0500, David Shaw said:

> Yes it is.  Assuming this is true, we must start migrating away from
> SHA-1.  Actually, we should start this anyway - even the NIST
> recommends moving away from SHA-1 for long-term security.

The real problem with the breakthrough is, that it seems that they
have developed a new cryptoanalytical method and that might pave the
way for further improvements.  Over the last 2 decades the art of
cryptoanalysis has changed dramatically in the area of symmetric
ciphers.  This will probably also happen to hash algorithms now.

There is however a huge problem replace SHA-1 by something else from
now to tomorrow: Other algorithms are not as well anaylyzed and
compared against SHA-1 as for example AES to DES are; so there is no
immediate successor of SHA-1 of whom we can be sure to withstand the
possible new techniques.  Second, SHA-1 is tightly integrated in many
protocols without a fallback algorithms (OpenPGP: fingerprints, MDC,
default signature algorithm and more).


Salam-Shalom,

   Werner



_______________________________________________
Gnupg-users mailing list
Gnupg-users at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From bzs at world.std.com  Wed Feb 16 17:12:59 2005
From: bzs at world.std.com (Barry Shein)
Date: Wed, 16 Feb 2005 20:12:59 -0500
Subject: How to Stop Junk E-Mail: Charge for the Stamp
In-Reply-To: <BAY24-F20F3592B7AD778E92ACDB39B6C0@phx.gbl>
References: <16914.30641.697792.602776@world.std.com> 
  <BAY24-F20F3592B7AD778E92ACDB39B6C0@phx.gbl>
Message-ID: <16915.61339.532947.175815@world.std.com>

And how do you fund all this, make it attain an economic life of its
own?

That's the big problem with all micropayment schemes. They sound good
until you try to work the business plan, then they prove themselves
impossible because it costs 2c to handle each penny. And more if
issues such as collections and enforcement (e.g., against frauds) is
taken into account.

This is why, for example, we have a postal system which manages
postage, rather than some scheme whereby every paper mail recipient
charges every paper mail sender etc etc etc.

On February 16, 2005 at 12:38 camera_lumina at hotmail.com (Tyler Durden) wrote:
 > Wrong. We already solved this problem on Cypherpunks a while back.
 > 
 > A spammer will have to pay to send you spam, trusted emails do not. You'll 
 > have a settable Spam-barrier which determines how much a spammer has to pay 
 > in order to lob spam over your barrier (you can set it to 'infinite' of 
 > course).
 > 
 > A new, non-spam mailer can request that their payment be returned upon 
 > receipt, but they'll have to include the payment unless you were expecting 
 > them.
 > 
 > This way, the only 3rd parties are those that validate the micropayments.
 > 
 > -TD
 > 
 > >From: Barry Shein <bzs at world.std.com>
 > >To: "R.A. Hettinga" <rah at shipwright.com>
 > >CC: cryptography at metzdowd.com, cypherpunks at al-qaeda.net
 > >Subject: Re: How to Stop Junk E-Mail: Charge for the Stamp
 > >Date: Tue, 15 Feb 2005 17:29:05 -0500
 > >
 > >Oh no, the idiotic penny black idea rides again.
 > >
 > >Like the movie "War Games" when a young Matthew Broderick saves the
 > >world by causing the WOPR computer to be distracted into playing
 > >itself tic-tac-toe rather than launching a pre-emptive nuclear strike.
 > >
 > >It was a MOVIE, made in 1983 nonetheless, get over it.
 > >
 > >More seriously, what attracts people to this penny black idea is that
 > >they realize that the only thing which will stop spammers is to
 > >interject some sort of economic constraint. The obvious constraint
 > >would be something like stamps since that's a usage fee.
 > >
 > >But the proposer (and his/her/its audience) always hates the idea of
 > >paying postage for their own email, no, no, there must be a solution
 > >which performs that economic miracle of only charging for the behavior
 > >I don't like! An economic Maxwell's demon!
 > >
 > >So, just like the terminal seeking laetrile shots or healing waters,
 > >they turn to not even half-baked ideas such as penny black. Don't
 > >charge you, don't charge me, charge that fellow behind the tree!
 > >
 > >Oh well.
 > >
 > >Eventually email will just collapse (as it's doing) and the RBOCs et
 > >al will inherit it and we'll all be paying 15c per message like their
 > >SMS services.
 > >
 > >I know, we'll work around it. Of course by then they'll have a
 > >multi-billion dollar messaging business to make sure your attempts to
 > >by-step it are outlawed and punished. Consider what's going on with
 > >the music-sharing world, as another multi-billion dollar business
 > >people thought they could just defy with anonymous peer-to-peer
 > >services...
 > >
 > >The point: I think the time is long past due to "grow up" on this
 > >issue and accept that some sort of limited, reasonable-usage-free,
 > >postage system is necessary to prevent collapse into monopoly.
 > >
 > >--
 > >         -Barry Shein
 > >
 > >Software Tool & Die    | bzs at TheWorld.com           | 
 > >http://www.TheWorld.com
 > >Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
 > >The World              | Public Access Internet     | Since 1989     *oo*
 > 

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*




From rah at shipwright.com  Wed Feb 16 17:33:17 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 16 Feb 2005 20:33:17 -0500
Subject: How to Stop Junk E-Mail: Charge for the Stamp
In-Reply-To: <16915.61339.532947.175815@world.std.com>
References: <16914.30641.697792.602776@world.std.com> 
  <BAY24-F20F3592B7AD778E92ACDB39B6C0@phx.gbl> 
  <16915.61339.532947.175815@world.std.com>
Message-ID: <p061104e6be39a4951977@[68.167.57.91]>

At 8:12 PM -0500 2/16/05, Barry Shein wrote:
>And how do you fund all this, make it attain an economic life of its
>own?

I can send you a business plan, if you like. Post-Clinton-Bubble talent's
still cheap, I bet...

;-)

Still estivating, here, in Roslindale,
RAH

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From camera_lumina at hotmail.com  Wed Feb 16 18:04:53 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Wed, 16 Feb 2005 21:04:53 -0500
Subject: How to Stop Junk E-Mail: Charge for the Stamp
In-Reply-To: <16915.61339.532947.175815@world.std.com>
Message-ID: <BAY24-F1930B5987EC7003B192E6F9B6D0@phx.gbl>

Well, basically it's pretty simple. Someone will eventually recognize that 
the idea has a lot of economic potential and they'll go to Sand Hill and get 
some venture funds. 6 months later you'll be able to sign up for "Spam 
Mail". Eventually the idea will spread and Spammers, who are already 
squeezed via Men With Guns, will start running out of options and so will be 
willing to pay, for instance, 1 cent per email. After that, of course, the 
price will likely go up, except for crummier demographics that are willing 
to read email for 1 cent/spam.

Actually, this points to why Spam is Spam...Spam is Spam because it has zero 
correlation to what you want. Look at Vogue, etc...it's a $10 magazine 
consisting mostly of advertisements, but they're the advertisements women 
want. Pay-to-Spam will work precisely because it will force Spammers to 
become actual marketers, delivering the right messages to the right 
demographics..in that context the Price to send spam is a precise measure of 
Spammers lack-of-marketing savvy and/or information. Hell, if they're good 
enough at it they'll probably get women to pay THEM to spam 'em.

-TD

>From: Barry Shein <bzs at world.std.com>
>To: "Tyler Durden" <camera_lumina at hotmail.com>
>CC: bzs at world.std.com, rah at shipwright.com, cryptography at metzdowd.com,   
>cypherpunks at al-qaeda.net
>Subject: Re: How to Stop Junk E-Mail: Charge for the Stamp
>Date: Wed, 16 Feb 2005 20:12:59 -0500
>
>
>And how do you fund all this, make it attain an economic life of its
>own?
>
>That's the big problem with all micropayment schemes. They sound good
>until you try to work the business plan, then they prove themselves
>impossible because it costs 2c to handle each penny. And more if
>issues such as collections and enforcement (e.g., against frauds) is
>taken into account.
>
>This is why, for example, we have a postal system which manages
>postage, rather than some scheme whereby every paper mail recipient
>charges every paper mail sender etc etc etc.
>
>On February 16, 2005 at 12:38 camera_lumina at hotmail.com (Tyler Durden) 
>wrote:
>  > Wrong. We already solved this problem on Cypherpunks a while back.
>  >
>  > A spammer will have to pay to send you spam, trusted emails do not. 
>You'll
>  > have a settable Spam-barrier which determines how much a spammer has to 
>pay
>  > in order to lob spam over your barrier (you can set it to 'infinite' of
>  > course).
>  >
>  > A new, non-spam mailer can request that their payment be returned upon
>  > receipt, but they'll have to include the payment unless you were 
>expecting
>  > them.
>  >
>  > This way, the only 3rd parties are those that validate the 
>micropayments.
>  >
>  > -TD
>  >
>  > >From: Barry Shein <bzs at world.std.com>
>  > >To: "R.A. Hettinga" <rah at shipwright.com>
>  > >CC: cryptography at metzdowd.com, cypherpunks at al-qaeda.net
>  > >Subject: Re: How to Stop Junk E-Mail: Charge for the Stamp
>  > >Date: Tue, 15 Feb 2005 17:29:05 -0500
>  > >
>  > >Oh no, the idiotic penny black idea rides again.
>  > >
>  > >Like the movie "War Games" when a young Matthew Broderick saves the
>  > >world by causing the WOPR computer to be distracted into playing
>  > >itself tic-tac-toe rather than launching a pre-emptive nuclear strike.
>  > >
>  > >It was a MOVIE, made in 1983 nonetheless, get over it.
>  > >
>  > >More seriously, what attracts people to this penny black idea is that
>  > >they realize that the only thing which will stop spammers is to
>  > >interject some sort of economic constraint. The obvious constraint
>  > >would be something like stamps since that's a usage fee.
>  > >
>  > >But the proposer (and his/her/its audience) always hates the idea of
>  > >paying postage for their own email, no, no, there must be a solution
>  > >which performs that economic miracle of only charging for the behavior
>  > >I don't like! An economic Maxwell's demon!
>  > >
>  > >So, just like the terminal seeking laetrile shots or healing waters,
>  > >they turn to not even half-baked ideas such as penny black. Don't
>  > >charge you, don't charge me, charge that fellow behind the tree!
>  > >
>  > >Oh well.
>  > >
>  > >Eventually email will just collapse (as it's doing) and the RBOCs et
>  > >al will inherit it and we'll all be paying 15c per message like their
>  > >SMS services.
>  > >
>  > >I know, we'll work around it. Of course by then they'll have a
>  > >multi-billion dollar messaging business to make sure your attempts to
>  > >by-step it are outlawed and punished. Consider what's going on with
>  > >the music-sharing world, as another multi-billion dollar business
>  > >people thought they could just defy with anonymous peer-to-peer
>  > >services...
>  > >
>  > >The point: I think the time is long past due to "grow up" on this
>  > >issue and accept that some sort of limited, reasonable-usage-free,
>  > >postage system is necessary to prevent collapse into monopoly.
>  > >
>  > >--
>  > >         -Barry Shein
>  > >
>  > >Software Tool & Die    | bzs at TheWorld.com           |
>  > >http://www.TheWorld.com
>  > >Purveyors to the Trade | Voice: 617-739-0202        | Login: 
>617-739-WRLD
>  > >The World              | Public Access Internet     | Since 1989     
>*oo*
>  >
>
>--
>         -Barry Shein
>
>Software Tool & Die    | bzs at TheWorld.com           | 
>http://www.TheWorld.com
>Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
>The World              | Public Access Internet     | Since 1989     *oo*




From ashwood at msn.com  Wed Feb 16 21:06:44 2005
From: ashwood at msn.com (Joseph Ashwood)
Date: Wed, 16 Feb 2005 21:06:44 -0800
Subject: SHA1 broken?
References: <42135C5A.31592.2E217C6@localhost>
Message-ID: <BAY0-SMTP082C5CB3C054AD2EA7F406AC6D0@phx.gbl>

----- Original Message ----- 
From: "James A. Donald" <jamesd at echeque.com>
Subject: Re: SHA1 broken?


> 2^69 is damn near unbreakable.

I believe you are incorrect in this statement. It is a matter of public 
record that RSA Security's DES Challenge II was broken in 72 hours by 
$250,000 worth of semi-custom machine, for the sake of solidity let's assume 
they used 2^55 work to break it. Now moving to a completely custom design, 
bumping up the cost to $500,000, and moving forward 7 years, delivers ~2^70 
work in 72 hours (give or take a couple orders of magnitude). This puts the 
2^69 work well within the realm of realizable breaks, assuming your 
attackers are smallish businesses, and if your attackers are large 
businesses with substantial resources the break can be assumed in minutes if 
not seconds.

2^69 is completely breakable.
                Joe 




From andrewm at CS.Stanford.EDU  Wed Feb 16 22:34:34 2005
From: andrewm at CS.Stanford.EDU (Andrew S. Morrison)
Date: Wed, 16 Feb 2005 22:34:34 -0800
Subject: SHA-1 broken?
In-Reply-To: <ab93f760050215191618f7af9@mail.gmail.com>
References: <ab93f760050215191618f7af9@mail.gmail.com>
Message-ID: <20050217063434.GD21458@xenon.Stanford.EDU>

All this chatter and everyone pointing to the same page ... but no paper,
no proof ... just mindless chatter.

Anyone know where this ghost paper is?

[demime 1.01d removed an attachment of type application/pgp-signature]




From yyedvzih at audioseek.com  Wed Feb 16 13:53:54 2005
From: yyedvzih at audioseek.com (Basil Cormier)
Date: Wed, 16 Feb 2005 23:53:54 +0200
Subject: Half Moon Bay Telegraph - in-depth article on Suffering in 2005
Message-ID: <028229490171.ZCG59586@calview.com>

Crain's New York Business Enquirer - comparison revealing PAIN

H,Y^D.R^0'C.0-D-0,N,E 7.5/5oO  m-g         30  P!LLS  139.O0  60  P!l|S  249.oo  9o  P1l|S  319.oO   

Get it Qu!ckly :   vicodin

Same Day ShIpp!ng





n^e-v.e'r a*g*a.|.n : stop

miss you

Errol Guevara
Consul
DASGIP AG, J?lich, D-52428, Germany
Phone: 351-438-1328
Mobile: 173-474-2116
Email: yyedvzih at audioseek.com

This message is being sent to confirm your account. Please do not reply directly to this message

This package is a 64 second complementary shareware

NOTES:

The contents of this paper is for attention and should not be escutcheon decline

wappinger marijuana howsoever

Time: Wed, 16 Feb 2005 23:53:54 +0200
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1061 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks-legacy/attachments/20050216/79c4e463/attachment.txt>

From rah at shipwright.com  Thu Feb 17 06:36:28 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 17 Feb 2005 09:36:28 -0500
Subject: [CYBERIA] a story that might be of interest to cyberians
Message-ID: <p061104efbe3a5c652f1d@[68.167.57.91]>

--- begin forwarded text


User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913)
Date:         Thu, 17 Feb 2005 01:08:28 -0500
Reply-To: Law & Policy of Computer Communications <CYBERIA-L at LISTSERV.AOL.COM>
Sender: Law & Policy of Computer Communications <CYBERIA-L at LISTSERV.AOL.COM>
From: Inna Barmash <ibarmash at ALUMNI.PRINCETON.EDU>
Subject: Re: [CYBERIA] a story that might be of interest to cyberians
To: CYBERIA-L at LISTSERV.AOL.COM

This is a really interesting project at Princeton, and it's been going
on for decades. (see the book "Margins of Reality" -
http://www.amazon.com/exec/obidos/tg/detail/-/015657246X/qid=1108619801/sr=8-1/ref=pd_csp_1/002-8298211-8744829?v=glance&s=books&n=507846)

I've taken the tour of the laboratory and participated in a couple of
the experiments (as a guinea pig, that is).  The feeling there is quite
surreal, and they have dramatized the setting in the lab itself quite
well.  The random number generator is a huge machine with a downstream
of little balls, which the subjects - through the power of immense
consciuos concentration - make go one way or the other.  They also have
a wave-simulating machine, which supposedly echoes the patterns of the
Jersey shore waves.
For at least some of the machines, the researchers have found a
significant effect not only with people in the same room, but subjects
as far as Australia, AND even in the future -  influencing the "random"
outcome of the past ...

It'll be interesting to see if the significant effects are amplified
with more and more subjects pitching in through this international project.

--Inna





Paul Gowder wrote:

>Check out this article re: random number generators
>apparently influenced by consciousness:
>http://www.rednova.com/news/display/?id=126649#121
>
>the Princeton project that this is connected with:
>http://noosphere.princeton.edu/
>
>This is fascinating, and potentially groundbreakingly
>huge stuff.
>
>God, how I want to go back to school and study math
>and physics.  Maybe in a few years I will.
>
>
>
>__________________________________
>Do you Yahoo!?
>Yahoo! Mail - Find what you need with new enhanced search.
>http://info.mail.yahoo.com/mail_250
>
>
>**********************************************************************
>For Listserv Instructions, see http://www.lawlists.net/cyberia
>Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
>Need more help? Send mail to: Cyberia-L-Request at listserv.aol.com
>**********************************************************************
>
>
>


**********************************************************************
For Listserv Instructions, see http://www.lawlists.net/cyberia
Off-Topic threads: http://www.lawlists.net/mailman/listinfo/cyberia-ot
Need more help? Send mail to: Cyberia-L-Request at listserv.aol.com
**********************************************************************

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Thu Feb 17 06:48:20 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 17 Feb 2005 09:48:20 -0500
Subject: Cybercash on Vacation
Message-ID: <p061104f0be3a5e018f98@[68.167.57.91]>

<http://www.technologyreview.com/articles/05/03/issue/forward_cybercash.asp?p=0>

Technology Review



TechnologyReview.com
Print  |  Forums

Cybercash on Vacation
By Peter Wayner March 2005


Back in 1996, a small handful of cryptographers, bankers, and blue-sky
thinkers were debating, on Internet mailing lists, the future of money,
when one of them came up with a brilliant idea. If they formed an
organization, booked a Caribbean hotel in the dead of winter, and put a few
papers through the peer review process, they could get their bosses to pay
them to hang out in person. They could sit in the sun and dream about what
it would take to move cash, settle debts, sell things, sign contracts, and
extend credit in the virtual world.


Bob Hettinga, an organizer of the resulting Financial Cryptography
Conference, sounds a bit maudlin when he looks back at that first meeting,
which took place in February 1997 on the island of Anguilla: "It was like
all the net-dot-gods descended on Anguilla. Geeks, financial,
cryptographic, and otherwise. Cypherpunks. Bankpunks, pseudonymous
individuals, guys who would go on to become senior administration
officials, and even people who were paying the $1,000 conference fee in
cash because their corporate-sponsored lawyers told them to stay out of the
papers after various previous escapades."

 This year's conference, taking place in February and March in the
Commonwealth of Dominica, doesn't have the same luster. The program is
jammed with papers about "privacy-preserving protocols" and "probabilistic
escrow" but contains little from the nonacademic world. The people who work
at actual financial institutions just aren't as interested in financial
cryptography as they were in 1997.

It wasn't supposed to be this way. In 1997, the bankers, lawyers, and
accountants were fascinated by what the digital magicians could do with a
few equations. Even though it's easy to make perfect copies of digital
files, for instance, mathematicians found a way to produce a digital $50
bill that would stymie counterfeiters. They didn't stop there. They
imagined transactions that avoided the overhead of a central clearing
house, digital currency that paid interest, and even complicated digital
rights management tools that locked up music, art, and writing with the
same equations used to protect money. Some talked about minting just 500
digital baseball cards for each player and letting the values rise and fall
with batting averages. In short, they imagined a world where wealth was not
frozen in gold and locked in vaults, but rather held in digital mechanisms
that could adapt to whatever people wanted. Some mechanisms could even be
as anonymous as paper cash, and transactions wouldn't require much more
than the click of a mouse.

But while the mathematics is still fascinating, the emergence of any system
based on it is receding into the nebulous future. Today, credit card
companies dominate the Web with a system that, at its heart, is little
different from the one that employed carbon-paper chits. One of the few
companies to find some success in financial cryptography, PayPal, gets most
of its revenue from eBay auctions, where it serves, in essence, as a
well-designed front end for the credit card system.

Adam Shostack, another of the original organizers, thinks that the reason
for the failure of financial cryptography is simple. "People are
conservative in how they pay for things," he says. Indeed, the problem for
financial cryptography's would-be pioneers is that the old credit card
system seems to be good enough for the new online world. If Amazon,
Wal-Mart, and  other e-commerce sites can keep customers happy with plastic
cards, there's little demand for any of the more exciting ideas.

Joseph Nocera, author of A Piece of the Action, a history of the credit
card industry, says digital currency is facing "a chicken-and-egg question"
but points out that credit cards encountered the same problem, and that
their acceptance took decades. In fact, 2003 was the first year credit
cards and other electronic systems carried more payments than bank checks.

As they come to appreciate just how long the road ahead will likely be,
some financial cryptographers are searching for niches where they can
flourish in the short term. Take, for example, Waltham, MA-based startup
Peppercoin, the brainchild of MIT computer scientists Sylvio Micali and Ron
Rivest. Peppercoin is attempting to specialize in very small sums (see "The
Web's New Currency," December 2003).One of its bigger initiatives is
developing a cryptographic system that would enable people to use their
credit cards at parking meters, an application that would be prohibitively
expensive for the traditional credit card network, which has a minimum
transaction fee of about a quarter. If Peppercoin's technology can cut
transaction costs enough, it can capture this market and also make it
possible for people to spend small amounts online.

The inability to handle small change isn't the only weakness of the credit
card system that calls out for cryptographic innovation. Fraud and identity
theft cost society billions of dollars every year. Paul Syverson, a
researcher at the U.S. Naval Research Laboratory, believes this leaves the
door open for some of the new equations from this year's Financial
Cryptography Conference. The privacy-protecting mechanisms imagined by some
mathematicians also have the advantage of not relying on identity
verification to guarantee transactions. If the flow of money is anonymous,
there's no identity to be stolen.

Ultimately, Nocera believes, the high costs and fraud rate in the credit
card industry could give new life to the dreams of the original Financial
Cryptography Conference. "I actually happen to believe fairly strongly that
if someone could ever figure out how to get critical mass for a form of
cybercash that is not backed by a credit card," he says, "it would be a
transformative event for the Web."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Thu Feb 17 06:54:02 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 17 Feb 2005 09:54:02 -0500
Subject: Cybercash on Vacation
Message-ID: <p061104f4be3a607b2443@[68.167.57.91]>

<http://www.technologyreview.com/articles/05/03/issue/forward_cybercash.asp?p=0>

Technology Review



TechnologyReview.com
Print  |  Forums

Cybercash on Vacation
By Peter Wayner March 2005


Back in 1996, a small handful of cryptographers, bankers, and blue-sky
thinkers were debating, on Internet mailing lists, the future of money,
when one of them came up with a brilliant idea. If they formed an
organization, booked a Caribbean hotel in the dead of winter, and put a few
papers through the peer review process, they could get their bosses to pay
them to hang out in person. They could sit in the sun and dream about what
it would take to move cash, settle debts, sell things, sign contracts, and
extend credit in the virtual world.


Bob Hettinga, an organizer of the resulting Financial Cryptography
Conference, sounds a bit maudlin when he looks back at that first meeting,
which took place in February 1997 on the island of Anguilla: "It was like
all the net-dot-gods descended on Anguilla. Geeks, financial,
cryptographic, and otherwise. Cypherpunks. Bankpunks, pseudonymous
individuals, guys who would go on to become senior administration
officials, and even people who were paying the $1,000 conference fee in
cash because their corporate-sponsored lawyers told them to stay out of the
papers after various previous escapades."

 This year's conference, taking place in February and March in the
Commonwealth of Dominica, doesn't have the same luster. The program is
jammed with papers about "privacy-preserving protocols" and "probabilistic
escrow" but contains little from the nonacademic world. The people who work
at actual financial institutions just aren't as interested in financial
cryptography as they were in 1997.

It wasn't supposed to be this way. In 1997, the bankers, lawyers, and
accountants were fascinated by what the digital magicians could do with a
few equations. Even though it's easy to make perfect copies of digital
files, for instance, mathematicians found a way to produce a digital $50
bill that would stymie counterfeiters. They didn't stop there. They
imagined transactions that avoided the overhead of a central clearing
house, digital currency that paid interest, and even complicated digital
rights management tools that locked up music, art, and writing with the
same equations used to protect money. Some talked about minting just 500
digital baseball cards for each player and letting the values rise and fall
with batting averages. In short, they imagined a world where wealth was not
frozen in gold and locked in vaults, but rather held in digital mechanisms
that could adapt to whatever people wanted. Some mechanisms could even be
as anonymous as paper cash, and transactions wouldn't require much more
than the click of a mouse.

But while the mathematics is still fascinating, the emergence of any system
based on it is receding into the nebulous future. Today, credit card
companies dominate the Web with a system that, at its heart, is little
different from the one that employed carbon-paper chits. One of the few
companies to find some success in financial cryptography, PayPal, gets most
of its revenue from eBay auctions, where it serves, in essence, as a
well-designed front end for the credit card system.

Adam Shostack, another of the original organizers, thinks that the reason
for the failure of financial cryptography is simple. "People are
conservative in how they pay for things," he says. Indeed, the problem for
financial cryptography's would-be pioneers is that the old credit card
system seems to be good enough for the new online world. If Amazon,
Wal-Mart, and  other e-commerce sites can keep customers happy with plastic
cards, there's little demand for any of the more exciting ideas.

Joseph Nocera, author of A Piece of the Action, a history of the credit
card industry, says digital currency is facing "a chicken-and-egg question"
but points out that credit cards encountered the same problem, and that
their acceptance took decades. In fact, 2003 was the first year credit
cards and other electronic systems carried more payments than bank checks.

As they come to appreciate just how long the road ahead will likely be,
some financial cryptographers are searching for niches where they can
flourish in the short term. Take, for example, Waltham, MA-based startup
Peppercoin, the brainchild of MIT computer scientists Sylvio Micali and Ron
Rivest. Peppercoin is attempting to specialize in very small sums (see "The
Web's New Currency," December 2003).One of its bigger initiatives is
developing a cryptographic system that would enable people to use their
credit cards at parking meters, an application that would be prohibitively
expensive for the traditional credit card network, which has a minimum
transaction fee of about a quarter. If Peppercoin's technology can cut
transaction costs enough, it can capture this market and also make it
possible for people to spend small amounts online.

The inability to handle small change isn't the only weakness of the credit
card system that calls out for cryptographic innovation. Fraud and identity
theft cost society billions of dollars every year. Paul Syverson, a
researcher at the U.S. Naval Research Laboratory, believes this leaves the
door open for some of the new equations from this year's Financial
Cryptography Conference. The privacy-protecting mechanisms imagined by some
mathematicians also have the advantage of not relying on identity
verification to guarantee transactions. If the flow of money is anonymous,
there's no identity to be stolen.

Ultimately, Nocera believes, the high costs and fraud rate in the credit
card industry could give new life to the dreams of the original Financial
Cryptography Conference. "I actually happen to believe fairly strongly that
if someone could ever figure out how to get critical mass for a form of
cybercash that is not backed by a credit card," he says, "it would be a
transformative event for the Web."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From elric at imrryr.org  Thu Feb 17 07:38:17 2005
From: elric at imrryr.org (Roland Dowdeswell)
Date: Thu, 17 Feb 2005 10:38:17 -0500
Subject: SHA1 broken? 
In-Reply-To: Your message of "Thu, 17 Feb 2005 10:49:29 GMT."           
    <421476B9.9040206@gmx.co.uk> 
Message-ID: <20050217153817.C4CBE37050@arioch.imrryr.org>

On 1108637369 seconds since the Beginning of the UNIX epoch
Dave Howe wrote:
>

>   Its fine assuming that moore's law will hold forever, but without 
>that you can't really extrapolate a future tech curve. with *todays* 
>technology, you would have to spend an appreciable fraction of the 
>national budget to get a one-per-year "break", not that anything that 
>has been hashed with sha-1 can be considered breakable (but that would 
>allow you to (for example) forge a digital signature given an example)

I think that it is generally prudent to make the most ``conservative''
assumption with regards to Moore's Law in any given context.  I.e.
bet that it will continue when determining how easy your security
is to brute force, and assume that it will not when writing code.

--
    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/




From DaveHowe at gmx.co.uk  Thu Feb 17 02:49:29 2005
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Thu, 17 Feb 2005 10:49:29 +0000
Subject: SHA1 broken?
In-Reply-To: <BAY0-SMTP082C5CB3C054AD2EA7F406AC6D0@phx.gbl>
References: <42135C5A.31592.2E217C6@localhost>
  <BAY0-SMTP082C5CB3C054AD2EA7F406AC6D0@phx.gbl>
Message-ID: <421476B9.9040206@gmx.co.uk>

Joseph Ashwood wrote:
  > I believe you are incorrect in this statement. It is a matter of public
> record that RSA Security's DES Challenge II was broken in 72 hours by 
> $250,000 worth of semi-custom machine, for the sake of solidity let's 
> assume they used 2^55 work to break it. Now moving to a completely 
> custom design, bumping up the cost to $500,000, and moving forward 7 
> years, delivers ~2^70 work in 72 hours (give or take a couple orders of 
> magnitude). This puts the 2^69 work well within the realm of realizable 
> breaks, assuming your attackers are smallish businesses, and if your 
> attackers are large businesses with substantial resources the break can 
> be assumed in minutes if not seconds.
> 
> 2^69 is completely breakable.
>                Joe
   Its fine assuming that moore's law will hold forever, but without 
that you can't really extrapolate a future tech curve. with *todays* 
technology, you would have to spend an appreciable fraction of the 
national budget to get a one-per-year "break", not that anything that 
has been hashed with sha-1 can be considered breakable (but that would 
allow you to (for example) forge a digital signature given an example)
   This of course assumes that the "break" doesn't match the criteria 
from the previous breaks by the same team - ie, that you *can* create a 
collision, but you have little or no control over the plaintext for the 
colliding elements - there is no way to know as the paper hasn't been 
published yet.




From cryptography23094893 at aquick.org  Thu Feb 17 07:56:46 2005
From: cryptography23094893 at aquick.org (Adam Fields)
Date: Thu, 17 Feb 2005 10:56:46 -0500
Subject: Digital Water Marks Thieves
In-Reply-To: <p061104adbe37f1e7369a@[68.167.57.91]>
References: <p061104adbe37f1e7369a@[68.167.57.91]>
Message-ID: <20050217155646.GS27763@lola.aquick.org>

On Tue, Feb 15, 2005 at 01:40:33PM -0500, R.A. Hettinga wrote:
> Until, of course, people figure out that taggants on everything do nothing
> but confuse evidence and custody, not help it.
> 
> Go ask the guys in the firearms labs about *that* one.

I like Bruce Schneier's take on this:

"The idea is for me to paint this stuff on my valuables as proof of
ownership. I think a better idea would be for me to paint it on your
valuables, and then call the police."

http://www.schneier.com/blog/archives/2005/02/smart_water.html

-- 
				- Adam

-----
** My new project --> http://www.visiognomy.com/daily
   **  Flagship blog --> http://www.aquick.org/blog
Hire me: [ http://www.adamfields.com/Adam_Fields_Resume.htm ]
Links:   [ http://del.icio.us/fields ]
Photos:  [ http://www.aquick.org/photoblog ]




From rah at shipwright.com  Thu Feb 17 07:57:51 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 17 Feb 2005 10:57:51 -0500
Subject: Malware, spam prompts mass net turn off
Message-ID: <p0611040abe3a650d367c@[68.167.57.91]>

<http://www.theregister.co.uk/2005/01/14/malware_mass_net_turn_off/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Internet and Law ; eCommerce ;

 Original URL:
http://www.theregister.co.uk/2005/01/14/malware_mass_net_turn_off/

Malware, spam prompts mass net turn off
By Andrew Orlowski in San Francisco (andrew.orlowski at theregister.co.uk)
Published Friday 14th January 2005 10:12 GMT

Both beginners and veterans are finding the Interweb experience so
repellent that they're disconnecting in droves, blaming malware and spam.
Despite an overall increase in numbers of humans connected to the internet,
the mass turn-off is beginning to hit ecommerce in the United States.

"Instead of making life easier - the essential promise of technologies
since the steam engine - the home PC of late has made some users feel
stupid, endangered or just hassled beyond reason," writes Joe Menn, who
penned the definitive book on the Napster phenomenon, in a must-read
feature
(http://www.latimes.com/business/la-fi-fedup14jan14,0,111456.story?coll=la-home-headlines)
for the Los AngelesTimes.

Gee. And we thought everyone was joining the 'blogosphere' - melding into
one enormous global hive mind. Clearly, something is spoiling this happy
picture.

Although overall internet usage is increasing, ecommerce has felt the brunt
of the mass turn-off, as newcomers find the net is less than they expected,
and veterans decide that being connected is no longer tolerable.

The Times cites a survey in which almost a third of online shoppers are
buying less than they used to because of security worries. Despite the US
broadband boom, the number of online shoppers rose only one per cent last
year.

Menn also suggests why. A recent survey reckoned 80 per cent of PCs are
infected by malware. The speed with which an unprotected labs was infected
- just four minutes
(http://www.theregister.co.uk/2004/12/01/honeypot_test/) - bears that out.
And there's little sign of respite. Malware authors are creating 150
zombies a week
(http://www.theregister.co.uk/2005/01/05/mcafee_avert_report/).

Now comes the hard part. Mired deep in New Age gloop, California's internet
evangelists can't even see the problem, let alone suggest a solution. Into
this intellectual vacuum, draconian solutions - almost all of which involve
compromising the end-to-end principles that have allowed so much malware to
flourish - seem likely to find favor with fed-up net users.

Over two years ago we speculated that lock-down solutions such as Palladium
and TCPA, or safe, private nets may one day be welcomed as a solution to
the internet's tragedy of the commons. This looks more likely than ever.

Self-healing, it ain't. .

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Thu Feb 17 09:34:06 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 17 Feb 2005 12:34:06 -0500
Subject: [osint] Switzerland Repatriates $458m to Nigeria
Message-ID: <p06110419be3a8606f104@[68.167.57.91]>

--- begin forwarded text


To: "Bruce Tefft" <btefft at community-research.com>
Thread-Index: AcUVCpcZCIoZtD6dRp62Gatn1nTR2g==
From: "Bruce Tefft" <btefft at community-research.com>
Mailing-List: list osint at yahoogroups.com; contact osint-owner at yahoogroups.com
Delivered-To: mailing list osint at yahoogroups.com
Date: Thu, 17 Feb 2005 11:06:28 -0500
Subject: [osint] Switzerland Repatriates $458m to Nigeria
Reply-To: osint at yahoogroups.com


http://allafrica.com/stories/200502170075.html



Switzerland Repatriates $458m to Nigeria











This
<http://allafrica.com/publishers.html?passed_name=This%20Day&passed_location
=Lagos>  Day (Lagos)

February 17, 2005
Posted to the web February 17, 2005

Kunle Aderinokun
Abuja

FG to start drawing funds in March

The Federal Government yesterday announced that the Swiss government has
approved the repatriation of $458 million, being bulk of the $505 million of
public fund stashed away in various private bank accounts in that country by
the late General Sani Abacha and his family.

Making this disclosure yesterday in Abuja at the instance of Swiss
Ambassador to Nigeria, Dr. Pierre Helg, Finance Ministe Ngozi Okonjo-Iweala
said the fund will be transferred into the International Bank for Settlement
(BIS) in Basel, Switzerland, and that Nigeria will be able to withdraw the
money by the end of March this year.

Okonjo-Iweala, who said the Swiss authorities did not attach any condition
for the repatriation of the siphoned monies, said the release was sequel to
the judgment of the Swiss Federal Court, which ruled that the "Swiss
authorities may return assets of obviously criminal origin to Nigeria even
without a court decision in the country concerned."

The finance minister said President Olusegun Obasanjo since assumption of
office had vigorously and relentlessly pursued return of the funds with the
help of the National Security Adviser and herself.

Noting that with this development, Switzerland has earned a positive status
as the first country to return funds illegally placed by the Abacha family,
Okonjo-Iweala said "the Federal Government is indeed grateful to the
government of Switzerland for the principled and focused manner in which it
has pursued this just cause."

"We hope that the Swiss example at both the political and judicial level
will show the way for other countries where our national resources have been
illegally transferred. Switzerland's policy on this issue is a clear sign
that crime does not pay. Nigeria is ready to work with other governments to
achieved the repatriation of other funds which were siphoned out of the
country illegally," she added.

She recalled that Obasanjo had on behalf of the administration made a
commitment to the Swiss government that the Abacha loots will be used for
developmental projects in health and education as well as for infrastructure
(roads, electricity and water supply) for the benefit of Nigerians.

"This", she pointed out, "is of course, very much in keeping with the
priorities of the National Economic Empowerment and Development Strategy
(NEEDS), the nation's blue-print for reducing poverty, creating wealth and
generating employment."

She stated that after receiving the assurances of the Swiss authorities that
the funds will be released , the federal government had "decided to factor
most of the Abacha funds into the 2004 budget so that the urgent challenges
of providing infrastructure and social services to our people would not be
delayed. This is to ensure that our programmes which are on-going are
adequately funded."

According to her, the Federal Government had distributed the recovered $505
million looted funds in the 2004 budget as: rural electrification,
$170million (N21.70billion); priority economic roads, $140 million
(N18.60billion); primary health care vaccination programme, $80 million
(N10.83 billion); support to secondary and basic education, $60 million
(N7.74 billion); and portable water and rural irrigation, $50 million (N6.20
billion).

In his remarks, the Swiss ambassador to Nigeria, Helg said "Switzerland
possesses an efficient set of legal instruments to defend itself against the
inflow of illegal assets, and to recognize, block and return them to their
rightful owners." He noted that "the recent decision of the Federal Supreme
Court will strengthen the deterrent effect of Switzer-land's legal mechanism
against potential future inflows of illegal capital."

He added that "the decision strengthens the Swiss position regarding the
restitution of funds of politically exposed persons, which is: Switzerland
has no interest in accepting illegal funds. It's financial center does not
provide for a safe haven for illegal money, which should primarily be used
for the benefit of the people of the country in question. The point must
again be made that Swiss banking secrecy is not an obstacle to the
investigation of criminal acts and to the international efforts to combat
crime."

He said Switzerland has received assurances from Obasanjo and Okonjo-Iweala
that the returned funds will be channeled to the areas of health (fighting
HIV/AIDS), education and infrastructure in the 2004/2005 fiscal period.

"The funds will be used within the framework of the Nigeria national
strategy to implement the United Nations Millennium Goals. The Nigerian
government has given assurances of transparency in the use of the funds and
is in agreement to the full inspection of the relevant accounts. Switzerland
has an interest in preventing the funds from being recycled for criminal
purposes.

"For this reasons, it has agreed with Nigeria to place control on projects
financed by the Abacha's assets. These controls are expected to be carried
out by the World Bank. The exact modalities are in the process of being
established. Nigeria has given its consent to allowing civil society to play
an appropriate role in this monitoring project," he said.

The Abacha family had relentlessly waged legal battles to stop the release
of the funds. But the Swiss Federal Court last week, ruled in favour of the
repatriation of the monies back to Nigeria.

The Swiss authorities have investigated bank accounts linked to the Abacha
family for over three years since the Nigerian government accused the late
leader of looting up to $3 billion from state coffers during his rule from
1993 until his death in June 1998.




Last month, one of the Abacha sons, Abba, was arrested in Neuss, Germany
when he attempted to close an account. He was accused of money laundering,
fraud and breach of trust, and Swiss authorities sought his extradition from
Germany to assist them in the course of their investigations.

Nine Swiss banks were reportedly investigated during the period. The first
restitution of $200 million from the Abacha funds in Switzwerland was in
2003.





[Non-text portions of this message have been removed]



------------------------ Yahoo! Groups Sponsor --------------------~-->
Take a look at donorschoose.org, an excellent charitable web site for
anyone who cares about public education!
http://us.click.yahoo.com/_OLuKD/8WnJAA/cUmLAA/TySplB/TM
--------------------------------------------------------------------~->

--------------------------
Want to discuss this topic?  Head on over to our discussion list,
discuss-osint at yahoogroups.com.
--------------------------
Brooks Isoldi, editor
bisoldi at intellnet.org

http://www.intellnet.org

  Post message: osint at yahoogroups.com
  Subscribe:    osint-subscribe at yahoogroups.com
  Unsubscribe:  osint-unsubscribe at yahoogroups.com


*** FAIR USE NOTICE. This message contains copyrighted material whose use
has not been specifically authorized by the copyright owner. OSINT, as a
part of The Intelligence Network, is making it available without profit to
OSINT YahooGroups members who have expressed a prior interest in receiving
the included information in their efforts to advance the understanding of
intelligence and law enforcement organizations, their activities, methods,
techniques, human rights, civil liberties, social justice and other
intelligence related issues, for non-profit research and educational
purposes only. We believe that this constitutes a 'fair use' of the
copyrighted material as provided for in section 107 of the U.S. Copyright
Law. If you wish to use this copyrighted material for purposes of your own
that go beyond 'fair use,' you must obtain permission from the copyright
owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/osint/

<*> To unsubscribe from this group, send an email to:
    osint-unsubscribe at yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/


--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Thu Feb 17 09:41:58 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 17 Feb 2005 12:41:58 -0500
Subject: Time to regulate the software industry?
Message-ID: <p0611041abe3a87ab5390@[68.167.57.91]>

<http://news.com.com/2102-7348_3-5579963.html?tag=st.util.print>

CNET News


 Time to regulate the software industry?

 By Dawn Kawamoto

 Story last modified Wed Feb 16 20:20:00 PST 2005



 SAN FRANCISCO--A panel of security experts on Wednesday debated the merits
of regulating the software industry to curtail software flaws--and hence
reduce the volume of virus attacks.

With software flaws serving as the open door to viruses and worms, a panel
of industry experts at the RSA Conference here debated whether it's time to
regulate software companies. The experts were mixed on the effectiveness of
such a plan and whether it could be undertaken without curtailing
innovation.

 "The issue is not to regulate or not," said Harris Miller, president of
the Information Technology Association of America. "Our industry is all
about innovation, and my concern with regulation is it's often the enemy of
innovation."

 In that same vein, Rick White, chief executive of technology advocacy
group TechNet, said the industry should come together and develop
guidelines for best practices on developing software with minimal flaws,
rather than imposing regulations.

 "Congress will never solve the problem as well as the people who work in
the industry," said White, a former congressman from Washington state.

 But other panelists were not as sure.

 Dick Clarke, chairman of Good Harbor Consulting and former presidential
special advisor on cybersecurity, noted efforts to have industries develop
guidelines and follow through have failed in the past. He pointed to a deal
Michael Powell, outgoing Federal Communications Commission chairman, struck
with Internet service providers (ISPs).


Powell held a meeting with ISPs, where in they developed guidelines. And
although Powell threatened to regulate their industry if they did not abide
by those guidelines, the ISPs did not adhere to those self-imposed
practices, Clarke said.

 "Powell bluffed them. They knew it, and now he is leaving office," Clarke
said.

 Other panelists, such as encryption expert and author Bruce Schneier, also
called for more action in prompting software vendors to vet through their
code before releasing it to the market.

 "If we make it in their best interest to do this, then it will happen. You
need to find a set of financial incentives," Schneier said. "Regulations
would increase the cost of not doing security, and that would increase
security (testing)."

 He noted companies that currently take the time to test the security of
their software before releasing it to the markets are at a
disadvantage--higher costs and potential late arrival to the market.

 Additional financial incentives may come from customers demanding a
certain level of security testing from a vendor, before agreeing to sign a
contract to purchase their products, Schneier said.

 In offering a post Sept. 11, 2001, warning, Clarke said: "Regulation is
neither good nor bad...but the industry should bear this in mind. After we
have an incident, regulations will be much worse."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From hal at finney.org  Thu Feb 17 14:25:36 2005
From: hal at finney.org (Hal Finney)
Date: Thu, 17 Feb 2005 14:25:36 -0800 (PST)
Subject: [p2p-hackers] SHA1 broken?
Message-ID: <mailman.1181.1576007656.31620.cypherpunks-legacy@lists.cpunks.org>

The problem with the attack scenario where two versions of a program are
created with the same hash, is that from what little we know of the new
attacks, they aren't powerful enough to do this.

All of the collisions they have shown have the property where the two
alternatives start with the same initial value for the hash; they then
have one or two blocks which are very carefully selected, with a few
bits differing between the two blocks; and at the end, they are back
to a common value for the hash.

It is known that their techniques are not sensitive to this initial value.
They actually made a mistake when they published their MD5 collision,
because they had the wrong initial values due to a typo in Schneier's
book.  When people gave them the correct initial values, they were able
to come up with new collisions within a matter of hours.

If you look at their MD5 collision in detail, it was two blocks long.
Each block was almost the same as the other, with just a few bits
different.  They start with the common initial value.  Then they run
the first blocks through.  Amazingly, this has only a small impact on
the intermediate value after this first block.  Only a relatively few
bits are different.

If you or I tried to take two blocks with a few bits different and feed
them to MD5, we would get totally different outputs.  Changing even
one bit will normally change half the output bits.  The fact that they
are able to change several bits and get only a small difference in the
output is the first miracle.

But then they do an even better trick.  They now go on and do the
second pair of blocks.  The initial values for these blocks (which are
the outputs from the previous stage) are close but not quite the same.
And amazingly, these second blocks not only keep things from getting
worse, they manage to heal the differences.  They precisely compensate
for the changes and bring the values back together.  This is the second
miracle and it is even greater.

Now, it would be a big leap from this to being able to take two arbitrary
different initial values and bring them together to a common output.
That is what would be necessary to mount the code fraud attack.  But as
we can see by inspection of the collisions produced by the researchers
(who are keeping their methodology secret for now), they don't seem to
have that power.  Instead, they are able to introduce a very carefully
controlled difference between the two blocks, and then cancel it.
Being able to cancel a huge difference between blocks would be a problem
of an entirely different magnitude.

Now, there is this other idea which Zooko alludes to, from Dan Kaminsky,
www.doxpara.com, which could exploit the power of the new attacks to
do something malicious.  Let us grant that the only ability we have is
that we can create slightly different pairs of blocks that collide.
We can't meaningfully control the contents of these blocks, and they
will differ in only a few bits.  And these blocks have to be inserted
into a program being distributed, which will have two versions that
are *exactly the same* except for the few bits of difference between
the blocks.  This way the two versions will have the same hash, and this
is the power which the current attacks seem to have.

Kaminsky shows that you could still have "good" and "bad" versions of
such a program.  You'd have to write a program which tested a bit in
the colliding blocks, and behaved "good" if the bit was set, and "bad"
if the bit was clear.  When someone reviewed this program, they'd see
the potential bad behavior, but they'd also see that the behavior was
not enabled because the bit that enabled it was not set.  Maybe the
bad behavior could be a back door used during debugging, and there is
some flag bit that turns off the debugging mode.  So the reviewer might
assume that the program was OK despite this somewhat questionable code,
because he builds it and makes sure to sign or validate the hash when
built in the mode when the bad features are turned off.

But what he doesn't know is, Kaminsky has another block of data prepared
which has that flag bit in the opposite state, and which he can substitute
without changing the hash.  That will cause the program to behave in its
"bad" mode, even though the only change was a few bits in this block
of random data.  So this way he can distribute a malicious build and it
has the hash which was approved by the reviewer.

And as Zooko points out, this doesn't have to be the main developer
who is doing this, anyone who is doing some work on creating the final
package might be able to do so.

On the other hand, this attack is pretty blatant once you know it is
possible.  The lesson is that a reviewer should be suspicious of code
whose security properties depend on the detailed contents of blocks
of random-looking data.  One problem with this is that there are some
circumstances where it could be hard to tell.  Zooko links to the example
of a crypto key which could have weak and strong versions.  The strong
version could be approved and then the weak version substituted.
There are also some crypto algorithms that use random-looking blocks of
data which could have weak and strong versions.

So it's not always as easy as it sounds.  But most code will not have
these problems, and for those programs it would be pretty conspicuous
to implement Kaminsky's attacks.  At present, that looks to be the best
someone could do with SHA-1 or even MD5.

Hal Finney
_______________________________________________
p2p-hackers mailing list
p2p-hackers at zgp.org
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From hal at finney.org  Thu Feb 17 14:25:36 2005
From: hal at finney.org (Hal Finney)
Date: Thu, 17 Feb 2005 14:25:36 -0800 (PST)
Subject: [p2p-hackers] SHA1 broken?
Message-ID: <mailman.1182.1576007656.31620.cypherpunks-legacy@lists.cpunks.org>

The problem with the attack scenario where two versions of a program are
created with the same hash, is that from what little we know of the new
attacks, they aren't powerful enough to do this.

All of the collisions they have shown have the property where the two
alternatives start with the same initial value for the hash; they then
have one or two blocks which are very carefully selected, with a few
bits differing between the two blocks; and at the end, they are back
to a common value for the hash.

It is known that their techniques are not sensitive to this initial value.
They actually made a mistake when they published their MD5 collision,
because they had the wrong initial values due to a typo in Schneier's
book.  When people gave them the correct initial values, they were able
to come up with new collisions within a matter of hours.

If you look at their MD5 collision in detail, it was two blocks long.
Each block was almost the same as the other, with just a few bits
different.  They start with the common initial value.  Then they run
the first blocks through.  Amazingly, this has only a small impact on
the intermediate value after this first block.  Only a relatively few
bits are different.

If you or I tried to take two blocks with a few bits different and feed
them to MD5, we would get totally different outputs.  Changing even
one bit will normally change half the output bits.  The fact that they
are able to change several bits and get only a small difference in the
output is the first miracle.

But then they do an even better trick.  They now go on and do the
second pair of blocks.  The initial values for these blocks (which are
the outputs from the previous stage) are close but not quite the same.
And amazingly, these second blocks not only keep things from getting
worse, they manage to heal the differences.  They precisely compensate
for the changes and bring the values back together.  This is the second
miracle and it is even greater.

Now, it would be a big leap from this to being able to take two arbitrary
different initial values and bring them together to a common output.
That is what would be necessary to mount the code fraud attack.  But as
we can see by inspection of the collisions produced by the researchers
(who are keeping their methodology secret for now), they don't seem to
have that power.  Instead, they are able to introduce a very carefully
controlled difference between the two blocks, and then cancel it.
Being able to cancel a huge difference between blocks would be a problem
of an entirely different magnitude.

Now, there is this other idea which Zooko alludes to, from Dan Kaminsky,
www.doxpara.com, which could exploit the power of the new attacks to
do something malicious.  Let us grant that the only ability we have is
that we can create slightly different pairs of blocks that collide.
We can't meaningfully control the contents of these blocks, and they
will differ in only a few bits.  And these blocks have to be inserted
into a program being distributed, which will have two versions that
are *exactly the same* except for the few bits of difference between
the blocks.  This way the two versions will have the same hash, and this
is the power which the current attacks seem to have.

Kaminsky shows that you could still have "good" and "bad" versions of
such a program.  You'd have to write a program which tested a bit in
the colliding blocks, and behaved "good" if the bit was set, and "bad"
if the bit was clear.  When someone reviewed this program, they'd see
the potential bad behavior, but they'd also see that the behavior was
not enabled because the bit that enabled it was not set.  Maybe the
bad behavior could be a back door used during debugging, and there is
some flag bit that turns off the debugging mode.  So the reviewer might
assume that the program was OK despite this somewhat questionable code,
because he builds it and makes sure to sign or validate the hash when
built in the mode when the bad features are turned off.

But what he doesn't know is, Kaminsky has another block of data prepared
which has that flag bit in the opposite state, and which he can substitute
without changing the hash.  That will cause the program to behave in its
"bad" mode, even though the only change was a few bits in this block
of random data.  So this way he can distribute a malicious build and it
has the hash which was approved by the reviewer.

And as Zooko points out, this doesn't have to be the main developer
who is doing this, anyone who is doing some work on creating the final
package might be able to do so.

On the other hand, this attack is pretty blatant once you know it is
possible.  The lesson is that a reviewer should be suspicious of code
whose security properties depend on the detailed contents of blocks
of random-looking data.  One problem with this is that there are some
circumstances where it could be hard to tell.  Zooko links to the example
of a crypto key which could have weak and strong versions.  The strong
version could be approved and then the weak version substituted.
There are also some crypto algorithms that use random-looking blocks of
data which could have weak and strong versions.

So it's not always as easy as it sounds.  But most code will not have
these problems, and for those programs it would be pretty conspicuous
to implement Kaminsky's attacks.  At present, that looks to be the best
someone could do with SHA-1 or even MD5.

Hal Finney
_______________________________________________
p2p-hackers mailing list
p2p-hackers at zgp.org
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From rah at shipwright.com  Thu Feb 17 14:28:59 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 17 Feb 2005 17:28:59 -0500
Subject: [p2p-hackers] SHA1 broken?
Message-ID: <p0611048fbe3acb1d22ac@[68.167.57.91]>

--- begin forwarded text



From ptrei at rsasecurity.com  Thu Feb 17 16:56:07 2005
From: ptrei at rsasecurity.com (Trei, Peter)
Date: Thu, 17 Feb 2005 19:56:07 -0500
Subject: SHA1 broken?
Message-ID: <017630AA6DF2DF4EBC1DD4454F8EE29715AA06@rsana-ex-hq1.NA.RSA.NET>

Actually, the final challenge was solved in 23 hours, about
1/3 Deep Crack, and 2/3 Distributed.net. They were lucky, finding
the key after only 24% of the keyspace had been searched.

More recently, RC5-64 was solved about a year ago. It took
d.net 4 *years*. 

2^69 remains non-trivial.

Peter


-----Original Message-----
From: owner-cypherpunks at minder.net on behalf of Dave Howe
Sent: Thu 2/17/2005 5:49 AM
To: Cypherpunks; Cryptography
Subject: Re: SHA1 broken?
 
Joseph Ashwood wrote:
  > I believe you are incorrect in this statement. It is a matter of public
> record that RSA Security's DES Challenge II was broken in 72 hours by 
> $250,000 worth of semi-custom machine, for the sake of solidity let's 
> assume they used 2^55 work to break it. Now moving to a completely 
> custom design, bumping up the cost to $500,000, and moving forward 7 
> years, delivers ~2^70 work in 72 hours (give or take a couple orders of 
> magnitude). This puts the 2^69 work well within the realm of realizable 
> breaks, assuming your attackers are smallish businesses, and if your 
> attackers are large businesses with substantial resources the break can 
> be assumed in minutes if not seconds.
> 
> 2^69 is completely breakable.
>                Joe
   Its fine assuming that moore's law will hold forever, but without 
that you can't really extrapolate a future tech curve. with *todays* 
technology, you would have to spend an appreciable fraction of the 
national budget to get a one-per-year "break", not that anything that 
has been hashed with sha-1 can be considered breakable (but that would 
allow you to (for example) forge a digital signature given an example)
   This of course assumes that the "break" doesn't match the criteria 
from the previous breaks by the same team - ie, that you *can* create a 
collision, but you have little or no control over the plaintext for the 
colliding elements - there is no way to know as the paper hasn't been 
published yet.




From sk.list at gmail.com  Thu Feb 17 14:05:25 2005
From: sk.list at gmail.com (SK)
Date: Thu, 17 Feb 2005 23:05:25 +0100
Subject: [CYBERIA] a story that might be of interest to cyberians
In-Reply-To: <p061104efbe3a5c652f1d@68.167.57.91>
References: <p061104efbe3a5c652f1d@68.167.57.91>
Message-ID: <6ca73f650502171405617999f5@mail.gmail.com>

Saw a posting on a blog on this -
http://silenteloquence.blogspot.com/2005/02/future-of-future-teller.html

Reproduced below:

Background: Rednova recently publised an article, 'Can This Black Box
See Into the Future' about a new machine developed by the scientists
at Princeton that can predict future events. It relies on two main
things : random number generation and the power of the collective
human conciousness to 'influence' that random number generation. This
is not your usual conspiracy theory kind of stuff, about 75 respected
scientists from 41 different nations have thrown their weight behind
this idea.I dont want to go into more details on what is already given
in the article, but heres my two cents to the noise that the article
has already generated:

(1)My own future:
One of the main criticisms about the Global Conciousness Project and
the use of the Black box to predict a world event is that there are so
many events happening in the world at any given time - so it must be
easy to relate a set of data points to some event. Now this is a very
valid argument. Moreover, the definition of a 'world event' or an
'event', for that matter, is very subjective. What maybe eventful to
me may not be eventful to someone living in Africa. I may not even
come to know about a major political turmoil that happened, say in
South America. So who is to decide what is an event? However, if the
researchers at Princeton want to argue that the human subconcious can
predict the future of the world, they should also be able to reproduce
it at an individual level. Along the same lines of logic they have
used, can I train my subconcious to predict my own future? In this
case, there is no ambiguity in the definition of an event. I
'influence' the egg. I decide what an event is. And if the egg can
read my thoughts (about the future) and show it to me now, the egg
works! Feels kinda sad that I need an egg to read my own mind! Hmm..
we have a new strain of shrinks? I am not a sceptic, but just couldn't
resist the dig.

(2) One global conciousness is not a new concept:
The central theme of the global conciousness is not a new concept.
This was exactly what was propounded centuries ago in the Bhagavad
Gita, which is a very revered book that many Hindus, including me,
still hold on to. The Gita is quite clear on what it wants to say (my
simplified interpretation): At the beginning of the world, all beings
are created from one central source. At the end of it, they go back to
that one source. If you die and you had understood the true meaning
during your lifetime, you attain nirvana and become one with the one
global conciousness. If you dont, you are reborn again and again, till
you eventually 'get it, duh'. But the point is, you share one
conciousness with everyone else around you. You are just one small
figment of the great collectivity ( as I write this I, am beginning to
wonder if the Gita had anything to do with the rise of communism).

(3) Data can lie, often very convincingly:
I am not a sceptic to this theory. As much as I am a logical person, I
intuitively believe that it is possible to predict the future. I have
had a few, very clear ( god forbid, I never want to experience them
ever again) deja vu's. Several astrologers (like a good Indian, I have
visited a fair share of astrologers, admittedly more because of
intellectual curiosity about the paranormal) have predicted events in
my life with amazing accuracy. And more importantly, they have
generally been accurate in predicting my state of mind, which has
never failed to surprise me. And from a physics perspective, if time
is the fourth dimension, shouldn't you be able to travel back and
forth like we can in the other three dimensions. It seems more
difficult to believe that the fourth dimension is different from the
other three, than to believe that it is similar. So, I dont have
problems believing the results per se. But I am a sceptic when it
comes to the methodology. A random number generator with 1s and 0s
over years - that is a lot of data points over a very small range. It
seems to me like data that is difficult to read - and data that can be
easily manipulated. Mind you, I am not accusing anyone of anything. I
have full faith in the integrity of all involved. But I used to work
as an analyst and one of the first things that I learned was that you
can always make the data say what you want it to. If you dont believe
me, read the book 'How to Lie with Statistics' by Darrell Huff. And
sometimes it is not a matter of intentional effort. When you want to
see a particular result, it is possible that your mind subconciously
picks on that trend and only that trend. This is nobody's fault - it
is just an extension of the saying 'The eyes can only see what the
mind wants it to'. I would be hard-pressed to believe that the people
who want to make us believe about the powers of human subconcious to
predict the future cannot believe that the same subconcious is
powerful enough to cloud an individual's and possibly several
individuals' judgement. And another issue is just how random is this
random number generator? Isnt it mathematically impossible to achieve
perfect randomness, in which case doesnt this methodology rely on
pseudo random numbers? So, this is one set of data I would be very
careful in analysing and interpreting and drawing conslusions from.

(4) The future of the future teller:
I think the future of the future teller depends on how open the human
race can be to new ideas. To a person who lived thousands of years
ago, travelling to the moon must have sounded as impossible, if not
more improbable, than predicting the future. But we humans have
achieved that land mark. So, why are our scientists still afraid of
being ridiculed? 'To make matters even more intriguing, Prof Bierman
says that other mainstream labs have now produced similar results but
are yet to go public. 'They don't want to be ridiculed so they won't
release their findings,' he says.' Now that I think is sad. I like to
believe that we have moved past the age of Coppernicus. Or havent we?
Human beings are sceptics by nature. But lets forget that for the
moment. May be the ideas are wrong. But lets not brand it that, till
we have proven so. So, lets be optimistic. Open minded. Ready to
listen. And slow to ridicule. And who knows, we may just be able to
read the future enough to know whether we will be able to read the
future in the future.


On Thu, 17 Feb 2005 09:36:28 -0500, R.A. Hettinga <rah at shipwright.com> wrote:
> --- begin forwarded text
> 
> User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913)
> Date:         Thu, 17 Feb 2005 01:08:28 -0500
> Reply-To: Law & Policy of Computer Communications <CYBERIA-L at LISTSERV.AOL.COM>
> Sender: Law & Policy of Computer Communications <CYBERIA-L at LISTSERV.AOL.COM>
> From: Inna Barmash <ibarmash at ALUMNI.PRINCETON.EDU>
> Subject: Re: [CYBERIA] a story that might be of interest to cyberians
> To: CYBERIA-L at LISTSERV.AOL.COM
> 
> This is a really interesting project at Princeton, and it's been going
> on for decades. (see the book "Margins of Reality" -
> http://www.amazon.com/exec/obidos/tg/detail/-/015657246X/qid=1108619801/sr=8-1/ref=pd_csp_1/002-8298211-8744829?v=glance&s=books&n=507846)
> 
> I've taken the tour of the laboratory and participated in a couple of
> the experiments (as a guinea pig, that is).  The feeling there is quite
> surreal, and they have dramatized the setting in the lab itself quite
> well.  The random number generator is a huge machine with a downstream
> of little balls, which the subjects - through the power of immense
> consciuos concentration - make go one way or the other.  They also have
> a wave-simulating machine, which supposedly echoes the patterns of the
> Jersey shore waves.
> For at least some of the machines, the researchers have found a
> significant effect not only with people in the same room, but subjects
> as far as Australia, AND even in the future -  influencing the "random"
> outcome of the past ...
> 
> It'll be interesting to see if the significant effects are amplified
> with more and more subjects pitching in through this international project.
> 
> --Inna
> 
> Paul Gowder wrote:
> 
> >Check out this article re: random number generators
> >apparently influenced by consciousness:
> >http://www.rednova.com/news/display/?id=126649#121
> >
> >the Princeton project that this is connected with:
> >http://noosphere.princeton.edu/
> >
> >This is fascinating, and potentially groundbreakingly
> >huge stuff.
> >
> >God, how I want to go back to school and study math
> >and physics.  Maybe in a few years I will.




From ashwood at msn.com  Fri Feb 18 03:11:30 2005
From: ashwood at msn.com (Joseph Ashwood)
Date: Fri, 18 Feb 2005 03:11:30 -0800
Subject: SHA1 broken?
References: <42135C5A.31592.2E217C6@localhost> 
  <BAY0-SMTP082C5CB3C054AD2EA7F406AC6D0@phx.gbl>
  <421476B9.9040206@gmx.co.uk>
Message-ID: <BAY0-SMTP03A5D711D0FAFAB894EA66AC6E0@phx.gbl>

----- Original Message ----- 
From: "Dave Howe" <DaveHowe at gmx.co.uk>
Sent: Thursday, February 17, 2005 2:49 AM
Subject: Re: SHA1 broken?


> Joseph Ashwood wrote:
>  > I believe you are incorrect in this statement. It is a matter of public
>> record that RSA Security's DES Challenge II was broken in 72 hours by 
>> $250,000 worth of semi-custom machine, for the sake of solidity let's 
>> assume they used 2^55 work to break it. Now moving to a completely custom 
>> design, bumping up the cost to $500,000, and moving forward 7 years, 
>> delivers ~2^70 work in 72 hours (give or take a couple orders of 
>> magnitude). This puts the 2^69 work well within the realm of realizable 
>> breaks, assuming your attackers are smallish businesses, and if your 
>> attackers are large businesses with substantial resources the break can 
>> be assumed in minutes if not seconds.
>>
>> 2^69 is completely breakable.
>>                Joe
>   Its fine assuming that moore's law will hold forever, but without that 
> you can't really extrapolate a future tech curve. with *todays* 
> technology, you would have to spend an appreciable fraction of the 
> national budget to get a one-per-year "break", not that anything that has 
> been hashed with sha-1 can be considered breakable (but that would allow 
> you to (for example) forge a digital signature given an example)
>   This of course assumes that the "break" doesn't match the criteria from 
> the previous breaks by the same team - ie, that you *can* create a 
> collision, but you have little or no control over the plaintext for the 
> colliding elements - there is no way to know as the paper hasn't been 
> published yet.

I believe you substantially misunderstood my statements, 2^69 work is doable 
_now_. 2^55 work was performed in 72 hours in 1998, scaling forward the 7 
years to the present (and hence through known data) leads to a situation 
where the 2^69 work is achievable today in a reasonable timeframe (3 days), 
assuming reasonable quantities of available money ($500,000US). There is no 
guessing about what the future holds for this, the 2^69 work is NOW.



----- Original Message ----- 
From: "Trei, Peter" <ptrei at rsasecurity.com>
To: "Dave Howe" <DaveHowe at gmx.co.uk>; "Cypherpunks" 
<cypherpunks at al-qaeda.net>; "Cryptography" <cryptography at metzdowd.com>


> Actually, the final challenge was solved in 23 hours, about
> 1/3 Deep Crack, and 2/3 Distributed.net. They were lucky, finding
> the key after only 24% of the keyspace had been searched.
>
> More recently, RC5-64 was solved about a year ago. It took
> d.net 4 *years*.
> 2^69 remains non-trivial.

What you're missing in this is that Deep Crack was already a year old at the 
time it was used for this, I was assuming that the most recent technologies 
would be used, so the 1998 point for Deep Crack was the critical point. Also 
if you check the real statistics for RC5-64 you will find that 
Distributed.net suffered from a major lack of optimization on the workhorse 
of the DES cracking effort (DEC Alpha processor) even to the point where 
running the X86 code in emulation was faster than the native code. Since an 
Alpha Processor had been the breaking force for DES Challenge I and a factor 
of > 1/3  for III this crippled the performance resulting in the Alphas 
running at only ~2% of their optimal speed, and the x86 systems were running 
at only about 50%. Based on just this 2^64 should have taken only 1.5 years. 
Additionally add in that virtually the entire Alpha community pulled out 
because we had better things to do with our processors (e.g. IIRC the same 
systems rendered Titanic) and Distributed.net was effectively sucked dry of 
workhorse systems, so a timeframe of 4-6 months is more likely, without any 
custom hardware and rather sad software optimization. Assuming that the new 
attacks can be pipelined (the biggest problem with the RC5-64 optimizations 
was pipeline breaking) it is entirely possible to use modern technology 
along with GaAs substrate to generate chips in the 10-20 GHz range, or about 
10x the speed available to Distributed.net. Add targetted hardware to the 
mix, deep pipelining, and massively multiprocessors and my numbers still 
hold, give or take a few orders of magnitude (the 8% of III done by Deep 
Crack in 23 hours is only a little over 2 orders of magnitude off, so within 
acceptable bounds).

2^69 is achievable, it may not be pretty, and it certainly isn't kind to the 
security of the vast majority of "secure" infrastructure, but it is 
achievable and while the cost bounds may have to be shifted, that is 
achievable as well.

It is still my view that everyone needs to keep a close eye on their hashes, 
make sure the numbers add up correctly, it is simply my view now that SHA-1 
needs to be put out to pasture, and the rest of the SHA line needs to be 
heavily reconsidered because of their close relation to SHA-1.

The biggest unknown surrounding this is the actual amount of work necessary 
to perform the 2^69, if the workload is all XOR then the costs and timeframe 
I gave are reasonably pessimistic, but if the required operations are 
dynamically sized mulitplies then the time*cost is off by some very large 
amounts.

Even simple bulk computation assuming full pipelining says that 4700 4 GHz 
to complete 2^69 operations in 1 year, even assuming using full 3.8 GHz 
pentium 4s instead of a more optimal package only leads to a processor cost 
of 3.1 million for a 1 year 2^69, dropping that down to 2.4GHz celerons 
requires 7800 of them, but only $538,000. Moving to DSPs and FPGAs the costs 
will drop substantially, but I don't feel like looking it up, and as the 
costs drop the number of processors that can be used increases linearly 
additionally as the individual speeds drop the purchase cost drops better 
than linearly. I am quite confident that with careful engineering a custom 
box could be produced for the $500,000 mark that would do 2^69 operations in 
the proper timeframe. With deep pipelining any complexity of 2^69 operations 
could be done in the timeframe, but will scale the price. I suppose I should 
also point out an unspoken qualifier, I am assuming a large number of these 
machines will be built reducing the engineering overhead to miniscule, for a 
one-off project this will likely be the dominant cost.

2^69 work is achievable, the cost multiplier associated will be the 
determining factor.
                Joe 




From jrandom at i2p.net  Fri Feb 18 03:39:24 2005
From: jrandom at i2p.net (jrandom)
Date: Fri, 18 Feb 2005 03:39:24 -0800
Subject: [i2p] 0.5 is available
Message-ID: <mailman.1183.1576007656.31620.cypherpunks-legacy@lists.cpunks.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi y'all,

After 6 months of work on the 0.4 series, we've implemented and
deployed the new streaming library, integrated and tested bittorrent,
mail, and naming apps, fixed a bunch of bugs, and learned as much as
we could from real world users.  We now have a new 0.5 release which
reworks the tunnel routing algorithms, improving security and
anonymity while giving the user more control of their own
performance related tradeoffs.  In addition, we've bundled susi23's
susimail client, upgraded to the latest Jetty (allowing both symlinks
and CGI), and a whole lot more.  This new release is not backwards
compatible - you must upgrade to get anything useful done.

There has been a lot of work going on since 0.4.2.6 a month and a
half ago, with contributions by smeghead, duck, Jhor, cervantes,
Ragnarok, Sugadude, and the rest of the rabid testers in #i2p and
#i2p-chat.  I could write for pages describing whats up, but instead
I'll just direct you to the change log at
http://dev.i2p.net/cgi-bin/cvsweb.cgi/i2p/history.txt?rev=HEAD

For the impatient, please review the install and update instructions
up at http://www.i2p.net/download

Please note that since this new release updates the classpath, the
update process will require you to start up the router again after
it finishes.  Any local modifications to the wrapper.config will
be lost when updating, so please be sure to back it up.  In
addition, even though this new release includes the latest Jetty
(5.1.2), if you want to enable CGI support, you will need to edit
your ./eepsite/jetty.xml to include:

  <Call name="addContext">
    <Arg>/cgi-bin/*</Arg>
    <Set name="ResourceBase">./eepsite/cgi-bin</Set>
    <Call name="addServlet">
      <Arg>Common Gateway Interface</Arg>
      <Arg>/</Arg>
      <Arg>org.mortbay.servlet.CGI</Arg>
     <Put name="Path">/usr/local/bin:/usr/ucb:/bin:/usr/bin</Put>
    </Call>
  </Call>

adjusting the Path as necessary for your OS/distro/tastes.  New
users have it easy - all of this is done for them.

While the docs on the website haven't been updated to reflect the new
tunnel routing and crypto changes yet, the nitty gritty is up at
http://dev.i2p.net/cgi-bin/cvsweb.cgi/i2p/router/doc/tunnel-alt.html?rev=HEAD

There will be another release in the 0.5 series beyond this one,
including more options for allowing the user to control the impact
of predecessor attacks on their anonymity.  There will certainly be
performance and load balancing improvements as well, using the
feedback we get deploying the new tunnel code on a wider network.

Until the UDP transport is added in 0.6, we will want to continue to
be fairly low key, as we've already run into the default limits on
some braindead OSes (*cough*98*cough*).  There is much we can improve
upon while the network is small though, and while I know we all want
to go out and show the world what I2P can do, another two months
waiting won't hurt.

Anyway, thats that.  The new net is up and running, squid.i2p and
other services should be up, you know where to get the goods, so
get goin'!

=jr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCFc3OGnFL2th344YRAszOAKCfTh/OOAAyonRmKoRF/iw5BwRkZACgpGp4
qHMJkSo2mzjHTHRf98fsvdM=
=Vfl3
-----END PGP SIGNATURE-----
_______________________________________________
i2p mailing list
i2p at i2p.net
http://i2p.dnsalias.net/mailman/listinfo/i2p

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From rah at shipwright.com  Fri Feb 18 05:11:17 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 18 Feb 2005 08:11:17 -0500
Subject: Cryptographers to Hollywood: prepare to fail on DRM
Message-ID: <p061104debe3b991c6b5a@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/17/drm_security_shortcomings/print.html>

The Register


 Biting the hand that feeds IT

Cryptographers to Hollywood: prepare to fail on DRM
By John Leyden (john.leyden at theregister.co.uk)
Published Thursday 17th February 2005 19:37 GMT

RSA 2005 Movie industry representatives at RSA 2005 in San Francisco today
called on the IT industry for help in thwarting illegal file sharing before
the problem threatened its revenues. But they were told that they must
recognise the limitations of digital rights management in their fight
against digital piracy.

Speaking on the RSA conference panel Hollywood's Last Chance - Getting it
Right on Digital Piracy, Carter Laren, security architect at Cryptographic
Research, noted that cryptography is "good at some problems, such as
transmitting data so it can't be eavesdropped or even authentication, but
it can't solve the content protection problem. If people have legitimate
access to content, then you can't stop them misusing it.

"Anyone designing content protection should design for failure and if it
fails update it," he added.

John Worrall, marketing VP at RSA Security, agreed that content protection
systems should be easy to upgrade. The entertainment industry must also
learn from its previous mistakes in pushing the weak CSS copy-protection
system for DVDs. "If content providers open up standards to good
cryptographic review they will get a better system," he said, to applause
from the RSA 2005 audience.

The entertainment industry also needs to be responsive to changing market
conditions and consumer preferences, according to Worrall: "Don't lock down
a set of content rules that look draconian five years from now. Be flexible
enough to incorporate change in rules. If rules are too restrictive people
will go to other channels, including pirated material."

Andy Sentos, president of engineering and technology at Fox Entertainment
Group, argued that device manufacturers need to recognise the requirements
of the movie industry in the design of their products. "There's a value in
both content and functionality but there has to be a balance," he said. .

Related stories

SuprNova.org ends, not with a bang but a whimper
(http://www.theregister.co.uk/2004/12/19/suprnova_stops_torrents/)
The BitTorrent P2P file-sharing system
(http://www.theregister.co.uk/2004/12/18/bittorrent_measurements_analysis/)
MPAA closes Loki (http://www.theregister.co.uk/2005/02/10/loki_down_mpaa/)
Stealing movies: Why the MPAA can afford to relax
(http://www.theregister.co.uk/2004/11/09/movie_file_sharing/)
Norway throws in the towel in DVD Jon case
(http://www.theregister.co.uk/2004/01/05/norway_throws_in_the_towel/)

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 18 05:16:11 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 18 Feb 2005 08:16:11 -0500
Subject: Spam gets vocal with VoIP
Message-ID: <p061104e0be3b9ae1d583@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/17/spam_gets_vocal_with_voip/print.html>

The Register


 Biting the hand that feeds IT


Spam gets vocal with VoIP
By John Leyden (john.leyden at theregister.co.uk)
Published Thursday 17th February 2005 08:47 GMT

RSA 2005 We're all learning to live with spam but an even more annoying
nuisance lies just around the corner. Spit (Spam over internet telephony)
is set to become the next pervasive medium for scammers, penis pill
purveyors and the rest.

Internet telephony means cheaper phone calls, a great prospect for
consumers and businesses alike. It also means that advertising messages can
be sent out for next to nothing. And history shows that spammers will take
advantage of any broadcast medium available to them, according to Bruce
Schneier, chief technology officer at Counterpane Internet Security.

Spit has the potential to fill people's voicemail in-boxes with junk, he
says. "Once you get to the point where you have 10 unsolicited commercial
voicemail messages every time you log on people will stop using it or at
least only accept calls from people on their white list."

Schneier thinks it will be difficult to weed out Spit messages, but some
security vendors are considering defence mechanisms. According to David
Thomason, director of security engineering at network security firm
Sourcefire, Spit messages would likely have a pattern. Junk calls matching
that pattern could be blocked in much the same way malign data traffic can
be discarded providing filtering technologies were deployed on the network
Spit messages are sent from, he said. .

Related stories

Users choke on mobile spam
(http://www.theregister.co.uk/2005/02/10/mobile_spam/)
 Trojan infects PCs to generate SMS spam
(http://www.theregister.co.uk/2004/11/09/sms_spam_trojan/)
Phone spam misery looms Stateside
(http://www.theregister.co.uk/2004/08/06/junk_fax_sms_ok/)
Pssst, wanna spam mobile phones?
(http://www.theregister.co.uk/2004/07/12/sms_spamvertisment/)
Telecom Italia slammed for spam hypocrisy
(http://www.theregister.co.uk/2004/07/02/text_spam_tim/)
UK premium rate phone complaints rocket
(http://www.theregister.co.uk/2004/07/01/icstis_annual_report/)

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 18 05:28:13 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 18 Feb 2005 08:28:13 -0500
Subject: Intel fortifies mobile transactions
Message-ID: <p061104e8be3b9dd28629@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/17/wireless_trusted_platform/print.html>

The Register


 Biting the hand that feeds IT
 The Register ; Mobile ; Mobile Apps ;


Intel fortifies mobile transactions
By Jan Libbenga (libbenga at yahoo.com)
Published Thursday 17th February 2005 12:47 GMT

3GSM Intel has joined Orange and Visa International to better protect
premium digital content and transactions on mobile handsets. The company
will use a combination of hardware and software to provide more more
security for consumers to pay for online music or video, the company
announced this week at 3GSM in Cannes.

The new Intel Wireless Trusted Platform
(http://www.intel.com/design/pca/applicationsprocessors/whitepapers/30086801.pdf)
is comparable with solutions Intel has developed for desktop PCs. Connected
to the motherboard or the inner circuitry is a Trusted Platform Module,
which contains a unique digital signature of the platform's software
configuration. When booted, the digital signature is recalculated and
compared to previous signatures. If the signature can't be validated,
devices are notified of a change in the reported platform's state. It will
not only protect users against viruses and software corruption, but also
secures content delivery and downloads.
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From eugen at leitl.org  Thu Feb 17 23:54:26 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 18 Feb 2005 08:54:26 +0100
Subject: [p2p-hackers] SHA1 broken? (fwd from hal@finney.org)
Message-ID: <20050218075426.GY1404@leitl.org>

----- Forwarded message from "\"Hal Finney\"" <hal at finney.org> -----


From camera_lumina at hotmail.com  Fri Feb 18 07:29:55 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Fri, 18 Feb 2005 10:29:55 -0500
Subject: [osint] Switzerland Repatriates $458m to Nigeria
In-Reply-To: <p06110419be3a8606f104@[68.167.57.91]>
Message-ID: <BAY24-F370C90EECEA25C7E19C4139B6E0@phx.gbl>

Greetings Good Sir:

I have a business propisition for you. I am the president of Nigeria and I 
am trying to obtain $458m in accounts in Switzerland that were previously 
owned by the late General Sani Abacha. However, in order to release these 
funds I will need a local representative. In exchange for your services I am 
prepared to pay you 2.5% of the amount reclaimed.

Please contact me at your soonest convenience. I am sure we can make an 
equitable arrangement that will benefit us both.

God Bless you and your family.

(forwarded by Tyler Durden)

>From: "R.A. Hettinga" <rah at shipwright.com>
>To: cypherpunks at al-qaeda.net
>Subject: [osint] Switzerland Repatriates $458m to Nigeria
>Date: Thu, 17 Feb 2005 12:34:06 -0500
>
>--- begin forwarded text
>
>
>To: "Bruce Tefft" <btefft at community-research.com>
>Thread-Index: AcUVCpcZCIoZtD6dRp62Gatn1nTR2g==
>From: "Bruce Tefft" <btefft at community-research.com>
>Mailing-List: list osint at yahoogroups.com; contact 
>osint-owner at yahoogroups.com
>Delivered-To: mailing list osint at yahoogroups.com
>Date: Thu, 17 Feb 2005 11:06:28 -0500
>Subject: [osint] Switzerland Repatriates $458m to Nigeria
>Reply-To: osint at yahoogroups.com
>
>
>http://allafrica.com/stories/200502170075.html
>
>
>
>Switzerland Repatriates $458m to Nigeria
>
>
>
>
>
>
>
>
>
>
>
>This
><http://allafrica.com/publishers.html?passed_name=This%20Day&passed_location
>=Lagos>  Day (Lagos)
>
>February 17, 2005
>Posted to the web February 17, 2005
>
>Kunle Aderinokun
>Abuja
>
>FG to start drawing funds in March
>
>The Federal Government yesterday announced that the Swiss government has
>approved the repatriation of $458 million, being bulk of the $505 million 
>of
>public fund stashed away in various private bank accounts in that country 
>by
>the late General Sani Abacha and his family.
>
>Making this disclosure yesterday in Abuja at the instance of Swiss
>Ambassador to Nigeria, Dr. Pierre Helg, Finance Ministe Ngozi Okonjo-Iweala
>said the fund will be transferred into the International Bank for 
>Settlement
>(BIS) in Basel, Switzerland, and that Nigeria will be able to withdraw the
>money by the end of March this year.
>
>Okonjo-Iweala, who said the Swiss authorities did not attach any condition
>for the repatriation of the siphoned monies, said the release was sequel to
>the judgment of the Swiss Federal Court, which ruled that the "Swiss
>authorities may return assets of obviously criminal origin to Nigeria even
>without a court decision in the country concerned."
>
>The finance minister said President Olusegun Obasanjo since assumption of
>office had vigorously and relentlessly pursued return of the funds with the
>help of the National Security Adviser and herself.
>
>Noting that with this development, Switzerland has earned a positive status
>as the first country to return funds illegally placed by the Abacha family,
>Okonjo-Iweala said "the Federal Government is indeed grateful to the
>government of Switzerland for the principled and focused manner in which it
>has pursued this just cause."
>
>"We hope that the Swiss example at both the political and judicial level
>will show the way for other countries where our national resources have 
>been
>illegally transferred. Switzerland's policy on this issue is a clear sign
>that crime does not pay. Nigeria is ready to work with other governments to
>achieved the repatriation of other funds which were siphoned out of the
>country illegally," she added.
>
>She recalled that Obasanjo had on behalf of the administration made a
>commitment to the Swiss government that the Abacha loots will be used for
>developmental projects in health and education as well as for 
>infrastructure
>(roads, electricity and water supply) for the benefit of Nigerians.
>
>"This", she pointed out, "is of course, very much in keeping with the
>priorities of the National Economic Empowerment and Development Strategy
>(NEEDS), the nation's blue-print for reducing poverty, creating wealth and
>generating employment."
>
>She stated that after receiving the assurances of the Swiss authorities 
>that
>the funds will be released , the federal government had "decided to factor
>most of the Abacha funds into the 2004 budget so that the urgent challenges
>of providing infrastructure and social services to our people would not be
>delayed. This is to ensure that our programmes which are on-going are
>adequately funded."
>
>According to her, the Federal Government had distributed the recovered $505
>million looted funds in the 2004 budget as: rural electrification,
>$170million (N21.70billion); priority economic roads, $140 million
>(N18.60billion); primary health care vaccination programme, $80 million
>(N10.83 billion); support to secondary and basic education, $60 million
>(N7.74 billion); and portable water and rural irrigation, $50 million 
>(N6.20
>billion).
>
>In his remarks, the Swiss ambassador to Nigeria, Helg said "Switzerland
>possesses an efficient set of legal instruments to defend itself against 
>the
>inflow of illegal assets, and to recognize, block and return them to their
>rightful owners." He noted that "the recent decision of the Federal Supreme
>Court will strengthen the deterrent effect of Switzer-land's legal 
>mechanism
>against potential future inflows of illegal capital."
>
>He added that "the decision strengthens the Swiss position regarding the
>restitution of funds of politically exposed persons, which is: Switzerland
>has no interest in accepting illegal funds. It's financial center does not
>provide for a safe haven for illegal money, which should primarily be used
>for the benefit of the people of the country in question. The point must
>again be made that Swiss banking secrecy is not an obstacle to the
>investigation of criminal acts and to the international efforts to combat
>crime."
>
>He said Switzerland has received assurances from Obasanjo and Okonjo-Iweala
>that the returned funds will be channeled to the areas of health (fighting
>HIV/AIDS), education and infrastructure in the 2004/2005 fiscal period.
>
>"The funds will be used within the framework of the Nigeria national
>strategy to implement the United Nations Millennium Goals. The Nigerian
>government has given assurances of transparency in the use of the funds and
>is in agreement to the full inspection of the relevant accounts. 
>Switzerland
>has an interest in preventing the funds from being recycled for criminal
>purposes.
>
>"For this reasons, it has agreed with Nigeria to place control on projects
>financed by the Abacha's assets. These controls are expected to be carried
>out by the World Bank. The exact modalities are in the process of being
>established. Nigeria has given its consent to allowing civil society to 
>play
>an appropriate role in this monitoring project," he said.
>
>The Abacha family had relentlessly waged legal battles to stop the release
>of the funds. But the Swiss Federal Court last week, ruled in favour of the
>repatriation of the monies back to Nigeria.
>
>The Swiss authorities have investigated bank accounts linked to the Abacha
>family for over three years since the Nigerian government accused the late
>leader of looting up to $3 billion from state coffers during his rule from
>1993 until his death in June 1998.
>
>
>
>
>Last month, one of the Abacha sons, Abba, was arrested in Neuss, Germany
>when he attempted to close an account. He was accused of money laundering,
>fraud and breach of trust, and Swiss authorities sought his extradition 
>from
>Germany to assist them in the course of their investigations.
>
>Nine Swiss banks were reportedly investigated during the period. The first
>restitution of $200 million from the Abacha funds in Switzwerland was in
>2003.
>
>
>
>
>
>[Non-text portions of this message have been removed]
>
>
>
>------------------------ Yahoo! Groups Sponsor --------------------~-->
>Take a look at donorschoose.org, an excellent charitable web site for
>anyone who cares about public education!
>http://us.click.yahoo.com/_OLuKD/8WnJAA/cUmLAA/TySplB/TM
>--------------------------------------------------------------------~->
>
>--------------------------
>Want to discuss this topic?  Head on over to our discussion list,
>discuss-osint at yahoogroups.com.
>--------------------------
>Brooks Isoldi, editor
>bisoldi at intellnet.org
>
>http://www.intellnet.org
>
>   Post message: osint at yahoogroups.com
>   Subscribe:    osint-subscribe at yahoogroups.com
>   Unsubscribe:  osint-unsubscribe at yahoogroups.com
>
>
>*** FAIR USE NOTICE. This message contains copyrighted material whose use
>has not been specifically authorized by the copyright owner. OSINT, as a
>part of The Intelligence Network, is making it available without profit to
>OSINT YahooGroups members who have expressed a prior interest in receiving
>the included information in their efforts to advance the understanding of
>intelligence and law enforcement organizations, their activities, methods,
>techniques, human rights, civil liberties, social justice and other
>intelligence related issues, for non-profit research and educational
>purposes only. We believe that this constitutes a 'fair use' of the
>copyrighted material as provided for in section 107 of the U.S. Copyright
>Law. If you wish to use this copyrighted material for purposes of your own
>that go beyond 'fair use,' you must obtain permission from the copyright
>owner.
>For more information go to:
>http://www.law.cornell.edu/uscode/17/107.shtml
>Yahoo! Groups Links
>
><*> To visit your group on the web, go to:
>     http://groups.yahoo.com/group/osint/
>
><*> To unsubscribe from this group, send an email to:
>     osint-unsubscribe at yahoogroups.com
>
><*> Your use of Yahoo! Groups is subject to:
>     http://docs.yahoo.com/info/terms/
>
>
>--- end forwarded text
>
>
>--
>-----------------
>R. A. Hettinga <mailto: rah at ibuc.com>
>The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
>44 Farquhar Street, Boston, MA 02131 USA
>"... however it may deserve respect for its usefulness and antiquity,
>[predicting the end of the world] has not been found agreeable to
>experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From sunder at sunder.net  Fri Feb 18 08:47:19 2005
From: sunder at sunder.net (sunder)
Date: Fri, 18 Feb 2005 11:47:19 -0500
Subject: Theory of Secure Computation - Joe Killian, NEC Labs
Message-ID: <42161C17.6040702@sunder.net>

http://www.uwtv.org/programs/displayevent.asp?rid=2233

A bit sparse on details, but a good overview of all sorts of secure 
protocols.  Our friends Alice and Bob are of course present in various 
orgies of secure protocols.  :)




From mnemonic at well.com  Fri Feb 18 09:12:57 2005
From: mnemonic at well.com (Mike Godwin)
Date: Fri, 18 Feb 2005 12:12:57 -0500
Subject: Cryptographers to Hollywood: prepare to fail on DRM
Message-ID: <mailman.1184.1576007656.31620.cypherpunks-legacy@lists.cpunks.org>


Thanks to Robert Hettinga for the link -- I got a blog entry out of it!
(You can read it at
<http://www.godwinslaw.org/weblog/archive/2005/02/18/beating-the-drum-on-built-in-drm>.)


--Mike


-- 
-----
The Godwin's Law Blog can be found at http://www.godwinslaw.org .
-----
Mike Godwin can be reached by phone at 202-518-0020 x 101.
The new edition of his book, CYBER RIGHTS, can be ordered at
	http://www.panix.com/~mnemonic .
-----

--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 18 09:55:42 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 18 Feb 2005 12:55:42 -0500
Subject: Cryptographers to Hollywood: prepare to fail on DRM
Message-ID: <p06110456be3bdc8f3aa1@[68.167.57.91]>

--- begin forwarded text



From eugen at leitl.org  Fri Feb 18 04:17:00 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Fri, 18 Feb 2005 13:17:00 +0100
Subject: [i2p] 0.5 is available (fwd from jrandom@i2p.net)
Message-ID: <20050218121659.GG1404@leitl.org>

----- Forwarded message from jrandom <jrandom at i2p.net> -----


From andrewm at CS.Stanford.EDU  Fri Feb 18 18:27:42 2005
From: andrewm at CS.Stanford.EDU (Andrew S. Morrison)
Date: Fri, 18 Feb 2005 18:27:42 -0800
Subject: SHA-1 broken? (~Real Info)
In-Reply-To: <20050217063434.GD21458@xenon.Stanford.EDU>
References: <ab93f760050215191618f7af9@mail.gmail.com>
  <20050217063434.GD21458@xenon.Stanford.EDU>
Message-ID: <20050219022742.GA10399@xenon.Stanford.EDU>

A brief(!) summary by the authors of the SHA-1 Collisions found:

http://theory.csail.mit.edu/~yiqun/shanote.pdf

Not much is said, but its definately more to talk about.

On  0, "Andrew S. Morrison" <andrewm at CS.Stanford.EDU> wrote:
> All this chatter and everyone pointing to the same page ... but no paper,
> no proof ... just mindless chatter.
>
> Anyone know where this ghost paper is?

[demime 1.01d removed an attachment of type application/pgp-signature]




From rah at shipwright.com  Fri Feb 18 17:47:02 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 18 Feb 2005 20:47:02 -0500
Subject: Code name "Killer Rabbit":  New Sub Can Tap Undersea Cables
Message-ID: <p061104f0be3c44027a0a@[68.167.57.91]>

<http://wcbs880.com/topstories/topstories_story_049165912.html/resources_storyPrintableView>


WCBS 880 | wcbs880.com

Experts: New Sub Can Tap Undersea Cables
	* 	USS Jimmy Carter Will Be Based In Washington State
Feb 18, 2005 4:55 pm US/Eastern

 The USS Jimmy Carter, set to join the nation's submarine fleet on
Saturday, will have some special capabilities, intelligence experts say: It
will be able to tap undersea cables and eavesdrop on the communications
passing through them.

The Navy does not acknowledge the $3.2 billion submarine, the third and
last of the Seawolf class of attack subs, has this capability.

"That's going to be classified in nature," said Kevin Sykes, a Navy
spokesman. "You're not going to get anybody to talk to you about that."

But intelligence community watchdogs have little doubt: The previous
submarine that performed the mission, the USS Parche, was retired last
fall. That would only happen if a new one was on the way.

Like the Parche, the Carter was extensively modified from its basic design,
given a $923 million hull extension that allows it to house technicians and
gear to perform the cable-tapping and other secret missions, experts say.
The Carter's hull, at 453 feet, is 100 feet longer than the other two subs
in the Seawolf class.

"The submarine is basically going to have as its major function
intelligence gathering," said James Bamford, author of two books on the
National Security Agency.

Navy public information touts some of the Carter's special abilities: In
the extended hull section, the boat can provide berths for up to 50 special
operations troops, like Navy SEALs. It has an "ocean interface" that serves
as a sort of hangar bay for smaller vehicles and drones to launch and
return. It has the usual complement of torpedo tubes and Tomahawk cruise
missiles, and it will also serve as a platform for researching new
technologies useful on submarines.

The Carter, like other submarines, will also have the ability to eavesdrop
on communications-what the military calls signals intelligence-passed
through the airwaves, experts say. But its ability to tap undersea
fiber-optic cables may be unique in the fleet.

Communications worldwide are increasingly transmitted solely through
fiber-optic lines, rather than through satellites and radios.

"The capacity of fiber optics is so much greater than other communications
media or technologies, and it's also immune to the stick-up-an-attenna type
of eavesdropping," said Jeffrey Richelson, an expert on intelligence
technologies.

To listen to fiber-optic transmissions, intelligence operatives must
physically place a tap somewhere along the route. If the stations that
receive and transmit the communications along the lines are on foreign soil
or otherwise inaccessible, tapping the line is the only way to eavesdrop on
it.

The intelligence experts admit there is much that is open to speculation,
such as how the information recorded at a fiber-optic tap would get to
analysts at the National Security Agency for review.

During the 1970s, a U.S. submarine placed a tap on an undersea cable along
the Soviet Pacific coast, and subs had to return every few months to pick
up the tapes. The mission was ultimately betrayed by a spy, and the
recording device is now at the KGB museum in Moscow.

If U.S. subs still must return every so often to collect the
communications, the taps won't provide speedy warnings, particularly
against imminent terrorist attacks.

"It does continue to be something of a puzzle as to how they get this stuff
back to home base," said John Pike, a military expert at GlobalSecurity.org.

Some experts suggest the taps may somehow transmit their information, using
an antenna or buoy-but those modifications are easier to discover and
disable than a tap attached to the cable on the ocean floor.

"Unless they have some new method of relaying the information, it doesn't
serve much use in terms of warning," Bamford said. He contended tapping
undersea communications cables violates a number of international
conventions the United States is party to.

Such communications could still be useful, although the task of sorting and
analyzing so many communications for ones relevant to U.S. national
security interests is so daunting that only computers can do it.

The nuclear-powered sub will be commissioned in a ceremony at 11 a.m.
Saturday at the submarine base at New London, Conn. The ceremony marks the
vessel's formal entry into the fleet. The former president, himself a
submariner during his time in the Navy, will attend.

After some sea trials, the ship will move to its home port in Bangor, Wash.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From ashwood at msn.com  Fri Feb 18 22:46:34 2005
From: ashwood at msn.com (Joseph Ashwood)
Date: Fri, 18 Feb 2005 22:46:34 -0800
Subject: SHA1 broken?
References: <42135C5A.31592.2E217C6@localhost>  
  <BAY0-SMTP082C5CB3C054AD2EA7F406AC6D0@phx.gbl> 
  <421476B9.9040206@gmx.co.uk>
  <BAY0-SMTP03A5D711D0FAFAB894EA66AC6E0@phx.gbl>
Message-ID: <BAY0-SMTP11DD9595AB40F7FC134C0CAC6F0@phx.gbl>

----- Original Message ----- 
From: "Joseph Ashwood" <ashwood at msn.com>
Sent: Friday, February 18, 2005 3:11 AM

[the attack is reasonable]

Reading through the summary I found a bit of information that means my 
estimates of workload have to be re-evaluated. Page 1 "Based on our 
estimation, we expect that real collisions of SHA1 reduced to 70-steps can 
be found using todays supercomputers." This is a very important statement 
for estimating the real workload, assuming there is an implicit "in one 
year" in there, and assuming BlueGene (Top 500 list slot 1) this represents 
22937.6 GHz*years, or slightly over 2^69 clock cycles, I am obviously still 
using gigahertz because information gives us nothing better to work from. 
This clearly indicates that the operations used for the workload span 
multiple processor clocks, and performing a gross estimation based on pure 
guesswork I'm guessing that my numbers are actually off by a factor of 
between 50 and 500, this factor will likely work cleanly in either adjusting 
the timeframe or production cost.

My suggestion though to make a switch away from SHA-1 as soon as reasonable, 
and to prepare to switch hashes very quickly in the future remains the same, 
the march of processor progress is not going to halt, and the advance of 
cryptographic attacks will not halt which will inevitably squeeze SHA-1 to 
broken. I would actually argue that the 2^80 strength it should have is 
enough to begin its retirement, 2^80 has been "strong enough" for a decade 
in spite of the march of technology. Under the processor speed enhancements 
that have happened over the last decade we should have increased the 
keylength already to accomodate for dual core chips running at 20 times the 
speed for a total of 40 times the prior speed (I was going to use Spec data 
for a better calculation but I couldn'd immediately find specs for a Pentium 
Pro 200) by adding at least 5 bits preferrably 8 to our necessary protection 
profile.
                Joe 




From lloyd at randombit.net  Fri Feb 18 23:25:55 2005
From: lloyd at randombit.net (Jack Lloyd)
Date: Sat, 19 Feb 2005 00:25:55 -0700
Subject: SHA-1 results available
Message-ID: <20050219072555.GA31104@randombit.net>

http://theory.csail.mit.edu/~yiqun/shanote.pdf

No real details, just collisions for 80 round SHA-0 (which I just confirmed)
and 58 round SHA-1 (which I haven't bothered with), plus the now famous work
factor estimate of 2^69 for full SHA-1.

As usual, "Technical details will be provided in a forthcoming paper." I'm not
holding my breath.

-Jack




From camera_lumina at hotmail.com  Sat Feb 19 10:54:52 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Sat, 19 Feb 2005 13:54:52 -0500
Subject: Code name "Killer Rabbit": New Sub Can Tap Undersea Cables
In-Reply-To: <p061104f0be3c44027a0a@[68.167.57.91]>
Message-ID: <BAY24-F27AC4F47A58950DB3AEB069B6F0@phx.gbl>

When I was in Telecom we audited pieces of an undersea NSA network that was 
based on OC-3 ATM. It had some odd components, however, including 
reflective-mode LiNBO3 modulators and even acousto-optic modulators. 
(Actually, one of the components started dying which put them into a 
near-frenzy...it turned out we had someone who happened to know the designer 
of that very piece and so understood the failure mode completely.)

My theory is that they were multiplexing their OC-3-collected information 
back over the same set of fibers the intelligence came from, or else 
re-routed it to another "friendly" cable nearby.

These days, however, a la Variola I don't think that a single OC-3 will do 
even for specially-selected traffic, so they must do something different now 
(unless, of course, that OC-3 was just their OAM&P/control network, which is 
entirely possible).

-TD

>From: "R.A. Hettinga" <rah at shipwright.com>
>To: osint at yahoogroups.com, cryptography at metzdowd.com, 
>cypherpunks at al-qaeda.net
>Subject: Code name "Killer Rabbit":  New Sub Can Tap Undersea Cables
>Date: Fri, 18 Feb 2005 20:47:02 -0500
>
><http://wcbs880.com/topstories/topstories_story_049165912.html/resources_storyPrintableView>
>
>
>WCBS 880 | wcbs880.com
>
>Experts: New Sub Can Tap Undersea Cables
>	* 	USS Jimmy Carter Will Be Based In Washington State
>Feb 18, 2005 4:55 pm US/Eastern
>
>  The USS Jimmy Carter, set to join the nation's submarine fleet on
>Saturday, will have some special capabilities, intelligence experts say: It
>will be able to tap undersea cables and eavesdrop on the communications
>passing through them.
>
>The Navy does not acknowledge the $3.2 billion submarine, the third and
>last of the Seawolf class of attack subs, has this capability.
>
>"That's going to be classified in nature," said Kevin Sykes, a Navy
>spokesman. "You're not going to get anybody to talk to you about that."
>
>But intelligence community watchdogs have little doubt: The previous
>submarine that performed the mission, the USS Parche, was retired last
>fall. That would only happen if a new one was on the way.
>
>Like the Parche, the Carter was extensively modified from its basic design,
>given a $923 million hull extension that allows it to house technicians and
>gear to perform the cable-tapping and other secret missions, experts say.
>The Carter's hull, at 453 feet, is 100 feet longer than the other two subs
>in the Seawolf class.
>
>"The submarine is basically going to have as its major function
>intelligence gathering," said James Bamford, author of two books on the
>National Security Agency.
>
>Navy public information touts some of the Carter's special abilities: In
>the extended hull section, the boat can provide berths for up to 50 special
>operations troops, like Navy SEALs. It has an "ocean interface" that serves
>as a sort of hangar bay for smaller vehicles and drones to launch and
>return. It has the usual complement of torpedo tubes and Tomahawk cruise
>missiles, and it will also serve as a platform for researching new
>technologies useful on submarines.
>
>The Carter, like other submarines, will also have the ability to eavesdrop
>on communications-what the military calls signals intelligence-passed
>through the airwaves, experts say. But its ability to tap undersea
>fiber-optic cables may be unique in the fleet.
>
>Communications worldwide are increasingly transmitted solely through
>fiber-optic lines, rather than through satellites and radios.
>
>"The capacity of fiber optics is so much greater than other communications
>media or technologies, and it's also immune to the stick-up-an-attenna type
>of eavesdropping," said Jeffrey Richelson, an expert on intelligence
>technologies.
>
>To listen to fiber-optic transmissions, intelligence operatives must
>physically place a tap somewhere along the route. If the stations that
>receive and transmit the communications along the lines are on foreign soil
>or otherwise inaccessible, tapping the line is the only way to eavesdrop on
>it.
>
>The intelligence experts admit there is much that is open to speculation,
>such as how the information recorded at a fiber-optic tap would get to
>analysts at the National Security Agency for review.
>
>During the 1970s, a U.S. submarine placed a tap on an undersea cable along
>the Soviet Pacific coast, and subs had to return every few months to pick
>up the tapes. The mission was ultimately betrayed by a spy, and the
>recording device is now at the KGB museum in Moscow.
>
>If U.S. subs still must return every so often to collect the
>communications, the taps won't provide speedy warnings, particularly
>against imminent terrorist attacks.
>
>"It does continue to be something of a puzzle as to how they get this stuff
>back to home base," said John Pike, a military expert at 
>GlobalSecurity.org.
>
>Some experts suggest the taps may somehow transmit their information, using
>an antenna or buoy-but those modifications are easier to discover and
>disable than a tap attached to the cable on the ocean floor.
>
>"Unless they have some new method of relaying the information, it doesn't
>serve much use in terms of warning," Bamford said. He contended tapping
>undersea communications cables violates a number of international
>conventions the United States is party to.
>
>Such communications could still be useful, although the task of sorting and
>analyzing so many communications for ones relevant to U.S. national
>security interests is so daunting that only computers can do it.
>
>The nuclear-powered sub will be commissioned in a ceremony at 11 a.m.
>Saturday at the submarine base at New London, Conn. The ceremony marks the
>vessel's formal entry into the fleet. The former president, himself a
>submariner during his time in the Navy, will attend.
>
>After some sea trials, the ship will move to its home port in Bangor, Wash.
>
>--
>-----------------
>R. A. Hettinga <mailto: rah at ibuc.com>
>The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
>44 Farquhar Street, Boston, MA 02131 USA
>"... however it may deserve respect for its usefulness and antiquity,
>[predicting the end of the world] has not been found agreeable to
>experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Sat Feb 19 12:01:04 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sat, 19 Feb 2005 15:01:04 -0500
Subject: Ink helps drive democracy in Asia
Message-ID: <p0611043ebe3d4b7d3c4a@[68.167.57.91]>

<http://news.bbc.co.uk/2/low/technology/4276125.stm>

The BBC

Saturday, 19 February, 2005, 08:34 GMT

 Ink helps drive democracy in Asia
By Dr David Mikosz
 In Kyrgyzstan

 The Kyrgyz Republic, a small, mountainous state of the former Soviet
republic, is using invisible ink and ultraviolet readers in the country's
elections as part of a drive to prevent multiple voting.

 This new technology is causing both worries and guarded optimism among
different sectors of the population.

 In an effort to live up to its reputation in the 1990s as "an island of
democracy", the Kyrgyz President, Askar Akaev, pushed through the law
requiring the use of ink during the upcoming Parliamentary and Presidential
elections.

 The US government agreed to fund all expenses associated with this decision.

 "The use of ink and readers by itself is not a panacea for election ills"




 The Kyrgyz Republic is seen by many experts as backsliding from the high
point it reached in the mid-1990s with a hastily pushed through referendum
in 2003, reducing the legislative branch to one chamber with 75 deputies.

 The use of ink is only one part of a general effort to show commitment
towards more open elections - the German Embassy, the Soros Foundation and
the Kyrgyz government have all contributed to purchase transparent ballot
boxes.

 Not complicated

The actual technology behind the ink is not that complicated.

 The ink is sprayed on a person's left thumb. It dries and is not visible
under normal light.



However, the presence of ultraviolet light (of the kind used to verify
money) causes the ink to glow with a neon yellow light.

 At the entrance to each polling station, one election official will scan
voter's fingers with UV lamp before allowing them to enter, and every voter
will have his/her left thumb sprayed with ink before receiving the ballot.

 If the ink shows under the UV light the voter will not be allowed to enter
the polling station. Likewise, any voter who refuses to be inked will not
receive the ballot.

 These elections are assuming even greater significance because of two
large factors - the upcoming parliamentary elections are a prelude to a
potentially regime changing presidential election in the Autumn as well as
the echo of recent elections in other former Soviet Republics, notably
Ukraine and Georgia.

 The use of ink has been controversial - especially among groups perceived
to be pro-government.

 Common metaphor

Widely circulated articles compared the use of ink to the rural practice of
marking sheep - a still common metaphor in this primarily agricultural
society.



The author of one such article began a petition drive against the use of
the ink.

 The greatest part of the opposition to ink has often been sheer ignorance.

 Local newspapers have carried stories that the ink is harmful, radioactive
or even that the ultraviolet readers may cause health problems.

 Others, such as the aggressively middle of the road, Coalition of
Non-governmental Organizations, have lauded the move as an important step
forward.

 This type of ink has been used in many elections in the world, in
countries as varied as Serbia, South Africa, Indonesia and Turkey.

 The other common type of ink in elections is indelible visible ink - but
as the elections in Afghanistan showed, improper use of this type of ink
can cause additional problems.

 The use of "invisible" ink is not without its own problems. In most
elections, numerous rumors have spread about it.

 Clear step

In Serbia, for example, both Christian and Islamic leaders assured their
populations that its use was not contrary to religion. Other rumours are
associated with how to remove the ink - various soft drinks, solvents and
cleaning products are put forward.

 However, in reality, the ink is very effective at getting under the
cuticle of the thumb and difficult to wash off. The ink stays on the finger
for at least 72 hours and for up to a week.

 The use of ink and readers by itself is not a panacea for election ills.

 The passage of the inking law is, nevertheless, a clear step forward
towards free and fair elections."

 The country's widely watched parliamentary elections are scheduled for 27
February.

 David Mikosz works for the IFES, an international, non-profit organisation
that supports the building of democratic societies.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From DaveHowe at gmx.co.uk  Sat Feb 19 07:53:53 2005
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Sat, 19 Feb 2005 15:53:53 +0000
Subject: SHA1 broken?
In-Reply-To: <BAY0-SMTP03A5D711D0FAFAB894EA66AC6E0@phx.gbl>
References: <42135C5A.31592.2E217C6@localhost>  
  <BAY0-SMTP082C5CB3C054AD2EA7F406AC6D0@phx.gbl> 
  <421476B9.9040206@gmx.co.uk>
  <BAY0-SMTP03A5D711D0FAFAB894EA66AC6E0@phx.gbl>
Message-ID: <42176111.7050501@gmx.co.uk>

Joseph Ashwood wrote:
> I believe you substantially misunderstood my statements, 2^69 work is 
> doable _now_. 2^55 work was performed in 72 hours in 1998, scaling 
> forward the 7 years to the present (and hence through known data) leads 
> to a situation where the 2^69 work is achievable today in a reasonable 
> timeframe (3 days), assuming reasonable quantities of available money 
> ($500,000US). There is no guessing about what the future holds for this, 
> the 2^69 work is NOW.
I wasn't aware that FPGA technology had improved that much if any - feel 
free to correct my misapprehension in that area though :)




From eugen at leitl.org  Sat Feb 19 08:53:41 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Sat, 19 Feb 2005 17:53:41 +0100
Subject: SHA1 broken?
In-Reply-To: <42176111.7050501@gmx.co.uk>
References: <42135C5A.31592.2E217C6@localhost>
  <BAY0-SMTP082C5CB3C054AD2EA7F406AC6D0@phx.gbl>
  <421476B9.9040206@gmx.co.uk>
  <BAY0-SMTP03A5D711D0FAFAB894EA66AC6E0@phx.gbl>
  <42176111.7050501@gmx.co.uk>
Message-ID: <20050219165341.GR1404@leitl.org>

On Sat, Feb 19, 2005 at 03:53:53PM +0000, Dave Howe wrote:

> I wasn't aware that FPGA technology had improved that much if any - feel
> free to correct my misapprehension in that area though :)

FPGAs are too slow (and too expensive), if you want lots of SHA-1
performance,
use a crypto processor (or lots of forthcoming C5J mini-ITX boards), or an
ASIC.

Assuming, fast SHA-1 computation is the basis for the attack -- we do not
know that.

While looking, came across

	http://www.ietf.org/proceedings/02jul/slides/saag-1.pdf

"We really DO NOT need SHA-256 for Message Authentication", mid-2002.

--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From DaveHowe at gmx.co.uk  Sat Feb 19 13:23:31 2005
From: DaveHowe at gmx.co.uk (Dave Howe)
Date: Sat, 19 Feb 2005 21:23:31 +0000
Subject: SHA1 broken?
In-Reply-To: <20050219165341.GR1404@leitl.org>
References: <42135C5A.31592.2E217C6@localhost> 
  <BAY0-SMTP082C5CB3C054AD2EA7F406AC6D0@phx.gbl> 
  <421476B9.9040206@gmx.co.uk> 
  <BAY0-SMTP03A5D711D0FAFAB894EA66AC6E0@phx.gbl> 
  <42176111.7050501@gmx.co.uk> <20050219165341.GR1404@leitl.org>
Message-ID: <4217AE53.4060006@gmx.co.uk>

Eugen Leitl wrote:
> On Sat, Feb 19, 2005 at 03:53:53PM +0000, Dave Howe wrote:
>>I wasn't aware that FPGA technology had improved that much if any - feel
>>free to correct my misapprehension in that area though :)
> FPGAs are too slow (and too expensive), if you want lots of SHA-1
> performance,
> use a crypto processor (or lots of forthcoming C5J mini-ITX boards), or an
> ASIC.
> Assuming, fast SHA-1 computation is the basis for the attack -- we do not
> know that.
   Indeed so. however, the argument "in 1998, a FPGA machine broke a DES 
key in 72 hours, therefore TODAY..." assumes that (a) the problems are 
comparable, and (b) that moores law has been applied to FPGAs as well as 
CPUs.
   I am unaware of any massive improvement (certainly to the scale of 
the comparable improvement in CPUs) in FPGAs, and the ones I looked at a 
a few days ago while researching this question seemed to have pretty 
much the same spec sheet as the ones I looked at back then. However, I 
am not a gate array techie, and most of my experience with them has been 
small (two-three chip) devices at very long intervals, purely for my own 
interest. It is possible there has been a quantum leap foward in FPGA 
tech or some substitute tech that can perform massively parallel 
calculations, on larger block sizes and hence more operations, at a 
noticably faster rate than the DES cracker could back then.
Schneier apparently believes there has been - but is simply applying 
moore's law to the machine from back then, and that may not be true 
unless he knows something I don't (I assume he knows lots of things I 
don't, but of course he may not have thought this one though :)




From rah at shipwright.com  Sun Feb 20 04:11:44 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 20 Feb 2005 07:11:44 -0500
Subject: Arroyo calls for ID cards, wiretaps
Message-ID: <p06110468be3e2eb17d7e@[68.167.57.91]>

<http://feeds.bignewsnetwork.com/?sid=042210e5ec3539c8>




Sunday 20th February, 2005

Arroyo calls for ID cards, wiretaps   

Big News Network.com     Sunday 20th February, 2005  (UPI)  



The president of the Philippines has said a national identification card
and a system for wiretapping is necessary in the federal antiterrorism bill.

 President Gloria Macapagal Arroyo believes the two components will make
antiterrorism laws more effective, the Manila Times reported Saturday.

 Let's have that proposal go through the debate in Congress but it is
important, she said. We are one of the few countries that still don't have
an antiterrorism or internal security law.

 However, some lawmakers said the wiretapping could be used as a weapon to
harass people personally or politically and the ID cards could allow the
the government to compile a dossier against unsuspecting citizens.

 Last year's legislation to establish a National Reference Card at age 18
would have contained the name, address, blood type and next of kin of the
bearer as well as a data strip containing a reference number and other
confidential data.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From egnzpxmc at krusenet.dk  Sun Feb 20 02:06:46 2005
From: egnzpxmc at krusenet.dk (Rosie Post)
Date: Sun, 20 Feb 2005 16:06:46 +0600
Subject: Refill Reminder
In-Reply-To: <9912929.00b0a2650@designs.com>
Message-ID: <363.9@melbpc.org.au>

Hello,

As a valued customer, we provide you with occassional information
and updates.

Our records indicate that you may be in need of a refill.

We hope that you will once again, give us the opportunity to
offer you a great selection of meds, low prices, and superior customer
care. If you would like to place an order or browse our current
products and specials, please visit the link below:

http://www.moonboard.info/?7S3e6caabec4eb52aaf81d709954S92f


Yours Truly,

Rosie Post
Customer Care Specialist












lowell oi taft vau affluence jkc admonition sds 
prototype njh resignation scy psyche vmz idolatry xu cyclops xm cling qo 
http://www.moonmin.info/fgh.php




From rah at shipwright.com  Sun Feb 20 14:10:18 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 20 Feb 2005 17:10:18 -0500
Subject: RSA looks ahead on RFID security
Message-ID: <p061104bfbe3ebb20682d@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/18/rsa_rfid/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Security ; Identity ;

 Original URL: http://www.theregister.co.uk/2005/02/18/rsa_rfid/

RSA looks ahead on RFID security
By John Leyden (john.leyden at theregister.co.uk)
Published Friday 18th February 2005 21:16 GMT

RSA 2005 Cryptographic researchers are working out ways to make RFID
technology more palatable to consumers ahead of its expected widespread
deployment over the coming years.

RFID tags are small silicon microchips attached to an antenna which emit a
unique serial number by radio over short distances. Miniature RFID tags can
be embedded in all kinds of consumer products and scanned from between two
to three metres away, revealing information about the product and
(potentially) its owner. Critics say the technology could reduce or
eliminate purchasing anonymity and could even threaten civil liberties. The
issue becomes even more acute with plans to put RFID tags into identity
cards.

Burt Kaliski, director and chief scientist of RSA Laboratories, said RFID
technologies promise to become the most pervasive deployment of technology
ever, but little attention has been paid so far to security and privacy
issues. "The level of security and privacy needs to grow in proportion with
deployment," he said.

RSA is concerned that information stored on RFID tags could be read by
anyone with an RFID reader - data thieves, hackers - or worse. Right now,
this isn't much of a threat; but once the technology becomes widely adopted
readers will drop in price. Over time, readers are likely to be built into
mobile phones to facilitate applications such as comparison shopping.

Such an application could take 10 years to hit the streets, but security
researchers need to think of the issues it raises now before standards
become "baked in", according to Kaliski. "Technology can help maintain the
balance between those concerned about business efficiency and those
concerned about privacy," he said.

Traditionally, security systems are based on the premise that a system is
trustworthy and it's up to the user to establish his credentials. With the
possibility of rogue RFID readers, this premise no longer holds true and a
different approach is needed. One approach is to change the IDs of tags
from one interaction to the next. "The authentication process needs some
kind of dynamic interaction and not just the assertion of identity,"
Kaliski told El Reg.

<pHe revealed his thoughts RFID security during a meeting at this week's
RSA Conference in San Francisco. Scientists from RSA have been studying the
issue for several years. Earlier this month researchers from Johns Hopkins
University and RSA Laboratories announced the discovery of cryptographic
vulnerabilities in the RFID technology used in high-security car keys and
petrol pump payment systems.

The attack against Texas Instruments DST tags used in vehicle immobilisers
and ExxonMobil's SpeedPass system discovered by researchers worked because
of the use of a 40-bit key in TI's technology.

"The design was a good attempt, given the constraints," Kaliski told us. .

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Sun Feb 20 14:15:43 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 20 Feb 2005 17:15:43 -0500
Subject: Geekzone: IT, mobility, wireless and handheld news
Message-ID: <p061104c2be3ebc57b11a@[68.167.57.91]>

<http://www.geekzone.co.nz/content.asp?contentid=4099>


Geekzone: IT, mobility, wireless and handheld news


PGP moving to stronger SHA Algorithm
News : Mobile : Security, posted 19-FEB-2005 19:37




 PGP Corporation is planning to migrate to a more secure version of the
Secure Hash Algorithm (SHA) in the upcoming releases of its PGP Desktop and
PGP Universal encryption solutions. According to a report released this
week by a team at Shandong University in China, the SHA-1 algorithm that
supports the digital signatures used in popular SSL browser security and
encryption can be successfully attacked. The same team helped break MD5,
another commonly used cryptographic hash algorithm, in August 2004.

 According to the company, all PGP products are architected to allow for
rapid and non-disruptive migration of all encryption, hash, compression,
and signature algorithms. PGP Corporation began planning the migration to
more secure hash algorithms after MD5 was compromised last year. Jon
Callas, CTO & CSO of PGP Corporation addressed the company's design
philosophy in a September 2004 CTO Corner article entitled "Much ado about
hash functions" . At the same time, PGP engineers began implementing a
shift from SHA-1 to the stronger algorithms (SHA-256 and SHA-512) while
preserving interoperability with existing software. The upcoming releases
of PGP Desktop and PGP Universal will allow users to select from a broader
range of authentication options.

 "The work done by the University of Shandong team is in the finest
tradition of cryptoanalytic peer review," said Callas. "The best minds
continually review existing algorithms, identify issues that need to be
addressed, and the entire community of vendors and users benefits. We will
continue to monitor the cryptographic integrity of the algorithms used in
PGP products and upgrade them as required to provide our customers with the
most secure information security solutions available."



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From ashwood at msn.com  Sun Feb 20 18:41:18 2005
From: ashwood at msn.com (Joseph Ashwood)
Date: Sun, 20 Feb 2005 18:41:18 -0800
Subject: SHA1 broken?
References: <42135C5A.31592.2E217C6@localhost>  
  <BAY0-SMTP082C5CB3C054AD2EA7F406AC6D0@phx.gbl>  
  <421476B9.9040206@gmx.co.uk>  
  <BAY0-SMTP03A5D711D0FAFAB894EA66AC6E0@phx.gbl>  
  <42176111.7050501@gmx.co.uk> <20050219165341.GR1404@leitl.org>
  <4217AE53.4060006@gmx.co.uk>
Message-ID: <BAY0-SMTP11209086A9C25913EC6044AC610@phx.gbl>

----- Original Message ----- 
From: "Dave Howe" <DaveHowe at gmx.co.uk>
Subject: Re: SHA1 broken?


>   Indeed so. however, the argument "in 1998, a FPGA machine broke a DES 
> key in 72 hours, therefore TODAY..." assumes that (a) the problems are 
> comparable, and (b) that moores law has been applied to FPGAs as well as 
> CPUs.

That is only misreading my statements and missing a very large portion where 
I specifically stated that the new machine would need to be custom instead 
of semi-custom. The proposed system was not based on FPGAs, instead it would 
need to be based on ASICs engineered using modern technology, much more 
along the lines of a DSP. The primary gains available are actually from the 
larger wafers in use now, along with the transistor shrinkage. Combined 
these have approximately kept the cost in line with Moore's law, and the 
benefits of custom engineering account for the rest. So for exact details 
about how I did the calculations I assumed Moore's law for speed, and an 
additional 4x improvement from custom chips instead of of the shelf. In 
order to verify the calculations I also redid them assuming DSPs which 
should be capable of processing the data (specifically from TI), I came to a 
cost within a couple orders of magnitude although the power consumption 
would be substantially higher.
                Joe 




From rah at shipwright.com  Mon Feb 21 10:09:44 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 21 Feb 2005 13:09:44 -0500
Subject: PCs do thousands of years of work
Message-ID: <p06110423be3fd31506fc@[68.167.57.91]>

<http://news.bbc.co.uk/2/low/science/nature/4270241.stm>

The BBC

Thursday, 17 February, 2005, 08:16 GMT

 PCs do thousands of years of work
By Jo Twist
 BBC News science and technology reporter

 A global network of computer users has clocked up more than 4,000 years'
worth of computer calculations in under three months as part of a huge grid
project.

Since November, thousands have joined the World Community Grid (WCG) which
uses idle computer time to help solve serious health and social problems.

 Over 4,000 "teams" have been running a simple program which processes
proteins for the Institute of Systems Biology.

 The Seattle-based institute is working out the role of proteins in bodies.

 The calculations completed so far by the thousands of ordinary desktop
computers mean that the WCG has done 22% of the total analysis needed for
the institute's Human Proteome Folding Project.

 "It makes me feel great because it is easy to sit back and let it run,"
Graham Hood, a community administrator for the 63-member My Online Team,
told the BBC News website.

 "I can't think of a better way to put spare time into good use," added the
watchmaker based in Birmingham.

 By the time the project ends it is predicted that more than 20,000 years
of computing will have been done.

 Technical trouble-shooter

As well as being a keen "protein cruncher", Mr Hood has also filled the
role of technical trouble-shooter for those in the WCG community who fear
viruses - not the biological kind.

 Participants only need to know how to install the software - no other
expertise is required to be part of the effort.

 But that means some who take part may not necessarily be so savvy about
technology and computer security either, which could cause problems.

 The software required to take part in the WCG is small, simple, and does
its calculations without users realising it.

 "If you took 10,000 people and said it is costing you this amount a week
to run your computer, would you prepared to donate that money to charity or
put this program on the computer and it costs you nothing?"
 Graham Hood, My Online Team

 Small, encrypted files of protein data are automatically downloaded via a
secure server when users connect to the net.

 With the current concern over spyware and viruses, WCG members have needed
to ensure they remain secure online, but configure their systems to let the
right kind of encrypted data in and out.

 Spyware are programs that surreptitiously install themselves on computers
to gather information about users. They can slow computer processors and
clog systems.

 "If you have a PC at home, it is more simple," said Mr Hood.

 "But if you are in corporation and you want to put 40 computers on the
grid, due to the fact that networks have to be so secure, firewalls will
block information getting back to the grid.

 "People have to get past the firewall in a safe manner."

 On the community's forums, advice is given out readily.

 The project is also a way of contributing to a good cause that avoids scam
"charity e-mail" phishing attempts - e-mails which pretend to be from
legitimate charities.

 This kind of scam recently hit tsunami relief fund-raising efforts.

 "If you took 10,000 people and said it is costing you this amount a week
to run your computer, would you prepared to donate that money to charity or
put this program on the computer and it costs you nothing?"

 Of course, a resource like cash is always a welcome relief for charities
too, but at least computers which get more powerful year on year can do
something useful, too.

 Premier processing league

The teams and individuals also earn points for the processing and
calculations each has done.

 Those with the most points, worked out and balanced against the
specification of the computer and net connections speeds, are ranked in a
league.

 The "Premiership" tends to comprise those who might have more than one
processor linked up to the WCG.

 "One person from Hollywood has a render farm with 30 processors in it. So
he is doing in one day what I have done in three months," explained Mr Hood.

But Mr Hood and his team have crawled steadily up the rankings to be the
13th most prolific team, contributing more than 300 computers to the
endeavour.

 Earning processing points and having rankings gives people something to
aim for, aside from the greater humanitarian goals, according to Mr Hood.

 Each protein has to be analysed five separate times to be sure of results.

 The hope is that a better understanding of the roles certain proteins have
will lead to the development of cures or better treatments for diseases
like cancer, HIV/Aids, and malaria.

 Protein analyses can take years to complete on powerful supercomputers alone.

 A global network of desktop computing power doing the analysing means that
time can be reduced to a matter of months.

 The WCG project, backed by IBM, is similar to others, like the successful
Seti at home run by the Search for Extra Terrestrial Life project which
examined radio signals for signs of alien communication.

 Another, the Smallpox Research Grid, linked together more than two million
volunteers from 226 countries to speed-up analysis of 35 million drug
molecules in the search for a treatment.

 The subjects of study for the WCG teams are chosen by an international
advisory board of experts specialising in health sciences and technology.

 The board evaluates proposals from leading research, public, and
not-for-profit organisations, and aims to be involved in up to six projects
a year.




 E-mail this to a friend
 Related to this story:
 Computer grid to help the world   (20 Nov 04 |   Technology  )
 Sun offers processing by the hour   (02 Feb 05 |   Technology  )
 ET fails to 'phone home'   (28 Mar 03 |   Science/Nature  )
 Computing power aids alien hunters   (19 Aug 02 |   Technology  )


 RELATED INTERNET LINKS:
World Community Grid
Download WCG software
IBM
Seti at home
Grid forum
Human Proteome Folding Project
Institute of Systems Biology
My Online Team
Folding at Home
 The BBC is not resp
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From dgerow at afflictions.org  Mon Feb 21 13:17:43 2005
From: dgerow at afflictions.org (Damian Gerow)
Date: Mon, 21 Feb 2005 16:17:43 -0500
Subject: palm beach HIV
In-Reply-To: <20050221205328.GA1404@leitl.org>
References: <20050221202547.GA3254@arion.soze.net>
  <20050221205328.GA1404@leitl.org>
Message-ID: <20050221211743.GF1147@afflictions.org>

Thus spake Eugen Leitl (eugen at leitl.org) [21/02/05 16:07]:
: > Calling Tim May!  Calling Tim May!
: 
: You rang?
: 
: http://groups-beta.google.com/groups?q=&start=0&scoring=d&enc_author=8NH-JhoA
: AAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ&

For those who hate word wrap...

    <http://groups-beta.google.com/groups?q=&start=0&scoring=d&enc_author=8NH-JhoAAAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ&>

</pet peeve>




From dgerow at afflictions.org  Mon Feb 21 14:40:13 2005
From: dgerow at afflictions.org (Damian Gerow)
Date: Mon, 21 Feb 2005 17:40:13 -0500
Subject: palm beach HIV
In-Reply-To: <20050221214003.GB1404@leitl.org>
References: <20050221202547.GA3254@arion.soze.net>
  <20050221205328.GA1404@leitl.org>
  <20050221211743.GF1147@afflictions.org>
  <20050221214003.GB1404@leitl.org>
Message-ID: <20050221224013.GG1147@afflictions.org>

Thus spake Eugen Leitl (eugen at leitl.org) [21/02/05 16:57]:
: > For those who hate word wrap...
: >
: >
: <http://groups-beta.google.com/groups?q=&start=0&scoring=d&enc_author=8NH-Jho
: AAAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ&>
: 
: Funny, wrapped again!

Not for me.  Neither when I sent it nor when I received it.  Your client,
perhaps?

: > </pet peeve>
: 
: Yes, complain to the Al-Q. node maintainer. The same code which strips my
: digital signatures also wrap the lines.

Funny.  Doesn't wrap mine.




From justin-cypherpunks at soze.net  Mon Feb 21 12:25:47 2005
From: justin-cypherpunks at soze.net (Justin)
Date: Mon, 21 Feb 2005 20:25:47 +0000
Subject: palm beach HIV
Message-ID: <20050221202547.GA3254@arion.soze.net>

Given the release of Palm Beach HIV+ patient information via
"accidental" attachment to a widely-distributed email, should agencies
with access to confidential information implement mandatory access
control and role-based security so that, barring problems with the
RBAC/MAC software, confidential data cannot be accessed by roles that
have external network access?

http://www.sun-sentinel.com/news/local/southflorida/sfl-paidslist21feb21,0,1753763.story?coll=sfla-home-headlines

I haven't found the list yet, but I found this:
http://www.palmbeachpost.com/opinion/content/opinion/epaper/2005/02/11/a20a_cramercol_0211.html
"In Palm Beach County, one of every 35 blacks is HIV-positive. That is
compared with one of every 492 whites."

Calling Tim May!  Calling Tim May!

-- 
Certainly there is no hunting like the hunting of man, and those who
have hunted armed men long enough and liked it, never really care for
anything else thereafter.           --Hemingway, Esquire, April 1936




From eugen at leitl.org  Mon Feb 21 12:53:29 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 21 Feb 2005 21:53:29 +0100
Subject: palm beach HIV
In-Reply-To: <20050221202547.GA3254@arion.soze.net>
References: <20050221202547.GA3254@arion.soze.net>
Message-ID: <20050221205328.GA1404@leitl.org>

On Mon, Feb 21, 2005 at 08:25:47PM +0000, Justin wrote:

> Calling Tim May!  Calling Tim May!

You rang?

http://groups-beta.google.com/groups?q=&start=0&scoring=d&enc_author=8NH-JhoA
AAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ&

--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From eugen at leitl.org  Mon Feb 21 13:40:03 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Mon, 21 Feb 2005 22:40:03 +0100
Subject: palm beach HIV
In-Reply-To: <20050221211743.GF1147@afflictions.org>
References: <20050221202547.GA3254@arion.soze.net>
  <20050221205328.GA1404@leitl.org>
  <20050221211743.GF1147@afflictions.org>
Message-ID: <20050221214003.GB1404@leitl.org>

On Mon, Feb 21, 2005 at 04:17:43PM -0500, Damian Gerow wrote:
> Thus spake Eugen Leitl (eugen at leitl.org) [21/02/05 16:07]:
> : > Calling Tim May!  Calling Tim May!
> :
> : You rang?
> :
> :
http://groups-beta.google.com/groups?q=&start=0&scoring=d&enc_author=8NH-JhoA
> : AAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ&
>
> For those who hate word wrap...
>
>
<http://groups-beta.google.com/groups?q=&start=0&scoring=d&enc_author=8NH-Jho
AAAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ&>

Funny, wrapped again!

> </pet peeve>

Yes, complain to the Al-Q. node maintainer. The same code which strips my
digital signatures also wrap the lines.

--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From justin-cypherpunks at soze.net  Mon Feb 21 14:57:37 2005
From: justin-cypherpunks at soze.net (Justin)
Date: Mon, 21 Feb 2005 22:57:37 +0000
Subject: MIME stripping
In-Reply-To: <20050221214003.GB1404@leitl.org>
References: <20050221202547.GA3254@arion.soze.net>
  <20050221205328.GA1404@leitl.org>
  <20050221211743.GF1147@afflictions.org>
  <20050221214003.GB1404@leitl.org>
Message-ID: <20050221225737.GC3436@arion.soze.net>

On 2005-02-21T22:40:03+0100, Eugen Leitl wrote:
> Yes, complain to the Al-Q. node maintainer. The same code which strips my
> digital signatures also wrap the lines.

Really?

http://groups-beta.google.com/groups?q=&start=0&scoring=d&enc_author=8NH-JhoAAAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ&

<http://groups-beta.google.com/groups?q=&start=0&scoring=d&enc_author=8NH-JhoAAAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ&>

-- 
Certainly there is no hunting like the hunting of man, and those who
have hunted armed men long enough and liked it, never really care for
anything else thereafter.           --Hemingway, Esquire, April 1936

[demime 1.01d removed an attachment of type application/pgp-signature]




From rsw at jfet.org  Mon Feb 21 21:08:10 2005
From: rsw at jfet.org (Riad S. Wahby)
Date: Mon, 21 Feb 2005 23:08:10 -0600
Subject: MIME stripping
In-Reply-To: <20050221225737.GC3436@arion.soze.net>
References: <20050221202547.GA3254@arion.soze.net> <20050221205328.GA1404@leitl.org> <20050221211743.GF1147@afflictions.org> <20050221214003.GB1404@leitl.org> <20050221225737.GC3436@arion.soze.net>
Message-ID: <20050222050810.GA12520@positron.jfet.org>

Justin <justin-cypherpunks at soze.net> wrote:
> On 2005-02-21T22:40:03+0100, Eugen Leitl wrote:
> > Yes, complain to the Al-Q. node maintainer. The same code which strips my
> > digital signatures also wrap the lines.
> 
> Really?

No.  Both lines came through unwrapped.  

AFA sigs go, if you really want your sig to get through don't (invoking
Tim here) MIME-encrust it, just send it through as plain text.

-- 
Riad S. Wahby
rsw at jfet.org




From eugen at leitl.org  Tue Feb 22 00:03:47 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 22 Feb 2005 09:03:47 +0100
Subject: palm beach HIV
In-Reply-To: <20050221224013.GG1147@afflictions.org>
References: <20050221202547.GA3254@arion.soze.net>
  <20050221205328.GA1404@leitl.org>
  <20050221211743.GF1147@afflictions.org>
  <20050221214003.GB1404@leitl.org>
  <20050221224013.GG1147@afflictions.org>
Message-ID: <20050222080347.GC1404@leitl.org>

On Mon, Feb 21, 2005 at 05:40:13PM -0500, Damian Gerow wrote:
> Thus spake Eugen Leitl (eugen at leitl.org) [21/02/05 16:57]:
> : > For those who hate word wrap...
> : >
> : >
> :
<http://groups-beta.google.com/groups?q=&start=0&scoring=d&enc_author=8NH-Jho
> : AAAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ&>
> :
> : Funny, wrapped again!
>
> Not for me.  Neither when I sent it nor when I received it.  Your client,
> perhaps?

No, Mutt doesn't wrap earls.

> : > </pet peeve>
> :
> : Yes, complain to the Al-Q. node maintainer. The same code which strips my
> : digital signatures also wrap the lines.
>
> Funny.  Doesn't wrap mine.

You don't sign. It used to be much worse, would completely reformat the
messages. Wrapped earls I can live with.

--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From eugen at leitl.org  Tue Feb 22 00:04:50 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 22 Feb 2005 09:04:50 +0100
Subject: MIME stripping
In-Reply-To: <20050221225737.GC3436@arion.soze.net>
References: <20050221202547.GA3254@arion.soze.net>
  <20050221205328.GA1404@leitl.org>
  <20050221211743.GF1147@afflictions.org>
  <20050221214003.GB1404@leitl.org>
  <20050221225737.GC3436@arion.soze.net>
Message-ID: <20050222080450.GD1404@leitl.org>

Weird. I won't sign this message.

On Mon, Feb 21, 2005 at 10:57:37PM +0000, Justin wrote:
> On 2005-02-21T22:40:03+0100, Eugen Leitl wrote:
> > Yes, complain to the Al-Q. node maintainer. The same code which strips my
> > digital signatures also wrap the lines.
> 
> Really?
> 
> http://groups-beta.google.com/groups?q=&start=0&scoring=d&enc_author=8NH-JhoAAAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ&
> 
> <http://groups-beta.google.com/groups?q=&start=0&scoring=d&enc_author=8NH-JhoAAAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ&>
> 
> -- 
> Certainly there is no hunting like the hunting of man, and those who
> have hunted armed men long enough and liked it, never really care for
> anything else thereafter.           --Hemingway, Esquire, April 1936
> 
> [demime 1.01d removed an attachment of type application/pgp-signature]
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net




From eugen at leitl.org  Tue Feb 22 00:05:07 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 22 Feb 2005 09:05:07 +0100
Subject: MIME stripping
In-Reply-To: <20050221225737.GC3436@arion.soze.net>
References: <20050221202547.GA3254@arion.soze.net>
  <20050221205328.GA1404@leitl.org>
  <20050221211743.GF1147@afflictions.org>
  <20050221214003.GB1404@leitl.org>
  <20050221225737.GC3436@arion.soze.net>
Message-ID: <20050222080507.GE1404@leitl.org>

This message is signed.

On Mon, Feb 21, 2005 at 10:57:37PM +0000, Justin wrote:
> On 2005-02-21T22:40:03+0100, Eugen Leitl wrote:
> > Yes, complain to the Al-Q. node maintainer. The same code which strips my
> > digital signatures also wrap the lines.
>
> Really?
>
>
http://groups-beta.google.com/groups?q=&start=0&scoring=d&enc_author=8NH-JhoA
AAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ&
>
>
<http://groups-beta.google.com/groups?q=&start=0&scoring=d&enc_author=8NH-Jho
AAAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ&>
>
> --
> Certainly there is no hunting like the hunting of man, and those who
> have hunted armed men long enough and liked it, never really care for
> anything else thereafter.           --Hemingway, Esquire, April 1936
>
> [demime 1.01d removed an attachment of type application/pgp-signature]
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From eugen at leitl.org  Tue Feb 22 01:20:06 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 22 Feb 2005 10:20:06 +0100
Subject: U.S. Withholding Satellite Data
Message-ID: <20050222092006.GO1404@leitl.org>

Link: http://slashdot.org/article.pl?sid=05/02/22/0539254
Posted by: timothy, on 2005-02-22 07:33:00

   from the derives-from-a-mandate-from-the-masses dept.
   plover writes "Because of Congressional legislation passed quietly in
   2003, the Air Force Space Command will no longer [1]distribute space
   surveillance data via NASA. There was supposed a three year
   transitional period where the data was to be made available via a NASA
   web site, but earlier this month their transitional server went down
   hard, and NASA has decided to not rebuild it. (It was scheduled to be
   shut down on 31 March 2005 anyway.) The only way to obtain satellite
   data now is by signing up with the official [2]Space-Track website.
   Part of the agreement to obtaining data from their site is that you
   agree to not redistribute their data. Of course, [3]amateurs are still
   free to redistribute [4]their observations, [5]including those of
   classified satellites."


References

   1. http://www.celestrak.com/NORAD/elements/notice.asp
   2. http://www.space-track.org/
   3. http://www.satobs.org/satintro.html
   4. http://www.amsat.org/amsat/sats/n7hpr/satsum.html
   5. http://home.t-online.de/home/R.Kracht/top50.htm

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From camera_lumina at hotmail.com  Tue Feb 22 09:25:23 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Tue, 22 Feb 2005 12:25:23 -0500
Subject: palm beach HIV
In-Reply-To: <20050221205328.GA1404@leitl.org>
Message-ID: <BAY24-F27B141391A3CBFA21B42ED9B620@phx.gbl>

Sheeit...I'm starting to think May was no longer all that interested in the 
Crypto stuff...seems he really just wanted to rant and terrify the 
clueless...

-TD

>From: Eugen Leitl <eugen at leitl.org>
>To: cypherpunks at al-qaeda.net
>Subject: Re: palm beach HIV
>Date: Mon, 21 Feb 2005 21:53:29 +0100
>
>On Mon, Feb 21, 2005 at 08:25:47PM +0000, Justin wrote:
>
> > Calling Tim May!  Calling Tim May!
>
>You rang?
>
>http://groups-beta.google.com/groups?q=&start=0&scoring=d&enc_author=8NH-JhoA
>AAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ&
>
>--
>Eugen* Leitl <a href="http://leitl.org">leitl</a>
>______________________________________________________________
>ICBM: 48.07078, 11.61144            http://www.leitl.org
>8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
>http://moleculardevices.org         http://nanomachines.net
>
>[demime 1.01d removed an attachment of type application/pgp-signature]




From WWhyte at ntru.com  Tue Feb 22 09:30:22 2005
From: WWhyte at ntru.com (Whyte, William)
Date: Tue, 22 Feb 2005 12:30:22 -0500
Subject: SHA-1 results available
Message-ID: <30F37C4533D8564FB1D58BFDAF6687C10250B5D2@ohthree.jjj-i.com>


> http://theory.csail.mit.edu/~yiqun/shanote.pdf
> 
> No real details, just collisions for 80 round SHA-0 (which I 
> just confirmed)
> and 58 round SHA-1 (which I haven't bothered with), plus the 
> now famous work
> factor estimate of 2^69 for full SHA-1.
> 
> As usual, "Technical details will be provided in a 
> forthcoming paper." I'm not
> holding my breath.

A preprint was circulating at the RSA conference; Adi Shamir 
had a copy. Similar techniques were used by Vincent Rijmen
and Elizabeth Oswald, in their paper available at
.http://eprint.iacr.org/2005/010.

William

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com




From crawdad at fnal.gov  Tue Feb 22 10:33:56 2005
From: crawdad at fnal.gov (Matt Crawford)
Date: Tue, 22 Feb 2005 12:33:56 -0600
Subject: Code name "Killer Rabbit":  New Sub Can Tap Undersea Cables
In-Reply-To: <p061104f0be3c44027a0a@[68.167.57.91]>
References: <p061104f0be3c44027a0a@[68.167.57.91]>
Message-ID: <29cc1b588132ab8f63de4db7268b4d1e@fnal.gov>

On Feb 18, 2005, at 19:47, R.A. Hettinga wrote:
> "It does continue to be something of a puzzle as to how they get this 
> stuff
> back to home base," said John Pike, a military expert at 
> GlobalSecurity.org.

I should think that in many cases, they can simply lease a fiber in the 
same cable.  What could be simpler?




From jya at pipeline.com  Tue Feb 22 12:58:27 2005
From: jya at pipeline.com (John Young)
Date: Tue, 22 Feb 2005 12:58:27 -0800
Subject: SHA-1 results available
In-Reply-To: <30F37C4533D8564FB1D58BFDAF6687C10250B5D2@ohthree.jjj-i.com
   >
Message-ID: <E1D3eNo-0005SA-00@tisch.mail.mindspring.net>

Yiqun L Yin writes 21 February 2005 about when the full SHA-1 
paper will appear:

  We have submitted the paper to a conference for peer review, 
  and we should receive a notification of the review results by early 
  May. We plan to publish the paper after incorporating the comments 
  from the review, and will let you know around that time.




From rah at shipwright.com  Tue Feb 22 11:10:47 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 22 Feb 2005 14:10:47 -0500
Subject: End of story for Hunter Thompson
Message-ID: <p06110456be413420c75e@[68.167.57.91]>

<http://www.washingtontimes.com/functions/print.php?StoryID=20050221-115003-2618r>

The Washington Times
www.washingtontimes.com

End of story for Hunter Thompson
By Stephanie Mansfield
THE WASHINGTON TIMES
Published February 22, 2005
Outlaw, druggie, Dunhill-smoking, Chivas Regal-drinking, anti-establishment
literary icon Hunter S. Thompson committed suicide after becoming depressed
about the United States' shift toward conservatism, said one longtime
friend who spent the weekend at the Aspen, Colo., home of the late "gonzo"
journalist.
     "He was depressed about the state of society," said Loren Jenkins,
foreign editor for National Public Radio in Washington.
     A vehement opponent of President Bush, Mr. Thompson, 67, "was feeling
maudlin about the current conservatism sweeping the country," Mr. Jenkins
said. "He felt he'd had a long run, trying to create a freer society in the
'60s and '70s and he felt it had all been closed down."
     Mr. Thompson's body was discovered Sunday by Juan Thompson, his son by
his first wife, Sandra Dawn Thompson. His second wife, Anita, was not home
at the time. The family issued a statement asking for privacy.
     In recent months, Mr. Thompson had suffered injuries and other health
problems. While others expressed shock at Mr. Thompson's death, close
friends " including Mr. Jenkins " did not.
     "Everyone who knew Hunter knew that he lived by his own rules and that
he would end his life by his own rules," Mr. Jenkins said.
     But other friends said yesterday that Mr. Thompson seemed to be in
good spirits during the past week.
     "I was there Friday evening at his home and left him at midnight,"
said longtime friend and neighbor Michael Cleverly.
     "We had a lovely evening. He was very upbeat. I'd have been less
shocked if he had shot me rather than himself," said Mr. Cleverly. "He is
the last person on the planet Earth I would expect of that."
     Mr. Cleverly, who knew Mr. Thompson for 25 years, said the writer "
who lived at a compound called Owl Farm " had several assignments in the
works, including a book of his photography. "He was in the midst of a
productive life. My only speculation was that [the suicide] had to be an
impulse, not something he'd been dwelling on."
      Mr. Cleverly also attended Mr. Thompson's annual Super Bowl party,
and said friends were not aware of anything troubling the writer, except he
had suffered "a terrible year physically."
     According to Mr. Cleverly, the writer fell in Hawaii and broke his
leg. He also had back surgery and pain from an artificial hip.
     Yesterday at his favorite haunt, Woody Creek Tavern, patrons and
writers gathered to remember Mr. Thompson, perhaps best known for his
drug-fueled 1971 narrative "Fear and Loathing in Las Vegas," which was made
into a 1998 movie starring Johnny Depp.
     Recently, Mr. Thompson had been a regular columnist for ESPN.com Web
site, and his columns had been collected into a book. Passionate about
sports, Mr. Thompson gained a loyal following of younger readers who were
not yet born when his name, along with Tom Wolfe and Truman Capote, became
synonymous with a new style of observational, stream-of-consciousness
magazine writing.
     He rode with the Hell's Angels " the subject of a 1966 book that
established him as a leading practitioner of so-called "New Journalism" "
and wrote a widely praised account of the 1972 presidential campaign and,
like George Plimpton, became adept at participatory journalism.
     "There was an undercurrent of madness to his work," fellow writer Gay
Talese said yesterday. "The story was always inside his head. It wasn't
necessarily what he saw. His power was his disenchantment by just about
everything in front of him."
     His last column recounted a 3 a.m. phone call to actor and friend Bill
Murray, who portrayed Mr. Thompson in a 1980 movie, "Where the Buffalo
Roam." Mr. Thompson had invented a new, "truly violent leisure sport" he
called "shotgun golf," in which each player attempts to shoot his
opponent's golf ball with a 12-gauge shotgun.
     "He was so vital and had endless number of friends," said Gaylord
Guerin, owner of the Woody Creek Tavern. "He was an absolute genius."
     With his aviator sunglasses, cigarette holder and broad-brimmed hat,
Mr. Thompson was the inspiration for the "Uncle Duke" character in
cartoonist Gary Trudeau's "Doonesbury" strip.
     Known to magazine editors as a prima donna who turned in outlandish
expense accounts and demanded high fees, he nevertheless earned respect for
his entertaining rants. Mr. Jenkins said Rolling Stone once sent Mr.
Thompson on assignment to Vietnam. Rather than cover the war, he spent his
entire stay in a Saigon bar getting drunk and arguing on the telephone with
editor Jann Wenner, who had canceled the writer's health insurance.
     He inspired a generation of future writers with his vivid first-person
accounts of adventures fueled by alcohol and illegal drugs. "I hate to
advocate weird chemicals, alcohol, violence or insanity to anyone ... but
they've always worked for me," Mr. Thompson once said.
     He later admitted exaggerating his drug consumption, but truth never
seemed to get in the way of a good story. Mr. Jenkins described his late
friend as "who Mark Twain might have been if Twain had discovered acid."
     Flipped out and freaked out on everything from psilocybin mushrooms to
peyote, Mr. Thompson wrote in the same vein as William S. Burroughs and
Charles Bukowski. He especially admired the works of "beat" writer Jack
Kerouac and Irish novelist J.P. Donleavy.
     But Ernest Hemingway was always an influence, and Mr. Jenkins said Mr.
Thompson's death by self-inflicted gunshot reflected that influence.
     "There is a bit of the Hemingway thing," said Mr. Jenkins. "Both
writers had their greatest success very early in their careers, and both
created a persona built on that."
     While politically an enemy of all things Republican, Mr. Thompson
proudly proclaimed himself a life member of the National Rifle Association
and was known to keep a small arsenal of firearms at his home.
     Born in Louisville, Ky., on July 18, 1937, Hunter Stockton Thompson
was a self-described "wild boy." After high school, he served two years in
the Air Force during which he edited the base newsletter and wrote sports
stories for a local newspaper. He then worked as a freelance correspondent
for several newspapers and magazines before joining Rolling Stone, where he
coined the term "gonzo journalism."
     Always worried about finances, Mr. Thompson churned out a series of
books, including "The Great Shark Hunt" (1975), "Generation of Swine"
(1988) and "Better Than Sex" (1994). A novel he wrote in the early 1960s,
"The Rum Diary," was published in 1998, and he published a collection of
short stories in 1991.
     "He kept everything," said Mr. Jenkins, referring to a cache of
material " letters, faxes, memos and old articles " Mr. Thompson stored in
his basement.
     One of Mr. Thompson's more colorful antics occurred in 1970, when he
ran unsuccessfully for sheriff of Pitkin County, Colo., on the "Freak
Power" ticket. The gonzo candidate " whose platform included changing the
name of Aspen to "Fat City" and decriminalizing drugs " decided to shave
his head, so he could denounce his crew-cut Republican rival as "my
long-haired opponent."
     



 Copyright ) 2005 News World Communications, Inc. All rights reserved.
 Return to the article

Cl
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From coderman at gmail.com  Tue Feb 22 15:00:59 2005
From: coderman at gmail.com (Martin Peck)
Date: Tue, 22 Feb 2005 15:00:59 -0800
Subject: Code name "Killer Rabbit": New Sub Can Tap Undersea Cables
In-Reply-To: <BAY24-F24F514349EBB60CFA2CA049B620@phx.gbl>
References: <BAY24-F24F514349EBB60CFA2CA049B620@phx.gbl>
Message-ID: <4ef5fec605022215006e609eaa@mail.gmail.com>

On Tue, 22 Feb 2005 17:01:05 -0500, Tyler Durden
<camera_lumina at hotmail.com> wrote:
> ... Do you take a copy of EVERYTHING and send it back? That might have been more
> feasible in the old days, but when a single fiber can run 64 wavelength
> optically amplified 10 Gig traffic, I really really doubt it. Or at least,
> this would require an undertaking large enough that I doubt they could hide
> it.

DWDM certainly makes it more complicated.  Of course, that same
technology allows them to send much more back. (Regarding the single
OC-3 mentioned previously.)

How they process and return the information is indeed the BIG SECRET. 
The old USSR taps used pods attached to the cables for recording and
were serviced periodically to pick up the collected data.

See also: http://cryptome.org/nsa-fibertap.htm
 
> ... I suspect it's a combination of all sorts of stuff...remember too that all
> that traffic has to land somewhere, so theoretically they can access a good
> deal of it terrestrially.

If you look at the landing sites for various oceanic fiber cables you
will see that a great many of them are on "friendly" territory.  You
can be sure that these lines are tapped.  (Which brings up the issue
someone else mentioned a while ago.  We make a big deal about ECHELON
monitoring satellites, yet no one really cares about the tapping of
landing sites that carry many times more information?  Silly humans)

I presume the fiber tapping submarine is interested mainly in those
cables which don't land on friendly territory or the sections landed
between unfriendly sites. (E.g. not all data goes through all sites)

> What you might see, therefore, is a sheath coming
> out of, say Iran, is tapped for fibers that proceed on to other unfriendly
> nations, and a copy of the traffic pulled back to some nearby land-based
> station in a friendly country (so that lots of amplifiers aren't needed).

This would be a reasonable assumption.  But so would a number of other
possible techniques.  The great mystery continues...

Best regards,




From rah at shipwright.com  Tue Feb 22 12:58:11 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 22 Feb 2005 15:58:11 -0500
Subject: A night in the life of Hunter
Message-ID: <p061104a3be414c1a6608@[68.167.57.91]>

<http://news.telegraph.co.uk/news/main.jhtml;sessionid=1O4IK4JJKT1JRQFIQMFSNAGAVCBQ0JVC?xml=/news/2005/02/22/wthom122.xml&sSheet=/news/2005/02/22/ixnewstop.html>

The Telegraph

A night in the life of Hunter
(Filed: 22/02/2005)

The day Hunter S Thompson introduced Hugh Davies to Wild Turkey bourbon,
guns and his Rocky Mountain wilderness


We started drinking Wild Turkey at noon. The Woody Creek Tavern had only
just opened and Hunter S Thompson swung round on his usual stool at the
bar, just across from the pool table he had tried to blow up the week
before.

"Hey Dude, what's up?" he said in a voice matured by a lifetime of drug and
alcohol abuse. He spoke in a stop-start, throaty rasp, occasionally missing
out words in sentences. At times, it was hard to understand him.

We had first met years before when he was a sports reporter in Washington
DC. We kept in touch through his riotous years as the Mad Doctor of Gonzo
Journalism, author of Kerouac-like screeds such as Fear and Loathing in Las
Vegas and Rolling Stone's most individual writer.

His reputation for being difficult rarely spilled over to his relations
with the media because he loved drinking with reporters.

This time, we met as he was being sued for allegedly groping a former porn
queen, Gail Palmer, in a hot tub at his home, Owl Farm, up Buttermilk
Mountain near Aspen, Colorado. He was alleged to have snarled to the
woman's companion: "Get her out of here, or I'll blow her head off."

This I could have believed as his love for bourbon, cocaine and
mind-numbing pharmaceuticals was only matched by his addiction to munitions.

I noticed that the barman, ordinarily used to the mad doctor's eccentric
behaviour, was keeping his distance, pouring large measures of whisky into
his shot glass and then retreating swiftly to the other end of the bar.

Hunter said he'd upset the proprietor by testing a detonator and explosives
on a table leg, scattering cues and pool balls, and smoking out the bar.

As usual, his voice was on fast-forward, as he sped past the incident to
rant on about "the generation of swine" now running Aspen, where he had
lived since the 1960s.

As I was trying to elicit details about the porn queen's visit, Hunter
raced on, confessing that he had opened fire late at night on the house of
a multi-millionaire neighbour, Floyd Watkins, because he didn't like his
attitude. There had been some altercation over Hunter's environmental
concerns. Watkins said the mad doctor's brain was "fried with drugs".
Hunter called him "crazy".

The mad doctor jabbed a Dunhill into his cigarette holder and plucked two
Mexican peppers from a bowl on the bar. Handing me one he said: "Try this.
It helps when you're as mad as hell."

He lumped Watkins, who kept three tigers in a cage at the gate of his home
as well as swans on a man-made lake, with the Hollywood figures who had
second homes in Aspen, worth millions of dollars.

"The greed-heads are taking over," he said. He recalled his early years in
Aspen when he arrived with Jack Nicholson, Bob Rafelson of Easy Rider and
Five Easy Pieces fame, Glen Frey and Don Henley of The Eagles and Jimmy
Buffett, to "cool out" in the Rockies.

"Now, it's all networking, corporate money and day-glo fur," he said. "It's
fat cat money - and I hate the swine."

As he spoke, his best friend, Bob Braudis, dropped into the bar to say
hello. Bob, the sheriff of Aspen, was almost Hunter's literary equal. As he
sipped beer, he quoted Homer from his days as a student at Harvard. Hunter
said: "Bob and I go back 20 years. He's had to arrest me more than once."

The sheriff, I later learned, periodically rounded up friends to help the
mad doctor clean up his house.

At 6pm, Hunter said it was time to go. He ordered up a last Wild Turkey
and, clutching it in one hand with his other on the wheel of his Chrysler
pick-up, we went up the mountain road.

Owl Farm, covering 127 acres, was at the top of a bluff. The entrance was
hung with steel models of vultures and three gargoyles. Inside, on a desk,
was his old Apple Power Book computer. Hanging over it was a rubber bust of
Richard Nixon wearing a scout hat. I got him to talk about the porn queen.
"Ungrateful swine, the lot of them," he muttered, unravelling a parcel.

Inside was a *44 Magnum. "Come into the garden," he said. We went out into
the gloom. There were two targets. He said: "Look, I'll try for the target
with the Mickey Mouse face. I'll imagine it's Michael Eisner, the Disney
chief. You try and hit the old television set."

He loaded the gun and handed it to me. It was so heavy that I needed both
hands to steady the barrel. I missed. Hunter, despite a day on the bourbon,
blew the target away. Once again, as he once wrote, the Lord of the Karma
enjoying an activity he said was "better than sex".


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Tue Feb 22 12:58:49 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 22 Feb 2005 15:58:49 -0500
Subject: On the road to truth and madness
Message-ID: <p061104a2be414c1564d9@[68.167.57.91]>

<http://news.telegraph.co.uk/news/main.jhtml;sessionid=1O4IK4JJKT1JRQFIQMFSNAGAVCBQ0JVC?xml=/news/2005/02/22/wthom222.xml&sSheet=/news/2005/02/22/ixnewstop.html>

The Telegraph

On the road to truth and madness
(Filed: 22/02/2005)

The opening of Fear and Loathing in Las Vegas:

We were somewhere around Barstow on the edge of the desert when the drugs
began to take hold. I remember saying something like "I feel a bit
lightheaded; maybe you should drive 
" And suddenly there was a terrible
roar all around us and the sky was full of what looked like huge bats, all
swooping and screeching and diving around the car, which was going about a
hundred miles an hour with the top down to Las Vegas. And a voice was
screaming: "Holy Jesus! What are these goddamn animals?"

Then it was quiet again. My attorney had taken his shirt off and was
pouring beer on his chest, to facilitate the tanning process. "What the
hell are you yelling about?" he muttered, staring up at the sun with his
eyes closed and covered with wraparound Spanish sunglasses. "Never mind," I
said. "It's your turn to drive." I hit the brakes and aimed the Great Red
Shark toward the shoulder of the highway. No point mentioning those bats, I
thought. The poor bastard will see them soon enough.



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Tue Feb 22 13:10:10 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 22 Feb 2005 16:10:10 -0500
Subject: Hunter S Thompson
Message-ID: <p061104a1be414c1063be@[68.167.57.91]>

<http://news.telegraph.co.uk/news/main.jhtml;sessionid=1O4IK4JJKT1JRQFIQMFSNAGAVCBQ0JVC?xml=/news/2005/02/22/db2201.xml&sSheet=/news/2005/02/22/ixnewstop.html>

The Telegraph

Hunter S Thompson
(Filed: 22/02/2005)

Hunter S Thompson, who shot himself on Sunday, aged 67, was the explosive,
funny and frequently shocking self-styled "Mad Doctor of Gonzo Journalism".

Where Tom Wolfe and the "orthodox" New Journalists were observers, Dr
Thompson (he had a doctorate in Divinity, bought by mail order) cast
himself as catalyst and participant, charging into situations with a
headful of hallucinogens and a safari jacket weighed down with guns and
bottles. His most famous book, Fear and Loathing in Las Vegas (1972),
concerned a trip to Vegas with his 300lb Hawaiian-shirted Samoan attorney,
supposedly to cover a motorcycle race and a national drug enforcement
convention. But in carrying out the assignment Thompson largely ignored
both events and instead focussed on his own antics.

 The opening paragraph set the tone: "We were somewhere around Barstow on
the edge of the desert when the drugs began to take hold. I remember saying
something like: 'I feel a bit lightheaded; maybe you should drive... ' And
suddenly there was a terrible roar all around us and the sky was full of
what looked like huge bats, all swooping and screeching and diving around
the car, which was going about a hundred miles an hour with the top down to
Las Vegas. And a voice was screaming: 'Holy Jesus! What are these goddamn
animals?'" Later on Thompson remarks: "This is not a good town for
psychedelic drugs. Reality itself is too twisted."

Before becoming national affairs editor of Rolling Stone magazine in 1970
(a title he held until 1999), Thompson had worked as a freelance, writing
relatively straight reports on sports and South America, plus an excellent
book about the Hell's Angels (1966), some of whom became close friends,
until the book appeared and they beat him up.

He invented "Gonzo" journalism when he and his favourite colleague, the
British cartoonist Ralph Steadman, were sent by Scanlan's Magazine to cover
the 1970 Kentucky Derby (held at Thompson's home town of Louisville).
Unable to produce a piece, Thompson ripped pages straight out of his
notebook, numbering them and sending them to the printer. The technique was
fuelled by terrifying quantities of drugs, alcohol and tobacco.

He wrote later that Gonzo was "a style of 'reporting' based on William
Faulkner's idea that the best fiction is far more true than any kind of
journalism - and the best journalists have always known this". He also
admitted his own work was not Gonzo, that it was all a failure because he
was unable to write or report his reactions to events literally as they
occurred. He said that "the writer must be participant in the the scene
while he's writing it", and that such instantaneous effort was beyond him.

In the 1960s and early 1970s Thompson was also celebrated for his
excoriating political reporting - the writer Nelson Algren called him the
finest political reporter in America, whose "hallucinated vision strikes
one as having been, after all, the sanest". Thompson's coverage of the
McGovern-Nixon election in 1972 resulted in his best book, Fear and
Loathing on the Campaign Trail (1973), in which he famously characterised
the Republican candidate as speaking to "the Werewolf in us, the bully, the
predatory shyster". "Jesus! Where will it end?" Thompson mused. "How low do
you have to stoop in this country to be President?"

 Nixon's victory effectively brought an end to Thompson's career as a
political journalist, although he became a self-confessed "Watergate
junkie". While he went on to write several more extraordinary books,
including The Great Shark Hunt (1980), he later became more widely known
for his own bad behaviour, and as the model for Duke, the dope-addled
character in the comic strip Doonesbury.

Journalists who visited Thompson at his cabin discovered that it was fatal
to try and drink with him. Thompson's biographer E Jean Carroll described
his routine: "3pm rise. 3.05 Chivas Regal with the morning papers,
Dunhills. 3.45 cocaine. 3.50 another glass of Chivas, Dunhill. 4.15
cocaine. 4.54 cocaine. 5.05 cocaine... 9pm starts snorting cocaine
seriously. 10pm drops acid. 11pm Chartreuse, cocaine, grass. 11.30 cocaine,
etc, etc... 12.05 to 6am Chartreuse, cocaine, grass, Chivas, coffee,
Heineken, clove cigarettes, grapefruit, Dunhills, orange juice, gin,
continuous pornographic movies.

 In later years, the biographical note in Thompson's book described him as
living as a "freelance country gentleman" and existing "in a profoundly
active Balance of Terror with the local police authorities".

Hunter Stockton Thompson was born at Louisville, Kentucky, on July 18 1937.
His father sold insurance and died when Hunter was 14, an event that
propelled the boy, so he recalled, into becoming "an outlaw". Thereafter,
his mother became alcoholic and slovenly, while Hunter became a leader of
his gang, and was much admired by girls. Aged 18 he was jailed for his part
in a robbery, and he took a writing course in prison.

On release, he joined the United States Air Force, doing sports writing for
a base newspaper in Florida until his commanding officer noted that "his
flair for invention and imagination" and "rebellious disregard for military
dress and authority seem to rub off on the other airmen". Honourably
discharged, Thompson took, and was quickly fired from, a job with the
Middletown (New York) Record, then did a traineeship at Time magazine.

He worked for a bowling magazine in Puerto Rico and in 1960, at least
partly in emulation of Jack Kerouac, drove across country to California.
While living at Big Sur, he began work on The Rum Diary, an
autobiographical novel based on his beginnings as a journalist in Puerto
Rico, which was eventually published in 1998.

After investigating the beatnik scene in San Francisco, Thompson spent two
years in South America, sending dispatches to the National Observer.
Returning to San Francisco, he combined freelance journalism with driving a
cab, before being commissioned by Random House to write Hell's Angels. The
first reporter to meet with the Hell's Angels on their own turf instead of
relying on police information, Thompson rode with them for a year.

In 1963, Thompson moved to the Rockies so that he would be free to live by
his own anarchic rules - among his stunts were blowing up the pool table in
his local bar and driving around drunk with a glass of bourbon in hand. Not
surprisingly, he deplored Aspen's subsequent fashionability, the influx of
"Day-Glo fur and Manhattan chic".

In a bid to "prevent the greedheads from moving in" he ran for sheriff in
1970 on a "freak politics" ticket, promising to turf the streets, rename
Aspen Fat City and put dishonest marijuana dealers in the stocks. He lost
by 1,533 votes to 1,068.

Thereafter he resorted to "direct action", using what he called "firepower
demonstrations", such as firing 50 shots from his automatic rifle over the
house of an arriviste property developer.

In 1990 he was accused of assaulting a former porn film actress who had
come to his house to interview him. The woman, Gail Palmer-Slater, accused
Thompson of "squeezing and twisting her left breast and threatening to blow
her head off" after she refused to join him in his hot tub. Thompson said
she was drunk, and was seeking publicity for a new range of sex aids and
manuals.

A police raid on the house turned up white powder, explosives, a 12-bore
shotgun and a.22 calibre machine-gun. Claiming he was a victim of a
revitalised police state unleashed by the Bush administration anti-drug
hysteria, Thompson suggested a newspaper headline: "Life-style police raid
home of crazed Gonzo journalist. Eleven-hour search by six trained
investigators yields nothing but crumbs."

 He promised to enliven the the court case by showing the actress's movies
Hot Legs and Prisoner of Paradise at the Aspen Opera House. Not that
criminal proceedings interfered with his lifestyle. "The whiskey stores
opened at seven, and I didn't have to be in court until ten," he wrote in
Songs of the Doomed.

 The charges were soon dropped, after potential witnesses failed to
co-operate with the prosecutors. "We beat them like stupid rats," Thompson
declared. "We beat 'em like dogs." Stopping in Aspen to load his car up
with beer, he then sped off, firing blanks.

Fearful of "growing old and helpless", he admitted in interviews that
suicide had occurred to him, saying in 1998 that he planned to fill his
house with "cold liquid glass" so it was preserved forever, with him
inside, "and people can come and look through the front window".

Hunter S Thompson married first, in 1963, Sandra Dawn Conklin. They had a
son, Juan, "and seven miscarriages". She left him in 1978. He is survived
by his second wife, Anita Beymunk.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Tue Feb 22 13:58:41 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Tue, 22 Feb 2005 16:58:41 -0500
Subject: The Dark Star
Message-ID: <p061104d7be41587d4d44@[68.167.57.91]>

<http://www.washingtonpost.com/ac2/wp-dyn/A42719-2005Feb21?language=printer>

The Washington Post

washingtonpost.com
The Dark Star
Gloom May Have Stalked Hunter S. Thompson, but His Writing Was a Beacon

 By Henry Allen
 Washington Post Staff Writer
 Tuesday, February 22, 2005; Page C01

 From Hunter S. Thompson's "Songs of the Doomed -- More Notes on the Death
of the American Dream":

"It has been raining a lot recently. Quick thunderstorms and flash floods .
. . lightning at night and fear in the afternoon. People are worried about
electricity.

"Nobody feels safe. Fires burst out on dry hillsides, raging out of
control, while dope fiends dance in the rancid smoke and animals gnaw each
other. Foreigners are everywhere, carrying pistols and bags of money. There
are rumors about murder and treachery and women with no pulse. Crime is
rampant and even children are losing their will to live.

"The phones go dead and power lines collapse, whole families plunged into
darkness with no warning at all. People who used to be in charge walk
around wall-eyed, with their hair standing straight up on end, looking like
they work for Don King, and babbling distractedly about their hearts
humming like stun guns and trying to leap out of their bodies like animals
trapped in bags."

 He wrote this in Washington, in 1989.

 As his first wife, Sandy, once said: "Hunter tends to make things worse
than they are sometimes."

Thompson, at 67, was the gonzo journalist who shot himself in the head with
a handgun on Sunday. He was also what you get when you combine Murphy's Law
and some hillbilly Calvinist preaching the doctrine of innate depravity. He
believed every man had it in him to do wrong. He also believed that if
something could go wrong it would. We were all doomed, to use one of his
favorite words.

 Hence the birth of gonzo journalism, a term he picked up from a fan
letter, and one that applied only to him. He was the prose laureate of the
Age of Paranoia, which began, let's say, with the election of Richard Nixon
in the middle of the counterculture's nonstop mental fire drill brought on
by psychedelic drugs. Then he took it further, as he took most things:
"There's no such thing as paranoia," he said. "The truth is, your worst
fears always come true."

This was the fundamental joke that served as the fulcrum and lever of all
his writing, starting with "The Kentucky Derby Is Decadent and Depraved."
He attained "full-bore" torque, or maybe "king-hell" torque, to use his
phrasing, with "Fear and Loathing in Las Vegas -- A Savage Journey to the
Heart of the American Dream," followed by "Fear and Loathing on the
Campaign Trail '72," which George McGovern's political director, Frank
Mankiewicz, called "the most accurate and least factual" account of the
election. Other Thompson titles: "Generation of Swine," "Songs of the
Doomed" and a short piece called "Hit Him Again, Jack, He's Crazy."

You get the idea.

He was from Louisville, a former juvenile delinquent and "hard case," as he
liked to say: a big tense guy, 6 feet 3 with tight skin, wary eyes, short
hair and a hectic way of moving, as if he were trying and failing to
approximate the condition of normal. He wore aviator sunglasses and smoked
with a cigarette holder. He looked like a combination of puzzled and
threatening. He liked Dobermans and guns and liked to "get loaded on
mescaline and fire my .44 magnum out into the dark -- that long blue
flame." He spoke in bursts of words that later in his life became so
unintelligible that a documentary about him provided subtitles. He had a
sharp eye for the right people and he hung out with them. He had charisma.
Being around him gave you the charmed but unsettled feeling of having
joined an entourage. He took a lot of drugs and drank a lot of Wild Turkey.
Louisa Davidson, who knew Thompson in Colorado for 30 years, said he was a
Southern gentleman with moments of genius, but "he was a prisoner and slave
to his addictions." He could be polite, when he wasn't picking an
occasional fight, but there was nothing mellow or laid-back about him.

 Thompson on the '72 candidates:

 Being around Edmund Muskie "was something like being locked in a rolling
box car with a vicious 200-pound water rat." Nixon "speaks for the werewolf
in us." And Hubert Humphrey, the saint of long-ago liberalism: "There is no
way to grasp what a shallow, contemptible and hopelessly dishonest old hack
Hubert Humphrey is until you've followed him around for a while."

 Strange that he became a hero to a generation known for its long-haired,
"gettin' it all together," feminist, free-sex pacifists. Thompson wanted to
break it all apart, and he rarely mentioned women or sex in his writing.

In 1971, at the beginning of his big-time fame, he'd already written the
obit for the '60s, a time when "you could strike sparks anywhere. There was
a fantastic universal sense that whatever we were doing was right, that we
were winning." But by then, "with the right kind of eyes, you can almost
see the high-water mark -- that place where the wave finally broke and
rolled back."

People will forgive almost anything of writers who can astonish them and
make them laugh. None of them can anymore. In his early '70s heyday, which
was the last time that writers could still be heroes -- he was among the
very last of them, along with Ken Kesey and Tom Wolfe, all of them
outrageous in style and subject, the final heirs of J.P. Donleavy, Joseph
Heller, J.D. Salinger and Terry Southern, who all taught us the irreverence
that Thompson made even more hilarious by taking it into the craziness that
comes with sticking the big toe of your brain in the socket of
"high-powered blotter acid," and "uppers, downers, screamers, laughers."

 He was a particular hero to journalists, whose terrible secret is that
beneath all the globe-hopping and news anchor fame, they are merely clerks
and voyeurs. Thompson, despite his rants about the onanistic squalor of
journalism, had the bearing of an adventurer striding out to the very edges
of madness and menace. He had much rep for walking the walk, which he did,
but mostly he talked the talk. In fact, he'd never done very much in his
life except write about it, which he did with clarity, hilarity and
big-train momentum. He was a master stylist -- he once typed out the entire
"Great Gatsby" as an exercise. He also created a pyrotechnic public persona
called Dr. Hunter S. Thompson. How much more can we ask?

 He'd done a little jail time as a kid in Louisville. He joined the Air
Force, which let him out two years early after a prescient commanding
officer said that in Thompson's military newspaper work his "flair for
invention and imagination" and his "disregard for military dress and
authority . . . seem to rub off on the other airmen."

He worked for small papers, wrote from South America for a now-gone Dow
Jones weekly called the National Observer, drove a taxi in San Francisco
while working on a novel, got in fistfights, ran for sheriff of Pitkin
County, Colo., got pulled over for drunk driving, beat a drug bust at his
home in Woody Creek, near Aspen -- small-time stuff. Rolling Stone sent him
to cover the fall of Vietnam -- where he could find no end of real fear and
loathing -- but he split for Laos and failed to file a story worth
mentioning. In 2000, he slightly wounded his assistant while trying to
shoot a bear on his property.

And yet readers worshiped him as a man of profound experience, to the point
of playing what you might call "the Hunter Thompson game." The point of the
game is to create mortal fear out of nothing more than, say, the sun
flashing in a window.

First man: You see that glint?

Second man: Like binoculars?

First man: Try 12-power Unertl glass on a Remington .308.

Second man: Your first wife's boyfriend?

First man: But he's a cop.

Second man: Exactly. Our heads? In four seconds? Vapor, baby.

This is the sort of conversation that boys have in treehouses, to scare
themselves for the fun of it. Thompson's writing had the venerable American
quality of boys' literature, in the manner of Hemingway, Jack London and
Mark Twain. And of: old-fashioned sports writing, with its flamboyance and
moralities, and the good but long-forgotten men's magazines such as True or
Argosy, which honored the courage, luck and jocularity of the lone cowboys
lurking in American men. Lately, with his best writing behind him, the
gonzo just a collection of occasional gestures, he'd been writing a sports
column for ESPN's Web site.

 We're left wondering what happened. He once said: "I hate to advocate
weird chemicals, alcohol, violence or insanity to anyone . . . but they've
always worked for me." Until maybe he got wondering about the ultimate high
being a 1,500-feet-per-second implantation in the neurological system.

 Or the paranoia got to him -- in paranoia you are your own worst enemy,
and that's a tightening circle that nobody can escape, except, say, by
suicide. Or it was pain and depression brought on by reported back surgery,
a broken leg and a hip replacement. Or he was playing out the last moves of
the Hemingway game -- the paranoid, shock-treated Hemingway who ended up
with his doctor one day, crying because he said that he couldn't write
anymore, he just couldn't write. Or America has finally become what he said
it was, with lie-awake fears of suitcase nukes, jails full of secret
uncharged prisoners with no legal recourse, and quiet applause for the
recreational torture of Arabs in Iraq. Or people have stopped reading, and
there are no more literary heroes. Or maybe he just killed himself, like a
number of other people on any given day. He lived on his terms, he died on
his own terms.

Except he wasn't like a number of people -- he left us his prose, his
genius persona, and his insights into the dark side of America, insights
that could change your life after the laughing stopped. You would like to
think that beneath the forbidding scowl of post-9/11 America, and despite
the dark side, that a lot of people understand that Hunter S. Thompson was
a great American.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From camera_lumina at hotmail.com  Tue Feb 22 14:01:05 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Tue, 22 Feb 2005 17:01:05 -0500
Subject: Code name "Killer Rabbit": New Sub Can Tap Undersea Cables
Message-ID: <BAY24-F24F514349EBB60CFA2CA049B620@phx.gbl>

No! Undersea?

Do you take a copy of EVERYTHING and send it back? That might have been more 
feasible in the old days, but when a single fiber can run 64 wavelength 
optically amplified 10 Gig traffic, I really really doubt it. Or at least, 
this would require an undertaking large enough that I doubt they could hide 
it.

If they select some traffic then we have to ask, how do they select the 
traffic? Even there the mind boggles thinking about the kinds of gear 
necessary.

I suspect it's a combination of all sorts of stuff...remember too that all 
that traffic has to land somewhere, so theoretically they can access a good 
deal of it terrestrially. What you might see, therefore, is a sheath coming 
out of, say Iran, is tapped for fibers that proceed on to other unfriendly 
nations, and a copy of the traffic pulled back to some nearby land-based 
station in a friendly country (so that lots of amplifiers aren't needed).

I'd bet you do see the occasional Variola suitcase, though, requiring a sub 
visit once in a while. But I bet they avoid this kind of thing as much as 
possible, given the traffic volumes.

-TD




>From: Matt Crawford <crawdad at fnal.gov>
>To: crypto <cryptography at metzdowd.com>
>CC: osint at yahoogroups.com, cypherpunks at al-qaeda.net
>Subject: Re: Code name "Killer Rabbit":  New Sub Can Tap Undersea Cables
>Date: Tue, 22 Feb 2005 12:33:56 -0600
>
>On Feb 18, 2005, at 19:47, R.A. Hettinga wrote:
>>"It does continue to be something of a puzzle as to how they get this 
>>stuff
>>back to home base," said John Pike, a military expert at 
>>GlobalSecurity.org.
>
>I should think that in many cases, they can simply lease a fiber in the 
>same cable.  What could be simpler?




From eugen at leitl.org  Tue Feb 22 09:35:40 2005
From: eugen at leitl.org (Eugen Leitl)
Date: Tue, 22 Feb 2005 18:35:40 +0100
Subject: palm beach HIV
In-Reply-To: <BAY24-F27B141391A3CBFA21B42ED9B620@phx.gbl>
References: <20050221205328.GA1404@leitl.org>
  <BAY24-F27B141391A3CBFA21B42ED9B620@phx.gbl>
Message-ID: <20050222173540.GX1404@leitl.org>

On Tue, Feb 22, 2005 at 12:25:23PM -0500, Tyler Durden wrote:

> Sheeit...I'm starting to think May was no longer all that interested in the
> Crypto stuff...seems he really just wanted to rant and terrify the
> clueless...

I don't know why he's into Usenet trolling these days. I suspect there's a
lot of disgust of where things cypherpunkly now stand. Sense of betrayal,
etc.

Don't do we all, if we look into which a shithole the net has degenerated
these days?

Ever noticed that everybody interesting has left years ago? This is true for
about every great list.

--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]




From rah at shipwright.com  Wed Feb 23 04:51:30 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 23 Feb 2005 07:51:30 -0500
Subject: I'll show you mine if you show me, er, mine
Message-ID: <p0611044dbe42228f351f@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/21/crypto_wireless/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Security ; Identity ;

 Original URL: http://www.theregister.co.uk/2005/02/21/crypto_wireless/

I'll show you mine if you show me, er, mine
By Lucy Sherriff (lucy.sherriff at theregister.co.uk)
Published Monday 21st February 2005 17:11 GMT

Security researchers have developed a new cryptographic technique they say
will prevent so-called stealth attacks against networks.

A stealth attack is one where the attacker acts remotely, is very hard to
trace, and where the victim may not even know he was attacked. The
researchers say this kind of attack is particularly easy to mount against a
wireless network.

The so-called "delayed password disclosure" protocol was developed by
Jakobsson and Steve Myers of Indiana University. The protocol allows two
devices or network nodes to identify themselves to each other without ever
divulging passwords.

The protocol could help secure wireless networks against fraud and identity
theft, and protect sensitive user data. The technique will be particularly
useful in ad-hoc networks, where two or more devices or network nodes need
to verify each others' identity simultaneously.

Briefly, it works like this: point A transmits an encrypted message to
point B. Point B can decrypt this, if it knows the password. The decrypted
text is then sent back to point A, which can verify the decryption, and
confirm that point B really does know point A's password. Point A then
sends the password to point B to confirm that it really is point A, and
knows its own password.

The researchers say that this will prevent consumers connecting to fake
wireless hubs at airports, or in coffee shops. It could also be used to
notify a user about phishing attacks, scam emails that try to trick a user
into handing over their account details and passwords to faked sites,
provide authentication between two wireless devices, and make it more
difficult for criminals to launder money through large numbers of online
bank accounts.

Jakobsson is hoping to have beta code available for Windows and Mac by the
spring, and code for common mobile phone platforms later in 2005.

More info available here (http://www.stealth-attacks.info). .

Related stories

Hotspot paranoia: try to stay calm
(http://www.theregister.co.uk/2005/01/24/wi_fi_hotspot_security/)
Crypto researchers break SHA-1
(http://www.theregister.co.uk/2005/02/17/sha1_hashing_broken/)
Cyberpunk authors get the girls
(http://www.theregister.co.uk/2005/02/17/cyberpunk/)

) Copyright 2005

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Wed Feb 23 05:14:23 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Wed, 23 Feb 2005 08:14:23 -0500
Subject: As Gonzo in Life as in His Work
Message-ID: <p06110461be42315bacf9@[68.167.57.91]>

<http://www.opinionjournal.com/forms/printThis.html?id=110006325>


OpinionJournal - LEISURE & ARTS

As Gonzo in Life as in His Work
Hunter S. Thompson died as he lived.

BY TOM WOLFE
Tuesday, February 22, 2005 12:01 a.m.

Hunter S. Thompson was one of those rare writers who come as advertised.
The Addams-family eyebrows in Stephen King's book jacket photos combined
with the heeby-jeeby horrors of his stories always made me think of
Dracula. When I finally met Mr. King, he was in Miami playing, along with
Amy Tan, in a jook-house band called the Remainders. He was Sunshine
itself, a laugh and a half, the very picture of innocent fun, a Count
Dracula who in real life was Peter Pan. Carl Hiaasen, the genius who has
written such zany antic novels as "Striptease," "Sick Puppy," and "Skinny
Dip" is in person as intelligent, thoughtful, sober, courteous, even
courtly, a Southern gentleman as you could ask for (and I ask for them all
the time and never find them). But the gonzo--Hunter's coinage--madness of
Hunter Thompson's "Fear and Loathing in Las Vegas" (1971) and his Rolling
Stone classics such as "The Kentucky Derby is Decadent and Depraved" (1970)
was what you got in the flesh too. You didn't have lunch or dinner with
Hunter Thompson. You attended an event at mealtime.

 I had never met Hunter when the book that established him as a literary
figure, "The Hell's Angels, a Strange and Terrible Saga," was published in
1967. It was brilliant investigative journalism of the hazardous sort,
written in a style and a voice no one had ever seen or heard before. The
book revealed that he had been present at a party for the Hell's Angels
given by Ken Kesey and his hippie--at the time the term was not "hippie'
but "acid-head"--commune, the Merry Pranksters. The party would be a key
scene in a book I was writing, (The Electric Kool-Aid Acid Test). I
cold-called Hunter in California, and he generously gave me not only his
recollections but also the audiotapes he had recorded at that first famous
alliance of the hippies and "outlaw" motorcycle gangs, a strange and
terrible saga in itself, culminating in the Rolling Stones band hiring the
Angels as security guards for a concert in Altamont, Calif., and the
"security guards" beating a spectator to death with pool cues.

 By way of a thank you for his help, I invited Hunter to lunch the next
time he was in New York. It was one bright spring day in 1969. He proved to
be one of those tall, rawboned, rangy young men with alarmingly bright
eyes, who more than any other sort of human, in my experience, are prone to
manic explosions. Hunter didn't so much have a conversation with you as
speak in explosive salvos of words on a related subject.

 We were walking along West 46th Street toward a restaurant, The Brazilian
Coffee House, when we passed Goldberg Marine Supply. Hunter stopped, ducked
into the store and emerged holding a tiny brown paper bag. A sixth sense,
probably activated by the alarming eyes and the six-inch rise and fall of
his Adam's apple, told me not to ask what was inside. In the restaurant he
kept it on top of the table as we ate. Finally, the fool in me became so
curious, he had to go and ask, "What's in the bag, Hunter?"

 "I've got something in there that would clear out this restaurant in 20
seconds," said Hunter. He began opening the bag. His eyes had rheostated up
to 300 watts. "No, never mind," I said. "I believe you! Show me later!"
>From the bag he produced what looked like a small travel-size can of
shaving foam, uncapped the top and pressed down on it. There ensued the
most violently brain-piercing sound I had ever heard. It didn't clear out
The Brazilian Coffee House. It froze it. The place became so quiet, you
could hear an old-fashioned timer clock ticking in the kitchen. Chunks of
churasco gaucho remained impaled on forks in mid-air. A bartender mixing a
sidecar became a statue holding a shaker with both hands just below his
chin. Hunter was slipping the little can back into the paper bag. It was a
marine distress signaling device, audible for 20 miles over water.

The next time I saw Hunter was in June of 1976 at the Aspen Design
Conference in Aspen, Colo. By now Hunter had bought a large farm near Aspen
where he seemed to raise mainly vicious dogs and deadly weapons, such as
the .357 magnum. He publicized them constantly as a warning to those,
Hell's Angels presumably, who had been sending him death threats. I invited
him to dinner at a swell restaurant in Aspen and a performance at the Big
Tent, where the conference was held. My soon-to-be wife, Sheila, and I gave
the waitress our dinner orders. Hunter ordered two banana daiquiris and two
banana splits. Once he had finished them off, he summoned the waitress,
looped his forefinger in the air and said, "Do it again." Without a
moment's hesitation he downed his third and fourth banana daiquiris and his
third and fourth banana splits, and departed with a glass of Wild Turkey
bourbon in his hand.

 When we reached the tent, the flap-keepers refused to let him enter with
the whiskey. A loud argument broke out. I whispered to Hunter. "Just give
me the glass and I'll hold under my jacket and give it back to you inside."
That didn't interest him in the slightest. What I failed to realize was
that it was not about getting into the tent or drinking whiskey. It was the
grand finale of an event, a happening aimed at turning the conventional
order of things upside down. By and by we were all ejected from the
premises, and Hunter couldn't have been happier. The curtain came down for
the evening.
In Hunter's scheme of things, there were curtains .. . and there were
curtains. In the summer of 1988 I happened to be at the Edinburgh Festival
in Scotland one afternoon when an agitated but otherwise dignified,
silver-haired old Scotsman came up to me and said, "I understand you're a
friend of the American writer Hunter Thompson."

 I said yes.

 "By God--your Mr. Thompson is supposed to deliver a lecture at the
Festival this evening--and I've just received a telephone call from him
saying he's in Kennedy Airport and has run into an old friend. What's wrong
with this man? He's run into an old friend? There's no possible way he can
get here by this evening!"

 "Sir," I said, "when you book Hunter Thompson for a lecture, you have to
realize it's not actually going to be a lecture. It's an event--and I'm
afraid you've just had yours."
Hunter's life, like his work, was one long barbaric yawp, to use Whitman's
term, of the drug-fueled freedom from and mockery of all conventional
proprieties that began in the 1960s. In that enterprise Hunter was
something entirely new, something unique in our literary history. When I
included an excerpt from "The Hell's Angels" in a 1973 anthology called
"The New Journalism," he said he wasn't part of anybody's group. He wrote
"gonzo." He was sui generis. And that he was.

 Yet he was also part of a century-old tradition in American letters, the
tradition of Mark Twain, Artemus Ward and Petroleum V. Nasby, comic writers
who mined the human comedy of a new chapter in the history of the West,
namely, the American story, and wrote in a form that was part journalism
and part personal memoir admixed with powers of wild invention, and wilder
rhetoric inspired by the bizarre exuberance of a young civilization. No one
categorization covers this new form unless it is Hunter Thompson's own
word, gonzo. If so, in the 19th century Mark Twain was king of all the
gonzo-writers. In the 20th century it was Hunter Thompson, whom I would
nominate as the century's greatest comic writer in the English language.
Mr. Wolfe's latest book is "I Am Charlotte Simmons" (Farrar, Straus and
Giroux).

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From jamesd at echeque.com  Wed Feb 23 10:15:31 2005
From: jamesd at echeque.com (James A. Donald)
Date: Wed, 23 Feb 2005 10:15:31 -0800
Subject: I'll show you mine if you show me, er, mine
In-Reply-To: <E1D3waI-0003TA-00@medusa01.cs.auckland.ac.nz>
References: <p0611044dbe42228f351f@[68.167.57.91]>
Message-ID: <421C57C3.28826.1BBBAC9@localhost>

    --
On 24 Feb 2005 at 2:29, Peter Gutmann wrote:
> Isn't this a Crypto 101 mutual authentication mechanism (or
> at least a somewhat broken reinvention of such)?  If the
> exchange to prove knowledge of the PW has already been
> performed, why does A need to send the PW to B in the last
> step?  You either use timestamps to prove freshness or add an
> extra message to exchange a nonce and then there's no need to
> send the PW.  Also in the above B is acting as an oracle for
> password-guessing attacks, so you don't send back the
> decrypted text but a recognisable-by-A encrypted response, or
> garbage if you can't decrypt it, taking care to take the same
> time whether you get a valid or invalid message to avoid
> timing attacks.  Blah blah Kerberos blah blah done twenty
> years ago blah blah a'om bomb blah blah.
>
> (Either this is a really bad idea or the details have been
> mangled by the Register).

It is a badly bungled implementation of a really old idea.

An idea, which however, was never implemented on a large scale,
resulting in the mass use of phishing attacks.

Mutual authentication and password management should have been
designed into SSH/PKI from the beginning, but instead they
designed it to rely wholly on everyone registering themselves
with a centralized authority, which of course failed.

SSH/PKI is dead in the water, and causing a major crisis on
internet transactions.  Needs fixing - needs to be fixed by
implementing cryptographic procedures that are so old that they
are in danger of being forgetten.

 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     Dn3N69hcbr+mL/HUTw8OhGtKmD9rHYOMN4NTBkIY
     47AOCXrb7e35xm5QBsHbFVr/jfm+XwTUvzdiytKpG




From camera_lumina at hotmail.com  Wed Feb 23 07:35:51 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Wed, 23 Feb 2005 10:35:51 -0500
Subject: Code name "Killer Rabbit": New Sub Can Tap Undersea Cables
In-Reply-To: <4ef5fec605022215006e609eaa@mail.gmail.com>
Message-ID: <BAY24-F3272DC1A15858B4BF0CEAE9B630@phx.gbl>

>DWDM certainly makes it more complicated.  Of course, that same
>technology allows them to send much more back. (Regarding the single
>OC-3 mentioned previously.)

Well, DISTANCE makes it more complicated first of all. You need undersea 
repeaters and/or OFAs in order to get traffic from most parts of the ocean 
back to land, and the NSA will in many cases not want nor be able to use the 
"host" service providers' OFAs. This would mean they'd have to install their 
own, and I doubt they're going to just plop on their own regeneration site 
on the outside of a civilian cable.

Hum. In some parts of the ocean they must almost certainly have their own 
cable and then couple stolen traffic into it. I'd bet there also must exist 
some mini-Echelons on some Islands somewhere (like Majorca or the Azores) 
where they do some grooming and listening.

-TD




From hal at finney.org  Wed Feb 23 12:14:04 2005
From: hal at finney.org (Hal Finney)
Date: Wed, 23 Feb 2005 12:14:04 -0800 (PST)
Subject: I'll show you mine if you show me, er, mine
Message-ID: <20050223201404.CE5E657EBA@finney.org>

Markus Jakobsson is a really smart guy who's done some cool stuff, so I
think this is probably better than it sounds in the article.  His web
site is http://www.informatics.indiana.edu/markus/ but I don't see any
papers there that sound like what the article describes.  I tried to
reverse engineer the protocol from the article, and the results are below.
But first let me put this into context.

The security property seems to be that you send something to the server,
and it sends you back something that proves that it knows your password.
But neither a passive eavesdropper nor a MITM can learn anything about
your password from observing or influencing the exchange.  The best an
attacker can do is to try to brute force your password by guessing it
repeatedly and trying each guess out at the server.  And this can be
easily prevented by having the server refuse to answer more than a few
bad password attempts.

Note that this is different from simple PK based authentication,
because the secret is human memorizable.  And it's different from,
say, having the server respond with a keyed hash of your passphrase,
because an eavesdropper could then do an offline brute force search.
The key feature is that the only attack is online brute forcing.

There are already a lot of protocols in the literature which do this,
often performing key agreement at the same time.  The original one
and most famous was SPEKE.  There is a long list of such protocols at
http://grouper.ieee.org/groups/1363/passwdPK/submissions.html.  I don't
know what properties this new protocol has that the old ones don't.
Maybe it does have some and I am missing the point.  Or there might be
some patent issues that it is trying to work around.

Anyway, here's my attempt at mimicking the protocol, based on the
description of envelopes and carbon paper.

You have a password, and so does the site you will login to.  (Or,
maybe the site has a salted hash of your password; you could use that
instead.)  You set up a homomorphic encryption system.  This is one where
you can send an encrypted value to someone else, and he can do certain
operations on the encrypted value, like multiplying it by a constant.
In this case I think we only need to encrypt the value 1, and let the
other guy multiply by his constant, which makes it simpler.

I think ElGamal could work: you encrypt 1 as (g^k, y^k), where you'd
make up a key y = g^x on the spot.  You send this to the other guy who
picks a random power j and raises both elements to that power, then
multiplies the 2nd one by c: (g^(k*j), y^(k*j) * c), and sends it back
to you.  This is now a valid ElGamal encryption of c.  But an observer
can't tell what c is.

For a first cut at this protocol, you take each bit of the password (or
salted hash) and create two encryptions of m = 1.  It would look like
this:

E(1)   E(1)   E(1)   E(1)   E(1)  ...
E(1)   E(1)   E(1)   E(1)   E(1)  ...

You send all these to the server.  The server knows your password (or
salted hash) and, for each pair of encrypted values, multiplies the
one corresponding to password bit b_i by some constant c_i.  The other
one of the pair, corresponding to !b_i, it multiplies by a random r_i.
The server sets it up so that the sum of all the c_i is zero.  Then it
sends all of them back to you.  If your passphrase started 01101...
it would be:

E(c_1)   E(r_2)   E(r_3)   E(c_4)   E(r_5)  ...
E(r_1)   E(c_2)   E(c_3)   E(r_4)   E(c_5)  ...

Now, you decrypt just the ones corresponding to the bits b_i and add up
the decrypted plaintexts, giving you sum of c_i.  If the result is zero,
you know the server knew your password (or salted hash).

Actually this is not quite right, because the article says that you are
not supposed to be able to decrypt both ciphertext values in the pair
that corresponds to a password bit.  Otherwise an imposter might be able
to figure out your passphrase by doing one interaction with the server,
then finding an element from each pair such that they all sum to zero.
This is kind of knapsacky and it might not be that hard, I'm not sure.

So I think what you could do is to send a valid ElGamal encryption of
1, and a bogus value which is not an ElGamal encryption of anything.
But the remote party wants to be sure that you can't decrypt them both.
One way to achieve this is to arrange that the first members of each pair,
g^k in the good encryption, multiply to some fixed value F for which the
discrete log is not known.  Maybe it's the hash of "I don't know if this
will work."  You can't know the DL of that hash, so you can't find two
g^k values which multiply to that hash.  That means that if you have a
pair of ElGamal ciphertexts which have this property, only one is a real,
valid ElGamal ciphertext and so only one is decryptable (I think!).  So
you would send, in the example above:

(g^k0, y^k0)    (F/g^k1, junk)  (F/g^k2, junk)   (g^k3, y^k3)   ...
(F/g^k0, junk)  (g^k1, y^k1)    (g^k2, y^k2)     (F/g^k3, junk) ...

When the server did its multiplications as above you'd still get the
correct encryptions of c_i, but the other pair would be junk and you
wouldn't learn the r_i values:

E(c_1)   junk     junk     E(c_4)   junk    ...
junk     E(c_2)   E(c_3)   junk     E(c_5)  ...

Now you can still decrypt it and verify your password.  But for someone
who is impersonating you and doesn't know your password, they're going
to get a mix of c_i and r_i values that won't add up to zero, and that
won't give them any clue about what the real password is, other than
that they guessed wrong.

I'm not 100% sure this will work, that the attacker can't create a bogus
pair (F/g^k, junk) which will allow him to determine what value the server
multiplied by.  At a minimum I see that if junk = F/g^k then it will be
obvious what the constant was, so the server would have to check for that.
This is why it's good to have provable security!

This way of doing things would also be quite inefficient; there are
two ElGamal encryptions going back and forth (typically 2048 bits each)
for every bit of your password.  I'll bet the actual paper has a much
more clever scheme which improves the efficiency and has a nice proof
of security.  I'm looking forward to seeing it.

Hal Finney




From nazforlot at yahoo.co.nz  Tue Feb 22 17:12:18 2005
From: nazforlot at yahoo.co.nz (naziluft forlot)
Date: Wed, 23 Feb 2005 14:12:18 +1300 (NZDT)
Subject: Fwd: Meeting Announcement
Message-ID: <20050223011218.34149.qmail@web90005.mail.scd.yahoo.com>

 Note: forwarded message attached. 

Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com
Received: from [65.192.186.2] by web90002.mail.scd.yahoo.com via HTTP;
  Tue, 22 Feb 2005 13:14:47 NZDT
Date: Tue, 22 Feb 2005 13:14:47 +1300 (NZDT)
From: naziluft forlot <nazforlot at yahoo.co.nz>
Subject: Meeting Announcement
X-Approval-Subject: BOUNCE cypherpunks at al-qaeda.net:    Non-member submission from [naziluft forlot <nazforlot at yahoo.co.nz>]   
To: cypherpunks at al-qaeda.net, owner-cypherpunks-moderated at minder.net
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Content-Length: 897

652-SEA
FEEBDAEDFEEBDAEDFEEBDAEDFEEBDAEDFEEBDAEDFEEBDAEDFEEBDAEDFEEBDAED

        b7 a9 1d 72 59 e8 a7 19  9b 67 d3 85 a5 9e 01
6e
        34 66 87 9a 9e 6a 1f d8  be 04 99 b5 da d1 e9
74
        b4 8d 7a d2 43 9d 34 a6  e1 51 a8 86 b2 e2 56
2a
        6b 39 fe 2b 68 e2 d5 85  36 e1 ff 9a ad 99 5d
d4
        40 f9 b8 5d b7 e4 45 d7  d6 f5 22 55 fb 84 c5
9f
        fc 66 79 28 57 4d e6 99  d5 c7 82 bb ae 6a 8d
bf
        da 4a 1f 36 7f c0 09 9b  59 71 2e 0a 8b 1c 88
07
        99 70 a8 a0 4d b0 8d a3  2e 14 3b 11 3c 35 94
37
        9a 37 a1 f5 c9 08 fd 0c  d4 fc 36 e6 74 7a 25
13
        1e bd 03 d1 36 79 61 c1  87 24 7e 2e 99 9e 1e
72
        a9 e7 d6 3a 81 0f 1d 89  10 2c 45 f0 31 0c 81
0a
        2d 6d fa 92 30 3f e2 52  f9 82 2e 62 53 f9 df
c6
        be ce 43 06 47 37 ff 31  86 1d 88 9b 8e 10 3d cc

Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com




From pgut001 at cs.auckland.ac.nz  Tue Feb 22 23:53:25 2005
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Wed, 23 Feb 2005 20:53:25 +1300
Subject: On the road to truth and madness
In-Reply-To: <p061104a2be414c1564d9@[68.167.57.91]>
Message-ID: <E1D3rKn-00032F-00@medusa01.cs.auckland.ac.nz>

>We were somewhere around Barstow on the edge of the desert when the drugs
>began to take hold.

The following was my variant on this from a few years ago, representing the
56th IETF PKIX meeting minutes.  Note that this is from the book form, not the
film version of the text:

-- Snip --

We were somewhere in San Francisco on the edge of the 56th IETF when the drugs
began to take hold.  I remember saying something like "I feel a bit
lightheaded; maybe you should take notes...."  And suddenly there was a
terrible roar all around us and the sky was full of what looked like huge
OIDs, all swooping and screeching and diving around the RFC, which was about a
hundred pages long.  And a voice was screaming: "Holy Jesus!  Where are these
goddamn business cases?"

Then it was quiet again.  My attorney had taken his shirt off and was pouring
beer into his mouth, to facilitate the PKI standards-creation process.  "What
the hell are you yelling about?" he muttered, staring up at the neon lights
with his eyes closed and covered with wraparound Spanish sunglasses.  "Never
mind," I said. "It.s your turn to figure out the interop requirements."  I hit
the brakes and dropped the Great Pile of Paperwork at the side of the room.
No point mentioning those OIDs, I thought.  The poor bastard will see them
soon enough.

We had two bags of X.509 standards, seventy-five pages of PKIX mailing list
printouts, five sheets of high-powered constraints, a saltshaker half-full of
vendor hype, and a whole galaxy of requirements, restrictions, promises,
threats...  Also, a quart of OSI, a quart of LDAP, a case of XML, a pint of
raw X.500, and two dozen PGPs.  Not that we needed all that for the trip, but
once you get into a serious PKI RFC binge, the tendency is to push it as far
as you can.  The only thing that really worried me was the X.500.  There is
nothing in the world more helpless and irresponsible and depraved than a man
in the depths of an X.500 binge, and I knew we'd get into that rotten stuff
pretty soon.

-- Snip --

Peter.




From fw at deneb.enyo.de  Wed Feb 23 14:03:46 2005
From: fw at deneb.enyo.de (Florian Weimer)
Date: Wed, 23 Feb 2005 23:03:46 +0100
Subject: SHA-1 results available
In-Reply-To: <20050219072555.GA31104@randombit.net> (Jack Lloyd's
  message of 	"Sat, 19 Feb 2005 00:25:55 -0700")
References: <20050219072555.GA31104@randombit.net>
Message-ID: <877jkz9bnh.fsf@deneb.enyo.de>

* Jack Lloyd:

> http://theory.csail.mit.edu/~yiqun/shanote.pdf

Thanks for the pointer.

> No real details, just collisions for 80 round SHA-0 (which I just confirmed)
> and 58 round SHA-1 (which I haven't bothered with), plus the now famous work
> factor estimate of 2^69 for full SHA-1.
>
> As usual, "Technical details will be provided in a forthcoming paper." I'm not
> holding my breath.

In addition, there's no trace of the second-preimage attack some
persons recently alluded to.




From pgut001 at cs.auckland.ac.nz  Wed Feb 23 05:29:46 2005
From: pgut001 at cs.auckland.ac.nz (Peter Gutmann)
Date: Thu, 24 Feb 2005 02:29:46 +1300
Subject: I'll show you mine if you show me, er, mine
In-Reply-To: <p0611044dbe42228f351f@[68.167.57.91]>
Message-ID: <E1D3waI-0003TA-00@medusa01.cs.auckland.ac.nz>

"R.A. Hettinga" <rah at shipwright.com> forwarded:

>Briefly, it works like this: point A transmits an encrypted message to point
>B. Point B can decrypt this, if it knows the password. The decrypted text is
>then sent back to point A, which can verify the decryption, and confirm that
>point B really does know point A's password. Point A then sends the password
>to point B to confirm that it really is point A, and knows its own password.

Isn't this a Crypto 101 mutual authentication mechanism (or at least a
somewhat broken reinvention of such)?  If the exchange to prove knowledge of
the PW has already been performed, why does A need to send the PW to B in the
last step?  You either use timestamps to prove freshness or add an extra
message to exchange a nonce and then there's no need to send the PW.  Also in
the above B is acting as an oracle for password-guessing attacks, so you don't
send back the decrypted text but a recognisable-by-A encrypted response, or
garbage if you can't decrypt it, taking care to take the same time whether you
get a valid or invalid message to avoid timing attacks.  Blah blah Kerberos
blah blah done twenty years ago blah blah a'om bomb blah blah.

(Either this is a really bad idea or the details have been mangled by the
Register).

Peter.




From rah at shipwright.com  Thu Feb 24 04:44:11 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 24 Feb 2005 07:44:11 -0500
Subject: U.N.: Register every baby born
Message-ID: <p06110402be437c21a5cf@[68.167.57.91]>

<http://www.worldnetdaily.com/news/printer-friendly.asp?ARTICLE_ID=43005>

WorldNetDaily

Wednesday, February 23, 2005

THE NEW WORLD DISORDER
U.N.: Register every baby born
Desmond Tutu launches global campaign, claiming unlisted children 'nonentities'
Posted: February 23, 2005
4:23 p.m. Eastern


Desmond Tutu in New York urging registration of all children


The United Nations is supporting a new campaign urging governments around
the world to register every newborn child, and it's getting help from South
African Archbishop Desmond Tutu.

 ''It is, in a very real sense, a matter of life and death,'' the Nobel
Peace Prize winner said at a New York news conference. ''The unregistered
child is a nonentity. The unregistered child does not exist. How can we
live with the knowledge that we could have made a difference?''

 The campaign, called "Write me down, make me real," is backed by UNICEF
and calls on governments to record the estimated 48 million children whose
births go unregistered each year.

 Sixteen years ago, the U.N. Convention on the Rights of the Child told
countries to register every baby immediately after birth. Every nation has
ratified the convention except two, the U.S. and Somalia.

 The aid agency Plan USA has released a report titled ''Universal Birth
Registration - a Universal Responsibility.'' While it acknowledges it's
impossible to know for sure how many unregistered children actually exist
because they're not counted, estimates have suggested the figure is over
half a billion.

 It lists percentages of children not registered by region:

 Sub-Saharan Africa: 71 percent

 South Asia: 63 percent

 Middle East and North Africa: 31 percent

 Asia Pacific: 22 percent

 Latin America/Caribbean: 14 percent

 CEE/CIS and Baltic states: 10 percent

 Industrialized countries: 2 percent

 "Governments worldwide are failing the world's children, as millions of
youngsters without a birth certificate find it very difficult to prove
their age or nationality," said Thomas Miller, Plan's chief executive.
"Children without birth certificates are far more likely to find themselves
without access to education, health care, civil rights or inheritance laws.

 "And parents whose children go missing during disasters like the tsunami
or because they are abducted by traffickers may even be unable to get help
with tracing their sons or daughters because they cannot prove the age of
their children - or in many cases that their children even exist."


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Thu Feb 24 05:00:29 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 24 Feb 2005 08:00:29 -0500
Subject: Feds square off with organized cyber crime
Message-ID: <p06110405be43802c985e@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/23/feds_nostalgic_for_old_school_hackers/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Security ; Network Security ;


Feds square off with organized cyber crime
By Kevin Poulsen, SecurityFocus (klp at securityfocus.com)
Published Wednesday 23rd February 2005 22:08 GMT

RSA 2005 Computer intruders are learning to play well with others, and
that's bad news for the Internet, according to a panel of law enforcement
officials and legal experts speaking at the RSA Conference in San Francisco
last week.

Christopher Painter, deputy director of the Justice Department's computer
crime section, spoke almost nostalgically of the days when hackers acted
"primarily out of intellectual curiosity." Today, he says, cyber outlaws
and serious fraud artists are increasingly working in concert, or are one
and the same. "What we've seen recently is a coming together of these two
groups," said Painter.

Ronald Plesco, counsel to the National Cyber-Forensics and Training
Alliance, a computer forensics organization established by the FBI and
private industry, agreed, and pointed to the trend in recent years of
spammers building networks of compromised computers to launder their
fraudulent email offerings.

Tim Rosenberg, a research professor at the George Washington University,
warned of "multinational groups of hackers backed by organized crime" and
showing the sophistication of prohibition-era mobsters.

"This is not about little Jimmy Smith breaking into his ex-employer's
website and selling information to competitors," he said. "What we're
seeing is just sheer, monstrous" levels of crime."

Painter acknowledged that recreational hackers are still out there, but he
believes they're a minority. He reads the future of cyber crime and
investigation in the joint Secret Service and Justice Department "Operation
Firewall" crackdown on Internet fraud rings last October, in which 19 men
were indicted for allegedly trafficking in stolen identity information and
documents, and stolen credit and debit card numbers.

At the center of Operation Firewall was an online forum called Shadowcrew,
which served as the trading floor for an underground economy capable of
providing a dizzying array of illicit products and services, from credit
card numbers to details on consumers worthy of having their identities'
stolen. "Individuals all over the world would work together to hack into
systems, steal information and then sell information," said Painter. "[It
was] a very, very highly structured, organized network."

Faced with that kind of organization, law enforcement agencies are turning
to undercover operations, said Painter. To take down Shadowcrew, the Secret
Service secretly busted a high level member of the group, turned him into
an informant, and operated him undercover for more than a year, according
to court records. "Law enforcement was essentially running that group at
one point," said Painter.

Painter prosecuted Kevin Mitnick in the 1990s, and he still insists that,
from the victim's point of view, old-fashioned recreational hackers are as
bad as today's multi-disciplined cyber criminals. "But it was a simpler
time," he admitted after the presentation.
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Thu Feb 24 05:01:12 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 24 Feb 2005 08:01:12 -0500
Subject: FCC 'crosses the line' with broadcast flag - court
Message-ID: <p06110406be438089ae48@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/23/broadcast_flag_in_trouble/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Internet and Law ; Digital Rights/Digital Wrongs ;

 Original URL:
http://www.theregister.co.uk/2005/02/23/broadcast_flag_in_trouble/

FCC 'crosses the line' with broadcast flag - court
By Thomas C Greene in Washington (thomas.greene at theregister.co.uk)
Published Wednesday 23rd February 2005 21:48 GMT

The US Federal Communications Commission (FCC) overstepped its authority by
requiring devices capable of receiving digital TV broadcasts to recognize
data called a 'broadcast flag' that can prevent copying, a federal judge
has said.

US Circuit Judge Harry Edwards told the FCC that it had "crossed the line"
when it required DRM technology to be included in all DTV devices on sale
in the USA from 1 July. This would include TVs, set top boxes, PC tuner
cards, VCRs, DVD players, and similar devices.

The FCC argued that its ancillary powers authorize it to regulate the
reception of broadcasts, not just their transmission. While Congress did
not authorize the Commission to regulate the proper designs of the devices,
it also didn't expressly forbid it, which FCC takes as a license to issue
specifications.

"Ancillary does not mean you get to rule the world," judge Edwards observed.

Judge David Sentelle wondered if FCC thought it could regulate washing
machines, since Congress didn't expressly forbid that, either.

In response to FCC whining that without adequate DRM technology, digital
broadcasts would be limited, Judge Sentelle noted that, while this might be
regrettable, it is not the FCC's responsibility. "It's going to have less
content if it's not protected, but Congress didn't direct that you maximize
content," he said.

Unfortunately, there is a legal detail here that might moot the whole
issue. Judge Sentelle noted that the plaintiffs, largely consumer and
library groups, might not have standing to make a complaint against FCC
unless they can show how the regulation causes them specific harm.

So it is entirely possible that the complaint will be shut down on a
technicality. On the other hand, if it is not, the broadcast industry has
additional appeals to mount, and, if finally thwarted in the courts, can
always resort to lobbying Congress for the legislation it wants. Thus there
is every possibility that American consumers will be stuck with broadcast
flag-compliant devices in the near future.

Those thinking of buying DTV-related gear might want to make their
purchases sooner rather than later, in hopes that some non-compliant
devices are still available. .

Related stories

FCC Chairman Michael Powell resigns
(http://www.theregister.co.uk/2005/01/21/michael_powell_resigns_from_fcc/)
Feds OK DVD+R/RW DRM tech
(http://www.theregister.co.uk/2004/08/06/vcps_thumbs_up/)
FCC locks down US TV
(http://www.theregister.co.uk/2003/11/06/fcc_locks_down_us_tv/)

) Copyright 2005

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Thu Feb 24 05:03:02 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 24 Feb 2005 08:03:02 -0500
Subject: Fighting computer crooks the Las Vegas way
Message-ID: <p06110407be4380bfbaf0@[68.167.57.91]>

<http://www.theregister.co.uk/2005/02/23/las_vegas_threat_detection/print.html>

The Register


 Biting the hand that feeds IT

The Register ; Software ; Applications ;


Fighting computer crooks the Las Vegas way
By John Leyden (john.leyden at theregister.co.uk)
Published Wednesday 23rd February 2005 17:38 GMT

RSA 2005 Computing techniques used to identify cheaters in Las Vegas are
being applied to wider computer security and fraud detection problems. SRD,
a Las Vegas software developer which was acquired by IBM last month, is
taking its identity resolution software from the gaming tables into
corporate boardrooms.

SRD's business intelligence software (now renamed DB2 Identity Resolution)
can draw out non-obvious relationships between information stored on a
variety of databases. Las Vegas gaming companies use the technology as a
way to identify customers and their associates worthy of investigation for
possible cheating. The software looks at information on employee records,
suppliers, in-house arrests and incidents and industry-published
professional counters and cheaters' lists to identify action items. For
example, the system can tell if a person who has been arrested for card
counting phones up a relative of a card dealer.

"The casino industry uses our technology to discover individuals who may
have the wrong intent before ferreting out problems with an investigative
team," explained Jeff Jonas, founder and chief scientist of SRD (now
renamed IBM's Entity Analytics Solutions).

SRD's technology minimises the resources needed for an investigation and
works best where a firm owns the data it is processing, according to Jonas.
"It's problematic sharing information between organisations, so we've
developed an anonymous identity resolution approach," he told a workshop
Detecting Asymetric and Insider Threats - Las Vegas style at last week's
RSA Conference in San Francisco.

ID managed and correlated in crypto form

To preserve anonymity, SRD has developed a technique to compare data in
cryptographic form, instead of real information. Raw data can be confusing
- for example, different spellings of Mohammed can be used on records of
the same person, while Social Security numbers can be inputted instead of
driving license IDs. But this can be overcome by pre-processing data to
create a finite number of hashes for comparison. Adding salt to this data
prevents statistical attack.

This approach enables banks in the process of merging, say, to share
anonymized data. Anonymous identity resolution can also help banks identify
possible money-laundering activity or to combat disparate security threats.
According to Jonas SRD software is tuned to minimise false positives,.
Jonas, who describes himself as a data modeller, draws a distinction
between data mining and SRD's "rules based expert system".

Data mining looks for patterns in data that suggest, for example,
individuals who share characteristics with a bank's most profitable
customers. Data mining is tuned to avoid false negatives; but in
applications like fraud detection and counter-terrorism addressed by SRD's
technology false positives are the problem.

"[SRD's technology] It's not probabilistic like data mining. A
probabilistic approach works well if all you are using is 27c stamps but
not if you're pointing guns at people," Jonas said.
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Thu Feb 24 05:07:19 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 24 Feb 2005 08:07:19 -0500
Subject: No Encryption for E-Passports
Message-ID: <p06110408be4381e900bb@[68.167.57.91]>

<http://www.wired.com/news/print/0,1294,66686,00.html>

Wired News


No Encryption for E-Passports 
By Ryan Singel?

Story location: http://www.wired.com/news/privacy/0,1848,66686,00.html

02:00 AM Feb. 24, 2005 PT

Despite widespread criticism from security experts that a proposed
high-tech upgrade to Americans' passports actually introduces new security
risks, the government is declining to encrypt data on new high-tech
e-passports, according to proposed new rules published last week.

 In response to this outside criticism and some public questioning by one
of its own contractors, the State Department delayed its rollout of the
chip-equipped passports and hired additional companies to provide
prototypes.


 Other countries are also wrangling with the issue, as the United States is
requiring all 27 countries whose citizens do not need visas to visit
America to begin issuing e-passports by October.

 So far only Belgium has started production, and it is likely the deadline,
which was originally October 2004, will be pushed back another year.

 The new passports will include a radio frequency identification tag, a
chip that will store all the information on the data page of the passport,
including name, date and place of birth, and a digitized version of the
photo passport, according to the proposal in the Federal Register.

 RFID chips are widely used in automatic toll-payment systems such as
FasTrak, or identification chips implanted in the necks of pets.

 The chips are activated by a reader using certain radio frequency waves,
which the chips use as an energy source to send back the encoded
information.

 Border agents, equipped with readers, would be able to pull up passport
information on a screen and visually compare the digitized photo against
the passport bearer.

 Agents will also be able to use facial identification software to compare
the person to the digitized photo, which is not feasible with current
passports.

 The State Department, which has responsibility for passports and visas,
hopes the measure will improve security and help curb passport forgery.

 The government will use chips that can only be written to once, and a
further safeguard is provided in the form of a digital signature, which
allows readers to verify that the information on the chip is the
information originally written to it.

 But the rules, which are open for comment until April 4, rule out
encrypting the bearer's name, birth date and digital photo, saying such a
move would impede worldwide adoption of e-passports and that encrypted data
would slow down entry and exit at customs.

 The lack of encryption baffles privacy advocates and security researchers,
who say the new passports are vulnerable to "skimming," an attack that uses
an unauthorized reader to gather information from the RFID chip without the
passport owner's knowledge.

 The State Department concedes that skimming is a legitimate threat, but
says the chips will have a read range of inches, that eavesdropping at
border stations would be very conspicuous and that the passports will have
a shielding mechanism -- perhaps a foil case or a weave in the cover that
will cloak the chip when the passport is closed.

 That does little to satisfy critics such as Lee Tien, an attorney at the
Electronic Frontier Foundation.

 "The State Department has not responded in any meaningful way to any of
the privacy community," Tien said. "They are offering the equivalent of
duct tape and baling wire as far (as) protecting peoples' information from
being read.

 "It is my understanding it's possible to read this information from 10 to
30 feet away with the right equipment," Tien said. "When you think about
the issues Americans have, especially when they travel abroad -- do you
really want your passport to be broadcasting your name and nationality?
This isn't good for privacy or the physical security of Americans abroad."

 Bruce Schneier, a security expert and author who founded Counterpane
Internet Security, questions how much shielding helps, since travelers
often have to show identification to exchange currency or check into a
hotel.

 "Shielding is a good idea, but the problem is if you travel in Europe you
are asked to show your passport a lot," Schneier said. "So all that
shielding means is that someone who wants to sniff my passport just has to
pick his location."

 Schneier, who just renewed his passport to make sure he will not have an
unencrypted passport for another 10 years, says he has yet to hear a good
argument as to why the government is requiring remotely readable chips
instead of a contact chip -- which could hold the same information but
would not be skimmable.

 "A contact chip would be so much safer," Schneier said. "The only reason I
can think of is the government wants surreptitious access. I'm running out
of other explanations. I'd love to hear one."

 Not everyone in the RFID industry thinks the proposed rules compromise
security more than they help.

 "The goal is to create a stronger identification vehicle and that is what
is being achieved in the e-passport initiative," said Erik Michielsen,
director of RFID and ubiquitous networks at ABI Research.

 Michielsen, who calls himself a supporter of RFID technology, acknowledges
there are legitimate security concerns, but thinks that the government
should look at how other countries handle these concerns and learn from
them, even as it proceeds with the current plan.

 "With any emerging technology, security issues arise and must be
addressed," Michielsen said. "It's not whether security issues are solved
today. It's assuring that as this moves toward a rollout that they are
routinely addressed and resources are dedicated to ensuring consumers'
privacy."

 The State Department, which is accepting written responses to the proposal
until April 4 via e-mail sent to PassportRules at state.gov, did not return a
call requesting comment.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Thu Feb 24 05:16:10 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 24 Feb 2005 08:16:10 -0500
Subject: William Rivers Pitt | HST and the Proverbial 'Live Boy'
Message-ID: <p0611040bbe438341514d@[68.167.57.91]>

<http://www.truthout.org/docs_2005/printer_022105Z.shtml>


    The Proverbial 'Live Boy'
    By William Rivers Pitt
    t r u t h o u t | Perspective

    Monday 22 February 2005
"The only way I can lose this election is if I'm caught in bed with either
a dead girl or a live boy." - Edwin W. Edwards

[Author Hunter S. Thompson raises his arms to exhort the crowd of
supporters gathered on the west steps of the Colorado State Capitol on
Monday, May 15, 2001, during a rally for Lisl Auman, who is serving a life
sentence in a Colorado prison for her part in the slaying of a Denver
Police Department officer in November 1997. Thompson, the acerbic
counterculture writer who popularized a new form of journalism in books
like 'Fear and Loathing in Las Vegas,' fatally shot himself Sunday,
February 20, 2005, at his Aspen-area home, his son said. He was 67.
(Photo: David Zalubowski / AP)]


     In the same month the planet gets to know the 'journalist' James/Jeff
Guckert/Gannon, Hunter S. Thompson decides to make The Big Bit-Spit and
eject from the planet. This could be sacrilege, and I hope his family will
forgive me, but there is something wretchedly fitting in the confluence.

    Hunter was a drunk and a drug-sucker. He would go to cover an event and
slather himself with LSD. He went to the '72 GOP convention as a wild-eyed
liberal and elbowed his way into the activist bullpen, grabbing a sign
reading 'Garbage Men Demand Equal Pay' before charging the floor with the
Nixon-shouters to howl "Four More Years!" at John Chancellor. He wanted to
write about motorcycle gangs, so he went out and joined the worst of them,
and got his ass stomped in. And wrote about it.

    Hunter Thompson is the reason I write politics. Period. He was the most
honest man in the business. Everyone else had and has an angle, a
reputation, or a source to protect. Hunter stripped it down to the raw
throbbing nerve and let it fly. How is this for prose:

    "How many more of these goddam elections are we going to have to write
off as lame but 'regrettably necessary' holding actions? And how many more
of these stinking double-downer sideshows will we have to go through before
we can get ourselves straight enough to put together some kind of national
election that will give me at the at least 20 million people I tend to
agree with a chance to vote for something, instead of always being faced
with that old familiar choice between the lesser of two evils? I
understand, along with a lot of other people, that the big thing, this
year, is Beating Nixon. But that was also the big thing, as I recall,
twelve years ago in 1960 - and as far as I can tell, we've gone from bad to
worse to rotten since then, and the outlook is for more of the same."

    Or this:

    "It is a nervous thing to consider: Not just four more years of Nixon,
but Nixon's last four years in politics - completely unshackled, for the
first time in his life, from any need to worry about who might or might not
vote for him the next time around. If he wins in November, he will finally
be free to do whatever he wants...or maybe 'wants' is too strong a word for
right now. It conjures up images of Papa Doc, Batista, Somoza; jails full
of bewildered 'political prisoners' and the constant cold-sweat fear of
jackboots suddenly kicking your door off its hinges at four A.M."

    Or this:

    "The main problem in any democracy is that crowd-pleasers are generally
brainless swine who can go out on a stage & whup their supporters into an
orgiastic frenzy - then go back to the office & sell every one of the poor
bastards down the tube for a nickel apiece. Probably the rarest form of
life in American politics is the man who can turn on a crowd & still keep
his head straight - assuming it was straight in the first place."

    That's the stuff. Rip it down, Bubba, and let the fur fly. For the
record, the aforementioned is from 'Fear and Loathing on the Campaign Trail
1972,' possibly the most purely excellent book on politics to be found
anywhere.

    Amusing, then, that Hunter decides to cash his check in the same week
we learn about James or Jeff Gannon or Guckert or whatever. What would
Thompson have made of this feeble wretch? Of a man who reports on the White
House with a fake name? Who was so clearly the go-to guy for McClellan or
Bush when the questions got too hot? Who copied and pasted his 'news
reports' from boilerplate GOP press releases? Who somehow got within 20
feet of the President of the United States using a false name while
peddling his wares online as a male prostitute for $200 an hour?

    Hunter once wrote in 'The Great Shark Hunt' about walking in on two
Secret Service agents sharing a joint back and forth in a hotel room. Maybe
that's how Gannon/Guckert/Whoever got within pistol range of the leader of
the free world. No other explanation seems to satisfy.

    It comes down to this. The Bush crew has been caught in bed with the
proverbial 'live boy.' Someone in that White House either eased
Gannon/Guckert/Whoever through the 'hard pass' application process, which
requires a thorough background check, or else smoothed the way for him to
get day pass after day pass after day pass. Some complain that
Gannon/Guckert/Whoever is being victimized for his political views. This
misses the point. Someone let a working, advertising whore into the White
House, and then was stupid enough to let him walk around alive and free
after he blew his own cover. That's the point.

    My hero died tonight. He was a flawed man, a maniac, in so many ways
the antithesis of what a journalist is supposed to be. Worst of all, he
told the truth. There is now one less warrior on this planet filled with
Guckert clones, drones who get fed shit and regurgitate it wholesale for
the masses because that is what we are trained to eat.

    Rest in peace, Hunter. Thank you for everything. We're going to deal
with this Gannon/Guckert/Whoever person, and then move down the line and
deal with the rest of the whores. You died on the eve of the birth of a new
journalism, populist in nature, beholden to the truth and thanking the
Google gods every step of the way. I wish you had stuck around to see it,
but I'll tell you all about it when we meet at that clearing at the end of
the path. Until then...

 

) Copyright 2005 by TruthOut.org



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Thu Feb 24 06:13:31 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 24 Feb 2005 09:13:31 -0500
Subject: George Will: Taking the streets back
Message-ID: <p06110430be4387363ecd@[68.167.57.91]>

<http://www.townhall.com/columnists/georgewill/printgw20050224.shtml>

Townhall.com

Taking the streets back
George Will (back to web version) | Send

February 24, 2005

CHICAGO -- He looks like the actor Wilfred Brimley -- round as a beach
ball;  grandfatherly gray mustache -- but Philip J. Cline, this city's
police superintendent, is, like his city, hard as a baseball. And as they
say in baseball, he puts up numbers.

     Actually, he and his officers have driven some crucial numbers down.
Last year homicides reached a 38-year low of 448, 25 percent below 2003's
total of 600, which was lower than the 2002 and 2001 totals of 654 and 668.
 
   Nationally, homicides declined steadily after the peak of
dealer-on-dealer violence in the crack cocaine epidemic of the late 1980s
and early '90s. But the decline was slow in Chicago, where in 2001, 2002
and 2003 it ranked second, first and second among cities in the number of
murders, not just the murder rate. In the last third of the 20th century,
Chicago violence killed more than 28,000 people -- the population of many
Illinois towns.

     In an American city, as in Baghdad, which is about the size of
Chicago, the key to policing against violence is intelligence and other
cooperation from a population that trusts the police. Which means, Cline
says, replacing random patrols with strategic deployments of officers.

     He says 50 percent of Chicago's homicides are gang-related. Gang
membership, now an estimated 65,000 strong, used to be a rite of passage
for young men. Now it is increasingly a career choice for men turning the
gangs into business organizations selling drugs and investing the proceeds
in, among other things, real estate. One-third of the drug customers are
suburbanites.

     Video on a police department laptop displays facets of the problem.
One clip shows dealers giving away, in broad daylight, free samples to
droves of potential customers. Another clip shows mass marketing as
customers, again in midday, are walked, in groups of several dozen, across
a street to a playground to make their purchases. Another clip shows a
violent felon being released from Joliet prison, heading for Chicago but
first visiting Indiana, thereby violating his terms of release. He was
rearrested two hours out of prison. ``A land speed record,'' says Cline.

      Fewer than 10 percent of Chicago murder victims are white. And as a
mordant student of murder says, ``There's always a correlation between
homicides and ice cream trucks.'' Most victims are killed in hot weather,
from May to October, mostly in July and August, when people are mingling --
and often drinking -- on stoops and street corners, and are irritable.

     The crime-infested Robert Taylor high-rise housing projects on the
South Side have been closed and the Cabrini-Green project on the near North
Side is being closed, which means a jostling for social space among
displaced drug dealers. Cline says there were about 100 open-air drug
markets in the city last year. Police closed about half of them, producing
more displacements as markets opened elsewhere in the city. This process is
frustrating but constructive because it means some slowing of the drug
trade. But it can also cause an uptick in violence as dealers contest
desirable turf.

     Cline says that when 100 markets are each pulling in $5,000 a day,
serious money is at stake. Some of the money buys the guns that settle
struggles for turf. Last year police seized 10,509 guns -- 29 a day. They
probably will seize as many this year; they did in 2003. But this is not an
exercise in bailing the ocean: Stiff sentences for gun possession, and
stiffer ones for firing a gun, put a high price tag on regarding a gun as
fashion necessity for the well-accessorized young man.

      Last year about 18,000 of the inmates released from Illinois prisons
came back to Chicago; perhaps 25,000 will this year. Some of the returning
convicts come home expecting to reclaim their shares of the drug business.
Some of the younger dealers will decide it is easier to kill them than
accommodate them.

     A new ``shot spotter'' technology can detect the trajectory of a
bullet and direct a camera that scans 360 degrees. Soon there will be 80
such cameras watching strategic intersections. There is nothing
surreptitious about this -- indeed, the cameras have blue lights and
Chicago Police Department logos. The CPD wants dealers to know the area is
being watched. The cost of the cameras is paid by seized assets from
dealers. So, Cline says contentedly, ``they're paying to surveil
themselves.''

      Cline says the message to the neighborhoods is: ``We will take the
corner back. You must hold the corner.'' Again, as in Baghdad.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From somebody  Thu Feb 24 09:03:41 2005
From: somebody (somebody)
Date: Thu, 24 Feb 2005 12:03:41 -0500
Subject: No subject
Message-ID: <mailman.1185.1576007656.31620.cypherpunks-legacy@lists.cpunks.org>

Gecko/20040910
To: "R. A. Hettinga" <rah at shipwright.com>
Subject: TCPA_DEFCON_10.pdf (application/pdf Object)

Bob --

This is not the world I desired, damnit!

---------

Require third parties to provide the service.
Alice and Bob agree that Carol shall provide
free beer to all comers in perpetuity.

<http://www.cypherpunks.to/TCPA_DEFCON_10.pdf>


-- 
<somebody's .sig>
--- end forwarded text


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From jya at pipeline.com  Thu Feb 24 12:25:10 2005
From: jya at pipeline.com (John Young)
Date: Thu, 24 Feb 2005 12:25:10 -0800
Subject: Chatter Punks
Message-ID: <E1D4Moi-00063Y-00@barry.mail.mindspring.net>

Maybe it's been mentioned here but the book, "Chatter: Dispatches
from the Secret World of Global Eavesdropping," by Patrick Radden
Keefe mentions cypherpunks and a slew of people who've been around
here, or discussed, cited, admired, attacked and hated here. 

Crypto is featured, along with the TLAs, the fools who run them, the 
lackies who suck their tits, the congress critters who give them a free 
pass no matter what fuck-ups damage the US and the unwary targets 
of spooks, 9/11 only one of many.

It's a "lively read," and a lot of its smooth-narrative content won't be 
new to avid readers of disputatious, thankfully ungrammatically 
cpunks, but it does get the slick word out to the public in an easy 
to swallow fashion. 

For us jacket addicts, there are favorable blurbs by David Kahn and 
Seymour Hersh.

Keefe calls John Gilmore, Duncan Campbell, and other uninstitutionalized
insurgents outcasts, but IEDs are where it's at, right? 

He also claims the NSA is a pitiful giant, protected against
change by ever increasing secrecy blessed by congress and
the administration, and that most of its new hires are security 
guards to protect against knowing what's inside, not the 
personnel truly needed.




From rah at shipwright.com  Thu Feb 24 09:47:03 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 24 Feb 2005 12:47:03 -0500
Subject: Peppercoin and SunTrust ink micropayments deal
Message-ID: <p0611043cbe43c3806003@[68.167.57.91]>

<http://www.finextra.com/fullstory.asp?pf=y&id=13273>  
 News
 
 
 
Finextra:

Peppercoin and SunTrust ink micropayments deal


 

Published:
22/02/2005 14:20:00
US micropayments firm Peppercoin has inked an alliance deal with SunTrust
Merchant Services, a joint venture between SunTrust Banks and First Data
Corporation, to deliver a small payments processing service to merchants.
Reino Parking Systems has been signed as the first client.

Peppercoin's Small Transaction Suite cuts processing costs for sub-$20
transactions conducted via conventional debit and credit cards. The
SunTrust tie-up follows a similar recent agreement with Chase Merchant
Services.

 Mark Friedman, president of Peppercoin, says: "With our joint solution,
SunTrust Merchant Services' 67,000 business clients can immediately convert
small cash payments, a $1.32 trillion annual market, to credit and debit
card payments."

Barbara Roeber, general manager/SVP, SunTrust Merchant Services, says the
firm has recorded "a dramatic increase in demand for small payments
capability" in the past six months. "Peppercoin's solution is the only one
that supports our merchants' needs for digital, mobile and physical point
of sale transactions."

Reino Parking Systems has begun deployment for the processing of credit
card transactions at Multispace parking meters in various US locations. The
meters will be able to accept payment via credit card and mobile phone and
consumers can elect to receive text messages alerting them to expiry times.

 
 


 

 

 

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Thu Feb 24 09:53:27 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Thu, 24 Feb 2005 12:53:27 -0500
Subject: Lucky Green: TCPA, the Mother(board) of all Big Brothers
Message-ID: <p06110440be43c4c5ac50@[68.167.57.91]>

--- begin forwarded text



From camera_lumina at hotmail.com  Thu Feb 24 14:24:39 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Thu, 24 Feb 2005 17:24:39 -0500
Subject: TCPA: RIP
In-Reply-To: <p06110440be43c4c5ac50@[68.167.57.91]>
Message-ID: <BAY24-F17A62B2C4D5DA040BA87499B640@phx.gbl>

Good presentation. I liked the boot diagrams quite a bit.

Prediction (and remember you heard it here first): TCPA will fail. Oh it'll 
see some spot uses, don't get me wrong. These spot uses might even remain 
for a while. But the good thing is that Microsoft is probably going to have 
to carry the ball on this one, and they'll think they have a few iterations 
to iron out the bugs. But users will defect in droves as all sorts of 
unexpected and wacky things start to happen and they'll defect in droves.

Right about then even some of the studios are going to begin to understand 
that by choking off the spigot they'll be choking their own product flow 
which will have to increasingly compete with independents (who can 
distribute music over the internet just as easily as SONY can). So some 
genius will make a convincing enough boardroom presentation showing that the 
additional revenues they gain through TCPA is far more than overset by the 
effective loss of advertising. That realization will hit just as the general 
public starts learning what TCPA is and why their computer is as buggy and 
crashy as it was during the Windows 95 days.

Boo hoo.

-TD




From camera_lumina at hotmail.com  Thu Feb 24 14:27:56 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Thu, 24 Feb 2005 17:27:56 -0500
Subject: George Will: Taking the streets back
In-Reply-To: <p06110430be4387363ecd@[68.167.57.91]>
Message-ID: <BAY24-F2005C7472CB5D6E614CD8C9B640@phx.gbl>

Uh...lemmee guess..."Force monopolies?" No wait, I think the word "micro" 
occurs on line 36 and then the word "payment" appears on line 78...

-TD

>From: "R.A. Hettinga" <rah at shipwright.com>
>To: osint at yahoogroups.com, cypherpunks at al-qaeda.net
>Subject: George Will: Taking the streets back
>Date: Thu, 24 Feb 2005 09:13:31 -0500
>
><http://www.townhall.com/columnists/georgewill/printgw20050224.shtml>
>
>Townhall.com
>
>Taking the streets back
>George Will (back to web version) | Send
>
>February 24, 2005
>
>CHICAGO -- He looks like the actor Wilfred Brimley -- round as a beach
>ball;  grandfatherly gray mustache -- but Philip J. Cline, this city's
>police superintendent, is, like his city, hard as a baseball. And as they
>say in baseball, he puts up numbers.
>
>      Actually, he and his officers have driven some crucial numbers down.
>Last year homicides reached a 38-year low of 448, 25 percent below 2003's
>total of 600, which was lower than the 2002 and 2001 totals of 654 and 668.
>
>    Nationally, homicides declined steadily after the peak of
>dealer-on-dealer violence in the crack cocaine epidemic of the late 1980s
>and early '90s. But the decline was slow in Chicago, where in 2001, 2002
>and 2003 it ranked second, first and second among cities in the number of
>murders, not just the murder rate. In the last third of the 20th century,
>Chicago violence killed more than 28,000 people -- the population of many
>Illinois towns.
>
>      In an American city, as in Baghdad, which is about the size of
>Chicago, the key to policing against violence is intelligence and other
>cooperation from a population that trusts the police. Which means, Cline
>says, replacing random patrols with strategic deployments of officers.
>
>      He says 50 percent of Chicago's homicides are gang-related. Gang
>membership, now an estimated 65,000 strong, used to be a rite of passage
>for young men. Now it is increasingly a career choice for men turning the
>gangs into business organizations selling drugs and investing the proceeds
>in, among other things, real estate. One-third of the drug customers are
>suburbanites.
>
>      Video on a police department laptop displays facets of the problem.
>One clip shows dealers giving away, in broad daylight, free samples to
>droves of potential customers. Another clip shows mass marketing as
>customers, again in midday, are walked, in groups of several dozen, across
>a street to a playground to make their purchases. Another clip shows a
>violent felon being released from Joliet prison, heading for Chicago but
>first visiting Indiana, thereby violating his terms of release. He was
>rearrested two hours out of prison. ``A land speed record,'' says Cline.
>
>       Fewer than 10 percent of Chicago murder victims are white. And as a
>mordant student of murder says, ``There's always a correlation between
>homicides and ice cream trucks.'' Most victims are killed in hot weather,
>from May to October, mostly in July and August, when people are mingling --
>and often drinking -- on stoops and street corners, and are irritable.
>
>      The crime-infested Robert Taylor high-rise housing projects on the
>South Side have been closed and the Cabrini-Green project on the near North
>Side is being closed, which means a jostling for social space among
>displaced drug dealers. Cline says there were about 100 open-air drug
>markets in the city last year. Police closed about half of them, producing
>more displacements as markets opened elsewhere in the city. This process is
>frustrating but constructive because it means some slowing of the drug
>trade. But it can also cause an uptick in violence as dealers contest
>desirable turf.
>
>      Cline says that when 100 markets are each pulling in $5,000 a day,
>serious money is at stake. Some of the money buys the guns that settle
>struggles for turf. Last year police seized 10,509 guns -- 29 a day. They
>probably will seize as many this year; they did in 2003. But this is not an
>exercise in bailing the ocean: Stiff sentences for gun possession, and
>stiffer ones for firing a gun, put a high price tag on regarding a gun as
>fashion necessity for the well-accessorized young man.
>
>       Last year about 18,000 of the inmates released from Illinois prisons
>came back to Chicago; perhaps 25,000 will this year. Some of the returning
>convicts come home expecting to reclaim their shares of the drug business.
>Some of the younger dealers will decide it is easier to kill them than
>accommodate them.
>
>      A new ``shot spotter'' technology can detect the trajectory of a
>bullet and direct a camera that scans 360 degrees. Soon there will be 80
>such cameras watching strategic intersections. There is nothing
>surreptitious about this -- indeed, the cameras have blue lights and
>Chicago Police Department logos. The CPD wants dealers to know the area is
>being watched. The cost of the cameras is paid by seized assets from
>dealers. So, Cline says contentedly, ``they're paying to surveil
>themselves.''
>
>       Cline says the message to the neighborhoods is: ``We will take the
>corner back. You must hold the corner.'' Again, as in Baghdad.
>
>--
>-----------------
>R. A. Hettinga <mailto: rah at ibuc.com>
>The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
>44 Farquhar Street, Boston, MA 02131 USA
>"... however it may deserve respect for its usefulness and antiquity,
>[predicting the end of the world] has not been found agreeable to
>experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rsw at jfet.org  Thu Feb 24 20:30:20 2005
From: rsw at jfet.org (Riad S. Wahby)
Date: Thu, 24 Feb 2005 22:30:20 -0600
Subject: test message, please ignore
Message-ID: <20050225043020.GA4159@positron.jfet.org>

see subject

-- 
Riad S. Wahby
rsw at jfet.org




From camera_lumina at hotmail.com  Fri Feb 25 11:22:19 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Fri, 25 Feb 2005 14:22:19 -0500
Subject: FW: T-Shirt and Securing Wireless Apps in Vertical Markets
  Webinar from Unstrung
Message-ID: <BAY24-F146007541224CBEC3EA06E9B650@phx.gbl>

>Dear Colleague,
>
>As an industry professional, you may be interested to know about an 
>upcoming online event being presented by Unstrung (www.unstrung.com), the 
>worldwide source for analysis of the wireless economy. This free Web 
>seminar - "Securing Wireless Applications in Vertical Markets" - will 
>evaluate recent progress in a critical sector. The benefits of deploying 
>wireless technology in vertical markets are well documented, but security 
>issues continue to be the main concern holding back widespread wireless 
>adoption in these environments. Keeping information out of the hands of 
>interlopers has become a critical task for any net manager.
>
>During this presentation we'll focus on:
>
>- The critical role of security in vertical markets - why does it matter?
>- The diverse security demands of different vertical markets
>- Potential effects of wireless network attacks in different markets
>- Case studies of deployments in vertical markets and lessons learned
>- Securing today's wireless networks and emerging future technologies
>
>Join us on Wednesday, March 2, at 2:00 p.m. New York / 7:00 p.m. London 
>time, for this live Webinar sponsored by AirTight Networks, Bluesocket, and 
>Newbury Networks.  It's free.  What's more, to thank you for your 
>participation you'll receive a complimentary Unstrung t-shirt.
>
>Click here to view the Unstrung t-shirt:
>
>http://img.lightreading.com/unstrung/unstrung_shirt.gif
>
>To sign up for the Webinar, please register through the following link:
>
>http://metacast.agora.com/link.asp?m=23979&s=4936527&l=0
>
>We hope to see you there!
>
>Unstrung




From rah at shipwright.com  Fri Feb 25 11:54:24 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 25 Feb 2005 14:54:24 -0500
Subject: U.S. wants passenger names one hour before takeoff
Message-ID: <p0611040ebe4532c575ee@[68.167.57.91]>

<http://www.upi.com/view.cfm?StoryID=20050224-105943-7064r>

United Press International

U.S. wants passenger names one hour before takeoff
By Shaun Waterman
UPI Homeland and National Security Editor
 Published 2/24/2005 11:25 PM


WASHINGTON, Feb. 24 (UPI) -- The Department of Homeland Security is
drafting a rule that will require airlines to pass on passenger manifest
information as much as an hour before the departure of international
flights bound for the United States, officials confirmed to United Press
International Thursday.

 "We need to be able to identify any suspected terrorists or other
criminals (on board) before the plane takes off," Christiana Halsey of the
department's Customs and Border Protection directorate said, adding that
the department was working on a so-called Notice of Proposed Rule Making --
the first legal step down the regulatory path.

 The regulation then goes through several drafts, each of which is
published for comment by interested parties before being finalized by the
White House's Office of Management and Budget.

 Industry representatives declined to comment for the record in advance of
the notice's publication but fretted privately that the logistical demands
would be another blow to the financially battered airlines. One
congressional official suggested that the federal government might have to
underwrite any additional costs incurred.

 Halsey said that the passenger names would, as at present, be checked by
the directorate's National Targeting Center against the United States'
consolidated terrorist watchlist -- which contains the names and aliases of
thousands individuals thought linked to terrorism -- and against several
other law-enforcement databases.

 "We're not just looking for terrorists," she said.

 All that would change is that airlines would have to submit the data up to
one hour before the plane takes off, rather than within 15 minutes of
departure under current procedures.

 Other knowledgeable sources said the rule would also cover passengers who
wanted to transit the United States on their way somewhere else, but Halsey
said she had no information about that.

 In August 2003 the so-called Transit-Without-Visa program -- under which
foreigners with onward flights could enter U.S. airline transit lounges
regardless of whether they were entitled to enter the country or not -- was
suspended indefinitely by the United States.

 The program was beneficial for airlines and U.S. airports, which
foreigners could use as hubs for intercontinental flights without having to
obtain a U.S. visa.

 But the interrogation of Sept. 11, 2001, planner Khalid Sheikh Mohammed
and other detainees had revealed that the al-Qaida terror network saw the
program as a loophole in U.S. border security -- a way to get potential
hijackers into planes over American cities.

 The option the department is currently working on, according to one person
familiar with it, would create one group of passengers -- U.S. citizens,
foreign visa holders and nationals of Canada and the so-called visa-waiver
nations -- who could transit the country without additional security checks.

 Nationals of a second group of countries would also be eligible to transit
if their passenger information was received long enough in advance of their
departure.

 Now that there is a single terror watchlist, officials explain, it makes
much less difference whether it is checked weeks in advance of a trip by a
consular officer at a U.S. embassy as part of a visa issuance process or
hours in advance of a plane's departure by a Customs and Border Protection
official at the directorate's National Targeting Center.

 Indeed, the proposed change to the rule about the passenger manifests --
known as the Advanced Passenger Information System -- overlaps with and to
a certain extent renders moot the protracted tussle between Homeland
Security and the European Union over the so-called Passenger Name Record.

 PNR data, a much more extensive record including credit-card and
frequent-flyer details as well as religious dietary preferences, has --
partly for that reason -- become a real cause celebre among privacy
advocates in Europe, while APIS, which has been submitted by airlines to
U.S Immigration and Customs authorities for years, has largely escaped
notice.

 Officials insist -- not entirely convincingly -- that, either way, getting
passenger information to U.S. authorities early will benefit the airlines
and their customers.

 Over the past year several transatlantic flights have been diverted --
generally to Bangor, Maine, the Eastern-most major U.S. airport -- after it
emerged that one or more passengers on board were matches for individuals
with suspected terror links.

 In the most celebrated case a Washington, D.C.-bound jetliner was diverted
last September after officials discovered that Yusef Islam -- better known
as the singer Cat Stevens -- was on board.

 He was deported after being questioned. Officials said at the time that
his name was on a "no fly" list and that he should not have been allowed to
board the plane.

 And during the winter of 2004 a dozen flights from London and Paris were
canceled -- in some cases after names thought linked to terrorism turned up
on passenger manifests.

 "If we get the information in advance," said Halsey, "we can minimize --
if not entirely eliminate" such costly diversions and cancellations. "They
are inconvenient for the passengers and expensive for the airlines."

 But airlines seem unlikely to welcome the move, nonetheless.

 "We are not going to comment until we see something definitive," said
Diana Cronin of the Air Transport Association, which represents major U.S.
carriers.

 Other industry sources said privately the move could create serious
logistical problems for airlines, which currently do not finalize their
passenger manifests until the doors of the plane close at the gate as the
plane departs.

 "Airlines make money when their planes are in the air," said one industry
lobbyist, pointing out that anything that increases wait times between
flights would squeeze an industry already beset by financial crisis.

 "From our perspective," Ed Fluhr, manager of legislative affairs at the
Travel Industry Association of America, told UPI, "the U.S. government
recently has done a good job of explaining new security measures" such as
the digital fingerprinting and photographing of all foreign visitors
arriving by air and sea under the US-VISIT program.

 But he added that, "Anything that adds to the perception -- or the reality
-- of unnecessarily intrusive security measures can be a reason for a
traveler to go elsewhere."

 DHS spokesman Dennis Murphy said the department was very sensitive to the
needs of the traveler and the airline industry. "The objective is to get
the information early enough in the process without unduly impacting
airlines and their passengers.

 "We are making a huge effort to counter the impression of fortress
America," he said, alluding to fears that the introduction of US-VISIT
would damage the image of the United States as a tourist destination.

 Such concerns have so far proved largely groundless, although some
industry analysts fret that the weak dollar may be masking the deterrent
effect on visitors from Europe and Asia of being fingerprinted upon entry.

 Nonetheless, officials say they recognize industry concerns about the
logistical issues the new rule raises and are working with the airlines to
allay them.

 "We know there are issues with connecting flights," said Halsey. "We know
there is concern" about passengers who arrive or cancel their departure at
the last minute.

 "We know there might be additional costs."

 She said the department was listening to the industry's concerns. "We need
the stakeholders on board," she said.

 One senior congressional staffer was dismissive of industry concerns.

 "They'll complain about the cost, they'll warn about delays. ... They'll
make problems," he said, adding, "No one likes to be regulated. ... That's
capitalism."

 He predicted that, in the end, the airlines would "suck it up" but try to
stick the taxpayer with any bill.

 "There may be cost issues," he said, adding that the industry "lived and
died by its margins."

 When Congress mandated hardened cockpit doors in the aftermath of the
Sept. 11 attacks, the staffer recalled, lawmakers made sure the industry
was reimbursed for the cost.

 "If that (additional cost of the new rule) can be demonstrated, I'm sure
Congress would be receptive to the idea of doing that again," he said.

 None of the officials UPI spoke to cared to make a prediction about when
the rule notice would be published.

 "It is still in the inter-agency process," said Murphy.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 25 16:06:57 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 25 Feb 2005 19:06:57 -0500
Subject: Arab Bank Told by U.S. to Restrict Wire Transfers (Update5)
Message-ID: <p0611043abe456deb5345@[68.167.57.91]>

<http://www.bloomberg.com/apps/news?pid=10000103&sid=atzqhwfJoPgc&refer=us>

Bloomberg



 Arab Bank Told by U.S. to Restrict Wire Transfers (Update5)

 Feb. 25 (Bloomberg) -- Arab Bank Plc, the target of lawsuits by relatives
of victims of terrorist attacks in the Middle East, was ordered by a U.S.
regulator to restrict wire transfers and stop taking deposits at its New
York branch.

 Amman, Jordan-based Arab Bank, the third-largest Arab lender, failed to
monitor fund transfers at the branch for suspicious activity and to obtain
enough information about them, the Office of the Comptroller of the
Currency said in a consent order released in Washington today. The bank
neither admitted nor denied wrongdoing.

 ``The inadequacy of the branch's controls over its funds transfer business
is especially serious in light of the high-risk characteristics of many of
the transactions,'' the OCC said.

 The order, which didn't mention the lawsuits, requires Arab Bank to pay
off or transfer all deposit accounts and wind down money transfers at the
New York branch, all but ending the branch's ability to do business as a
traditional bank. The 75- year-old bank, which will now focus its New York
business on trade and corporate finance, must also provide a daily report
to the OCC of assets and keep all records in English.

 Bank spokeswoman Heather Geisler said transfers were a small part of the
branch's operations. She said the branch dealt mostly with trade and
corporate finance.

 U.S. regulators have intensified their surveillance of money transfers
since the terrorist attacks of September 11, 2001. Families of victims of
the attacks have used courts to target Arab individuals, banks and
governments, including Saudi Arabia. The families that sued Arab Bank are
seeking $2 billion in damages.

 Suits

 The suits, filed July 2 and Jan. 21 in a U.S. District Court in Brooklyn,
say that the Saudi Committee in Support of the Intifada Al-Quds used Arab
Bank to make at least six payments of 20,000 Saudi riyals ($5,332) each to
relatives of bombers and gunmen. The charity has raised more than $100
million to aid Palestinians injured in the conflict with Israel.

 Chief Banking Officer Shukry Bishara said in an interview this month that
Arab Bank didn't know the payments were going to families linked to the
attacks.

 ``Nothing in the consent agreement asserts that transactions happened that
were not supposed to,'' Geisler said in an e-mail. ``But rather it talks
about weaknesses in Arab Bank's ability to report potentially suspicious
activity.''

 Nofal Barbar, regional manager for Arab Bank, wasn't available for
comment, his office said. The bank's New York branch, its only one in the
U.S, is on the second floor of an office building on Madison Avenue in
midtown Manhattan. The bank has 22 branches in the West Bank and Gaza Strip
and $2 billion in deposits.

 ``Arab Bank is committed to achieving and implementing best practices in
the rapidly evolving area of transactional reporting,'' Bishara said in a
statement today. ``This agreement builds on and will help strengthen our
internal controls and will give our customers and regulators even more
confidence in the safety and security of Arab Bank.''

 Bishara said in a Feb. 7 interview that the bank might close the New York
branch. Under the consent order, the bank can operate on a restricted basis
in the U.S. provided it maintains ``quality'' assets to cover debits and
protect the U.S. deposit insurance fund.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 25 16:10:35 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 25 Feb 2005 19:10:35 -0500
Subject: U.S. claims deficiencies at N.Y. Arab Bank
Message-ID: <p0611043cbe456ed58a0d@[68.167.57.91]>

<http://seattlepi.nwsource.com/printer/ap.asp?category=1310&slug=Arab%20Bank>

SEATTLE POST-INTELLIGENCER

Friday, February 25, 2005 7 Last updated 2:49 p.m. PT

U.S. claims deficiencies at N.Y. Arab Bank

By MARCY GORDON
AP BUSINESS WRITER

WASHINGTON -- U.S. regulators said Friday that Arab Bank PLC, one of the
largest financial institutions in the Middle East, has inadequate controls
against money laundering at its New York branch and has been ordered to
stop transferring funds or opening new accounts there.

In an unusual move, the Office of the U.S. Comptroller of the Currency, a
Treasury Department agency, said the branch was being converted into an
entity that will not conduct traditional banking activities but will
continue to engage in corporate and trade financing.

Jordan-based Arab Bank, with operations in 30 countries, faces several
lawsuits in the United States by relatives of terrorism victims in Israel
who allege it supported terrorism by funneling donations to Palestinian
suicide bombers and their families.

The bank, which had said recently it would close the New York branch,
agreed to the conditions in a consent order with the comptroller's office.

"The inadequacy of the branch's controls over its funds transfer business
is especially serious in light of the high-risk characteristics of many of
the transfers," the comptroller's office said in the order, which was dated
Thursday and announced Friday.

Rep. Sue Kelly, R-N.Y., who heads a House subcommittee that has
investigated terrorists' use of the U.S. financial system, called the
action by the comptroller's office encouraging but added, "I remain deeply
concerned about reports of Arab Bank's role in supporting terrorism and
look forward to learning additional facts regarding this situation in the
coming weeks and months."

Families of about 40 U.S. citizens killed in terrorist attacks in Israel
sued Arab Bank in federal court in New York City last summer, accusing it
of channeling money to Palestinian terrorist groups and of making insurance
payments to beneficiaries of suicide bombers.

"This isn't the time to declare victory," Gary M. Osen, an attorney
representing the families, said Friday. "The Treasury Department has taken
an important step by setting up a process for closing Arab Bank's U.S.
operations, but we're a long way from a full reckoning with Arab Bank for
what they've done."

The plaintiffs also allege that the Texas-based Holy Land Foundation for
Relief and Development used Arab Bank's New York branch to transfer money
to Hamas, a Palestinian terrorist organization blamed for dozens of attacks
in Israel. The Justice Department in August indicted the Holy Land
Foundation on charges of providing millions of dollars in support to Hamas.

Officials of Arab Bank have called those allegations "completely false and
totally irresponsible."

In a statement Friday, Shukry Bishara, Arab Bank's chief banking officer,
said the agreement with the U.S. regulators "will help strengthen our
internal controls and will give our customers and regulators even more
confidence in the safety and security of Arab Bank."

The decision to close the New York branch was announced earlier this month
by the Central Bank of Jordan, which oversees the operations of Arab Bank -
the kingdom's largest financial institution with some $32 billion in
assets. The bank is partly owned by the prominent Palestinian Shoman
family, and its shareholders include the Saudi Oger Co., which was owned by
former Lebanese Prime Minister Rafik Hariri, who was killed on Feb. 14 in a
bombing in Beirut.

--

On the Net:

Office of the Comptroller of the Currency: http://www.occ.treas.gov

Arab Bank PLC: http://www.arabbank.com

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 25 18:47:54 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 25 Feb 2005 21:47:54 -0500
Subject: China walks out of wireless LAN security talks
Message-ID: <p06110452be4593bf3121@[68.167.57.91]>

<http://www.commsdesign.com/printableArticle/;jsessionid=IUWFMVHO5S3NAQSNDBGCKH0CJUMEKJVN?articleID=60403226>
 
China walks out of wireless LAN security talks

Patrick Mannion
 Feb 24, 2005 (12:26 PM)


MANHASSET, N.Y. - China walked out of a wireless standards meeting this
week, accusing the International Organization for Standardization of
favoring the IEEE's 802.11i ANSI-certified wireless LAN security scheme
over its own controverisal proposal, EE Times has learned.

 The gambit came after China's Wireless Authentication and Privacy
Infrastructure (WAPI) security scheme was withdrawn and placed on a slower
track by the ISO. This week's meeting in Sulzbach, Germany, included the
ISO/IEC JTC1 SC6 WG1 working group created to resolve the dispute.

 China initially agreed last year to refrain from making its WAPI security
scheme mandatory for wireless LAN equipment in China. It then approached
ISO with a fast-track submission in an effort to make WAPI an international
security standard. The 802.11i proposal is also on the fast-track for ISO
approval, possibly by April. Until this week, the ISO group was focused on
whether or not both 802.11i and WAPI should be cemented as enhanced - but
optional - security standards.

 However, sources said tempers flared when China's original fast-track
submission, designated 1N7506 of China National Standard GB15629.11 (WAPI),
was withdrawn from consideration. It was replaced by a revised submission,
designated 6N12687, that removed the China proposal from the organization's
fast-track approval process.

 The withdrawal was based on a procedural issue, according to a source, and
the clock for approval was reset indefinitely to a later submission. The
result is a delay in moving the WAPI proposal through ISO.

 Sources said China walked out specifially over disputes centering on which
members have authority to seek a withdrawal and the timing of the request.
Chinese delegates also accused ISO of favoring the IEEE 802.11i proposal.

 It remains unclear for now whether the dispute will affect the current
suspension of China's original law requiring mandatory implementation of
WAPI. The IEEE is currently drafting a formal response, but declined to
comment.
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 25 19:08:05 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 25 Feb 2005 22:08:05 -0500
Subject: When paying with plastic, why swipe? Just wave
Message-ID: <p06110463be4597610b20@[68.167.57.91]>

<http://news.zdnet.com/2102-9588_22-5589512.html?tag=printthis>

ZDNet News


 By Alorie Gilbert
 URL: http://news.zdnet.com/2100-9588_22-5589512.html
Tired of having to swipe and sign every time you use a credit card?

 Visa is hoping to simplify the process of paying with plastic with a new
payment technology it introduced Thursday. With the company's new
"contactless" system, consumers need only wave credit and debit cards
within a few inches of a reader to complete a purchase. And for purchases
of less than $25, no signature is required.

 The technology will be more convenient for merchants and consumers alike
by reducing checkout times and lines, Visa executives said. It's also
designed to be an easy alternative to cash for small purchases such as a
soda or pack of gum.

 "Our hope is that the contactless payment feature will drive added
convenience and speed to consumers," said Niki Manby, vice president of
market and technology innovation at Visa USA. "You no longer need to swipe
or hand over your card."

 But don't go waving your credit and debit cards around just yet. Visa must
first convince merchants and card issuers to use new equipment. For
merchants, that means purchasing new card readers. For banks, it means
introducing special cards capable of transmitting account data via radio
signal rather than magnetic stripe. So far, no card issuers are offering
them, Manby said.

 With 5.6 million merchants in the United States, Visa will need some time
to phase out its old system.

 "It's not something retailers will do lightly overnight," said Pennie
Gillespie, a Forrester Research analyst.

 Visa is not alone in the endeavor. MasterCard and American Express also
are experimenting with contactless cards. MasterCard has been doing field
tests in Florida, while American Express is doing trials in Arizona and New
York. The companies are using compatible technology, so merchants can use
the same card readers for all three systems. Merchants just need to install
an extra bit of software to make it all work together, said Patrick
Gauthier, senior vice president of new product development at Visa.

 Visa and its rivals have some obstacles to overcome before the technology
becomes more mainstream, Gillespie said. Not only must they convince
merchants to buy new readers, they must assure consumers that the
new-fangled cards are every bit as secure as the old ones in an age of
identity theft and high-tech hacking.

 "Security is a question," Gillespie said. "How easy is it for someone to
interact with a wireless communication and pick up a number?"

 Visa designed its system to be highly secure, with multiple layers of
encryption and fraud detection, Gauthier said. Each transmission between
card and reader has a unique code that cannot be reused even if it is
intercepted, a key security feature, he said. In addition, consumers have
no liability for fraudulent charges with the new cards as with the old
ones, Gauthier added.

 "Security is at the core of our business," Gauthier said. "We are fully
confident that the platform we have developed is as secure as any form of
Visa cards today."


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 25 19:17:01 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 25 Feb 2005 22:17:01 -0500
Subject: China walks out of wireless LAN security talks
Message-ID: <p06110457be459651cb53@[68.167.57.91]>

Time to put on the tinfoil hats and impute conspiracy to what is more
probably, as Pournelle once observed, incompetence...

Cheers,
RAH
-------
<http://www.commsdesign.com/printableArticle/;jsessionid=BDGFNBFMHFOX0QSNDBCCKHSCJUMEKJVN?articleID=60403226>
 
China walks out of wireless LAN security talks

Patrick Mannion
 Feb 24, 2005 (12:26 PM)


MANHASSET, N.Y. - China walked out of a wireless standards meeting this
week, accusing the International Organization for Standardization of
favoring the IEEE's 802.11i ANSI-certified wireless LAN security scheme
over its own controverisal proposal, EE Times has learned.

 The gambit came after China's Wireless Authentication and Privacy
Infrastructure (WAPI) security scheme was withdrawn and placed on a slower
track by the ISO. This week's meeting in Sulzbach, Germany, included the
ISO/IEC JTC1 SC6 WG1 working group created to resolve the dispute.

 China initially agreed last year to refrain from making its WAPI security
scheme mandatory for wireless LAN equipment in China. It then approached
ISO with a fast-track submission in an effort to make WAPI an international
security standard. The 802.11i proposal is also on the fast-track for ISO
approval, possibly by April. Until this week, the ISO group was focused on
whether or not both 802.11i and WAPI should be cemented as enhanced - but
optional - security standards.

 However, sources said tempers flared when China's original fast-track
submission, designated 1N7506 of China National Standard GB15629.11 (WAPI),
was withdrawn from consideration. It was replaced by a revised submission,
designated 6N12687, that removed the China proposal from the organization's
fast-track approval process.

 The withdrawal was based on a procedural issue, according to a source, and
the clock for approval was reset indefinitely to a later submission. The
result is a delay in moving the WAPI proposal through ISO.

 Sources said China walked out specifially over disputes centering on which
members have authority to seek a withdrawal and the timing of the request.
Chinese delegates also accused ISO of favoring the IEEE 802.11i proposal.

 It remains unclear for now whether the dispute will affect the current
suspension of China's original law requiring mandatory implementation of
WAPI. The IEEE is currently drafting a formal response, but declined to
comment.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 25 19:17:48 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 25 Feb 2005 22:17:48 -0500
Subject: Payroll site closes on security worries
Message-ID: <p06110456be459649c981@[68.167.57.91]>

<http://news.com.com/2102-1029_3-5587859.html?tag=st.util.print>

CNET News


 Payroll site closes on security worries

 By Robert Lemos

 Story last modified Wed Feb 23 15:54:00 PST 2005



Online payroll service provider PayMaxx shuttered its automated W-2 site on
Wednesday after a researcher claimed that two security holes had exposed
data on more than 25,000 people.

A description of the problem posted on Think Computer's Web site by Aaron
Greenspan, president of the software start-up, said the security issues
could allow anyone to view the W-2 forms generated for employees of
PayMaxx's clients for the last five years.

 PayMaxx did not acknowledge or deny the problems, saying that a
third-party security company was investigating the allegations.


 "No system in the world is 100 percent secure from a sophisticated and
determined hacker," the Tennessee-based payroll company said in a statement
sent to CNET News.com. "PayMaxx has made and continues to make every effort
to secure its system against any breach."

The incident comes a week after background-check provider ChoicePoint
acknowledged that data thieves had created dozens of fake companies to
acquire more than 145,000 records touching on the personal lives of U.S.
citizens. Federal legislators are considering strong protections on
identity data following the ChoicePoint leak, and a class action lawsuit
has been filed in California.

 Greenspan, a former PayMaxx customer, said he discovered the alleged
problems in the company's system more than two weeks ago, after he received
notification from the company that his W-2 tax form was available online
for download and printing. The link to access the W-2 included an ID
number, and he wondered whether the company had protected against an
obvious security problem: adding one to the ID number to get the next form.

 Instead of being denied access, Greenspan found that another person's W-2
was downloaded and readable. Sequential, rather than randomized, ID numbers
made it easy to call up numerous customers' data.

The hole could have allowed employees at PayMaxx's clients to access more
than 25,000 W-2 forms for last year and the W-2 forms for years back to
2000, he said.

 He said his investigation revealed that PayMaxx's database contained a
record for testing purposes that contained a Social Security number of
000-00-0000 and a password of all zeros. That could allow anyone to log
into the site and then use the lack of authentication to sequentially
download all the W-2 forms, Greenspan said.

 "Anyone could have been exploiting these security issues for years, and no
one would have known about it," he said.

 PayMaxx confirmed that the test account did exist as described in
Greenspan's paper, but took issue with other allegations. The company
stated that from a review of Greenspan's paper, it had found several of his
claims to be inaccurate, but did not specify which claims. While PayMaxx
did not confirm the problem, the company did qualify the extent of the
damage.

"Our initial analysis indicates that if Mr. Greenspan was able to
improperly access any W-2 forms, a limited number of forms were accessed,"
the company said in the statement.

 That does not contradict Greenspan's claims, since the researcher said
that he had only accessed enough of the site to confirm the issue and gauge
the extent of the problem.

 PayMaxx charged that Greenspan had "attempted to hack" into its Web site.
It said he had held back details of the alleged flaws and had requested
that PayMaxx hire his company.

 "Due to the lack of specificity provided by Mr. Greenspan in his obvious
sales pitch, PayMaxx did not view his communications as credible," the
company said. "Consequently, we declined his offer to hire his services."

 Greenspan acknowledged that he had given PayMaxx few details, but took
issue with their lack of response to his security concerns.

 "I did tell them that there was a problem, and gave them several options
to deal with it, and instead they chose to do nothing," Greenspan said. "It
is not my job to go around and fix problems for free."

 PayMaxx declined to comment on whether it had notified any of its
customers about the report of a problem. Under California's Security Breach
Information Act (S.B. 1386), companies that may have leaked personal or
financial data must advise their customers as soon as possible.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 25 19:18:53 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 25 Feb 2005 22:18:53 -0500
Subject: Solutions to net security fears
Message-ID: <p06110455be459648c91d@[68.167.57.91]>

<http://news.bbc.co.uk/2/low/technology/4273135.stm>

The BBC

Friday, 25 February, 2005, 08:10 GMT

 Solutions to net security fears
By Jo Twist
 BBC News science and technology reporter

 Fake bank e-mails, or phishing, and stories about ID theft are damaging
the potential of using the net for online commerce, say e-business experts.

Trust in online security is falling as a result. Almost 70% of those asked
in a poll said that net firms are not doing enough to protect people.

 The survey of more than 1,000 people reported that 43% were not willing to
hand over personal information online.

 It is worrying for shopaholics and firms who want to exploit the net.

 More people are becoming aware of online security issues but they have
little confidence that companies are doing enough to counter the threats,
said security firm RSA, which carried out the poll.

 An estimated 12 million Britons now use the net as a way of managing their
financial affairs.

 Security experts say that scare stories and the vulnerabilities dogging
e-commerce and e-banking are being taken seriously - by banks in particular.

 Who are you?

"I don't think the threat is overplayed," Barry Beal, global security
manager for Capgemini, told the BBC News website.

 He added: "The challenge for banks is to provide the customer with
something that improves security but balances that with usability."

 Ensuring extra security measures are in place protects them too, as well
as the individual, and it is up to both parties to make sure they do what
is necessary to prevent fraud, he said.

 "Card issuers will keep us informed of types of attacks and what procedure
to take to protect ourselves. If we do that, they will indemnify us," he
said.

 Many believe using login details like usernames and passwords are simply
not good enough anymore though.

 One of the biggest challenges to improving security online is how to
authenticate an individual's identity.

 Several security companies have developed methods which complement or
replace passwords, which are easily compromised and easy to forget.

 Last year, a street survey found that more than 70% of people would reveal
their password for a bar of chocolate.

On average, people have to remember four different passwords.

 Some resort to using the same one for all their online accounts. Those who
use several passwords often write them down and hide them in a desk or in a
document on their computer.

 In a separate survey by RSA, 80% said they were fed up with passwords and
would like a better way to login to work computer systems.

 For many, the ideal is a single online identity that can be validated once
with a series of passwords and questions, or some biometric measurement
like a fingerprint or iris scan with a token like a smartcard.

 Token trust

Activcard is just one of the many companies, like RSA Security, which has
been trying to come up with just that.

 RSA has a deal with internet provider AOL that lets people pay monthly for
a one-time passcode generation service.

 Users get a physical token which automatically generates a code which
stays active for 60 seconds.

 Many companies use a token-based method already for employees to access
networks securely already.

 Activcard's method is more complex. It is currently trailing its one-time
passcode generation technology with UK banks.

 Steve Ash, from Activcard, told the BBC News website there are two parts
to the process of identification.

 The most difficult is to ascertain whether an individual is who they say
they are when they are online.

"The end solution is to provide a method where you combine something the
user knows with something they have and present those both."

 The method it has developed makes use of the chip embedded in bank cards
and a special card reader which can generate unique codes that are active
for a specified amount of time.

 This can be adjusted at any time and can be active for as little as 30
seconds before it changes.

 It combines that with usual usernames and passwords, as well as other
security questions.

 "You take the card, put it in the reader, enter your pin number, and a
code is given.

 "If you wanted then to transfer funds, for instance, you would have to
have the code to authorise the transaction."

 The clever bit happens back at the bank's secure servers. The code is
validated by the bank's systems, matching the information they expect with
the customer's unique key.

 "Each individual gets a key which is unique to them. It is a 2048-bit long
number that is virtually impossible to crack," said Mr Ash.

 It means that in a typical security attack, explains Mr Ash, even if
password information is captured by a scammer using keystroke software or
just through spoof websites, they need the passcode.

 "By the time they go back [to use the information], the code has expired,
so they can't prove who they are," according to Mr Ash.

 In the next few years, Mr Ash predicts that this kind of method will be
commonplace before we see biometric authentication that is acceptable for
widespread use.

 "PCs will have readers built into them, the cost of readers will be very
cheap, and more people will have the cards."

 The gadgets we carry around, like personal digital assistants (PDAs) and
mobiles, could also have integrated card reader technology in them.

 "The PDA or phone method is a possible alternative as people are always
carrying phones around," he said.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 25 19:19:46 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Fri, 25 Feb 2005 22:19:46 -0500
Subject: Study: Security fears daunt online shoppers
Message-ID: <p06110454be459646c8a9@[68.167.57.91]>

<http://news.zdnet.com/2102-1009_22-5575569.html?tag=printthis>

ZDNet

 By Dawn Kawamoto
 URL: http://news.zdnet.com/2100-1009_22-5575569.html
One-fourth of online shoppers have reduced their purchases in the past year
as concerns over identity theft have risen, according to a survey released
Monday.

That increased reluctance to shop online comes as Americans become more
aware of the possible risks, the consumer study by RSA Security indicated.
Some 61 percent of respondents said they feel more informed about identity
theft issues, and 23 percent noted they feel more vulnerable than they did
a year ago.

 "Clearly, there's a lot of work to be done if businesses want to build
more online trust with consumers," John Worrall, vice president of
worldwide marketing at RSA Security, said in a statement. "While awareness
of threats remains high, consumer confidence in dealing with those threats
is low."

 The third annual study asked more than 1,000 U.S. consumers about how
their attitudes to identity theft, computer attacks and other security
issues had changed over the past two years. The results were released to
coincide with the annual RSA security conference, which gets under way in
San Francisco this week.

 Financial institutions, which hope to move more customers to online
banking as a means to cut their operational costs, continue to face
resistance. Twenty-one percent of consumers refuse to use online banking,
the survey found.

 Banks have been particular targets of the rapid rise in phishing attacks,
as attackers find that money can be made by luring victims into handing
over sensitive information such as social security numbers and bank account
details.

 The survey found that more than half of respondents felt traditional user
IDs and passwords do not provide adequate security. Despite this, people
also said they have not changed their approach to password use. Two out of
three Web users said they use fewer than five passwords for all access to
electronic information. Of the total, 15 percent said they use a single
password. Those results have not changed from last year, RSA said.

 The majority of consumers, nearly 70 percent, felt the online merchants
they do business with are falling short on protecting their personal
information.

 Another report, released jointly by the Business Software Alliance and the
Information Systems Security Association on Monday, found that companies
are increasingly sending the responsibility of overseeing security to the
executive suite.

 Forty-four percent of businesses surveyed last year said their senior
management is responsible for security, up from 39 percent in 2003.

 But the number of security professionals who believe a major cyberattack
will occur in the next 12 months has declined over the past year, the
report said. The figure has dropped to 59 percent last year, from 65
percent in 2003.

 "This survey demonstrates that awareness and action are replacing fear,"
Robert Holleyman, BSA's chief executive, said in a statement.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Fri Feb 25 21:28:34 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sat, 26 Feb 2005 00:28:34 -0500
Subject: Bank of America: 1.2 million federal employee credit cards
  exposed
Message-ID: <p06110469be45b935f8f1@[68.167.57.91]>

<http://www.time.com/time/nation/printout/0,8816,1032140,00.html>

Time Magazine

 Friday, Feb. 25, 2005
A New Cyber-Security Breach
Bank of America says at least 1.2 million federal employee credit card
accounts may be exposed to theft or hacking
By  TIMOTHY J. BURGER
 Try 4 Issues of TIME magazine FREE!
 In the financial world's latest cyber-identity crisis, Bank of America
today is warning the holders of at least 1.2 million of its federal
employee credit card accounts that a major security breach may have left
their account information exposed to theft or hacking, according to a
senior U.S. official and Bank spokeswoman.

 The U.S. official said that federal law enforcement is investigating the
loss of several Bank of America data backup tapes that were being
transferred across country by air when they disappeared in December. "We
are proactively sending letters to impacted cardholders," said Alexandra
Trower, spokesperson for Charlotte-based Bank of America. She said that
after intensive account-monitoring, the tapes are at this point believed to
be lost, not stolen. "We, with federal law authorities, have done a very
robust, thorough investigation on this and neither we nor they would make
the statement lightly that we believe those tapes to be lost," she said.
"We have no evidence that the tapes have been accessed in any way. We have
witnessed no unusual activity. And we've been monitoring the situation very
closely."

 The U.S. official said a large percentage of the accounts are for the
Pentagon but that some 40 federal agencies and other entities are affected.
Some of the tapes related to non-federal card-holders, the official added.
Trower would not comment on which agencies are affected, referring
questions to the General Services Administration. A GSA spokesperson had no
immediate response to an inquiry about the matter, including whether any of
the Pentagon's billions of dollars in secret "black" programs could be
affected. Pentagon spokesman Bryan Whitman said the data loss includes
files on 900,000 of the Pentagon's three million or so military and
civilian workers. "It is a significant number of the Department's
employees," he said, declining to say whether it affected any who are
working undercover.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Sat Feb 26 04:17:01 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sat, 26 Feb 2005 07:17:01 -0500
Subject: Anguilla on $250 a Day
Message-ID: <p06110480be4615e6b2ca@[68.167.57.91]>

<http://travel2.nytimes.com/2005/02/27/travel/27low.html?8td=&pagewanted=print&position=>

The New York Times

February 27, 2005
HIGH LOW

Low: Anguilla on $250 a Day
 By BONNIE DeSIMONE


 KNEW the drill. An ever-punctual rooster outside my window would cut loose
with a brain-curdling cry at about 4 in the morning. I put a pillow over my
head, and, sinking back into sleep, I imagined this same rooster, its
internal G.P.S. activated the second I set foot on Anguilla, ruthlessly
tracking me down as it had on all my previous visits.

I was an old Anguilla hand, but this time on a new and interesting mission:
how to live well on $250 a day on a Caribbean island that promotes itself
as an elite retreat.
Related Feature
High: Anguilla on $1000 a Day
The key? Chickens have the run of the place, but so do people. Anguilla's
staggeringly beautiful beaches are public land, open to all no matter what
high-price resort looms nearby.

 I felt like a reverse infiltrator. That's apt, since the highlight of
Anguilla's modern history was its largely nonviolent reverse revolution in
the late 1960's, when islanders successfully staved off Britain's attempts
to loosen economic and administrative ties. The island remains a British
dependency.

It's easier to do Anguilla on a budget than it was years ago, and not just
because the wake-up calls are free. Luxury accommodations have multiplied,
but so have reasonably priced establishments. And it's a challenge to spend
money on night life: there's hardly any.

On a Friday afternoon in mid-December, I flew from Philadelphia to the
island of St. Martin and took a taxi to the port of Marigot, where ferries
leave for Anguilla every 30 or 40 minutes. My suitcase was loaded alongside
52-pound bags of dog food and cases of juice, and off we went, grinding
through the swells on a 25-minute ride that is not for the faint of stomach.

>From the Blowing Point ferry terminal, I took a cab to Lloyd's Guest House,
where I'd reserved a single room, including a hot, cooked-to-order
breakfast, for $78 a night including tax. Perched atop breezy Crocus Hill,
and managed by David Lloyd, whose parents opened the bed-and-breakfast 45
years ago, Lloyd's serves business travelers and savvy tourists. My fellow
guests included an artist, two marine biologists and an itinerant financier.

During the revolution, partisans irked by the senior Mr. Lloyd's
pro-independence leanings fired multiple rounds of ammunition into the
hotel's exterior walls. No one was hurt, all was eventually forgiven, and
the hotel is an island institution. I asked Mr. Lloyd if he considered
selling the business after his parents died. He smiled. "They would come
back alive," he said.

My spacious, high-ceilinged room had a stone-tile floor, worn but
functional furniture and a private bath with a shower and a cold-water
sink. There was a television in the room but no phone. (Mr. Lloyd makes his
office phone and Internet connection available to guests.)

 Air-conditioning can be turned on for another $10 a night, but a ceiling
fan and an open window sufficed. Some of the 14 rooms are being renovated.

My first night, I walked down the short, steep and very dark hill (bring a
flashlight) to Roy's Place on Crocus Bay, the quintessential beachcomber's
joint, for a terrific lobster salad and a couple of beers ($36), then
repaired to the bar to join the island's best ongoing blarney session.

 On Saturday morning, breakfast was scrambled eggs, bacon and potatoes. My
only quibble with Lloyd's was the mix-it-yourself instant coffee; I went
British for the weekend and drank tea.

A compact rental car awaited me outside the hotel. Mr. Lloyd booked it
through Andy Connors's local agency, which delivered it. The daily rate was
$35 plus a one-time $20 fee for a temporary driver's license.

 Driving on Anguilla is a cross-cultural lesson. Islanders drive on the
left, use high beams after sundown and routinely pick up hitchhikers. When
I was detoured onto a dusty, cratered secondary road because of repaving on
the main drag, I stopped to ask two women for directions and was somewhat
startled when they opened the door and climbed in. We all got to our
destinations.

Wanting affluent-looking feet, I had an hour-plus basic pedicure ($40) at
the Taino Wellness Center in South Hill Village. Then I took my newly
painted toenails for a picnic at Maunday's Bay, near the southern tip and
the site of the very upscale Cap Juluca resort.

 I assembled lunch en route at Wee-Gee's bakery and MacDonna's, a take-out
place, stashing a tuna sub, water, a banana and a soda ($10) in a soft
cooler brought from home. I parked in Cap Juluca's public lot, spread my
towel beneath a sea grape tree, ate, read, took a dip and gazed back at the
resort's white Moorish-style villas and perfect palm trees.

Sharing space with resort guests is an interesting exercise in etiquette. I
wouldn't have been comfortable flopping between the chaise longues where
Cap Julucans reclined, and it's not kosher for nonguests to use the chairs
during prime beach time. But on previous visits, I've waited until late
afternoon when the beach empties, then used the chairs with a wink and no
interference from staff members.

Next on my agenda was a hike to Shoal Bay West, one beach over. Anguilla's
southwestern end features a string of beaches separated by fossilized coral
outcroppings. The passages range from easy to dicey and call for long pants
and closed-toe shoes with good traction.

I walked over on a nonscenic inland path along a pond, emerging on another
gorgeous strip of sand occupied by the chic Altamer and Covecastles
resorts, the Blue Waters Beach Apartments and a pink mansion once owned by
the actor Chuck Norris.

After rambling the length of the beach and back, I took a break at the
dreamy little open-air Trattoria Tramonto, whose sensory pleasures include
colorful tile-and-wood dicor, opera wafting from the speakers and freshly
grated nutmeg on the exotic drinks. I ordered a cooling lime daiquiri ($8
with tip) and discussed celebrity sightings with the bartender, who
reported that Robert De Niro had stopped in recently.

I slowly worked my way back across the point to Maunday's Bay without
encountering another person. Footing on the dead coral can be treacherous,
and the "trails" are more like random openings in the thick scrub
vegetation, but I was rewarded with views of the ocean and St. Martin and
the beginnings of a double rainbow.

I'd never seen Anguilla on horseback, so I arranged for a private ride ($25
plus $2 tip) at El Rancho del Blues stable near Blowing Point. The
facilities are a tad ramshackle and my Dominican guide spoke little
English, but my chestnut rent-a-mare, Natasha, appeared healthy and the
tack was in good shape.

 Our eclectic hourlong route wound through a residential area, sunlit
fields of high grass and the crowded ferry terminal parking lot before it
reached the beach. It wasn't a high-level equestrian experience, but I was
content to take it easy.

 I cleaned up in a gas station bathroom and made my way to the Devonish Art
Gallery at West End to attend a reception for an exhibit of antique maps.
Over complimentary wine and hors d'oeuvres, I chatted with the gallery's
owners, Courtney and Carrolle Devonish, and bought one of Mr. Devonish's
woodcarvings, a "touch form" ($20) meant to be cupped in the palm for
stress reduction.

Dinner had to be inexpensive after my profligacy, so I headed for the
English Rose, a tavern in Anguilla's central business district, The Valley.
A trencherman's portion of snapper with sweet-tart creole sauce, rice and
native peas, canned mixed veggies and salad, a beer and tip came to $16.25.
A nightcap at Roy's ($4), and I was ready for bed.

 On Sunday morning, I chose cereal for breakfast to spare my arteries and
drove 20 minutes to Shoal Bay East. It's a one-stop-shopping beach with
lots of commercial activity, but still never seems crowded.

At Elodia's, a complex that includes villas and a bar-restaurant, I rented
a chaise longue and umbrella ($5) and snorkeling gear ($10) and treated
myself to a $3 coffee.

 When a glass-bottomed boat pulled up near the beach, I waded into the
water and hailed Junior Fleming, who has worked Shoal Bay East for years.
He proposed an hourlong one-on-one snorkeling outing for $40 (less per
person depending on the size of the group), then motored to an outlying
reef.

The current was strong, so Junior literally took my hand and towed me
around, pointing out huge schools of blue tang, the odd, long-nosed trumpet
fish, stands of elkhorn and fan coral. I hauled myself back aboard wobbly,
parched and exhilarated.

I rehydrated with a large bottle of mineral water ($4) and strolled to
Uncle Ernie's timeless beach-food shack for a cheeseburger, coleslaw, fries
and a soda ($8). I read, walked and swam until late afternoon, when the
reggae band at Elodia's segued into Bob Marley's classic "Stir It Up,"
triggering a Pavlovian craving for rum. I nursed a frozen piqa colada ($7),
dusted with cinnamon and topped with a maraschino cherry, while watching
the sunset.

Wanting to dine somewhere with tablecloths without busting my budget, I
headed to Tasty's in South Hill. I ordered lobster-and-corn bisque and
seafood salad, and washed it down with a half-bottle of French rosi ($46
with tip). I still had money to burn, so I made my now-ritual stop at Roy's
before retiring.

On Monday morning, I squeezed in visits to several art galleries before
going to the CuisinArt resort's Cafi Mediterraneo on Rendezvous Bay for a
parting lunch: an entrie-size salad of greens and vegetables from the
resort's hydroponic garden and a big bottle of bubbly water ($33.35).

As I savored the meal and my lush surroundings, three plump hens
stutter-stepped across the patio. A rooster called from afar. Two women
sitting next to me started, and one giggled nervously. "At least they keep
the floor clean," she said.

We budget travelers don't hog the poultry. The chickens, like all the best
sights on Anguilla, are for everyone.

TWO-DAY TOTAL: $498.25

Visitor Information

Getting There

Several United States airlines run flights to Anguilla, but most operate in
connection with other carriers. Most flights go through San Juan, and the
cheapest fares (from about $646 round trip for late March) can require an
additional connection in St. Martin. If you fly into St. Martin (from about
$561 round trip), you can take a 20-minute ferry to Anguilla ($24 round
trip plus $2.75 departure tax from St. Martin and $3 from Anguilla).
Ferries run every half hour from 7:30 a.m. to 7:30 p.m.

 Where to Stay

Cap Juluca, (888) 858-5822, www.capjuluca.com, is tucked away on the
secluded beach at Maunday's Bay, making it a favorite hideaway for
celebrities. Doubles start at $780 a night in the high season, from $445 in
April, and $345 from May 1 through mid-November. (Add 20 percent in taxes
to all rates.)

Malliouhana Hotel and Spa, (264) 497-6111, www.malliouhana.com, is the
perfect place to see an Anguillan sunset: it sits atop a cliff facing west
over the crystal blue waters of Mead's Bay. Doubles start at $400 from
April 1 to 30, and $290 from May 1 to Nov. 19; ocean-view one-bedroom
suites are $825 and $660.

 CuisinArt Resort and Spa, (264) 498-2000, www.cuisinartresort.com, is
perched on Rendezvous Bay. Rooms start at $550 a night from January through
March, $395 in April, and $350 from May 1 to mid-December.

 Lloyd's Guest House, (264) 497-2351, www.lloyds.ai, has 14 rooms on Crocus
Hill, in walking distance of Crocus Bay. The spacious rooms, some recently
renovated, go for $65 to $85, with breakfast.

Where to Eat

Blanchard's, (264) 497-6100, www.blanchardsrestaurant.com, has a romantic
setting overlooking Mead's Bay, and serves food with a Caribbean flair.
>From mid-October through May, it opens for dinner at 6:30 p.m. and is
closed Sunday. June through August, it is closed Sunday and Monday. Closed
Sept. 1 to Oct. 20. Entrees from $34.

 Gorgeous Scilly Cay, (264) 497-5123, is an open-air restaurant on its own
island, with free ferry service from Island Harbor. It is open on
Wednesday, Friday and Sunday 11 a.m. to 5 p.m. Since there is no
electricity, all food (chicken or seafood) is grilled. Live music on
Wednesday and Sunday. Entrees start at $25.

 Roy's Place, (264) 497-2470, www.roysplaceanguilla.com, is a charming
beachcomber's joint overlooking Crocus Bay, with a lively beach bar and an
Internet connection for guests (including wireless). There is a Friday
happy hour with dinner specials for $12. The Sunday specials are prime rib
($20) and lobster ($38). Lunch and dinner served daily, except dinner only
on Saturday.

 English Rose, (264) 497-5353, a tavern in the central business district of
The Valley, serves generous portions of comfort food at reasonable prices:
burgers from $4, salads from $6. Closed Sunday.

Tasty's Restaurant, (264) 497-2737, offers chic-casual Caribbean dining in
South Hill: dishes like stewed creole-style lobster for $30, and
coconut-crusted filet of parrot fish in banana rum sauce for $20. Open for
breakfast, lunch and dinner daily, except Thursday.

Trattoria Tramonto, (264) 497-8819, has open-air dining and a beach bar on
one of the island's prettiest beaches, Shoal Bay West. The Italian menu
emphasizes game and seafood, including wild boar filet mignon ($35) and
spaghetti with crayfish, clams and shrimp ($30). Lunch and dinner except
Monday.

 Uncle Ernie's, (264) 497-3907, is a quintessential beach shack on Shoal
Bay East; open 9 a.m. to 7 p.m.

 What to Do

Taino Wellness Center, off Spanish Town Road, South Hill, (264) 497-6066,
www.magma.ca/~phwalker/, offers massages (from $40 for 30 minutes),
manicures and pedicures (from $15), facials (from $50), and body treatments.

 Devonish Art Gallery, the Cove, West End, (264) 497-2949, shows works of
local artists, including those by Courtney Devonish, a woodcarver and
ceramicist. Open 9 a.m. to 5 p.m. Monday to Saturday or by appointment
Sunday.

 Horseback riding with  El Rancho del Blues in Blowing Point, (264)
497-6164 or 497-6334, starts at $25 an hour.

BONNIE DeSIMONE writes about travel and sports.

Copyright 2005 
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Sat Feb 26 04:17:08 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sat, 26 Feb 2005 07:17:08 -0500
Subject: Anguilla on $1000 a Day
Message-ID: <p06110481be46171afae4@[68.167.57.91]>

<http://travel2.nytimes.com/2005/02/27/travel/27high.html?8td=&pagewanted=print&position=>

The New York Times

February 27, 2005
HIGH LOW

High: Anguilla on $1000 a Day
 By JULIET MACUR


N hour after arriving on Anguilla in early January, I was soaking in the
hot tub at an exclusive resort, sunglasses on, eyes closed, sun warming my
pasty Northeastern face.

Ah, Anguilla, a quiet island that has recently become "the next St. Barts,"
a hedonistic hideaway and magnet for members of the boldface set. At the
northeast corner of this narrow isle, Jennifer Aniston and Brad Pitt spent
New Year's in a villa on Captain's Bay. On its southwestern coast, Jay-Z
and Beyonci had cuddled on the sands of Shoal Bay West. Down the beach from
my resort, Uma Thurman had kicked back at a local bar.

Just as I began to imagine that I, too, was a star on an
escape-the-paparazzi trip, reality interrupted. A foreign object crashed
into my hot tub and sent water slapping against my face. A small boy and
his father were throwing a ball wildly.

 The father's next toss bounced off the boy's head and against a woman's
forehead. The father laughed. The woman smiled. I growled and thought,
"This doesn't happen to Jennifer Aniston."

I left in a huff because I had no time for distractions. This was serious
business: I had to figure out how to get by on $1,000 a day.

Though Anguilla is a relatively undeveloped island where goats might
outnumber residents, $1,000 a day at a chic resort amounts to roughing it.

 At the Cap Juluca resort, the cheapest room in high season cost $936 a
night, including the 20 percent tax. Malliouhana Hotel offered a garden
view room on the first floor for $744.

 If my best friend, Rose, and I were to eat, drink and even think of going
to the spa on my $1,000-a-day budget, the only high-end resort I could
afford was the CuisinArt Resort and Spa, which sits near the island's
southwestern end on Rendezvous Bay's beach, one and a half miles of
flour-soft sand, blindingly white.

 The turquoise ocean water was as clear as Evian, and you could see fish
near the sea floor. The cheapest rate, $550 plus $110 tax - but including
Continental breakfast - would allow us to pretend we belonged at this
beautiful place.

 The resort's grounds were simple and elegant. Eggplant-colored
bougainvillea climbed the whitewashed stucco buildings that looked as if
they had been plucked from a Greek cliff. In a nearby garden were trees
heavy with guavas, fig bananas and star apples.

 As we looked from the lobby onto a series of rectangular pools cascading
to the beach, a receptionist said we had been upgraded from the main house
to a suite in one of the 10 three-story villas clustered along the shore.
"We hope you don't mind," she said, unaware that I was a journalist.

 No, we didn't, and certainly not after seeing the room. The upgrade, to a
junior suite that would have cost $120 more a night, allowed us to hear
waves from our patio.

 Our "suite" was a cheery, not fancy, single room, but at 920 square feet
was nearly as big as my Manhattan apartment. A navy couch broke up the
space into sleeping and lounging areas. Two double beds with wicker
headboards faced the porch and a walkway to the beach. Paintings of Greek
fishing villages and bright bedspreads splashed color against the white
walls and tile floors.

A brochure called the bathroom "your own private sanctum," large enough for
an oval tub for a honeymooning couple's bubble bath. But nothing was that
private, considering one wall was made of warped glass. While on the
outside walkway one day, I gasped when I saw a fuzzy version of Rose
heading for the shower.

 At the resort's free reception on our first night (with food and drink),
the manager, Rabin Ortiz, told us, "Do not make plans for your weekend." We
quickly learned why. There are no plans to make because, on Anguilla, there
is basically nothing to do. And that's the point.

At CuisinArt, stay away from the main pool (where ball-tossing children
congregate). Instead, sit on the beach and take delivery of homemade lemon
sorbet from waiters whose goal is to fill you with fruity rum drinks. After
sundown, submit to spa treatments like the Anguillan coconut pineapple
scrub, which smells good enough to eat, and the hydroponic cucumber and
aloe wrap, using ingredients grown on the premises.


Night life is minimal. (At 10:30 on Saturday night, only one couple was at
our resort's bar, where a trio sang "Endless Love.") Sea kayaks, sailboats,
catamarans and tennis courts were available and mostly unused. For casino
or dance club action, it's a half-hour ferry ride to St. Martin.

Still, after too many games of boccie and gin rummy - or perhaps not enough
gin and rum - we searched for some fun. Down the beach was Dune Preserve, a
delightfully mellow bar inside a wooden shack owned by the local reggae
legend Bankie Banx. A CuisinArt bartender said that Uma had been there the
night before.

 We followed the shoreline to get there. But then, as if the local gods
ordered punishment for all $1,000-a-day cheapskates, two stray dogs charged
us in the darkness. We couldn't see them, but they barked and snapped like
rabid Rottweilers, sending us running back to CuisinArt. So much for Uma.

Cowards that we were, we rented a car the next day for $55 (including $20
for an Anguillan license) and that night drove 60 seconds to Dune Preserve,
only to realize we were too full for a drink. Because, on Anguilla, what
you do is eat - often.

 Our gluttony had begun at Santorini, which, like CuisinArt's other
heavenly restaurant, Cafe Mediterraneo, uses food grown in the resort's
high-tech hydroponic garden or its old-school organic one. There, Rose and
I went to a class led by CuisinArt's executive chef, Daniel Orr, formerly a
chef at Guastavino's in New York City.

 Neither of us is a great cook. (My fridge at home contains two bottles of
seltzer, nail polish and AA batteries.) But we are great eaters. We stuffed
ourselves with a tangy serving of stingray, a dizzyingly delicious
chocolate souffli and yellow lentil bisque so good we were tempted to lick
our bowls.

 Afterward, I was shocked at the $75 charge, well over the advertised $55 I
had budgeted (it had just gone up). I next heard my whiny voice telling the
concierge:

 "You don't understand. I cannot afford this extra $20."

 The concierge rolled her eyes, but, hey, I needed $110 for the seaweed
scrub later.

That evening, we took a cab ($13 each way) to dinner at Blanchard's, a
top-notch restaurant in a quaint cottage. Most of the 23 tables were
arranged on the main floor, but we sat on a lower patio overlooking
fountains and gardens and the sea beyond. The only disappointments were the
rubbery lobster included in the $56 Caribbean Sampler and the waiters'
rushing us through the meal. Total for my dinner: $110.40.

 Perhaps the management could sense that we were not the stars of our
imaginations. I asked the man at the bar if any real stars came in. He
reeled off names of those who had been there "just yesterday": Denzel
Washington. Johnny Damon. Liam Neeson and his wife, Natasha Richardson.
Courteney Cox Arquette. And, of course, Jennifer Aniston.

The next day, though it was dry season, it poured. So on that rainy Sunday
we rented a car and checked out Anguilla, which didn't take long. It is
only about 16 miles long and 3 miles wide. We found it pleasingly devoid of
cheesy T-shirt shops and fast-food joints but plentiful with road-roaming
goats and the smiling people who own them.

 We lunched at Gorgeous Scilly Cay, a primitive restaurant on a tiny island
off the northeastern coast. With no electricity, it's open only from 11
a.m. to 5 p.m. To get there, you stand on a dock and hail a boatman.

 Normally, patrons sun themselves there on lounge chairs between courses,
and get foot rubs from the restaurant's masseur, said the owner, Sandra
Wallace. But not on this rainy day. On the boat over with us, she wore a
garbage bag to stay dry; the masseur stayed home.

 Still, a calypso band played upbeat music in the main house, which had
about a dozen tables and was open on all sides. Outside, there were several
palm-covered huts, each with a few plastic tables and chairs, where I
ordered the crayfish and chicken plate for $45, as sweet as their rum punch
was dangerous. My lunch, with tip, came to $74.

 We found no famous people there, either - we were managing to repel them -
though we did hear that Sharon Stone had recently rented out the whole
island. And Jennifer Aniston (her again) had been there the week before.

 That evening, I had my second treatment at the Venus Spa - a place without
much character or Zen - at CuisinArt. (In the thumbnail-size locker room, I
awkwardly rubbed elbows with someone's naked grandmother.) The Caribbean
warm stone massage ($115, plus $22 tip) was a step up from the seaweed wrap
of the day before - better called the seaweed chill.

That one began with me shivering in the treatment room. The masseuse said,
"If I told them once, I told them 20 times, this room is freezing."

 Then she spread cold seaweed gook over my goose bumps. I groaned while she
mummified me with towels. Under those coverings, wrapped inside foil, I
felt like a hypothermia patient.

But relief came with the warm stone massage. As the smooth rocks rolled
over my muscles it felt oddly soothing, as if I were being seared by a
giant stick of roll-on deodorant. I felt so much at ease that later I
splurged on a smoothie for Rose, at $8.05 the only thing I could afford to
buy her all weekend.

When the sun came out on our last day, I passed the hot tub and saw that
same annoying family with their dreaded ball, this time being tossed
between two strollers. So I headed for the beach.

 I bobbed around the water for a while, then moved my peaceful self to a
lounge chair. There I sipped on my own smoothie until it was time to get
back to the real world by way of the St. Martin airport.

At a terminal newsstand, I finally saw Jennifer Aniston - on a magazine
cover. How terrible - her Anguillan experience included suffering greater
than my seaweed chill - she and Brad had broken up.

"Hey lady!" the cashier yelled. "Did you see the sign? You can't read the
magazines until you buy them!"

What, she thought I looked rich? I had already spent my $2,000. So I
dropped the $3.95 magazine onto the shelf and walked away.

TWO-DAY TOTAL: $2,000.35

Visitor Information

Getting There

Several United States airlines run flights to Anguilla, but most operate in
connection with other carriers. Most flights go through San Juan, and the
cheapest fares (from about $646 round trip for late March) can require an
additional connection in St. Martin. If you fly into St. Martin (from about
$561 round trip), you can take a 20-minute ferry to Anguilla ($24 round
trip plus $2.75 departure tax from St. Martin and $3 from Anguilla).
Ferries run every half hour from 7:30 a.m. to 7:30 p.m.

 Where to Stay

Cap Juluca, (888) 858-5822, www.capjuluca.com, is tucked away on the
secluded beach at Maunday's Bay, making it a favorite hideaway for
celebrities. Doubles start at $780 a night in the high season, from $445 in
April, and $345 from May 1 through mid-November. (Add 20 percent in taxes
to all rates.)

Malliouhana Hotel and Spa, (264) 497-6111, www.malliouhana.com, is the
perfect place to see an Anguillan sunset: it sits atop a cliff facing west
over the crystal blue waters of Mead's Bay. Doubles start at $400 from
April 1 to 30, and $290 from May 1 to Nov. 19; ocean-view one-bedroom
suites are $825 and $660.

 CuisinArt Resort and Spa, (264) 498-2000, www.cuisinartresort.com, is
perched on Rendezvous Bay. Rooms start at $550 a night from January through
March, $395 in April, and $350 from May 1 to mid-December.

 Lloyd's Guest House, (264) 497-2351, www.lloyds.ai, has 14 rooms on Crocus
Hill, in walking distance of Crocus Bay. The spacious rooms, some recently
renovated, go for $65 to $85, with breakfast.

Where to Eat

Blanchard's, (264) 497-6100, www.blanchardsrestaurant.com, has a romantic
setting overlooking Mead's Bay, and serves food with a Caribbean flair.
>From mid-October through May, it opens for dinner at 6:30 p.m. and is
closed Sunday. June through August, it is closed Sunday and Monday. Closed
Sept. 1 to Oct. 20. Entrees from $34.

 Gorgeous Scilly Cay, (264) 497-5123, is an open-air restaurant on its own
island, with free ferry service from Island Harbor. It is open on
Wednesday, Friday and Sunday 11 a.m. to 5 p.m. Since there is no
electricity, all food (chicken or seafood) is grilled. Live music on
Wednesday and Sunday. Entrees start at $25.

 Roy's Place, (264) 497-2470, www.roysplaceanguilla.com, is a charming
beachcomber's joint overlooking Crocus Bay, with a lively beach bar and an
Internet connection for guests (including wireless). There is a Friday
happy hour with dinner specials for $12. The Sunday specials are prime rib
($20) and lobster ($38). Lunch and dinner served daily, except dinner only
on Saturday.

 English Rose, (264) 497-5353, a tavern in the central business district of
The Valley, serves generous portions of comfort food at reasonable prices:
burgers from $4, salads from $6. Closed Sunday.

Tasty's Restaurant, (264) 497-2737, offers chic-casual Caribbean dining in
South Hill: dishes like stewed creole-style lobster for $30, and
coconut-crusted filet of parrot fish in banana rum sauce for $20. Open for
breakfast, lunch and dinner daily, except Thursday.

Trattoria Tramonto, (264) 497-8819, has open-air dining and a beach bar on
one of the island's prettiest beaches, Shoal Bay West. The Italian menu
emphasizes game and seafood, including wild boar filet mignon ($35) and
spaghetti with crayfish, clams and shrimp ($30). Lunch and dinner except
Monday.

 Uncle Ernie's, (264) 497-3907, is a quintessential beach shack on Shoal
Bay East; open 9 a.m. to 7 p.m.

 What to Do

Taino Wellness Center, off Spanish Town Road, South Hill, (264) 497-6066,
www.magma.ca/~phwalker/, offers massages (from $40 for 30 minutes),
manicures and pedicures (from $15), facials (from $50), and body treatments.

 Devonish Art Gallery, the Cove, West End, (264) 497-2949, shows works of
local artists, including those by Courtney Devonish, a woodcarver and
ceramicist. Open 9 a.m. to 5 p.m. Monday to Saturday or by appointment
Sunday.

 Horseback riding with  El Rancho del Blues in Blowing Point, (264)
497-6164 or 497-6334, starts at $25 an hour.

JULIET MACUR is a sports reporter for The Times.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From bill.stewart at pobox.com  Sat Feb 26 15:12:08 2005
From: bill.stewart at pobox.com (Bill Stewart)
Date: Sat, 26 Feb 2005 15:12:08 -0800 (PST)
Subject: Anguilla on $1000 a day - NYTimes
Message-ID: <3755.216.240.32.1.1109459528.squirrel@smirk.idiom.com>

The NYT updates us on a favorite cryptographers' hideout....


http://travel2.nytimes.com/2005/02/27/travel/27high.html

February 27, 2005
HIGH LOW
High: Anguilla on $1000 a Day
By JULIET MACUR

N hour after arriving on Anguilla in early January, I was soaking in the
hot tub at an exclusive resort, sunglasses on, eyes closed, sun warming my
pasty Northeastern face.

Ah, Anguilla, a quiet island that has recently become "the next St.
Barts," a hedonistic hideaway and magnet for members of the boldface set.
At the northeast corner of this narrow isle, Jennifer Aniston and Brad
Pitt spent New Year's in a villa on Captain's Bay. On its southwestern
coast, Jay-Z and Beyonci had cuddled on the sands of Shoal Bay West. Down
the beach from my resort, Uma Thurman had kicked back at a local bar.

Just as I began to imagine that I, too, was a star on an
escape-the-paparazzi trip, reality interrupted. A foreign object crashed
into my hot tub and sent water slapping against my face. A small boy and
his father were throwing a ball wildly.

The father's next toss bounced off the boy's head and against a woman's
forehead. The father laughed. The woman smiled. I growled and thought,
"This doesn't happen to Jennifer Aniston."

I left in a huff because I had no time for distractions. This was serious
business: I had to figure out how to get by on $1,000 a day.
Related Feature
Low: Anguilla on $250 a Day

Though Anguilla is a relatively undeveloped island where goats might
outnumber residents, $1,000 a day at a chic resort amounts to roughing it.

At the Cap Juluca resort, the cheapest room in high season cost $936 a
night, including the 20 percent tax. Malliouhana Hotel offered a garden
view room on the first floor for $744.

If my best friend, Rose, and I were to eat, drink and even think of going
to the spa on my $1,000-a-day budget, the only high-end resort I could
afford was the CuisinArt Resort and Spa, which sits near the island's
southwestern end on Rendezvous Bay's beach, one and a half miles of
flour-soft sand, blindingly white.

The turquoise ocean water was as clear as Evian, and you could see fish
near the sea floor. The cheapest rate, $550 plus $110 tax - but including
Continental breakfast - would allow us to pretend we belonged at this
beautiful place.

The resort's grounds were simple and elegant. Eggplant-colored
bougainvillea climbed the whitewashed stucco buildings that looked as if
they had been plucked from a Greek cliff. In a nearby garden were trees
heavy with guavas, fig bananas and star apples.

As we looked from the lobby onto a series of rectangular pools cascading
to the beach, a receptionist said we had been upgraded from the main house
to a suite in one of the 10 three-story villas clustered along the shore.
"We hope you don't mind," she said, unaware that I was a journalist.

No, we didn't, and certainly not after seeing the room. The upgrade, to a
junior suite that would have cost $120 more a night, allowed us to hear
waves from our patio.

Our "suite" was a cheery, not fancy, single room, but at 920 square feet
was nearly as big as my Manhattan apartment. A navy couch broke up the
space into sleeping and lounging areas. Two double beds with wicker
headboards faced the porch and a walkway to the beach. Paintings of Greek
fishing villages and bright bedspreads splashed color against the white
walls and tile floors.

A brochure called the bathroom "your own private sanctum," large enough
for an oval tub for a honeymooning couple's bubble bath. But nothing was
that private, considering one wall was made of warped glass. While on the
outside walkway one day, I gasped when I saw a fuzzy version of Rose
heading for the shower.

At the resort's free reception on our first night (with food and drink),
the manager, Rabin Ortiz, told us, "Do not make plans for your weekend."
We quickly learned why. There are no plans to make because, on Anguilla,
there is basically nothing to do. And that's the point.

At CuisinArt, stay away from the main pool (where ball-tossing children
congregate). Instead, sit on the beach and take delivery of homemade lemon
sorbet from waiters whose goal is to fill you with fruity rum drinks.
After sundown, submit to spa treatments like the Anguillan coconut
pineapple scrub, which smells good enough to eat, and the hydroponic
cucumber and aloe wrap, using ingredients grown on the premises.

It was the perfect place for us: upscale, but not one bit snooty.

Night life is minimal. (At 10:30 on Saturday night, only one couple was at
our resort's bar, where a trio sang "Endless Love.") Sea kayaks,
sailboats, catamarans and tennis courts were available and mostly unused.
For casino or dance club action, it's a half-hour ferry ride to St.
Martin.

Still, after too many games of boccie and gin rummy - or perhaps not
enough gin and rum - we searched for some fun. Down the beach was Dune
Preserve, a delightfully mellow bar inside a wooden shack owned by the
local reggae legend Bankie Banx. A CuisinArt bartender said that Uma had
been there the night before.

We followed the shoreline to get there. But then, as if the local gods
ordered punishment for all $1,000-a-day cheapskates, two stray dogs
charged us in the darkness. We couldn't see them, but they barked and
snapped like rabid Rottweilers, sending us running back to CuisinArt. So
much for Uma.

Cowards that we were, we rented a car the next day for $55 (including $20
for an Anguillan license) and that night drove 60 seconds to Dune
Preserve, only to realize we were too full for a drink. Because, on
Anguilla, what you do is eat - often.

Our gluttony had begun at Santorini, which, like CuisinArt's other
heavenly restaurant, Cafe Mediterraneo, uses food grown in the resort's
high-tech hydroponic garden or its old-school organic one. There, Rose and
I went to a class led by CuisinArt's executive chef, Daniel Orr, formerly
a chef at Guastavino's in New York City.

Neither of us is a great cook. (My fridge at home contains two bottles of
seltzer, nail polish and AA batteries.) But we are great eaters. We
stuffed ourselves with a tangy serving of stingray, a dizzyingly delicious
chocolate souffli and yellow lentil bisque so good we were tempted to lick
our bowls.

Afterward, I was shocked at the $75 charge, well over the advertised $55 I
had budgeted (it had just gone up). I next heard my whiny voice telling
the concierge:

"You don't understand. I cannot afford this extra $20."

The concierge rolled her eyes, but, hey, I needed $110 for the seaweed
scrub later.

That evening, we took a cab ($13 each way) to dinner at Blanchard's, a
top-notch restaurant in a quaint cottage. Most of the 23 tables were
arranged on the main floor, but we sat on a lower patio overlooking
fountains and gardens and the sea beyond. The only disappointments were
the rubbery lobster included in the $56 Caribbean Sampler and the waiters'
rushing us through the meal. Total for my dinner: $110.40.

Perhaps the management could sense that we were not the stars of our
imaginations. I asked the man at the bar if any real stars came in. He
reeled off names of those who had been there "just yesterday": Denzel
Washington. Johnny Damon. Liam Neeson and his wife, Natasha Richardson.
Courteney Cox Arquette. And, of course, Jennifer Aniston.

The next day, though it was dry season, it poured. So on that rainy Sunday
we rented a car and checked out Anguilla, which didn't take long. It is
only about 16 miles long and 3 miles wide. We found it pleasingly devoid
of cheesy T-shirt shops and fast-food joints but plentiful with
road-roaming goats and the smiling people who own them.

We lunched at Gorgeous Scilly Cay, a primitive restaurant on a tiny island
off the northeastern coast. With no electricity, it's open only from 11
a.m. to 5 p.m. To get there, you stand on a dock and hail a boatman.

Normally, patrons sun themselves there on lounge chairs between courses,
and get foot rubs from the restaurant's masseur, said the owner, Sandra
Wallace. But not on this rainy day. On the boat over with us, she wore a
garbage bag to stay dry; the masseur stayed home.

Still, a calypso band played upbeat music in the main house, which had
about a dozen tables and was open on all sides. Outside, there were
several palm-covered huts, each with a few plastic tables and chairs,
where I ordered the crayfish and chicken plate for $45, as sweet as their
rum punch was dangerous. My lunch, with tip, came to $74.

We found no famous people there, either - we were managing to repel them -
though we did hear that Sharon Stone had recently rented out the whole
island. And Jennifer Aniston (her again) had been there the week before.

That evening, I had my second treatment at the Venus Spa - a place without
much character or Zen - at CuisinArt. (In the thumbnail-size locker room,
I awkwardly rubbed elbows with someone's naked grandmother.) The Caribbean
warm stone massage ($115, plus $22 tip) was a step up from the seaweed
wrap of the day before - better called the seaweed chill.

That one began with me shivering in the treatment room. The masseuse said,
"If I told them once, I told them 20 times, this room is freezing."

Then she spread cold seaweed gook over my goose bumps. I groaned while she
mummified me with towels. Under those coverings, wrapped inside foil, I
felt like a hypothermia patient.

But relief came with the warm stone massage. As the smooth rocks rolled
over my muscles it felt oddly soothing, as if I were being seared by a
giant stick of roll-on deodorant. I felt so much at ease that later I
splurged on a smoothie for Rose, at $8.05 the only thing I could afford to
buy her all weekend.

When the sun came out on our last day, I passed the hot tub and saw that
same annoying family with their dreaded ball, this time being tossed
between two strollers. So I headed for the beach.

I bobbed around the water for a while, then moved my peaceful self to a
lounge chair. There I sipped on my own smoothie until it was time to get
back to the real world by way of the St. Martin airport.

At a terminal newsstand, I finally saw Jennifer Aniston - on a magazine
cover. How terrible - her Anguillan experience included suffering greater
than my seaweed chill - she and Brad had broken up.

"Hey lady!" the cashier yelled. "Did you see the sign? You can't read the
magazines until you buy them!"

What, she thought I looked rich? I had already spent my $2,000. So I
dropped the $3.95 magazine onto the shelf and walked away.

TWO-DAY TOTAL: $2,000.35

Visitor Information

Getting There

Several United States airlines run flights to Anguilla, but most operate
in connection with other carriers. Most flights go through San Juan, and
the cheapest fares (from about $646 round trip for late March) can require
an additional connection in St. Martin. If you fly into St. Martin (from
about $561 round trip), you can take a 20-minute ferry to Anguilla ($24
round trip plus $2.75 departure tax from St. Martin and $3 from Anguilla).
Ferries run every half hour from 7:30 a.m. to 7:30 p.m.

Where to Stay

Cap Juluca, (888) 858-5822, www.capjuluca.com, is tucked away on the
secluded beach at Maunday's Bay, making it a favorite hideaway for
celebrities. Doubles start at $780 a night in the high season, from $445
in April, and $345 from May 1 through mid-November. (Add 20 percent in
taxes to all rates.)

Malliouhana Hotel and Spa, (264) 497-6111, www.malliouhana.com, is the
perfect place to see an Anguillan sunset: it sits atop a cliff facing west
over the crystal blue waters of Mead's Bay. Doubles start at $400 from
April 1 to 30, and $290 from May 1 to Nov. 19; ocean-view one-bedroom
suites are $825 and $660.

CuisinArt Resort and Spa, (264) 498-2000, www.cuisinartresort.com, is
perched on Rendezvous Bay. Rooms start at $550 a night from January
through March, $395 in April, and $350 from May 1 to mid-December.

Lloyd's Guest House, (264) 497-2351, www.lloyds.ai, has 14 rooms on Crocus
Hill, in walking distance of Crocus Bay. The spacious rooms, some recently
renovated, go for $65 to $85, with breakfast.

Where to Eat

Blanchard's, (264) 497-6100, www.blanchardsrestaurant.com, has a romantic
setting overlooking Mead's Bay, and serves food with a Caribbean flair.
>From mid-October through May, it opens for dinner at 6:30 p.m. and is
closed Sunday. June through August, it is closed Sunday and Monday. Closed
Sept. 1 to Oct. 20. Entrees from $34.

Gorgeous Scilly Cay, (264) 497-5123, is an open-air restaurant on its own
island, with free ferry service from Island Harbor. It is open on
Wednesday, Friday and Sunday 11 a.m. to 5 p.m. Since there is no
electricity, all food (chicken or seafood) is grilled. Live music on
Wednesday and Sunday. Entrees start at $25.

Roy's Place, (264) 497-2470, www.roysplaceanguilla.com, is a charming
beachcomber's joint overlooking Crocus Bay, with a lively beach bar and an
Internet connection for guests (including wireless). There is a Friday
happy hour with dinner specials for $12. The Sunday specials are prime rib
($20) and lobster ($38). Lunch and dinner served daily, except dinner only
on Saturday.

English Rose, (264) 497-5353, a tavern in the central business district of
The Valley, serves generous portions of comfort food at reasonable prices:
burgers from $4, salads from $6. Closed Sunday.

Tasty's Restaurant, (264) 497-2737, offers chic-casual Caribbean dining in
South Hill: dishes like stewed creole-style lobster for $30, and
coconut-crusted filet of parrot fish in banana rum sauce for $20. Open for
breakfast, lunch and dinner daily, except Thursday.

Trattoria Tramonto, (264) 497-8819, has open-air dining and a beach bar on
one of the island's prettiest beaches, Shoal Bay West. The Italian menu
emphasizes game and seafood, including wild boar filet mignon ($35) and
spaghetti with crayfish, clams and shrimp ($30). Lunch and dinner except
Monday.

Uncle Ernie's, (264) 497-3907, is a quintessential beach shack on Shoal
Bay East; open 9 a.m. to 7 p.m.

What to Do

Taino Wellness Center, off Spanish Town Road, South Hill, (264) 497-6066,
www.magma.ca/~phwalker/, offers massages (from $40 for 30 minutes),
manicures and pedicures (from $15), facials (from $50), and body
treatments.

Devonish Art Gallery, the Cove, West End, (264) 497-2949, shows works of
local artists, including those by Courtney Devonish, a woodcarver and
ceramicist. Open 9 a.m. to 5 p.m. Monday to Saturday or by appointment
Sunday.

Horseback riding with El Rancho del Blues in Blowing Point, (264) 497-6164
or 497-6334, starts at $25 an hour.

JULIET MACUR is a sports reporter for The Times.

Copyright 2005 The New York Times Company | Home | Privacy Policy | Search
| Corrections | RSS | Help | Back to Top




From bill.stewart at pobox.com  Sat Feb 26 19:19:55 2005
From: bill.stewart at pobox.com (Bill Stewart)
Date: Sat, 26 Feb 2005 19:19:55 -0800 (PST)
Subject: Anguilla on $1000 a day - NYTimes
Message-ID: <4042.216.240.32.1.1109474395.squirrel@smirk.idiom.com>

The NYT updates us on a favorite cryptographers' hideout....


http://travel2.nytimes.com/2005/02/27/travel/27high.html

February 27, 2005
HIGH LOW
High: Anguilla on $1000 a Day
By JULIET MACUR

N hour after arriving on Anguilla in early January, I was soaking in the
hot tub at an exclusive resort, sunglasses on, eyes closed, sun warming my
pasty Northeastern face.

Ah, Anguilla, a quiet island that has recently become "the next St.
Barts," a hedonistic hideaway and magnet for members of the boldface set.
At the northeast corner of this narrow isle, Jennifer Aniston and Brad
Pitt spent New Year's in a villa on Captain's Bay. On its southwestern
coast, Jay-Z and Beyonci had cuddled on the sands of Shoal Bay West. Down
the beach from my resort, Uma Thurman had kicked back at a local bar.

Just as I began to imagine that I, too, was a star on an
escape-the-paparazzi trip, reality interrupted. A foreign object crashed
into my hot tub and sent water slapping against my face. A small boy and
his father were throwing a ball wildly.

The father's next toss bounced off the boy's head and against a woman's
forehead. The father laughed. The woman smiled. I growled and thought,
"This doesn't happen to Jennifer Aniston."

I left in a huff because I had no time for distractions. This was serious
business: I had to figure out how to get by on $1,000 a day.
Related Feature
Low: Anguilla on $250 a Day

Though Anguilla is a relatively undeveloped island where goats might
outnumber residents, $1,000 a day at a chic resort amounts to roughing it.

At the Cap Juluca resort, the cheapest room in high season cost $936 a
night, including the 20 percent tax. Malliouhana Hotel offered a garden
view room on the first floor for $744.

If my best friend, Rose, and I were to eat, drink and even think of going
to the spa on my $1,000-a-day budget, the only high-end resort I could
afford was the CuisinArt Resort and Spa, which sits near the island's
southwestern end on Rendezvous Bay's beach, one and a half miles of
flour-soft sand, blindingly white.

The turquoise ocean water was as clear as Evian, and you could see fish
near the sea floor. The cheapest rate, $550 plus $110 tax - but including
Continental breakfast - would allow us to pretend we belonged at this
beautiful place.

The resort's grounds were simple and elegant. Eggplant-colored
bougainvillea climbed the whitewashed stucco buildings that looked as if
they had been plucked from a Greek cliff. In a nearby garden were trees
heavy with guavas, fig bananas and star apples.

As we looked from the lobby onto a series of rectangular pools cascading
to the beach, a receptionist said we had been upgraded from the main house
to a suite in one of the 10 three-story villas clustered along the shore.
"We hope you don't mind," she said, unaware that I was a journalist.

No, we didn't, and certainly not after seeing the room. The upgrade, to a
junior suite that would have cost $120 more a night, allowed us to hear
waves from our patio.

Our "suite" was a cheery, not fancy, single room, but at 920 square feet
was nearly as big as my Manhattan apartment. A navy couch broke up the
space into sleeping and lounging areas. Two double beds with wicker
headboards faced the porch and a walkway to the beach. Paintings of Greek
fishing villages and bright bedspreads splashed color against the white
walls and tile floors.

A brochure called the bathroom "your own private sanctum," large enough
for an oval tub for a honeymooning couple's bubble bath. But nothing was
that private, considering one wall was made of warped glass. While on the
outside walkway one day, I gasped when I saw a fuzzy version of Rose
heading for the shower.

At the resort's free reception on our first night (with food and drink),
the manager, Rabin Ortiz, told us, "Do not make plans for your weekend."
We quickly learned why. There are no plans to make because, on Anguilla,
there is basically nothing to do. And that's the point.

At CuisinArt, stay away from the main pool (where ball-tossing children
congregate). Instead, sit on the beach and take delivery of homemade lemon
sorbet from waiters whose goal is to fill you with fruity rum drinks.
After sundown, submit to spa treatments like the Anguillan coconut
pineapple scrub, which smells good enough to eat, and the hydroponic
cucumber and aloe wrap, using ingredients grown on the premises.

It was the perfect place for us: upscale, but not one bit snooty.

Night life is minimal. (At 10:30 on Saturday night, only one couple was at
our resort's bar, where a trio sang "Endless Love.") Sea kayaks,
sailboats, catamarans and tennis courts were available and mostly unused.
For casino or dance club action, it's a half-hour ferry ride to St.
Martin.

Still, after too many games of boccie and gin rummy - or perhaps not
enough gin and rum - we searched for some fun. Down the beach was Dune
Preserve, a delightfully mellow bar inside a wooden shack owned by the
local reggae legend Bankie Banx. A CuisinArt bartender said that Uma had
been there the night before.

We followed the shoreline to get there. But then, as if the local gods
ordered punishment for all $1,000-a-day cheapskates, two stray dogs
charged us in the darkness. We couldn't see them, but they barked and
snapped like rabid Rottweilers, sending us running back to CuisinArt. So
much for Uma.

Cowards that we were, we rented a car the next day for $55 (including $20
for an Anguillan license) and that night drove 60 seconds to Dune
Preserve, only to realize we were too full for a drink. Because, on
Anguilla, what you do is eat - often.

Our gluttony had begun at Santorini, which, like CuisinArt's other
heavenly restaurant, Cafe Mediterraneo, uses food grown in the resort's
high-tech hydroponic garden or its old-school organic one. There, Rose and
I went to a class led by CuisinArt's executive chef, Daniel Orr, formerly
a chef at Guastavino's in New York City.

Neither of us is a great cook. (My fridge at home contains two bottles of
seltzer, nail polish and AA batteries.) But we are great eaters. We
stuffed ourselves with a tangy serving of stingray, a dizzyingly delicious
chocolate souffli and yellow lentil bisque so good we were tempted to lick
our bowls.

Afterward, I was shocked at the $75 charge, well over the advertised $55 I
had budgeted (it had just gone up). I next heard my whiny voice telling
the concierge:

"You don't understand. I cannot afford this extra $20."

The concierge rolled her eyes, but, hey, I needed $110 for the seaweed
scrub later.

That evening, we took a cab ($13 each way) to dinner at Blanchard's, a
top-notch restaurant in a quaint cottage. Most of the 23 tables were
arranged on the main floor, but we sat on a lower patio overlooking
fountains and gardens and the sea beyond. The only disappointments were
the rubbery lobster included in the $56 Caribbean Sampler and the waiters'
rushing us through the meal. Total for my dinner: $110.40.

Perhaps the management could sense that we were not the stars of our
imaginations. I asked the man at the bar if any real stars came in. He
reeled off names of those who had been there "just yesterday": Denzel
Washington. Johnny Damon. Liam Neeson and his wife, Natasha Richardson.
Courteney Cox Arquette. And, of course, Jennifer Aniston.

The next day, though it was dry season, it poured. So on that rainy Sunday
we rented a car and checked out Anguilla, which didn't take long. It is
only about 16 miles long and 3 miles wide. We found it pleasingly devoid
of cheesy T-shirt shops and fast-food joints but plentiful with
road-roaming goats and the smiling people who own them.

We lunched at Gorgeous Scilly Cay, a primitive restaurant on a tiny island
off the northeastern coast. With no electricity, it's open only from 11
a.m. to 5 p.m. To get there, you stand on a dock and hail a boatman.

Normally, patrons sun themselves there on lounge chairs between courses,
and get foot rubs from the restaurant's masseur, said the owner, Sandra
Wallace. But not on this rainy day. On the boat over with us, she wore a
garbage bag to stay dry; the masseur stayed home.

Still, a calypso band played upbeat music in the main house, which had
about a dozen tables and was open on all sides. Outside, there were
several palm-covered huts, each with a few plastic tables and chairs,
where I ordered the crayfish and chicken plate for $45, as sweet as their
rum punch was dangerous. My lunch, with tip, came to $74.

We found no famous people there, either - we were managing to repel them -
though we did hear that Sharon Stone had recently rented out the whole
island. And Jennifer Aniston (her again) had been there the week before.

That evening, I had my second treatment at the Venus Spa - a place without
much character or Zen - at CuisinArt. (In the thumbnail-size locker room,
I awkwardly rubbed elbows with someone's naked grandmother.) The Caribbean
warm stone massage ($115, plus $22 tip) was a step up from the seaweed
wrap of the day before - better called the seaweed chill.

That one began with me shivering in the treatment room. The masseuse said,
"If I told them once, I told them 20 times, this room is freezing."

Then she spread cold seaweed gook over my goose bumps. I groaned while she
mummified me with towels. Under those coverings, wrapped inside foil, I
felt like a hypothermia patient.

But relief came with the warm stone massage. As the smooth rocks rolled
over my muscles it felt oddly soothing, as if I were being seared by a
giant stick of roll-on deodorant. I felt so much at ease that later I
splurged on a smoothie for Rose, at $8.05 the only thing I could afford to
buy her all weekend.

When the sun came out on our last day, I passed the hot tub and saw that
same annoying family with their dreaded ball, this time being tossed
between two strollers. So I headed for the beach.

I bobbed around the water for a while, then moved my peaceful self to a
lounge chair. There I sipped on my own smoothie until it was time to get
back to the real world by way of the St. Martin airport.

At a terminal newsstand, I finally saw Jennifer Aniston - on a magazine
cover. How terrible - her Anguillan experience included suffering greater
than my seaweed chill - she and Brad had broken up.

"Hey lady!" the cashier yelled. "Did you see the sign? You can't read the
magazines until you buy them!"

What, she thought I looked rich? I had already spent my $2,000. So I
dropped the $3.95 magazine onto the shelf and walked away.

TWO-DAY TOTAL: $2,000.35

Visitor Information

Getting There

Several United States airlines run flights to Anguilla, but most operate
in connection with other carriers. Most flights go through San Juan, and
the cheapest fares (from about $646 round trip for late March) can require
an additional connection in St. Martin. If you fly into St. Martin (from
about $561 round trip), you can take a 20-minute ferry to Anguilla ($24
round trip plus $2.75 departure tax from St. Martin and $3 from Anguilla).
Ferries run every half hour from 7:30 a.m. to 7:30 p.m.

Where to Stay

Cap Juluca, (888) 858-5822, www.capjuluca.com, is tucked away on the
secluded beach at Maunday's Bay, making it a favorite hideaway for
celebrities. Doubles start at $780 a night in the high season, from $445
in April, and $345 from May 1 through mid-November. (Add 20 percent in
taxes to all rates.)

Malliouhana Hotel and Spa, (264) 497-6111, www.malliouhana.com, is the
perfect place to see an Anguillan sunset: it sits atop a cliff facing west
over the crystal blue waters of Mead's Bay. Doubles start at $400 from
April 1 to 30, and $290 from May 1 to Nov. 19; ocean-view one-bedroom
suites are $825 and $660.

CuisinArt Resort and Spa, (264) 498-2000, www.cuisinartresort.com, is
perched on Rendezvous Bay. Rooms start at $550 a night from January
through March, $395 in April, and $350 from May 1 to mid-December.

Lloyd's Guest House, (264) 497-2351, www.lloyds.ai, has 14 rooms on Crocus
Hill, in walking distance of Crocus Bay. The spacious rooms, some recently
renovated, go for $65 to $85, with breakfast.

Where to Eat

Blanchard's, (264) 497-6100, www.blanchardsrestaurant.com, has a romantic
setting overlooking Mead's Bay, and serves food with a Caribbean flair.
>From mid-October through May, it opens for dinner at 6:30 p.m. and is
closed Sunday. June through August, it is closed Sunday and Monday. Closed
Sept. 1 to Oct. 20. Entrees from $34.

Gorgeous Scilly Cay, (264) 497-5123, is an open-air restaurant on its own
island, with free ferry service from Island Harbor. It is open on
Wednesday, Friday and Sunday 11 a.m. to 5 p.m. Since there is no
electricity, all food (chicken or seafood) is grilled. Live music on
Wednesday and Sunday. Entrees start at $25.

Roy's Place, (264) 497-2470, www.roysplaceanguilla.com, is a charming
beachcomber's joint overlooking Crocus Bay, with a lively beach bar and an
Internet connection for guests (including wireless). There is a Friday
happy hour with dinner specials for $12. The Sunday specials are prime rib
($20) and lobster ($38). Lunch and dinner served daily, except dinner only
on Saturday.

English Rose, (264) 497-5353, a tavern in the central business district of
The Valley, serves generous portions of comfort food at reasonable prices:
burgers from $4, salads from $6. Closed Sunday.

Tasty's Restaurant, (264) 497-2737, offers chic-casual Caribbean dining in
South Hill: dishes like stewed creole-style lobster for $30, and
coconut-crusted filet of parrot fish in banana rum sauce for $20. Open for
breakfast, lunch and dinner daily, except Thursday.

Trattoria Tramonto, (264) 497-8819, has open-air dining and a beach bar on
one of the island's prettiest beaches, Shoal Bay West. The Italian menu
emphasizes game and seafood, including wild boar filet mignon ($35) and
spaghetti with crayfish, clams and shrimp ($30). Lunch and dinner except
Monday.

Uncle Ernie's, (264) 497-3907, is a quintessential beach shack on Shoal
Bay East; open 9 a.m. to 7 p.m.

What to Do

Taino Wellness Center, off Spanish Town Road, South Hill, (264) 497-6066,
www.magma.ca/~phwalker/, offers massages (from $40 for 30 minutes),
manicures and pedicures (from $15), facials (from $50), and body
treatments.

Devonish Art Gallery, the Cove, West End, (264) 497-2949, shows works of
local artists, including those by Courtney Devonish, a woodcarver and
ceramicist. Open 9 a.m. to 5 p.m. Monday to Saturday or by appointment
Sunday.

Horseback riding with El Rancho del Blues in Blowing Point, (264) 497-6164
or 497-6334, starts at $25 an hour.

JULIET MACUR is a sports reporter for The Times.

Copyright 2005 The New York Times Company | Home | Privacy Policy | Search
| Corrections | RSS | Help | Back to Top




From camera_lumina at hotmail.com  Sun Feb 27 10:37:30 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Sun, 27 Feb 2005 13:37:30 -0500
Subject: Anguilla on $1000 a day - NYTimes
In-Reply-To: <4042.216.240.32.1.1109474395.squirrel@smirk.idiom.com>
Message-ID: <BAY24-F5555683E7C56CFBF7E9049B670@phx.gbl>

Wanna cut to the chase here? I don't think Jennifer Anuston is a 
cryptographer, and I got bored hacking my way through this reporter 
commiserating at being at a high-end clip joint.
-TD

>From: "Bill Stewart" <bill.stewart at pobox.com>
>To: cypherpunks at al-qaeda.net
>Subject: Anguilla on $1000 a day - NYTimes
>Date: Sat, 26 Feb 2005 19:19:55 -0800 (PST)
>
>The NYT updates us on a favorite cryptographers' hideout....
>
>
>http://travel2.nytimes.com/2005/02/27/travel/27high.html
>
>February 27, 2005
>HIGH LOW
>High: Anguilla on $1000 a Day
>By JULIET MACUR
>
>N hour after arriving on Anguilla in early January, I was soaking in the
>hot tub at an exclusive resort, sunglasses on, eyes closed, sun warming my
>pasty Northeastern face.
>
>Ah, Anguilla, a quiet island that has recently become "the next St.
>Barts," a hedonistic hideaway and magnet for members of the boldface set.
>At the northeast corner of this narrow isle, Jennifer Aniston and Brad
>Pitt spent New Year's in a villa on Captain's Bay. On its southwestern
>coast, Jay-Z and Beyonci had cuddled on the sands of Shoal Bay West. Down
>the beach from my resort, Uma Thurman had kicked back at a local bar.
>
>Just as I began to imagine that I, too, was a star on an
>escape-the-paparazzi trip, reality interrupted. A foreign object crashed
>into my hot tub and sent water slapping against my face. A small boy and
>his father were throwing a ball wildly.
>
>The father's next toss bounced off the boy's head and against a woman's
>forehead. The father laughed. The woman smiled. I growled and thought,
>"This doesn't happen to Jennifer Aniston."
>
>I left in a huff because I had no time for distractions. This was serious
>business: I had to figure out how to get by on $1,000 a day.
>Related Feature
>Low: Anguilla on $250 a Day
>
>Though Anguilla is a relatively undeveloped island where goats might
>outnumber residents, $1,000 a day at a chic resort amounts to roughing it.
>
>At the Cap Juluca resort, the cheapest room in high season cost $936 a
>night, including the 20 percent tax. Malliouhana Hotel offered a garden
>view room on the first floor for $744.
>
>If my best friend, Rose, and I were to eat, drink and even think of going
>to the spa on my $1,000-a-day budget, the only high-end resort I could
>afford was the CuisinArt Resort and Spa, which sits near the island's
>southwestern end on Rendezvous Bay's beach, one and a half miles of
>flour-soft sand, blindingly white.
>
>The turquoise ocean water was as clear as Evian, and you could see fish
>near the sea floor. The cheapest rate, $550 plus $110 tax - but including
>Continental breakfast - would allow us to pretend we belonged at this
>beautiful place.
>
>The resort's grounds were simple and elegant. Eggplant-colored
>bougainvillea climbed the whitewashed stucco buildings that looked as if
>they had been plucked from a Greek cliff. In a nearby garden were trees
>heavy with guavas, fig bananas and star apples.
>
>As we looked from the lobby onto a series of rectangular pools cascading
>to the beach, a receptionist said we had been upgraded from the main house
>to a suite in one of the 10 three-story villas clustered along the shore.
>"We hope you don't mind," she said, unaware that I was a journalist.
>
>No, we didn't, and certainly not after seeing the room. The upgrade, to a
>junior suite that would have cost $120 more a night, allowed us to hear
>waves from our patio.
>
>Our "suite" was a cheery, not fancy, single room, but at 920 square feet
>was nearly as big as my Manhattan apartment. A navy couch broke up the
>space into sleeping and lounging areas. Two double beds with wicker
>headboards faced the porch and a walkway to the beach. Paintings of Greek
>fishing villages and bright bedspreads splashed color against the white
>walls and tile floors.
>
>A brochure called the bathroom "your own private sanctum," large enough
>for an oval tub for a honeymooning couple's bubble bath. But nothing was
>that private, considering one wall was made of warped glass. While on the
>outside walkway one day, I gasped when I saw a fuzzy version of Rose
>heading for the shower.
>
>At the resort's free reception on our first night (with food and drink),
>the manager, Rabin Ortiz, told us, "Do not make plans for your weekend."
>We quickly learned why. There are no plans to make because, on Anguilla,
>there is basically nothing to do. And that's the point.
>
>At CuisinArt, stay away from the main pool (where ball-tossing children
>congregate). Instead, sit on the beach and take delivery of homemade lemon
>sorbet from waiters whose goal is to fill you with fruity rum drinks.
>After sundown, submit to spa treatments like the Anguillan coconut
>pineapple scrub, which smells good enough to eat, and the hydroponic
>cucumber and aloe wrap, using ingredients grown on the premises.
>
>It was the perfect place for us: upscale, but not one bit snooty.
>
>Night life is minimal. (At 10:30 on Saturday night, only one couple was at
>our resort's bar, where a trio sang "Endless Love.") Sea kayaks,
>sailboats, catamarans and tennis courts were available and mostly unused.
>For casino or dance club action, it's a half-hour ferry ride to St.
>Martin.
>
>Still, after too many games of boccie and gin rummy - or perhaps not
>enough gin and rum - we searched for some fun. Down the beach was Dune
>Preserve, a delightfully mellow bar inside a wooden shack owned by the
>local reggae legend Bankie Banx. A CuisinArt bartender said that Uma had
>been there the night before.
>
>We followed the shoreline to get there. But then, as if the local gods
>ordered punishment for all $1,000-a-day cheapskates, two stray dogs
>charged us in the darkness. We couldn't see them, but they barked and
>snapped like rabid Rottweilers, sending us running back to CuisinArt. So
>much for Uma.
>
>Cowards that we were, we rented a car the next day for $55 (including $20
>for an Anguillan license) and that night drove 60 seconds to Dune
>Preserve, only to realize we were too full for a drink. Because, on
>Anguilla, what you do is eat - often.
>
>Our gluttony had begun at Santorini, which, like CuisinArt's other
>heavenly restaurant, Cafe Mediterraneo, uses food grown in the resort's
>high-tech hydroponic garden or its old-school organic one. There, Rose and
>I went to a class led by CuisinArt's executive chef, Daniel Orr, formerly
>a chef at Guastavino's in New York City.
>
>Neither of us is a great cook. (My fridge at home contains two bottles of
>seltzer, nail polish and AA batteries.) But we are great eaters. We
>stuffed ourselves with a tangy serving of stingray, a dizzyingly delicious
>chocolate souffli and yellow lentil bisque so good we were tempted to lick
>our bowls.
>
>Afterward, I was shocked at the $75 charge, well over the advertised $55 I
>had budgeted (it had just gone up). I next heard my whiny voice telling
>the concierge:
>
>"You don't understand. I cannot afford this extra $20."
>
>The concierge rolled her eyes, but, hey, I needed $110 for the seaweed
>scrub later.
>
>That evening, we took a cab ($13 each way) to dinner at Blanchard's, a
>top-notch restaurant in a quaint cottage. Most of the 23 tables were
>arranged on the main floor, but we sat on a lower patio overlooking
>fountains and gardens and the sea beyond. The only disappointments were
>the rubbery lobster included in the $56 Caribbean Sampler and the waiters'
>rushing us through the meal. Total for my dinner: $110.40.
>
>Perhaps the management could sense that we were not the stars of our
>imaginations. I asked the man at the bar if any real stars came in. He
>reeled off names of those who had been there "just yesterday": Denzel
>Washington. Johnny Damon. Liam Neeson and his wife, Natasha Richardson.
>Courteney Cox Arquette. And, of course, Jennifer Aniston.
>
>The next day, though it was dry season, it poured. So on that rainy Sunday
>we rented a car and checked out Anguilla, which didn't take long. It is
>only about 16 miles long and 3 miles wide. We found it pleasingly devoid
>of cheesy T-shirt shops and fast-food joints but plentiful with
>road-roaming goats and the smiling people who own them.
>
>We lunched at Gorgeous Scilly Cay, a primitive restaurant on a tiny island
>off the northeastern coast. With no electricity, it's open only from 11
>a.m. to 5 p.m. To get there, you stand on a dock and hail a boatman.
>
>Normally, patrons sun themselves there on lounge chairs between courses,
>and get foot rubs from the restaurant's masseur, said the owner, Sandra
>Wallace. But not on this rainy day. On the boat over with us, she wore a
>garbage bag to stay dry; the masseur stayed home.
>
>Still, a calypso band played upbeat music in the main house, which had
>about a dozen tables and was open on all sides. Outside, there were
>several palm-covered huts, each with a few plastic tables and chairs,
>where I ordered the crayfish and chicken plate for $45, as sweet as their
>rum punch was dangerous. My lunch, with tip, came to $74.
>
>We found no famous people there, either - we were managing to repel them -
>though we did hear that Sharon Stone had recently rented out the whole
>island. And Jennifer Aniston (her again) had been there the week before.
>
>That evening, I had my second treatment at the Venus Spa - a place without
>much character or Zen - at CuisinArt. (In the thumbnail-size locker room,
>I awkwardly rubbed elbows with someone's naked grandmother.) The Caribbean
>warm stone massage ($115, plus $22 tip) was a step up from the seaweed
>wrap of the day before - better called the seaweed chill.
>
>That one began with me shivering in the treatment room. The masseuse said,
>"If I told them once, I told them 20 times, this room is freezing."
>
>Then she spread cold seaweed gook over my goose bumps. I groaned while she
>mummified me with towels. Under those coverings, wrapped inside foil, I
>felt like a hypothermia patient.
>
>But relief came with the warm stone massage. As the smooth rocks rolled
>over my muscles it felt oddly soothing, as if I were being seared by a
>giant stick of roll-on deodorant. I felt so much at ease that later I
>splurged on a smoothie for Rose, at $8.05 the only thing I could afford to
>buy her all weekend.
>
>When the sun came out on our last day, I passed the hot tub and saw that
>same annoying family with their dreaded ball, this time being tossed
>between two strollers. So I headed for the beach.
>
>I bobbed around the water for a while, then moved my peaceful self to a
>lounge chair. There I sipped on my own smoothie until it was time to get
>back to the real world by way of the St. Martin airport.
>
>At a terminal newsstand, I finally saw Jennifer Aniston - on a magazine
>cover. How terrible - her Anguillan experience included suffering greater
>than my seaweed chill - she and Brad had broken up.
>
>"Hey lady!" the cashier yelled. "Did you see the sign? You can't read the
>magazines until you buy them!"
>
>What, she thought I looked rich? I had already spent my $2,000. So I
>dropped the $3.95 magazine onto the shelf and walked away.
>
>TWO-DAY TOTAL: $2,000.35
>
>Visitor Information
>
>Getting There
>
>Several United States airlines run flights to Anguilla, but most operate
>in connection with other carriers. Most flights go through San Juan, and
>the cheapest fares (from about $646 round trip for late March) can require
>an additional connection in St. Martin. If you fly into St. Martin (from
>about $561 round trip), you can take a 20-minute ferry to Anguilla ($24
>round trip plus $2.75 departure tax from St. Martin and $3 from Anguilla).
>Ferries run every half hour from 7:30 a.m. to 7:30 p.m.
>
>Where to Stay
>
>Cap Juluca, (888) 858-5822, www.capjuluca.com, is tucked away on the
>secluded beach at Maunday's Bay, making it a favorite hideaway for
>celebrities. Doubles start at $780 a night in the high season, from $445
>in April, and $345 from May 1 through mid-November. (Add 20 percent in
>taxes to all rates.)
>
>Malliouhana Hotel and Spa, (264) 497-6111, www.malliouhana.com, is the
>perfect place to see an Anguillan sunset: it sits atop a cliff facing west
>over the crystal blue waters of Mead's Bay. Doubles start at $400 from
>April 1 to 30, and $290 from May 1 to Nov. 19; ocean-view one-bedroom
>suites are $825 and $660.
>
>CuisinArt Resort and Spa, (264) 498-2000, www.cuisinartresort.com, is
>perched on Rendezvous Bay. Rooms start at $550 a night from January
>through March, $395 in April, and $350 from May 1 to mid-December.
>
>Lloyd's Guest House, (264) 497-2351, www.lloyds.ai, has 14 rooms on Crocus
>Hill, in walking distance of Crocus Bay. The spacious rooms, some recently
>renovated, go for $65 to $85, with breakfast.
>
>Where to Eat
>
>Blanchard's, (264) 497-6100, www.blanchardsrestaurant.com, has a romantic
>setting overlooking Mead's Bay, and serves food with a Caribbean flair.
> >From mid-October through May, it opens for dinner at 6:30 p.m. and is
>closed Sunday. June through August, it is closed Sunday and Monday. Closed
>Sept. 1 to Oct. 20. Entrees from $34.
>
>Gorgeous Scilly Cay, (264) 497-5123, is an open-air restaurant on its own
>island, with free ferry service from Island Harbor. It is open on
>Wednesday, Friday and Sunday 11 a.m. to 5 p.m. Since there is no
>electricity, all food (chicken or seafood) is grilled. Live music on
>Wednesday and Sunday. Entrees start at $25.
>
>Roy's Place, (264) 497-2470, www.roysplaceanguilla.com, is a charming
>beachcomber's joint overlooking Crocus Bay, with a lively beach bar and an
>Internet connection for guests (including wireless). There is a Friday
>happy hour with dinner specials for $12. The Sunday specials are prime rib
>($20) and lobster ($38). Lunch and dinner served daily, except dinner only
>on Saturday.
>
>English Rose, (264) 497-5353, a tavern in the central business district of
>The Valley, serves generous portions of comfort food at reasonable prices:
>burgers from $4, salads from $6. Closed Sunday.
>
>Tasty's Restaurant, (264) 497-2737, offers chic-casual Caribbean dining in
>South Hill: dishes like stewed creole-style lobster for $30, and
>coconut-crusted filet of parrot fish in banana rum sauce for $20. Open for
>breakfast, lunch and dinner daily, except Thursday.
>
>Trattoria Tramonto, (264) 497-8819, has open-air dining and a beach bar on
>one of the island's prettiest beaches, Shoal Bay West. The Italian menu
>emphasizes game and seafood, including wild boar filet mignon ($35) and
>spaghetti with crayfish, clams and shrimp ($30). Lunch and dinner except
>Monday.
>
>Uncle Ernie's, (264) 497-3907, is a quintessential beach shack on Shoal
>Bay East; open 9 a.m. to 7 p.m.
>
>What to Do
>
>Taino Wellness Center, off Spanish Town Road, South Hill, (264) 497-6066,
>www.magma.ca/~phwalker/, offers massages (from $40 for 30 minutes),
>manicures and pedicures (from $15), facials (from $50), and body
>treatments.
>
>Devonish Art Gallery, the Cove, West End, (264) 497-2949, shows works of
>local artists, including those by Courtney Devonish, a woodcarver and
>ceramicist. Open 9 a.m. to 5 p.m. Monday to Saturday or by appointment
>Sunday.
>
>Horseback riding with El Rancho del Blues in Blowing Point, (264) 497-6164
>or 497-6334, starts at $25 an hour.
>
>JULIET MACUR is a sports reporter for The Times.
>
>Copyright 2005 The New York Times Company | Home | Privacy Policy | Search
>| Corrections | RSS | Help | Back to Top




From rah at shipwright.com  Sun Feb 27 13:28:15 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 27 Feb 2005 16:28:15 -0500
Subject: ChoicePoint ID Theft Stirs Up Congress
Message-ID: <p06110416be47ebccd6e3@[68.167.57.91]>

<http://www.internetnews.com/bus-news/print.php/3485881>


www.internetnews.com/bus-news/article.php/3485881

Back to Article
 ChoicePoint ID Theft Stirs Up Congress
 By  Roy Mark
 February 25, 2005



The ChoicePoint ID theft scandal resonated through Congress this week with
calls for hearings, investigations and new legislation to better protect
the information collected by private data brokers.

 Last week, ChoicePoint said it had been a victim of a criminal fraud in
which the company was duped into releasing personal data on approximately
145,000 U.S. citizens in all 50 states.

 ChoicePoint is now in the process of notifying all of the potential
victims who could become targets of ID theft. The Alpharetta, Ga.-based
company, one of the country's largest data warehouses, compiles data,
including Social Security numbers and credit reports, on virtually every
American.

 Congress was on vacation this week, but the ChoicePoint situation sparked
outcries and calls for stronger privacy protection action from lawmakers
when they return to business next week.

 Sen. Patrick Leahy of Vermont, the Democrats' ranking member on the Senate
Judiciary Committee, immediately requested a series of hearings on private
data companies that have little oversight and few rules that protect public
privacy.

 Sen. Diane Feinstein (D-Calif.) used the ChoicePoint incident to promote
legislation she has already introduced. It is modeled on a California law
that requires data collection companies to notify affected individuals if
there is a breach in their data system. California is the only state to
have such a law.

 Florida Democrat Bill Nelson said he would introduce legislation in the
Senate that would extend the provisions of the Fair Credit Reporting Act to
commercial data brokers.

 "New technologies, new private-public domestic security partnerships, and
the rapid rise of giant information brokers that collect and sell personal
information about each and every American have all combined to produce
powerful new threats to privacy," Leahy said in a statement. "It's time to
turn some sunshine on these developments so the public can understand how
and why their personal information is being used."

 Pennsylvania Republican Arlen Specter, the chairman of the Judiciary
Committee, quickly agreed to the hearings. Although no date has been set
for the hearings, Leahy spokesman David Carle said, "It's all moving fairly
quickly now."

 In his letter to Specter requesting the hearing, Leahy, a longtime
technology champion, said advances in data collection and analysis have
"enhanced our law enforcement and homeland security efforts, as well as
made our lives more convenient and enjoyable  These advances also present
new challenges that require vigilant congressional scrutiny."

 Leahy added, "We need to master these technological advances rather than
allow them to master us. Recent events indicate that we are in danger of
losing this struggle."

 Feinstein said she has three bills that would give consumers greater
control over their personal data.

 "The ChoicePoint situation is perhaps the biggest indication of the
vulnerability and lack of protection of individuals' personal data,"
Feinstein said in a statement. "As a result, identity theft incidents are
escalating into the hundreds of thousands at a given time."

 Feinstein wants to expand the California law into federal legislation that
would require data collection companies to obtain consumers' consent before
selling sensitive personal data. She also wants to prohibit the sale or
display of Social Security numbers to the general public without
individuals' knowledge and consent.

 In addition, the bill would bar government agencies from displaying Social
Security numbers on public records that are posted on the Internet as well
as prohibit the printing of Social Security numbers on government checks.

 "The only way to fix the situation is with federal legislation because we
need an even playing field in every state. It is my hope that this incident
will accelerate action and lead to greater protection of personal data,"
Feinstein said.

 Sen. Charles Schumer (D-N.Y.) also lamented the ChoicePoint situation but
broadened the scope of data collection firms not properly protecting
information to Westlaw, a Minnesota-based data search company. According to
Schumer, Westlaw's Internet-based People-Find service provides Social
Security numbers to anyone willing to pay a fee.

 "Westlaw's People-Find service might as well be the first chapter of
'Identity Theft for Dummies.' Criminals no longer need to forage through
dumpsters for discarded bills -- they just need to send Westlaw a check and
they're in the identity theft business," Schumer said in a letter to
Westlaw President Peter Warwick. "Any Westlaw user who pays for your
People-Find database can obtain the Social Security number of virtually any
person in the United States."

 Schumer wants Westlaw to disable the service until he introduces
legislation to "plug these egregious loopholes allowing millions of Social
Security numbers to be on the Internet."

 Schumer said a constituent who works for the federal court system brought
the Westlaw People-Find feature to his attention. According to Schumer,
private companies subscribe to the service and have access to Social
Security numbers.

 "When I called Westlaw, I learned that this service is available to anyone
who is willing to pay for it, regardless of their need for it and without
cursory background checks. Westlaw relies on an on-your-honor affirmation
by users that they will not use the information they find illegally,"
Schumer said.

 Schumer added in a press statement, "Rather than receiving assurances that
the problem would be remedied, my office received a letter from Westlaw's
legal representation that failed to address the central issue -- that there
are no real standards for keeping sensitive personal data out of the wrong
hands."


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From zmpfqgev at altavista.co.kr  Sun Feb 27 08:32:19 2005
From: zmpfqgev at altavista.co.kr (Jared)
Date: Sun, 27 Feb 2005 17:32:19 +0100
Subject: Computer running slOw?
Message-ID: <963091129249.OKO06788@holster.free-hosting.lt>


Award winning Anti-Spyware

http://until.fightpycity.net

Spyware - it's everywhere











Jared Doss

rem0ve: http://patrice.fightpycity.net/discon






























exotica intactdiacritic connors ectodermsummand
belligerent senatemorley cognizant povertyweek
choice callahanconstellate calvert autonomoustouchdown
urine rodentwiggly buttercup trisodiumschottky
eavesdropping upkeepspalding




From rah at shipwright.com  Sun Feb 27 15:53:58 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 27 Feb 2005 18:53:58 -0500
Subject: SpookAir, redux: No Secrets -- Eyes on the CIA
Message-ID: <p06110428be480dbecbc2@[68.167.57.91]>

<http://www.msnbc.msn.com/id/7037720/site/newsweek/print/1/displaymode/1098/>
  MSNBC.com

No Secrets: Eyes on the CIA
Newsweek


March 7 issue - Aviation obsessives with cameras and Internet connections
have become a threat to cover stories established by the CIA to mask its
undercover operations and personnel overseas. U.S. intel sources complain
that "plane spotters"-hobbyists who photograph airplanes landing or
departing local airports and post the pix on the Internet-made it possible
for CIA critics recently to assemble details of a clandestine transport
system the agency set up to secretly move cargo and people-including
terrorist suspects-around the world.

Google searches revealed that plane spotters Web-posted numerous photos of
two private aircraft-one a small Gulfstream jet and the other a midsize
Boeing 737-registered to obscure companies suspected of CIA connections.
Some of the pictures were taken at airports in foreign countries where CIA
activities could be controversial. When the 737 last year went through a
change of tail number and ownership-a suspicious company in suburban Boston
apparently transferred the plane to a similar company in Reno,
Nev.-Internet searches of aviation and public-record databases disclosed
details of the plane's new owners and registration number. One critical
database, accessible via Google, was a central aircraft registry maintained
by the government's own Federal Aviation Administration. A U.S. intel
source acknowledged that the instant availability of such data and photos
on the Internet is not helpful "if your object is clandestinity." (To see
how it works, check the Web for info on a business jet carrying the
Liechtenstein tail number HB-IES. The search should turn up pictures of
that plane at a European airport, as well as public records and news
stories describing how the plane, registered to a company called Aviatrans,
once belonged to Saddam Hussein.)

Intel sources say the CIA's own lawyers years ago decreed that under U.S.
law the agency must register its aircraft-including their tail numbers and
the front companies that own them-with public authorities like the FAA,
even though this could provide clues to clandestine activity. Agency
officials and lawyers have discussed the possibility of changing U.S. laws
and regulations to make it easier for the agency to hide its activities.
That may be difficult, so for now, plane spotters can keep their eyes on
the CIA.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Sun Feb 27 17:15:34 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 27 Feb 2005 20:15:34 -0500
Subject: Italian GSM provider warns: too many wiretaps
Message-ID: <p0611043fbe48206f2d5a@[68.167.57.91]>

<Mr-Rogers> Now, boys and girls, try not to laugh *too* hard, and be sure
you swallow your Wheaties before you read this... </M-R>

Cheers,
RAH
-------

<http://www.edri.org/edrigram/number3.4/wiretap>

| EDRI
EDRI-gram ; EDRI-gram - Number 3.4, 24 February 2005

Italian GSM provider warns: too many wiretaps
24 February, 2005
 ;
Privacy | Wiretapping


The Italian mobile operator TIM, one of the largest mobile phone companies
in Italy has issued a unique warning that the number of wiretaps has
reached the limit. In a fax sent to all Italian public prosecutors they say
that they have already over-stretched their capacity from 5.000 to 7.000
simultaneously intercepted mobile phones. New requests now have to be
processed on a 'first come first serve' basis, they write.

 Even more unique in the current secretive environment of law enforcement,
the Italian Minister of Justice Roberto Castelli (right-wing Lega Nord) has
provided the newspaper Repubblica with statistics about the number of
wiretaps and costs. The number of wiretaps has doubled every two years, he
said, from 32.000 intercepts in 2001, to 45.000 in 2002, to 77.000 in 2003.
He estimates the number of wiretaps in 2004 to be 100.000, costing the
Justice department aprox 300.00 million euro in cost reimbursements. In
2003 the department of Justice spent 225 million euro on the intercepts, in
2002 230 million and in 2001 165 million.

 Castelli admitted the number of police intercepts in Italy was very high.
Currently Italy has aprox 58 million inhabitants. With 100.000 intercepts
in 2004, Italy orders 172 judicial intercepts per 100.000 inhabitants.
There is no information about wiretaps ordered by secret services in any
country.

 Castelli referred to the report of the German Max Planck Institute which
already concluded Italy was the wiretapping champion of the (western) world
with 76 intercepts per 100.000 inhabitants (44.000 wiretaps in 1996). The
number two on the European wiretapping list in 1996, the Netherlands,
refuses to provide any recent statistics. According to unofficial estimates
the Netherlands intercepted 12.000 phones (fixed and mobile) in 2004. If
those numbers are correct, the Netherlands have 75 intercepts per 100.000
inhabitants. In the United States, the most recent public statistics date
from 2002. They mention 1.273 court ordered intercepts on a population of
aprox 293 million, totalling 0,43 intercepts per 100.000 inhabitants. The
UK Communication Commissioner mentions a total of 1.983 warrants for
intercepts in 2003 on a population of 59,5 million, totalling 3,3
intercepts per 100.000 inhabitants.

 One possible explanation for the explosion of the number of wiretaps in
Italy is their short duration. An order is valid for 15 days and can only
be extended with a new motivation from a magistrate. Only for
investigations into organised crime an intercept can last 40 days. In many
other countries, intercepts have a duration of 1 to 3 months.

 Vodafone and Wind, two other major mobile phone companies, are also
reaching their maximum wiretapping capacity, reports Repubblica. While
Castelli used the occasion to warn against overuse of wiretapping in
investigations, the Italian magistracy doesn't seem to agree. Edmondo Bruto
Liberati, President the National Association of Magistrates (association of
both judges and public prosecutors) stressed that wiretapping is much
cheaper than individual covert surveillance. He complained about the vast
under-financing the judicial apparatus is currently suffering from.

 This public debate between the Minister and the magistracy points at a
more fundamental division in Italian politics. By stressing the immense
costs of wiretapping the Minister of Justice adds weight to his attempt to
shift the costs to the Ministry of Internal Affairs. Generally the Minister
pictures an image of a foolish magistracy that abundantly spends public
money. This comes as no surprise to many Italians, given the tense
relationship between Berlusconi and the magistracy.

 MP Giovanni Russo Spena (left wing opposition, Rifondazione Comunista) has
demanded an explanation from the government about the massive use of
wiretapping in investigations and wishes to be informed how citizens are
protected against this potential and actual invasion of their privacy
rights.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Sun Feb 27 18:02:58 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 27 Feb 2005 21:02:58 -0500
Subject: Fred Durst Says Sex Video Was Stolen From His Computer
Message-ID: <p06110440be48216d68df@[68.167.57.91]>

Like most real hacks and cracks, it was an, um, inside job...

Cheers,
RAH
-------

<http://www.mtv.com/news/articles/1497523/20050225/limp_bizkit.jhtml?headlines=true>

mtv.com - News -


Fred Durst Says Sex Video Was Stolen From His Computer
 02.25.2005 9:52 PM EST

Contrary to rumors, nookie clip was not hacked from a Sidekick.

Fred Durst
 Photo: MTV News
SANTA MONICA, California - Just days after Paris Hilton's T-Mobile Sidekick
was hacked, spreading her topless photographs across the Internet, a sex
tape featuring Fred Durst hit the Web along with reports that it was the
work of the

 Fred Durst on how the video was stolen
 same hacker.

 Though the explicit clip features the words "T-Mobile Terrorist" on it,
the Limp Bizkit singer said the footage was definitely not stolen from his
PDA.

 "If you look on Paris' thing, I don't use T-Mobile," Durst said with a
laugh on Friday (February 25), referring to the list of Hilton's phone
numbers that also leaked and included his contact information (see "Paris
Hilton Apologizes For Crank Calls, Fergie Wants Revenge"). "No, no, [my
listing in her Sidekick] is just old, years old. Somebody that was
repairing my computer was smart enough to go through anything he could [and
found the movie]. What can I say? I'm not proud of it.

 "Everyone, probably everyone in this building, has done something similar
to what I did, and nobody cares about it," he added during a break from
recording the next Limp Bizkit album in Interscope Records' studio. "But if
you're high-profile, or on someone's radar ... then it matters. What
happens to me happens to me, and I have to live with it and go on."

 Durst said he's been contacted by at least one company seeking his
cooperation in selling the video.

 "When those things happen to people, there are companies that approach
you, say, 'Hey, man, you wanna make some money off this? People are gonna
see it anyway,' " Durst explained. "I said, 'Absolutely not, I don't wanna
make any money of this. This is ridiculous.' So when you see [celebrity sex
tapes] out there with big company names on them, you can know people gave
them permission to release it."

 David Hans Schmidt, a Phoenix-based publicist who once represented Tonya
Harding and who has represented celebrities in the selling of nude photos
in the past, tells a different story. He said the thieves contacted him in
September and he's been negotiating with them and Durst's agents ever since.

 "I was close to turning something illegal into something legal and then
these hackers reneged and went out and put the tape on World Wide Web along
with my home telephone number," Schmidt said. "Now we're gonna get 'em.
Government agencies are meeting with me this weekend."

 Schmidt refused to elaborate about the deal because he worried it might
hinder the investigation.

 Durst said he hopes people learn a lesson from what happened to him and Paris.

 "If you wanna know how not secure you are, just take a look around," he
said. "Nothing's secure. Nothing's safe. It's just helping us get better,
causing awareness for homeland security. ... I don't hate technology, I
don't hate hackers, because that's just what comes with it, without those
hackers we wouldn't solve the problems we need to solve, especially
security."

 Limp Bizkit are nearly finished with their fifth studio album, which will
mark the return of original guitarist Wes Borland (see "Wes Borland Back
With Limp Bizkit").

 - Corey Moss


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Sun Feb 27 18:04:43 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 27 Feb 2005 21:04:43 -0500
Subject: Senators Boxer, Clinton Unveil "Count Every Vote Act of 2005"
Message-ID: <p06110449be482c5cf8db@[68.167.57.91]>

<http://dailykos.com/story/2005/2/26/204031/168>


Daily Kos ::

 Political Analysis and other daily rants on the state of the nation.

 Senators Boxer, Clinton Unveil "Count Every Vote Act of 2005"
by Hunter
 Sat Feb 26th, 2005 at 17:40:31 PST

 The email alerts on this were sent out last week. In case you missed it,
here's the press release from Boxer.

WASHINGTON, DC- U.S. Senators Hillary Rodham Clinton (D-NY) and Barbara
Boxer (D-CA) today unveiled comprehensive voting reform legislation to make
sure that every American is able to vote and every vote is counted.
Senators Clinton and Boxer announced the legislation today in a press
conference joined by Representative Stephanie Tubbs Jones (D-OH), who will
sponsor the legislation in the House of Representatives, and voting rights
advocates. [...]

The Count Every Vote Act of 2005 will provide a voter verified paper ballot
for every vote cast in electronic voting machines and ensures access to
voter verification for all citizens, including language minority voters,
illiterate voters and voters with disabilities. The bill mandates that this
ballot be the official ballot for purposes of a recount. The bill sets a
uniform standard for provisional ballots so that every qualified voter will
know their votes are treated equally, and requires the Federal Election
Assistance Commission to issue standards that ensure uniform access to
voting machines and trained election personnel in every community. The bill
also improves security measures for electronic voting machines.

To encourage more citizens to exercise their right to vote, the Count Every
Vote Act designates Election Day a federal holiday and requires early
voting in each state. The bill also enacts "no-excuse" absentee balloting,
enacts fair and uniform voter registration and identification, and requires
states to allow citizens to register to vote on Election Day. It also
requires the Election Assistance Commission to work with states to reduce
wait times for voters at polling places. In addition, the legislation
restores voting rights for felons who have repaid their debt to society.

 The Count Every Vote Act also includes measures to protect voters from
deceptive practices and conflicts of interest that harm voter trust in the
integrity of the system. In particular, the bill restricts the ability of
chief state election officials as well as owners and senior managers of
voting machine manufacturers to engage in certain kinds of political
activity. The bill also makes it a federal crime to commit deceptive
practices, such as sending flyers into minority neighborhoods telling
voters the wrong voting date, and makes these practices a felony punishable
by up to a year of imprisonment.

 Boxer, Clinton, and Tubbs Jones deserve our support on this one -- the
Republican strategy will be to attempt to ignore this completely, and bury
it long before it could ever reach the floor. Let's make that a painful
strategy to have, by singling out each opponent of voting reform as they
fling themselves in front of this bus.

 Having accurate vote counts should not be a partisan issue. The fact that
it is says volumes about the cowardice and reliance on "grass-roots"
thuggery of the current Republican party.  And yeah, Jeb -- I'm talking
about you.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Sun Feb 27 18:29:10 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 27 Feb 2005 21:29:10 -0500
Subject: CodeCon vs. Demo: A Tale of Two Conferences
Message-ID: <p0611044bbe4831f8497f@[68.167.57.91]>

<http://online.wsj.com/article_print/0,,SB110954583959165320,00.html>

The Wall Street Journal

      February 28, 2005

 PORTALS
 By LEE GOMES



Tale of 2 Conferences:
 High-Tech Innovation
 Comes in Many Guises
February 28, 2005

Through an unusual alignment of the planets, two conferences that featured
aspiring innovator-entrepreneurs eager to take the world by storm had their
start on the same weekend this month.

Both gatherings lasted three days; both featured speakers getting up on
stage and describing a new product, usually a piece of software.

Beyond that, though, the gatherings couldn't have been more different. The
first, called CodeCon, drew 100 or so mostly young programmers, many from
the open-source software movement, to a dark and cavernous San Francisco
dance club, the venue chosen largely because it was cheap. Attendance cost
$80, but you got to go to a Friday night reception at a nearby restaurant
with burgers, pizza and beer.

The second event was Demo, and it took place at a Scottsdale, Ariz., desert
resort that was selected for its golf course, plush rooms, gourmet food and
free-flowing open bars. The entry price there was $3,000, and more than 600
people showed up, though many were journalists who got in free.

While Demo -- and elite industry shows like it -- are sometimes portrayed
as carefully juried competitions of the current crop of tech innovation, in
fact, the main prerequisite for getting up on stage in Scottsdale was a
willingness to write a check for up to $16,000 to Demo's organizers. There
were an eye-glazing 75 presentations in all, most lasting six minutes.

At CodeCon, by contrast, it didn't cost anything for the 15 featured
speakers to present their ideas. They did, however, have to be selected in
advance by conference planners Len Sassaman and Bram Cohen.

If that last name sounds familiar, it's because Mr. Cohen is the author of
BitTorrent, the file-sharing software that is often used to download
pirated movies and that, by one estimate, is now responsible for 30% of all
Web traffic because those files are so big. BitTorrent, which has legal
uses too, was unveiled at the first CodeCon back in 2002, and it remains
the show's greatest hit.

Most of the folks presenting at Demo were small start-up companies in
"heat-seeking" mode, eager to snag a write-up from one of the freeloading
reporters or, better yet, an investment from one of the many venture
capitalists, hedge-fund managers, angel investors and other moneymen
working the halls.

At CodeCon, presenters tended to be small groups of programmers with far
more modest goals. A mention of your project in Slashdot, the blog of
record for techies, would be considered a home run. If, as a result of the
buzz from your presentation, you got a job interview at Google, that might
be a double.

The Luddites among you out there will probably be pleased to learn that
both gatherings were plagued by technical snafus. At CodeCon, the bulb in
the projector that speakers used to show their slides blew out on the first
day. One presenter improvised during the blackout by inviting the crowd to
gather around his laptop as he put his software through its paces.

At Demo, the whole network kept going down, which is no small detail when
you are trying to demonstrate something that works over the Internet. A
number of presenters thus found themselves living the entrepreneur's fever
dream of being on stage in a crowded hotel ballroom in front of a blank
screen, saying, in effect, "Trust me, the product really works."

A lot of Demo was focused on the computing needs of big companies, while
CodeCon was skewed to the sorts of computer-programming projects that would
interest computer programmers. But there was some overlap, too. See if you
can guess which of these programs was introduced at which conference:

A) Gleeper, for discovering new Web sites.

B) Browster, for speeding up Web searches.

C) IntelleDox, for coordinating changes to word-processing documents.

D) ApacheCA, for coordinating changes to a software project.

(Answers: CodeCon, Demo, Demo, CodeCon.)

If, through some space-time warp, the Demo people had found themselves at
CodeCon, they would probably have regarded many of the projects as crude,
unfinished or of limited appeal. Conversely, those at CodeCon would likely
have sneered that the Demo products were often me-too entrants into
already-crowded markets, innovative mainly in their use of the current
buzzwords.

But it's not as though the two groups are inherently antagonistic to each
other. While open-source buffs like those at CodeCon are sometimes
described as the Bolsheviks of the tech world, most would only too happily
start a company, and many probably will when they get a little older. The
Demo people, mostly in their 40s and 50s, haven't become too ossified to
remember that earth-shaking innovations in these days of Linux and the
Internet can turn up anywhere, even a San Francisco nightclub.

Indeed, venture capitalists are starting to pop up at CodeCon, and the
aforementioned hamburger reception was sponsored by Google itself.

In short, spending a few days at both CodeCon and Demo offered a handy way
to visit both the top and the bottom of the technology food chain. I will,
though, leave it up to you to decide which conference was which.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Sun Feb 27 19:39:01 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 27 Feb 2005 22:39:01 -0500
Subject: Hunter S. Thompson and Mental Health
Message-ID: <p0611044ebe4840eaca42@[68.167.57.91]>

<http://www.chronwatch.com/content/contentDisplay.asp?aid=13302&mode=print>

Chronwatch

Hunter S. Thompson and Mental Health
Written by George Thomas Clark
 Sunday, February 27, 2005

              Since Hunter Thompson put a gun in his mouth and shot himself
last week, I've been digging deep into the Internet and reading lots of
articles about him. The first wave of stories commended his hard-punching,
eye-gouging, "gonzo" style of insightful political writing in such books as
"Fear and Loathing in Las Vegas" and "Kingdom of Fear," and recalled with
wonderment and affection his manic consumption of alcohol, LSD, cocaine,
and enough other intoxicants to fill the Physician's Desk Reference. A
couple of days after the coroner came, many who'd known the man, or
witnessed one or more of his countless binges, began to somberly note that
he really had drunk, snorted, and dropped too many unforgiving things and
such behavior wasn't so amusing and admirable after all. But in none of the
articles I've found has anyone said, "Hey, Hunter should have gotten help."

That is amazing, and appallingly typical. If a guy gets a toothache he'll
dash to the dentist. A fever sends him scampering to the doctor. A rash
drives him scratching to the dermatologist. Heart, liver, kidney, and
stomach problems are also widely understood to require medical attention.
But what about the human brain? It is easily the most astonishing organ in
this solar system, yet it's usually considered a body part unworthy of
professional treatment. The essential problem is ignorance; most people
still view the brain as a primarily psychic phenomenon and assume that
common (even rampant) ailments like depression, alcoholism, drug addiction,
and excessive anger should either be ignored or treated with more alcohol
or cigarettes or, most admirably, by gnawing on the stick of righteous
stoicism.

None of those will work. People whose brains have sentenced them to
unrelenting depressive pain, generally because of an intrinsic chemical
imbalance, must be treated medically. A guy like Thompson, who drunkenly
barrels into public events, snorts coke in a thousand bathrooms, stands
barefoot in the snow shooting guns in the middle of the night, hordes
explosives, and repeatedly tells his wife that he's considering suicide, is
a guy who needs help. Perhaps his wife did suggest he see a psychiatrist.
She should have insisted. Instead, the Associated Press quotes her as
having threatened to leave him. His final act certainly wasn't her fault.
She couldn't have saved him. Only Thompson had a chance to do that.

 When Thompson broke his leg in Hawaii last year, Sean Penn immediately
spent twenty-seven grand to fly him back to the writer's "fortified
compound" - the focal point of his isolation and paranoia - in Colorado.
That was a compassionate gesture by Penn but would have been far more
helpful had the jet been pointed toward a mental health facility. Thompson
would have bellowed upon arriving. He probably would have refused
treatment, claiming he didn't need it but the rest of the world did. He
was, however, decidedly capable of admitting some kinds of pain. He
acknowledged his hip hurt bad enough to be replaced, and underwent the
operation. So Hunter S. Thompson, a very tough guy, or at least a tough
talker, was willing to get the best treatment for his leg and his hip. But
like too many others in mental distress, he didn't understand his brain
also deserved the finest medical attention.

 About the Writer: George Thomas Clark is the author of two books, Hitler
Here, a biographical novel, and Outliving Flynn, a short story collection.
Hitler Here will be published in India this year by Vasan
Publications/Mastermind Books and in the Czech Republic by Mlada Fronta.
The author's website is http://www.georgethomasclark.com/ .


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Sun Feb 27 19:52:23 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 27 Feb 2005 22:52:23 -0500
Subject: Hunter S. Thompson: 1937 - 2005
Message-ID: <p0611044fbe4843164cb3@[68.167.57.91]>

<http://www.kansascity.com/mld/kansascity/entertainment/10983783.htm?template=contentModules/printstory.jsp>

Posted on Sun, Feb. 27, 2005

Hunter S. Thompson: 1937 - 2005
The writing...
By JOHN MARK EBERHART
The Kansas City Star


 "Gonzo" journalist Hunter S. Thompson shot himself a week ago today, but
he had put a bullet in his writing career years ago.

The Denver Post reported last week that Thompson, 67, had been in pain
after a broken leg and hip surgery. But Juan Thompson, his son, made it
clear we may never know all the details; in a statement to the Aspen Daily
News, he said, "Hunter prized his privacy, and we ask that his friends and
admirers respect that privacy as well as that of his family."

That's fine. But Thompson didn't appear to be as private as his son
implied. No, Thompson often lived a life that was very public and marked by
excess.

The writer himself seemed ambivalent. On some occasions he claimed tales of
his drug use were exaggerated. On others he bragged that booze, pills,
weed, acid and other substances helped make him creative.

Early on, maybe they did. There was no denying the cracked brilliance of
1970s works such as Fear and Loathing in Las Vegas, which wallowed in the
drug culture but told some truths many Americans didn't want to hear, or
Fear and Loathing: On the Campaign Trail '72, which dug deep into the dirt
of presidential politics.

In 1979 Thompson published The Great Shark Hunt, a collection of shorter
works, many of which had appeared in Rolling Stone. Like the two Fear and
Loathing books, many of these pieces were "gonzo"; that is, the journalist
becoming part of the story.

Classic example: "Freak Power in the Rockies," which had appeared in
Rolling Stone in 1970. It was a piece based on one of Thompson's elaborate
jokes on society 
 in this case, running for sheriff of Pitkin County, Colo.

His platform was absurd: Sod the streets, change the name of Aspen to "Fat
City" to keep "land-rapers and other human jackals from capitalizing on the
name" and otherwise harass developers from transforming Aspen into a
playground for the rich.

But guess what? Thompson was serious about his fears over rampant
development and actually did run for sheriff and came close to winning, so
close that he served on a sheriff's advisory committee and ultimately
wielded influence in Aspen's preservation.

By the early 1980s, though, his writing ability had plummeted. The Curse of
Lono, a book about marathon runners, was a mess. His fire-and-gasoline
prose was gone, replaced by self-parody. No wonder: Thompson was consuming
massive amounts of alcohol and cocaine, according to Paul Perry's 1992
biography, Fear and Loathing: The Strange and Terrible Saga of Hunter S.
Thompson.

Even hardcore partiers such as the late John Belushi couldn't match him.
Perry's book states that Belushi once stayed with Thompson in Colorado a
few days; upon departing, the comedian said: "I had to leave. I couldn't
keep up with that guy."

Neither, really, could Thompson. Generation of Swine, Songs of the Doomed
and Better Than Sex, published from 1988 to 1994, were addled, woefully
thin works.

Things seemed to improve with 1997's The Proud Highway and 2000's Fear and
Loathing in America, the first two volumes of Thompson's letters. Here was
the inferno we'd been missing! But the truth was the most recent of these
letters had been written in 1976. Remove the time warp, and one was stuck
knowing Thompson's great work was behind him.

The man was suffering, too. His marriage to Sandra Dawn Thompson was long
over; she would later confess she had come to fear him. In 1990 a woman
accused him of sexual assault; a subsequent search of Thompson's home led
to drug charges as well. Eventually the whole thing was dropped (by that
time, Thompson could afford good lawyers). In July 2000 he accidentally
shot his assistant, Deborah Fuller, allegedly while chasing a bear off his
property. She was not seriously injured.

Amazingly, she stayed with him. I interviewed Thompson in December 2000,
and to do so I had to deal with Fuller first. Both she and Thompson sounded
seriously on edge at the time. When she finally managed to get him to the
phone (it took several days), he obviously was into the sauce.

For the last four years Thompson mostly had managed to stay out of the
news, and had remarried 
 to yet another assistant, Anita, who apparently
had better luck with him. Hey, Rube, published last summer, was not vintage
Thompson, but the collection wasn't awful, either. Was he reforming? Who
knows?

Hunter S. Thompson will be remembered as much for his persona as his
writing. Look, everyone is young once. Writers tend to be not only young
but also a little crazy. If we're lucky, that period of our lives results
in a surfeit of energy that makes the pages crackle; over time, we temper.
Old and crazy, though, can be ugly. Ernest Hemingway died that way - and
from a self-inflicted gunshot wound, just like Thompson.

Both of them had written well. Both had lived hard. I'm not saying either
of them should have become a vegetarian or a temperance crusader, but a
little more self-respect might have gone a long way toward ensuring their
later writings didn't suffer so much. So while it may sound heretical to
their many fans, I must stand by this conclusion: Both of them could have
done it all better.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Sun Feb 27 20:08:12 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Sun, 27 Feb 2005 23:08:12 -0500
Subject: Fear and loathing no more: Hunter S. Thompson, 1938-2005
Message-ID: <p06110450be4847143c4e@[68.167.57.91]>

<http://www.thejakartapost.com/misc/PrinterFriendly.asp>


The Jakarta Post

February 28, 2005

Fear and loathing no more: Hunter S. Thompson, 1938-2005

 Doug Anthony, Contributor, Jakarta

It was always hard imagining the gun-toting, drug-addled king of "Gonzo"
journalism, Hunter S. Thompson, surrendering to the infirmities of old age.

 And on Feb. 20, aged 67, just three years from reaching the biblical three
score and ten, his final felony -- and caper -- was to violently end it all
with one of the shotguns about which he wrote so fondly in his autumnal
memoirs.

 Aside from this self-inflicted death, the tragedy of Thompson's life is
that in the 34 years since his Fear and Loathing books of the 1970s, his
mythic stature as a counter-culture wild man had overshadowed his
contributions as a writer.

 Thompson went from waging a mescaline-fueled guerrilla war on the
establishment to becoming part of it.

 He became the quintessential voice of America's left-wing rebellion of the
1960s, and through classics such as Hell's Angels (1966) and Fear and
Loathing on the Campaign Trail (1972), Thompson helped to found New
Journalism and its close cousin, Gonzo.

 Thompson and other Gonzo practitioners ripped the narrator from polite
anonymity and placed him center stage, often making it feel like a bad LSD
trip.

 Even Fear and Loathing in Las Vegas (1971), subtitled A Journey to the
Heart of the American Dream, he said, was more truthful than most
mainstream journalism at the time. In it, he documents a road trip through
the Nevada desert and into America's own heart of darkness.

 Thompson's subjects were tyranny, corruption, power, guns and above all,
drugs.

 On the way to Las Vegas, Raoul Duke (Thompson's alter-ego), and his
300-pound Samoan companion were armed with "two bags of grass, seventy-five
pellets of mescaline, five sheets of high powered blotter acid, a salt
shaker half full of cocaine, and a whole galaxy of multi-colored uppers,
downers, screamers, ... and also a quart of tequila, a quart of rum, a case
of beer, a pint of raw ether". He added: There is nothing more helpless and
irresponsible than a man in the depths of an ether binge."

 Contemplating the meaning of the 1960s and what was to come, Thompson
marked 1971 as the turning point for America's hippies and drug-takers,
when flower-power idealism turned to cynicism. Later, sometime in the
1970s, perhaps after ascending to the masthead at Rolling Stone magazine,
he seemed to realize he'd become a trademark, a patriarch of hipster
street-cred.

 After all, what writer could sustain such a toxic outburst of creativity
over such a long period of time.

 In a letter to a 14-year-old, Thompson wrote of the Hell's Angels that
many of the older members were not "smart or funny, or brave, or even
original. They just Old Punks, and that's a lot worse than being a Young
Punk".

 In the 1990s, critics increasingly made the same charge of Thompson --
that unlike his contemporary Tom Wolfe, he hadn't moved on.

 Thompson's wacky stunts, such as igniting dynamite or blowing up Cadillacs
on his farm in Woody Creek, Colorado, were no longer seen as cool or funny,
just the behavior of a Peter Pan who refused to grow up. Thompson, of
course, refused to give up his old hobbies of groping women, drinking and
smoking to excess, or to cut free of his obsession with psychotropics.

 His later books, such as Better Than Sex, the 1994 diatribe about Bill
Clinton, and Kingdom of Fear (2004), became increasingly peppered with
personal letters, faxes and already-published articles. They creaked under
the weight of a tired writer struggling to keep up a franchise.

 University campuses paid him to speak, however incoherently; editors
shelled out top rates for rambling, repetitive columns.

 Again and again, we heard of his drug adventures, passion for guns and
disdain for authority. He often said his beat as a reporter was to chart
the decline of the American century.

 Kingdom of Fear is a case in point, taking as its subject post-9/11
America, advancing in obscene and angry tones those critiques already
popularized by Michael Moore.

 Sadly, Thompson sounds just as he did 30 years ago. Instead of savaging
Nixon, he turned to savaging George W. Bush and the Washington
neo-conservatives.

 In the end, we won't know if the pain of a broken leg, a drug-fried brain
or even old-fashioned despair spurred Thompson's final act. But as he slips
even further into history, it is not the end of his career, but rather the
beginning, that we are likely to remember.

 "This life's not for everyone," Thompson said in a 1998 interview, and
last weekend proved it.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Sun Feb 27 21:48:06 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 28 Feb 2005 00:48:06 -0500
Subject: Grounded: Millionaire John Gilmore stays close to home while 
  making a point about privacy
Message-ID: <p06110454be48563ac93e@[68.167.57.91]>

<http://www.postgazette.com/pg/pp/05058/462446.stm>


Pittsburgh Post-Gazette

Grounded: Millionaire John Gilmore stays close to home while making a point
about privacy

He's unable to travel because he refuses to present a government-approved ID

Sunday, February 27, 2005
 By Dennis Roddy, Pittsburgh Post-Gazette


 SAN FRANCISCO -- John Gilmore's splendid isolation began July 4, 2002,
when, with defiance aforethought, he strolled to the Southwest Airlines
counter at Oakland Airport and presented his ticket. Dennis Roddy,
Post-Gazette


John Gilmore, beside a graffiti-covered wall, has his morning coffee at a
shop that's one block from his San Francisco home. The Bradford native
doesn't drive and has other travel restrictions, thanks to his challenge of
a law that the government won't allow him to see.

 The gate agent asked for his ID.

 Gilmore asked her why.

 It is the law, she said.

 Gilmore asked to see the law.

 Nobody could produce a copy. To date, nobody has. The regulation that
mandates ID at airports is "Sensitive Security Information." The law, as it
turns out, is unavailable for inspection.

 What started out as a weekend trip to Washington became a crawl through
the courts in search of an answer to Gilmore's question: Why?

 In post 9/11 America, asking "Why?" when someone from an airline asks for
identification can start some interesting arguments. Gilmore, who learned
to argue on the debate team in his hometown of Bradford, McKean County, has
started an argument that, should it reach its intended target, the U.S.
Supreme Court, would turn the rules of national security on end, reach deep
into the tug-of-war between private rights and public safety, and play
havoc with the Department of Homeland Security.

 At the heart of Gilmore's stubbornness is the worry about the thin line
between safety and tyranny.

 "Are they just basically saying we just can't travel without identity
papers? If that's true, then I'd rather see us go through a real debate
that says we want to introduce required identity papers in our society
rather than trying to legislate it through the back door through
regulations that say there's not any other way to get around," Gilmore
said. "Basically what they want is a show of obedience."

Dennis Roddy, Post-Gazette
There's no place like home for John Gilmore, who can't travel very far from
his San Francisco residence. The Bradford native refuses to give his
identification for flying.
Click photo for larger image.

 As happens to the disobedient, Gilmore is grounded. He is rich -- he
estimates his net worth at $30 million -- and cannot fly inside the United
States. Nor can he ride Amtrak, rent a room at most major hotels, or easily
clear security in the courthouses where his case, Gilmore v. Ashcroft, is
to be heard. In a time when more and more people and places demand some
form of government-issued identification, John Gilmore offers only his
49-year-old face: a study in stringy hair, high forehead, wire-rimmed
glasses, Ho Chi Minh beard and the contrariness for which the dot.com
culture is renowned.

 "I think of myself as being under regional arrest," he said. Even with $30
million in the bank, regional arrest can be hard. He takes the bus to and
from events at which he is applauded by less well-heeled computer techies
who flew in from around the country after showing a boarding pass and one
form of government-issued photo ID and arrived in rental cars that required
a valid driver's license and one major credit card.

 He was employee No. 5 at Sun Microsystems, which made Unix, the free
software of the Web, the world standard. He japed the government by
cracking its premier security code. He campaigned to keep the software that
runs the Internet free of charge. After he left Sun, Gilmore started his
own firm, sold it for more money than he seems to have bothered to count
and has since devoted his time to giving it away to favored causes: drug
law reform, a campaign to standardize computer voting machines and the
Electronic Frontier Foundation, something of an ACLU for the Information
Age.

 To some, Gilmore's argument is redolent of the conspiracy theories from
the black helicopter crowd.

 "That's the problem. How it sounds," Gilmore said. He waved his hands like
some Cassandra: "They have all these secret laws! The UFOs are coming! They
have guards at every airport!" Yes, he said, there is a certain odd flavor
to the notion that someone shouldn't have to show ID to board a plane, but
with magnetometers at the gates, guards with security wands, fortified
cockpit doors and sky marshals abounding, Gilmore is asking just how much
citizens are giving up when they hand their driver's licenses to a third
party, in this case an airline, where it is put into a database they cannot
see, to meet a law that, as it turns out, they are not allowed to read.

 Gilmore will show ID for an international flight because he doesn't expect
to set the rules for other nations.

 "I will show a passport to travel internationally. I'm not willing to show
a passport to travel in my own country," Gilmore said. "I used to laugh at
countries that had internal passports. And it's happened here and people
don't even seem to know about it."

>From geek to riches

 The passage of John Gilmore from a bespectacled proto-nerd from Bradford,
Pa., to the twice-wealthy privacy-rights pioneer of the dot.com West Coast
started in his father's living room, where he first suspected authority is
used simply because someone has it.

 When something was found broken or spilled or some other evidence of a
fractured rule surfaced, and the guilty party unknown, the elder Gilmore
would summon his four children to the living room.

 "He'd line us all up in the living room. Until one of us confessed, we
wouldn't get to leave. Eventually one of my younger brothers started
confessing to things he didn't do just so we could get out of there,"
Gilmore said.

 Gilmore's father was a mechanical engineer. John was born in York and the
family moved to Bradford, near the state's northern border with New York,
when he was small. Today, at his home in Haight-Ashbury, a place he named
Toad Hall, after the character from "The Wind in the Willows," Gilmore
keeps a small school photo. It shows him with a little-boy crew cut and
thick, half-rim eyeglasses, the kind that have been in and out of fashion
twice since the photo was taken in the mid-1960s.

 The young Gilmore was a strong student at the schools in Bradford. He took
to math. In high school, he became curious about computers. The 1960s were
an era in which computers enjoyed an almost mystical reputation; imputed by
popular culture with the power to deduce anything. One year, a team of
scientists entered data for the 1927 New York Yankees and the 1963 Los
Angeles Dodgers to see who would win -- an early "computer match." Babe
Ruth was even credited with a home run.

 It was easy for a bright boy to become curious about how something so
all-knowing worked.

 "When he was 12, for his birthday, he asked for an IBM manual," said his
mother, Pat Woodruff, who remarried after she and Gilmore's father divorced
20 years ago and returned to live in Bradford. "His floor used to be
littered with papers. I had no idea what he was doing."

 The University of Pittsburgh opened a branch campus in a building across
the street from his high school. In it, they placed a desk-sized IBM 360.
Gilmore started wandering over to learn FORTRAN, the punch-card programming
language that made the computer do complex mathematical calculations.

 The Pitt-Bradford library had a few computer books, and one of his high
school teachers got John a card.

 The family was about to move to Alabama when John began writing to the
company that printed up a $3 manual for computer use. The firm, Scientific
Time Sharing Corp., in Bethesda, Md., rented out computer time to companies
such as Arbitron and ABC News, which needed storage for vast databases.

 After the third or fourth correspondence, they wrote back to ask if he was
a customer. Gilmore wrote back that he was a high school student and he was
moving to Alabama.

 After completing high school in Alabama, Gilmore had two summer
internships behind him and a full-time job as the youngest geek in Bethesda.

 He had a few dollars in his pocket and a letter of acceptance from
Michigan State University. He used the money. The letter was of little use.
Computer science had not yet come into its own as an academic discipline.

 "Why pay someone to teach me computers when I can get someone to pay me to
learn them?" he reasoned.

Road trip

 When techies burn out, they tend not to do strange things. They are, by
nature, already a few degrees off plumb. So they revert to the ordinary.
Gilmore burned out in the late '70s. He got on a motorcycle and rode west.

 "He just packed up his stuff and moved off," Pat Woodruff said. "I don't
know where he went at this time."

 He went to New Mexico. Gilmore worked for a while in the lowest of
mechanical technologies: a traveling carnival. He ran the Tilt-A-Whirl.

 "You have to watch the thing closely and know when someone's going to lose
it, so you move back," he said.

 Dodging stomach contents kept him employed for a while. At one point he
moved in with New Mexico's most dysfunctional couple. The male in the
relationship found out the female was pregnant. An argument broke out. A
gun was produced. Gilmore forgot his lesson from the Tilt-A-Whirl. He
didn't duck. A bullet caught him in the hand. He finished his New Mexico
stay sleeping under a stairwell at the local college.

 He knocked around the country a bit more. Staying with a relative in
Jacksonville, Fla., Gilmore looked for a job at a local bank. "They said
they wouldn't hire me as a teller, but they'd be glad to hire me to run
their computer," he said.

 Eventually, Gilmore moved to San Francisco and took up computer
consulting. One day, a friend called. He'd gone to work for a startup firm
called Microsoft. The company's founder, a Harvard dropout named Bill
Gates, was selling Unix, a universal software on which the Internet would
be based, and he wanted Gilmore to find a way to make Unix work on the
computers of a prospective customer based at Stanford University. After a
job interview, Gilmore called the people at Stanford. They were starting a
company to be called Sun, short for Stanford University Network, and would
Gilmore like to be their first software employee.

 "I hired on at Sun because the work was interesting," he said. The pay was
just short of marginal.

 Thus did John Gilmore get rich by accident. Because he was on the ground
floor, his stock was worth more. Sun went public in 1986 and suddenly John
Gilmore was rich. He stayed on at Sun as a consultant until 1989, then
started his own company, Cygnus. A few years later, when he sold Cygnus, he
was, in the parlance of Silicon Valley, "loaded." That is to say he is not
ridiculously rich -- just wealthy enough to make trouble.

 He did.

 Gilmore, for instance, is blocked from most e-mail servers because he runs
what the industry calls an "open relay" on his computer server, tucked into
the basement of his house. People are able to send e-mail through it
without identifying themselves, raising the ire of the anti-spam movement.

 His server sits next to the remnants of what is known in the industry as
the "DES Cracker." It is a collection of computer chips, connected by a
spider web of circuitry that he built to overpower the most widely used
encryption system -- the same one used on ATMs and satellite dishes.

 "The government was recommending everybody use it. We did that to show it
wasn't worth relying on," Gilmore said. His own theory was that a privacy
program offered by the government isn't, by nature, likely to remain
private.

 By 1996, Gilmore's dislike of authority was in full bloom. At San
Francisco Airport, he refused to produce a driver's license for security
police.

 "The cop said, 'You want me to arrest you?' I said, 'I'd consider it an
honor.' " They honored him with an arrest. The district attorney dropped
the case.

 Gilmore has epilepsy, and because of that his driver's license was
suspended five years ago. He decided not to reapply because it is now
easier, when asked for a photo ID, to be able to say forthrightly that he
has none.

 More than $1 million of his money has gone to house and feed the
Electronic Frontier Foundation. On a given day, visitors can find a team of
lawyers meeting with young men and women, still pale from too much time
indoors, seeking counsel to protect them from the wrath of everyone from
the Recording Industry Association of America, which is trying to shut down
music file sharers, to federal regulators worried about the latest software
for encrypting e-mail communications.

 "He cares a great deal about privacy," said Lee Tien, a full-time
litigator at EEF. Because privacy is one of those things that disappears
without always being noticed right away, Tien and other EFF lawyers find
themselves fighting regulations nobody gets excited about right away.

 "Privacy discourse ends up being at one end, 'What have you got to hide?'
vs. 'Mind your own business,' " Tien said.

 "If John Gilmore were a country," adds his personal publicist, Bill
Scannell, "his motto would be 'Let Me Alone.' "

Conscious objection

 Rosa Parks did not ride that bus in Montgomery by accident. Several
strategy meetings preceded the famous ride in which the founding mother of
the civil rights movement boarded a bus and declined to sit in the back.

 Gilmore's famous visit to two airline ticket counters in the Bay Area was
charted out. He checked in with his lawyer. He kept notes. He booked a
flight from Oakland, with its slightly cheaper fares, to Washington, D.C.,
where he planned to drop in on the offices of his member of congress, U.S.
Rep. Nancy Pelosi, D-San Francisco, to convey his growing concern about the
amount of data the government is gathering from and about its citizens.

 His reason for travel, he would later say, was "to petition the government
for redress." That added First Amendment issues to a Constitutional
exercise that would also turn on the amendments against unreasonable search
and seizure and the right to assemble and petition the government for
redress of grievances.

 Everything went pretty much according to expectations. That is to say,
everything went to hell in a hurry.

 As Gilmore tells it, he arrived at the gate two hours early, a paper
ticket purchased through a travel agent in his hand. A Southwest agent
asked for his ID. Gilmore, in turn, asked her if the ID requirement was an
airline rule or a government rule. She didn't seem to know. Gilmore argued
that if nobody could show him the law, he wasn't showing them an ID.

 They reached a strange agreement for an argument about personal privacy:
In lieu of showing ID, Gilmore would consent to an extra-close search,
putting up with a pat-down in order to keep his personal identity to
himself. He was wanded, patted down and sent along.

 As Gilmore headed up the boarding ramp a security guard yanked him from
line. According to court papers, a security agent named Reggie Wauls
informed Gilmore he would not be flying that day.

 "He said, 'I didn't let you fly because you said you had an ID and
wouldn't show it,' " Gilmore said. "I asked, 'Does that mean if I'd left it
at home I'd be on the plane?' He said, 'I didn't say that.' "

 The Gilmore case is, if anything, about things unsaid. Gilmore -- and
millions of other people -- are daily instructed to produce some manner of
ID: a driver's license, a Social Security number, a phone number, date of
birth. When Gilmore asked to see the rules explaining why his photo ID is
necessary for airline security, his request was denied. The regulation
under which the Transportation Safety Administration, an arm of the
Department of Homeland Security, instructs the airlines to collect such
identification is classified as "Sensitive Security Information."

 When Congress passes a law, it is as often as not up to some agency to
decide what that law means and how to enforce it. Usually, those
regulations are available for people to examine, even challenge if they
conflict with the Constitution.

 This wasn't the case when Congress passed the Air Transportation Security
Act of 1974. The Department of Transportation was instructed to hold close
information that would "constitute an unwarranted invasion of personal
privacy" or "reveal trade secrets" or "be detrimental to the safety of
persons traveling in air transportation."

 The Federal Aviation Administration, then a branch of the transportation
department, drew up regulations that established the category now known as
Sensitive Security Information.

 When the responsibility for air travel safety was transferred to the newly
created Transportation Safety Administration, which was in turn made a
branch of the new Department of Homeland Security, the oversight for
Sensitive Security Information went with it. The language in the Homeland
Security Act was broadened, subtly but unmistakably, where SSI was
concerned.

 It could not be divulged if it would "be detrimental to the security of
transportation."

 "By removing any reference to persons or passengers, Congress has
significantly broadened the scope of SSI authority," wrote Todd B.
Tatelman, an attorney for the Congressional Research Office. Tatelman was
asked by Congress last year to look at the implications of Gilmore's case.

 Tatelman's report found that the broadened language essentially put a
cocoon of secrecy around 16 categories of information, such as security
programs, security directives, security measures, security screening
information "and a general category consisting of 'other information.' "

 The government has been so unyielding on disclosure that men with the name
David Nelson suddenly found themselves ejected from flights. Somewhere in
the system, the name came up on the newly created "No Fly" list. Sen.
Edward M. Kennedy, D-Mass., found himself in the same dilemma. When baggage
screeners were caught pilfering, prosecutions were dropped because a trial
would require a discussion of "Sensitive Security Information."

 When John Gilmore demanded proof that the airport ID rule met
Constitutional muster, the government at first declined to acknowledge it
even existed.

 Ann Davis, a spokeswoman for TSA, tacitly acknowledged the strange rabbit
hole into which Gilmore has fallen. The Department of Justice, in its first
response to Gilmore's suit two years ago, declined to acknowledge whether
such an instruction existed. Later, it admitted its existence. Then the
government asked a judge to hold a hearing in secret and preclude Gilmore's
lawyers from seeing the regulation they sought to challenge, the contents
of which seem to be pretty widely known.

 "It's a rubber stamp. TSA security directives are -- plural -- sensitive
security information and not subject to public disclosure," Davis said.

 How, then, is someone to challenge in court a law he's not allowed to see?

 "I have no idea," Davis said. "If a passenger doesn't wish to show ID
prior to getting a boarding pass, that's something they're going to have to
take up with the air carrier. And the air carrier is required to obtain
government-issued identification."

 That, says Gilmore's lawyer, Jim Harrison, is the enigma of the case:
"It's about the ability of the citizens of this country to be able to move
about the country, to move about freely, without being subject to laws they
can't see."

 The legal cul-de-sac erected around airport security is not limited to
Gimore's deliberately chosen fight. In October 2001, at San Francisco
Airport, Arshad Chowdhury, born and raised in the United States, was
surrounded by security agents and kept off a Northwest Airlines flight. He
was trying to get back to Carnegie Mellon University, where he was a
graduate student.

 Chowdhury's last name sounded somewhat like another name on the no-fly
list. He could never get an explanation. He filed suit against Northwest,
but, to date, his court fight has been with the government, which has
pleaded Sensitive Security Information.

 To sue Northwest for racial profiling, Chowdhury must first sue his own
government for the rules Northwest will plead it was enforcing.

High-tech togetherness

 Code Con is one of those technological events so deep that ordinary
conversation requires an English-to-English translator. A young woman was
onstage explaining a system she had developed to, as it turns out, automate
trust in discussion groups by assigning a ranking of credibility to
participants based on past messages and reactions. Discussion boards must
either be moderated, to keep the wackos from disrupting them, or wide open,
in which case postings can take unreasonably long times.

 As she spoke, half the audience inside a darkened nightclub rented for the
event stared into the blue glow of laptop computers. Some were following
the PowerPoint presentation on a Web site set up for the affair.

 Dan Klein, a Pittsburgh computer consultant, was in the back of the room.
He has known Gilmore for years, and to know Gilmore is to know the room.
Computer programmers, the really good ones, combine an artistic temperament
with a conviction that intuitive reasoning can lead to mathematical
certainty.

 "It's elegant thinking," Klein said. "We are most of us white hats, but we
think like black hats."

 The elegance of Gilmore's thinking is that knowing someone's ID does not
prevent the person from committing a terrorist act. The 9/11 hijackers had
driver's licenses. Knowing someone's identity, as Gilmore argues it, adds
less to a security than it takes away from a traveler's protection from
authority that might oppress simply because it can.

 "It's just rebellion against oppression," Klein said. "Part of it is this
sense of 'Why do I have to follow all these rules when they don't make any
sense?' "

 The young woman finished her speech, took a few questions and, just as
everyone was about to rise for lunch, Scannell, a peripatetic man who
orbits around both the techies and the world of PR, was on the stage. He
had a special request. He had just become a parent and wanted to put in a
wireless baby monitor. Could someone come up with a way to encrypt a baby
monitor so outsiders couldn't pick up the signal?

 By day's end a few people had approached with ideas. It is doubtful anyone
would bother to listen in on a baby gurgling, but this was the principle of
the thing: meeting the people who know the math to make it work.

 Soon afterward, 14 Code Con attendees flooded into a nearby Italian
restaurant. Gilmore sat at one end of the table, chatted privacy, travel
and whether the drug called Ecstasy has a medicinal application. Then, to
save time, he picked up everyone's check. In cash. No credit cards. Why
leave a paper trail?

 That night, he caught a ride home with a friend. The night before was more
to his liking. On a bus running through San Francisco to Haight-Ashbury, a
multimillionaire sat alone in a seat next to a woman who appeared to be
homeless. Neither knew who the other one was. All John Gilmore had to show
to get on board was a $1.25 fare. That's how he likes it.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From jamesd at echeque.com  Mon Feb 28 09:36:57 2005
From: jamesd at echeque.com (James A. Donald)
Date: Mon, 28 Feb 2005 09:36:57 -0800
Subject: SpookAir, redux: No Secrets -- Eyes on the CIA
In-Reply-To: <p06110428be480dbecbc2@[68.167.57.91]>
Message-ID: <4222E639.2067.3D06EE@localhost>

    --
On 27 Feb 2005 at 18:53, R.A. Hettinga wrote:
> March 7 issue - Aviation obsessives with cameras and Internet 
> connections have become a threat to cover stories established 
> by the CIA to mask its undercover operations and personnel 
> overseas. U.S. intel sources complain that "plane 
> spotters"-hobbyists who photograph airplanes landing or 
> departing local airports and post the pix on the 
> Internet-made it possible for CIA critics recently to 
> assemble details of a clandestine transport system the agency 
> set up to secretly move cargo and people-including terrorist 
> suspects-around the world.

Brinworld:  They may be watching us, but we are also watching 
them.

The large number of surveillance cameras popping up in American 
cities has turned out to be no threat to liberty.  Most of them 
are privately owned, and their private owners have no 
inclination to review their records, unless a real crime has 
been committed, and no inclination to hand over to authorities 
records that would primarily reveal their own activities.  In 
recent incidents where private surviellance camera records were 
given to authorities, the authorities received only selected 
excerpts, only what the owner of the records chose to reveal. 

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     PS5fDA87MKS6uCbiF0gJ/R+39ekRuwLazrAsTyAa
     4MxSlekoFzNrLXER1RoAItoikUPxKn3udKQokRxkB




From camera_lumina at hotmail.com  Mon Feb 28 07:56:54 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Mon, 28 Feb 2005 10:56:54 -0500
Subject: Fred Durst Says Sex Video Was Stolen From His Computer
In-Reply-To: <p06110440be48216d68df@[68.167.57.91]>
Message-ID: <BAY24-F13CCF8CB19F384B3AA73439B580@phx.gbl>

"I don't hate technology, I
don't hate hackers, because that's just what comes with it, without those
hackers we wouldn't solve the problems we need to solve, especially
security."

Holy shit...the guy's a hell of a lot smarter than most legislators. Sounds 
almost like a Cypherpunk...

-TD

>From: "R.A. Hettinga" <rah at shipwright.com>
>To: cryptography at metzdowd.com, cypherpunks at al-qaeda.net, 
>osint at yahoogroups.com
>Subject: Fred Durst Says Sex Video Was Stolen From His Computer
>Date: Sun, 27 Feb 2005 21:02:58 -0500
>
>Like most real hacks and cracks, it was an, um, inside job...
>
>Cheers,
>RAH
>-------
>
><http://www.mtv.com/news/articles/1497523/20050225/limp_bizkit.jhtml?headlines=true>
>
>mtv.com - News -
>
>
>Fred Durst Says Sex Video Was Stolen From His Computer
>  02.25.2005 9:52 PM EST
>
>Contrary to rumors, nookie clip was not hacked from a Sidekick.
>
>Fred Durst
>  Photo: MTV News
>SANTA MONICA, California - Just days after Paris Hilton's T-Mobile Sidekick
>was hacked, spreading her topless photographs across the Internet, a sex
>tape featuring Fred Durst hit the Web along with reports that it was the
>work of the
>
>  Fred Durst on how the video was stolen
>  same hacker.
>
>  Though the explicit clip features the words "T-Mobile Terrorist" on it,
>the Limp Bizkit singer said the footage was definitely not stolen from his
>PDA.
>
>  "If you look on Paris' thing, I don't use T-Mobile," Durst said with a
>laugh on Friday (February 25), referring to the list of Hilton's phone
>numbers that also leaked and included his contact information (see "Paris
>Hilton Apologizes For Crank Calls, Fergie Wants Revenge"). "No, no, [my
>listing in her Sidekick] is just old, years old. Somebody that was
>repairing my computer was smart enough to go through anything he could [and
>found the movie]. What can I say? I'm not proud of it.
>
>  "Everyone, probably everyone in this building, has done something similar
>to what I did, and nobody cares about it," he added during a break from
>recording the next Limp Bizkit album in Interscope Records' studio. "But if
>you're high-profile, or on someone's radar ... then it matters. What
>happens to me happens to me, and I have to live with it and go on."
>
>  Durst said he's been contacted by at least one company seeking his
>cooperation in selling the video.
>
>  "When those things happen to people, there are companies that approach
>you, say, 'Hey, man, you wanna make some money off this? People are gonna
>see it anyway,' " Durst explained. "I said, 'Absolutely not, I don't wanna
>make any money of this. This is ridiculous.' So when you see [celebrity sex
>tapes] out there with big company names on them, you can know people gave
>them permission to release it."
>
>  David Hans Schmidt, a Phoenix-based publicist who once represented Tonya
>Harding and who has represented celebrities in the selling of nude photos
>in the past, tells a different story. He said the thieves contacted him in
>September and he's been negotiating with them and Durst's agents ever 
>since.
>
>  "I was close to turning something illegal into something legal and then
>these hackers reneged and went out and put the tape on World Wide Web along
>with my home telephone number," Schmidt said. "Now we're gonna get 'em.
>Government agencies are meeting with me this weekend."
>
>  Schmidt refused to elaborate about the deal because he worried it might
>hinder the investigation.
>
>  Durst said he hopes people learn a lesson from what happened to him and 
>Paris.
>
>  "If you wanna know how not secure you are, just take a look around," he
>said. "Nothing's secure. Nothing's safe. It's just helping us get better,
>causing awareness for homeland security. ... I don't hate technology, I
>don't hate hackers, because that's just what comes with it, without those
>hackers we wouldn't solve the problems we need to solve, especially
>security."
>
>  Limp Bizkit are nearly finished with their fifth studio album, which will
>mark the return of original guitarist Wes Borland (see "Wes Borland Back
>With Limp Bizkit").
>
>  - Corey Moss
>
>
>--
>-----------------
>R. A. Hettinga <mailto: rah at ibuc.com>
>The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
>44 Farquhar Street, Boston, MA 02131 USA
>"... however it may deserve respect for its usefulness and antiquity,
>[predicting the end of the world] has not been found agreeable to
>experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From camera_lumina at hotmail.com  Mon Feb 28 08:23:07 2005
From: camera_lumina at hotmail.com (Tyler Durden)
Date: Mon, 28 Feb 2005 11:23:07 -0500
Subject: John Gilmore and Open Source
In-Reply-To: <p06110454be48563ac93e@[68.167.57.91]>
Message-ID: <BAY24-F11DB97C252E78ECE3BFBC9B580@phx.gbl>

"Are they just basically saying we just can't travel without identity
papers? If that's true, then I'd rather see us go through a real debate
that says we want to introduce required identity papers in our society
rather than trying to legislate it through the back door through
regulations that say there's not any other way to get around,"

Actually, that's a very interesting comment. In a way, it harkens to the 
open source movement: The secrecy of these laws is precisely what weakens 
security, as folks a little more active-minded than bureaucrats will get a 
chance to think about the problem.

And of course, if just one terrorist gets a hold of those secret laws, 30 
minutes after that all of them will have a copy while the rest of us (trying 
NOT to get blown up) will be at a distinct disadvantage. But then again, 
maybe that's no coincidence...government seems to have a knack for finding 
reasons for itself to exist...

-TD


>From: "R.A. Hettinga" <rah at shipwright.com>
>To: cypherpunks at al-qaeda.net, cryptography at metzdowd.com, 
>osint at yahoogroups.com
>Subject: Grounded: Millionaire John Gilmore stays close to home while   
>making a point about privacy
>Date: Mon, 28 Feb 2005 00:48:06 -0500
>
><http://www.postgazette.com/pg/pp/05058/462446.stm>
>
>
>Pittsburgh Post-Gazette
>
>Grounded: Millionaire John Gilmore stays close to home while making a point
>about privacy
>
>He's unable to travel because he refuses to present a government-approved 
>ID
>
>Sunday, February 27, 2005
>  By Dennis Roddy, Pittsburgh Post-Gazette
>
>
>  SAN FRANCISCO -- John Gilmore's splendid isolation began July 4, 2002,
>when, with defiance aforethought, he strolled to the Southwest Airlines
>counter at Oakland Airport and presented his ticket. Dennis Roddy,
>Post-Gazette
>
>
>John Gilmore, beside a graffiti-covered wall, has his morning coffee at a
>shop that's one block from his San Francisco home. The Bradford native
>doesn't drive and has other travel restrictions, thanks to his challenge of
>a law that the government won't allow him to see.
>
>  The gate agent asked for his ID.
>
>  Gilmore asked her why.
>
>  It is the law, she said.
>
>  Gilmore asked to see the law.
>
>  Nobody could produce a copy. To date, nobody has. The regulation that
>mandates ID at airports is "Sensitive Security Information." The law, as it
>turns out, is unavailable for inspection.
>
>  What started out as a weekend trip to Washington became a crawl through
>the courts in search of an answer to Gilmore's question: Why?
>
>  In post 9/11 America, asking "Why?" when someone from an airline asks for
>identification can start some interesting arguments. Gilmore, who learned
>to argue on the debate team in his hometown of Bradford, McKean County, has
>started an argument that, should it reach its intended target, the U.S.
>Supreme Court, would turn the rules of national security on end, reach deep
>into the tug-of-war between private rights and public safety, and play
>havoc with the Department of Homeland Security.
>
>  At the heart of Gilmore's stubbornness is the worry about the thin line
>between safety and tyranny.
>
>  "Are they just basically saying we just can't travel without identity
>papers? If that's true, then I'd rather see us go through a real debate
>that says we want to introduce required identity papers in our society
>rather than trying to legislate it through the back door through
>regulations that say there's not any other way to get around," Gilmore
>said. "Basically what they want is a show of obedience."
>
>Dennis Roddy, Post-Gazette
>There's no place like home for John Gilmore, who can't travel very far from
>his San Francisco residence. The Bradford native refuses to give his
>identification for flying.
>Click photo for larger image.
>
>  As happens to the disobedient, Gilmore is grounded. He is rich -- he
>estimates his net worth at $30 million -- and cannot fly inside the United
>States. Nor can he ride Amtrak, rent a room at most major hotels, or easily
>clear security in the courthouses where his case, Gilmore v. Ashcroft, is
>to be heard. In a time when more and more people and places demand some
>form of government-issued identification, John Gilmore offers only his
>49-year-old face: a study in stringy hair, high forehead, wire-rimmed
>glasses, Ho Chi Minh beard and the contrariness for which the dot.com
>culture is renowned.
>
>  "I think of myself as being under regional arrest," he said. Even with 
>$30
>million in the bank, regional arrest can be hard. He takes the bus to and
>from events at which he is applauded by less well-heeled computer techies
>who flew in from around the country after showing a boarding pass and one
>form of government-issued photo ID and arrived in rental cars that required
>a valid driver's license and one major credit card.
>
>  He was employee No. 5 at Sun Microsystems, which made Unix, the free
>software of the Web, the world standard. He japed the government by
>cracking its premier security code. He campaigned to keep the software that
>runs the Internet free of charge. After he left Sun, Gilmore started his
>own firm, sold it for more money than he seems to have bothered to count
>and has since devoted his time to giving it away to favored causes: drug
>law reform, a campaign to standardize computer voting machines and the
>Electronic Frontier Foundation, something of an ACLU for the Information
>Age.
>
>  To some, Gilmore's argument is redolent of the conspiracy theories from
>the black helicopter crowd.
>
>  "That's the problem. How it sounds," Gilmore said. He waved his hands 
>like
>some Cassandra: "They have all these secret laws! The UFOs are coming! They
>have guards at every airport!" Yes, he said, there is a certain odd flavor
>to the notion that someone shouldn't have to show ID to board a plane, but
>with magnetometers at the gates, guards with security wands, fortified
>cockpit doors and sky marshals abounding, Gilmore is asking just how much
>citizens are giving up when they hand their driver's licenses to a third
>party, in this case an airline, where it is put into a database they cannot
>see, to meet a law that, as it turns out, they are not allowed to read.
>
>  Gilmore will show ID for an international flight because he doesn't 
>expect
>to set the rules for other nations.
>
>  "I will show a passport to travel internationally. I'm not willing to 
>show
>a passport to travel in my own country," Gilmore said. "I used to laugh at
>countries that had internal passports. And it's happened here and people
>don't even seem to know about it."
>
> >From geek to riches
>
>  The passage of John Gilmore from a bespectacled proto-nerd from Bradford,
>Pa., to the twice-wealthy privacy-rights pioneer of the dot.com West Coast
>started in his father's living room, where he first suspected authority is
>used simply because someone has it.
>
>  When something was found broken or spilled or some other evidence of a
>fractured rule surfaced, and the guilty party unknown, the elder Gilmore
>would summon his four children to the living room.
>
>  "He'd line us all up in the living room. Until one of us confessed, we
>wouldn't get to leave. Eventually one of my younger brothers started
>confessing to things he didn't do just so we could get out of there,"
>Gilmore said.
>
>  Gilmore's father was a mechanical engineer. John was born in York and the
>family moved to Bradford, near the state's northern border with New York,
>when he was small. Today, at his home in Haight-Ashbury, a place he named
>Toad Hall, after the character from "The Wind in the Willows," Gilmore
>keeps a small school photo. It shows him with a little-boy crew cut and
>thick, half-rim eyeglasses, the kind that have been in and out of fashion
>twice since the photo was taken in the mid-1960s.
>
>  The young Gilmore was a strong student at the schools in Bradford. He 
>took
>to math. In high school, he became curious about computers. The 1960s were
>an era in which computers enjoyed an almost mystical reputation; imputed by
>popular culture with the power to deduce anything. One year, a team of
>scientists entered data for the 1927 New York Yankees and the 1963 Los
>Angeles Dodgers to see who would win -- an early "computer match." Babe
>Ruth was even credited with a home run.
>
>  It was easy for a bright boy to become curious about how something so
>all-knowing worked.
>
>  "When he was 12, for his birthday, he asked for an IBM manual," said his
>mother, Pat Woodruff, who remarried after she and Gilmore's father divorced
>20 years ago and returned to live in Bradford. "His floor used to be
>littered with papers. I had no idea what he was doing."
>
>  The University of Pittsburgh opened a branch campus in a building across
>the street from his high school. In it, they placed a desk-sized IBM 360.
>Gilmore started wandering over to learn FORTRAN, the punch-card programming
>language that made the computer do complex mathematical calculations.
>
>  The Pitt-Bradford library had a few computer books, and one of his high
>school teachers got John a card.
>
>  The family was about to move to Alabama when John began writing to the
>company that printed up a $3 manual for computer use. The firm, Scientific
>Time Sharing Corp., in Bethesda, Md., rented out computer time to companies
>such as Arbitron and ABC News, which needed storage for vast databases.
>
>  After the third or fourth correspondence, they wrote back to ask if he 
>was
>a customer. Gilmore wrote back that he was a high school student and he was
>moving to Alabama.
>
>  After completing high school in Alabama, Gilmore had two summer
>internships behind him and a full-time job as the youngest geek in 
>Bethesda.
>
>  He had a few dollars in his pocket and a letter of acceptance from
>Michigan State University. He used the money. The letter was of little use.
>Computer science had not yet come into its own as an academic discipline.
>
>  "Why pay someone to teach me computers when I can get someone to pay me 
>to
>learn them?" he reasoned.
>
>Road trip
>
>  When techies burn out, they tend not to do strange things. They are, by
>nature, already a few degrees off plumb. So they revert to the ordinary.
>Gilmore burned out in the late '70s. He got on a motorcycle and rode west.
>
>  "He just packed up his stuff and moved off," Pat Woodruff said. "I don't
>know where he went at this time."
>
>  He went to New Mexico. Gilmore worked for a while in the lowest of
>mechanical technologies: a traveling carnival. He ran the Tilt-A-Whirl.
>
>  "You have to watch the thing closely and know when someone's going to 
>lose
>it, so you move back," he said.
>
>  Dodging stomach contents kept him employed for a while. At one point he
>moved in with New Mexico's most dysfunctional couple. The male in the
>relationship found out the female was pregnant. An argument broke out. A
>gun was produced. Gilmore forgot his lesson from the Tilt-A-Whirl. He
>didn't duck. A bullet caught him in the hand. He finished his New Mexico
>stay sleeping under a stairwell at the local college.
>
>  He knocked around the country a bit more. Staying with a relative in
>Jacksonville, Fla., Gilmore looked for a job at a local bank. "They said
>they wouldn't hire me as a teller, but they'd be glad to hire me to run
>their computer," he said.
>
>  Eventually, Gilmore moved to San Francisco and took up computer
>consulting. One day, a friend called. He'd gone to work for a startup firm
>called Microsoft. The company's founder, a Harvard dropout named Bill
>Gates, was selling Unix, a universal software on which the Internet would
>be based, and he wanted Gilmore to find a way to make Unix work on the
>computers of a prospective customer based at Stanford University. After a
>job interview, Gilmore called the people at Stanford. They were starting a
>company to be called Sun, short for Stanford University Network, and would
>Gilmore like to be their first software employee.
>
>  "I hired on at Sun because the work was interesting," he said. The pay 
>was
>just short of marginal.
>
>  Thus did John Gilmore get rich by accident. Because he was on the ground
>floor, his stock was worth more. Sun went public in 1986 and suddenly John
>Gilmore was rich. He stayed on at Sun as a consultant until 1989, then
>started his own company, Cygnus. A few years later, when he sold Cygnus, he
>was, in the parlance of Silicon Valley, "loaded." That is to say he is not
>ridiculously rich -- just wealthy enough to make trouble.
>
>  He did.
>
>  Gilmore, for instance, is blocked from most e-mail servers because he 
>runs
>what the industry calls an "open relay" on his computer server, tucked into
>the basement of his house. People are able to send e-mail through it
>without identifying themselves, raising the ire of the anti-spam movement.
>
>  His server sits next to the remnants of what is known in the industry as
>the "DES Cracker." It is a collection of computer chips, connected by a
>spider web of circuitry that he built to overpower the most widely used
>encryption system -- the same one used on ATMs and satellite dishes.
>
>  "The government was recommending everybody use it. We did that to show it
>wasn't worth relying on," Gilmore said. His own theory was that a privacy
>program offered by the government isn't, by nature, likely to remain
>private.
>
>  By 1996, Gilmore's dislike of authority was in full bloom. At San
>Francisco Airport, he refused to produce a driver's license for security
>police.
>
>  "The cop said, 'You want me to arrest you?' I said, 'I'd consider it an
>honor.' " They honored him with an arrest. The district attorney dropped
>the case.
>
>  Gilmore has epilepsy, and because of that his driver's license was
>suspended five years ago. He decided not to reapply because it is now
>easier, when asked for a photo ID, to be able to say forthrightly that he
>has none.
>
>  More than $1 million of his money has gone to house and feed the
>Electronic Frontier Foundation. On a given day, visitors can find a team of
>lawyers meeting with young men and women, still pale from too much time
>indoors, seeking counsel to protect them from the wrath of everyone from
>the Recording Industry Association of America, which is trying to shut down
>music file sharers, to federal regulators worried about the latest software
>for encrypting e-mail communications.
>
>  "He cares a great deal about privacy," said Lee Tien, a full-time
>litigator at EEF. Because privacy is one of those things that disappears
>without always being noticed right away, Tien and other EFF lawyers find
>themselves fighting regulations nobody gets excited about right away.
>
>  "Privacy discourse ends up being at one end, 'What have you got to hide?'
>vs. 'Mind your own business,' " Tien said.
>
>  "If John Gilmore were a country," adds his personal publicist, Bill
>Scannell, "his motto would be 'Let Me Alone.' "
>
>Conscious objection
>
>  Rosa Parks did not ride that bus in Montgomery by accident. Several
>strategy meetings preceded the famous ride in which the founding mother of
>the civil rights movement boarded a bus and declined to sit in the back.
>
>  Gilmore's famous visit to two airline ticket counters in the Bay Area was
>charted out. He checked in with his lawyer. He kept notes. He booked a
>flight from Oakland, with its slightly cheaper fares, to Washington, D.C.,
>where he planned to drop in on the offices of his member of congress, U.S.
>Rep. Nancy Pelosi, D-San Francisco, to convey his growing concern about the
>amount of data the government is gathering from and about its citizens.
>
>  His reason for travel, he would later say, was "to petition the 
>government
>for redress." That added First Amendment issues to a Constitutional
>exercise that would also turn on the amendments against unreasonable search
>and seizure and the right to assemble and petition the government for
>redress of grievances.
>
>  Everything went pretty much according to expectations. That is to say,
>everything went to hell in a hurry.
>
>  As Gilmore tells it, he arrived at the gate two hours early, a paper
>ticket purchased through a travel agent in his hand. A Southwest agent
>asked for his ID. Gilmore, in turn, asked her if the ID requirement was an
>airline rule or a government rule. She didn't seem to know. Gilmore argued
>that if nobody could show him the law, he wasn't showing them an ID.
>
>  They reached a strange agreement for an argument about personal privacy:
>In lieu of showing ID, Gilmore would consent to an extra-close search,
>putting up with a pat-down in order to keep his personal identity to
>himself. He was wanded, patted down and sent along.
>
>  As Gilmore headed up the boarding ramp a security guard yanked him from
>line. According to court papers, a security agent named Reggie Wauls
>informed Gilmore he would not be flying that day.
>
>  "He said, 'I didn't let you fly because you said you had an ID and
>wouldn't show it,' " Gilmore said. "I asked, 'Does that mean if I'd left it
>at home I'd be on the plane?' He said, 'I didn't say that.' "
>
>  The Gilmore case is, if anything, about things unsaid. Gilmore -- and
>millions of other people -- are daily instructed to produce some manner of
>ID: a driver's license, a Social Security number, a phone number, date of
>birth. When Gilmore asked to see the rules explaining why his photo ID is
>necessary for airline security, his request was denied. The regulation
>under which the Transportation Safety Administration, an arm of the
>Department of Homeland Security, instructs the airlines to collect such
>identification is classified as "Sensitive Security Information."
>
>  When Congress passes a law, it is as often as not up to some agency to
>decide what that law means and how to enforce it. Usually, those
>regulations are available for people to examine, even challenge if they
>conflict with the Constitution.
>
>  This wasn't the case when Congress passed the Air Transportation Security
>Act of 1974. The Department of Transportation was instructed to hold close
>information that would "constitute an unwarranted invasion of personal
>privacy" or "reveal trade secrets" or "be detrimental to the safety of
>persons traveling in air transportation."
>
>  The Federal Aviation Administration, then a branch of the transportation
>department, drew up regulations that established the category now known as
>Sensitive Security Information.
>
>  When the responsibility for air travel safety was transferred to the 
>newly
>created Transportation Safety Administration, which was in turn made a
>branch of the new Department of Homeland Security, the oversight for
>Sensitive Security Information went with it. The language in the Homeland
>Security Act was broadened, subtly but unmistakably, where SSI was
>concerned.
>
>  It could not be divulged if it would "be detrimental to the security of
>transportation."
>
>  "By removing any reference to persons or passengers, Congress has
>significantly broadened the scope of SSI authority," wrote Todd B.
>Tatelman, an attorney for the Congressional Research Office. Tatelman was
>asked by Congress last year to look at the implications of Gilmore's case.
>
>  Tatelman's report found that the broadened language essentially put a
>cocoon of secrecy around 16 categories of information, such as security
>programs, security directives, security measures, security screening
>information "and a general category consisting of 'other information.' "
>
>  The government has been so unyielding on disclosure that men with the 
>name
>David Nelson suddenly found themselves ejected from flights. Somewhere in
>the system, the name came up on the newly created "No Fly" list. Sen.
>Edward M. Kennedy, D-Mass., found himself in the same dilemma. When baggage
>screeners were caught pilfering, prosecutions were dropped because a trial
>would require a discussion of "Sensitive Security Information."
>
>  When John Gilmore demanded proof that the airport ID rule met
>Constitutional muster, the government at first declined to acknowledge it
>even existed.
>
>  Ann Davis, a spokeswoman for TSA, tacitly acknowledged the strange rabbit
>hole into which Gilmore has fallen. The Department of Justice, in its first
>response to Gilmore's suit two years ago, declined to acknowledge whether
>such an instruction existed. Later, it admitted its existence. Then the
>government asked a judge to hold a hearing in secret and preclude Gilmore's
>lawyers from seeing the regulation they sought to challenge, the contents
>of which seem to be pretty widely known.
>
>  "It's a rubber stamp. TSA security directives are -- plural -- sensitive
>security information and not subject to public disclosure," Davis said.
>
>  How, then, is someone to challenge in court a law he's not allowed to 
>see?
>
>  "I have no idea," Davis said. "If a passenger doesn't wish to show ID
>prior to getting a boarding pass, that's something they're going to have to
>take up with the air carrier. And the air carrier is required to obtain
>government-issued identification."
>
>  That, says Gilmore's lawyer, Jim Harrison, is the enigma of the case:
>"It's about the ability of the citizens of this country to be able to move
>about the country, to move about freely, without being subject to laws they
>can't see."
>
>  The legal cul-de-sac erected around airport security is not limited to
>Gimore's deliberately chosen fight. In October 2001, at San Francisco
>Airport, Arshad Chowdhury, born and raised in the United States, was
>surrounded by security agents and kept off a Northwest Airlines flight. He
>was trying to get back to Carnegie Mellon University, where he was a
>graduate student.
>
>  Chowdhury's last name sounded somewhat like another name on the no-fly
>list. He could never get an explanation. He filed suit against Northwest,
>but, to date, his court fight has been with the government, which has
>pleaded Sensitive Security Information.
>
>  To sue Northwest for racial profiling, Chowdhury must first sue his own
>government for the rules Northwest will plead it was enforcing.
>
>High-tech togetherness
>
>  Code Con is one of those technological events so deep that ordinary
>conversation requires an English-to-English translator. A young woman was
>onstage explaining a system she had developed to, as it turns out, automate
>trust in discussion groups by assigning a ranking of credibility to
>participants based on past messages and reactions. Discussion boards must
>either be moderated, to keep the wackos from disrupting them, or wide open,
>in which case postings can take unreasonably long times.
>
>  As she spoke, half the audience inside a darkened nightclub rented for 
>the
>event stared into the blue glow of laptop computers. Some were following
>the PowerPoint presentation on a Web site set up for the affair.
>
>  Dan Klein, a Pittsburgh computer consultant, was in the back of the room.
>He has known Gilmore for years, and to know Gilmore is to know the room.
>Computer programmers, the really good ones, combine an artistic temperament
>with a conviction that intuitive reasoning can lead to mathematical
>certainty.
>
>  "It's elegant thinking," Klein said. "We are most of us white hats, but 
>we
>think like black hats."
>
>  The elegance of Gilmore's thinking is that knowing someone's ID does not
>prevent the person from committing a terrorist act. The 9/11 hijackers had
>driver's licenses. Knowing someone's identity, as Gilmore argues it, adds
>less to a security than it takes away from a traveler's protection from
>authority that might oppress simply because it can.
>
>  "It's just rebellion against oppression," Klein said. "Part of it is this
>sense of 'Why do I have to follow all these rules when they don't make any
>sense?' "
>
>  The young woman finished her speech, took a few questions and, just as
>everyone was about to rise for lunch, Scannell, a peripatetic man who
>orbits around both the techies and the world of PR, was on the stage. He
>had a special request. He had just become a parent and wanted to put in a
>wireless baby monitor. Could someone come up with a way to encrypt a baby
>monitor so outsiders couldn't pick up the signal?
>
>  By day's end a few people had approached with ideas. It is doubtful 
>anyone
>would bother to listen in on a baby gurgling, but this was the principle of
>the thing: meeting the people who know the math to make it work.
>
>  Soon afterward, 14 Code Con attendees flooded into a nearby Italian
>restaurant. Gilmore sat at one end of the table, chatted privacy, travel
>and whether the drug called Ecstasy has a medicinal application. Then, to
>save time, he picked up everyone's check. In cash. No credit cards. Why
>leave a paper trail?
>
>  That night, he caught a ride home with a friend. The night before was 
>more
>to his liking. On a bus running through San Francisco to Haight-Ashbury, a
>multimillionaire sat alone in a seat next to a woman who appeared to be
>homeless. Neither knew who the other one was. All John Gilmore had to show
>to get on board was a $1.25 fare. That's how he likes it.
>
>
>--
>-----------------
>R. A. Hettinga <mailto: rah at ibuc.com>
>The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
>44 Farquhar Street, Boston, MA 02131 USA
>"... however it may deserve respect for its usefulness and antiquity,
>[predicting the end of the world] has not been found agreeable to
>experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb 28 12:53:34 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 28 Feb 2005 15:53:34 -0500
Subject: Diana West: Fear and loathing of the gonzo establishment
Message-ID: <p061104a5be48f9ae194c@[68.167.57.91]>

<http://www.townhall.com/columnists/dianawest/printdw20050228.shtml>

Townhall.com

Fear and loathing of the gonzo establishment
Diana West (back to web version) | Send

February 28, 2005

If there is one thing that bugs the Left, it's the idea of empire -- and
particularly the idea of its own established empire -- the media culture it
still dominates by dint of groupthink.

 That's why when Hunter S. Thompson committed suicide at age 67, the empire
of the Left, a.k.a. the mainstream media (MSM), had to pretend that a bona
fide "iconoclast" had died, someone at odds with the establishment -- "like
Galileo or Martin Luther," as Orville Schell, dean of the Graduate School
of Journalism at UC Berkeley, rather colossally saw fit to describe
Thompson's clip file for the ages.

Far from living life on the fringe -- which is not to say he didn't live a
fringey life -- Thompson was enshrined as an icon by the so-called
establishment. By "establishment" I mean the prevailing powers that be, the
media and cultural powers for whom Thompson was never a threat, but always
a promise. He has long been appreciated, if not celebrated, for his open
and prodigious drug use. (He was "who Mark Twain might have been if Twain
had discovered acid," friend and National Public Radio foreign editor Loren
Jenkins told The Washington Times.) And he has been consistently applauded
for a concocted reportage that divorced "journalism" from fact. (His work
was "true in a way the bean counters would never understand," said a New
York Times appreciation not penned by Jayson Blair.) Thompson's "gonzo"
career was a template for counter-cultural behaviors and attitudes that had
reshaped the American mainstream by the end of the 1960s. Tantrums.
Hedonism. Self-absorption. And the "craziness," the Washington Post
appreciation toasted, "that comes with sticking the big toe of your brain
in the socket of 'high-powered blotter acid,' and 'uppers, downers,
screamers, laughers.'"

Guess you had to be there. Even if you weren't, even if you tried to read
"Fear and Loathing on the Campaign Trail" and couldn't, the "gonzo"
sensibility lives on. Indeed, the gonzo sensibility has infused our culture
to the point where it's no longer a relic of the old counter-culture, but
is an innate characteristic of the establishment today. Who keeps his head
up in the mainstream today who isn't gonzo-"wild" and gonzo-"crazy"? In
gonzo we trust. This explains not only the lavishness of praise being
heaped upon Thompson, but also the extraordinary lengths to which his
appreciators -- and they are legion -- have gone to palliate his lifelong
depravities.

My favorite: His was a "lifestyle dominated by a long and sophisticated
romance with drugs," said the New York Times appreciation, quite
picturesquely dispensing with the ravages of chronic drug use. Then there
is Thompson's "obscenity-laced prose."  Not to worry, said his Times
obituary, expletives "broke down walls between reader and writer." As for
his "creative blend of fact and fantasy" (wasn't that Dan Rather's
problem?), his "rule-breaking style" and "outrageous voice," they "helped
refocus the nation's customarily straitlaced political dialogue." How? The
obit doesn't say, but maybe his political coverage that "made no secret of
his hatred of Nixon" had something to do with it. And thank goodness. What
would the republic have done without him? Too bad he couldn't have been
around to refocus the Constitutional Convention.

Gonzo-style aside, what's left? According to a line in the middle of the
Washington Post appreciation, not so much. "In fact, he'd never done very
much in his life except write about it, which he did with clarity, hilarity
and big-train momentum." Well, to each his own. On the other hand,
gonzo-style alone, given that it has become a way of life, may be enough to
rate the posthumous star treatment, although a little distance between star
and treatment-ers would be appreciated.

But there is something else. "For a generation of American students," The
New York Times writes, "Mr. Thompson made journalism seem like a dangerous,
fantastic occupation." This notion is echoed in The Washington Post: "He
was a particular hero to journalists, whose terrible secret is that beneath
all the globe-hopping and news anchor fame, they are merely clerks and
voyeurs. Thompson ... had the bearing of an adventurer striding out to the
very edges of madness and menace."

Fear and loathing. Madness and menace. Danger. Fantasy. These are the moods
of adolescent rebellion, the stylistic attitudes of an adversary culture
that has long dominated the MSM. Which tells me that when all the ink is
dry, Thompson's special place both on the Left and in the MSM is as a sort
of adversary mascot, a totem of a mythical time when the empire still lay
ahead.

Too bad the emperor has no clothes.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb 28 18:14:40 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 28 Feb 2005 21:14:40 -0500
Subject: Lighters to be banned on airline flights
Message-ID: <p06110410be49800696a4@[68.167.57.91]>

<http://news.yahoo.com/news?tmpl=story&cid=2270&u=/krwashbureau/20050228/ts_krwashbureau/_bc_lighterban_wa_1&printer=1>

Yahoo!


Lighters to be banned on airline flights



2 hours, 27 minutes ago

By Kimberly Morrison, Knight Ridder Newspapers

 WASHINGTON - Airline passengers will have to ditch their lighters or lose
them to airport security screeners when a new ban on lighters takes effect
in April.


*
Federated to buy May for billion in stock

*
Black farmers go to Congress for help

*
Hussein relative captured in Syria

*
Park City man held in 17-year killing spree

*
Egypt moves to hold free elections



Echo Company
 Knight Ridder Special Report (at philly.com)
  


 The ban reflects Congress' fear that lighters could be used to ignite
bombs on planes or otherwise damage or destroy them. The Transportation
Security Administration until now had banned all but butane lighters and
said each passenger could carry no more than two.

 TSA's new ruling extends the ban to all butane lighters, effective April 14.

 Proponents of the ban, including Sen. Byron Dorgan (news, bio, voting
record), D-N.D., cited the case of convicted "shoe bomber" Richard Reid,
who tried but failed to light explosives in his shoes with matches. Had
Reid been using a lighter, he might have brought down the plane, Dorgan
said. Reid was sentenced to life in prison in 2003.

 The butane lighter ban is expected to streamline security procedures,
because in the past screeners had to distinguish between butane lighters
and types that were banned.

 The Department of Transportation bans lighters in checked baggage, so
passengers wanting to keep them have few options aside from returning to
their cars to stow lighters or handing them off to non-fliers.

 The U.S. Postal Service considers lighters to be hazardous material and
will not mail them.

 Passengers can continue to carry up to four books of matches, but that,
too, is under reconsideration, said TSA spokeswoman Amy Von Walter.
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'




From rah at shipwright.com  Mon Feb 28 18:15:44 2005
From: rah at shipwright.com (R.A. Hettinga)
Date: Mon, 28 Feb 2005 21:15:44 -0500
Subject: Federal Judge Orders 'Enemy Combatant' Jose Padilla Charged Or 
  Released
Message-ID: <p06110411be4980a4bb6d@[68.167.57.91]>

<http://news.yahoo.com/news?tmpl=story&cid=401&u=/wews/20050228/lo_wyff/2605959&printer=1>

Yahoo!

Federal Judge Orders 'Enemy Combatant' Jose Padilla Charged Or Released


Mon Feb 28, 6:08 PM ET


 A federal judge in Spartanburg has ordered that an American citizen held
as an enemy combatant in a Navy brig in Charleston should be released.

  


 U.S. District Judge Henry F. Floyd ruled Monday that the president of the
United States does not have the authority to order Jose Padilla to be held.

 "If the law in its current state is found by the president to be
insufficient to protect this country from terrorist plots, such as the one
alleged here, then the president should prevail upon Congress to remedy the
problem," he wrote.

 In the ruling, Floyd said that three court cases that the government used
to make its claim did not sufficiently apply to Padilla's case.

 Floyd wrote that, in essence, "the detention of a United States citizen by
the military is disallowed without explicit Congressional authorization."

 Floyd wrote that because the government had not provided any proof that
the president has the power to hold Padilla, he must reject the
government's claim of authority.

 "To do otherwise would not only offend the rule of law and violate this
countrys constitutional tradition, but it would also be a betrayal of this
nations commitment to the separation of powers that safeguards our
democratic values and individual liberties," he wrote.

 "For the court to find for [the U.S. government] would also be to engage
in judicial activism. This court sits to interpret the law as it is and not
as the court might wish it to be. Pursuant to its interpretation, the court
finds that the President has no power, neither express nor implied, neither
constitutional nor statutory, to hold [Padilla] as an enemy combatant,"
Floyd wrote.

 As a result, Floyd ordered that Padilla be charged with a crime or
released within 45 days.

 The government is expected to appeal the decision.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'