From tom at ricardo.de Fri Jul 28 02:49:11 2000 From: tom at ricardo.de (Tom Vogt) Date: Fri, 28 Jul 2000 11:49:11 +0200 Subject: CDR: deniable encryption Message-ID: <39815717.E57D0360@ricardo.de> in a follow-up to the recent discussion (mostly between Riad Wahby and myself) I have decided to code an example implementation and have most of the details down. however, there are some crypto-related specifics I'm lacking. if anyone can help, I'd be happy. most importantly, is there an implementation of rivest's "all-or-nothing package thingy? this is definitely something I want, since it greatly strengthens the chaffing-like approach I'll be using. however, I don't feel confident enough to create it myself. From tom at ricardo.de Fri Jul 28 05:28:59 2000 From: tom at ricardo.de (Tom Vogt) Date: Fri, 28 Jul 2000 14:28:59 +0200 Subject: CDR: chaffing/winnowing software test Message-ID: <39817C8B.2D453EE8@ricardo.de> I've done a simple chaffing and winnowing implementation, and would like to invite everyone interested to have a look and give comments. download: ftp://ftp.lemuria.org/pub/Code/Shaft-0.1.tar.gz requires: openssl (for hmac) the program consists of two parts: shaft will encode/decode, while shaftsort will sort the chunk within a file. shaftsort has two purposes: first, shaft relies on sorted input when decoding. second, the standard shaft output is sorted by input files, which makes the whole chaffing process more or less irrelevant. bugs: some trailing zeros in final output, and shaftsort still retains the "order by input file", which is a Bad Thing(tm). it should take all the chunks with identical sequence numbers and resort them randomly or by some arbitrary definition ("first 3 data bytes"). usage: see the test.sh or the source. basically, for encryption, shaft wants input files and keys/passwords on the commandline. for decryption it wants just one key. shaftsort is a filter (stdin to stdout). From ministry at ipm.org Sat Jul 29 16:14:06 2000 From: ministry at ipm.org (In Him) Date: Sat, 29 Jul 2000 18:14:06 -0500 Subject: Good Virus info. Working fix. Highly recommended. Message-ID: <9713922000762923146720@ipm.org> If your email client does not show this email formatted, please, go here. AOL users may cut-paste this link onto the browser http://www.ipm.org/av/SirCam _______________________________________________________________________________________________________________________ Do you remember seeing this message? Hi! How are you? I send you this file in order to have your advice. See you later. Thanks Do you remember READING the attached file? If the answer is "yes" to both, your PC is infected with one of the trickiest and most dangerous viruses that takes internet by storm. _______________________________________________________________________________________________________________________________ Worm W32-SirCam at MM Why the trickiest? It comes with an innocent request for advice from someone that you know (message can be in Spanish). Attachment - is a real file from a real person's PC; it might even be relevant to the field of interests of the person it came from. You will even feel obligated to reply. Why the most dangerous? When you read the attached file, worm W32-SirCam at MM comes out of the document, goes in to your Windows registry, and here's where the fun begins. 1. It looks in your PC for every file that is a Document (*.doc, *.txt), image (*.gif, jpg, etc.) compressed files (*.zip, rar). 2. It takes found documents, copies itself into bod! y of text and sends silently to each and every email address found in your entire MS Outlook mail and temporary internet files. Virus does no affect users of Outlook only, as it is using its own SMTP engine. 3. Reportedly, it destroys documents and blocks drive C: from writing anything on it, which is the main thing that Windows does -- reads and writes from the hard disk drive. (I know the latter to be true, it did happen in MY case) Can you just imagine, your personal file (even passwords, credit cards, work-related, secret database - whatever you have that is not meant to be shared) being distributed to your friends and partners and correspondents? Is there any immediate cure for a PC infected with W32-SirCam at MM ? Yes. It is right here http://ipm.org/av along with some other information on this and other viruses. Run file http://www.sarc.com/avcenter/FixSirc.com to check and fix your PC. Is there any precaution against this and similar viruses? Yes, 1. Never open attachments from people that you do not know. If indeed interested in the attachment, or it comes from a friend, always reply to the sender with the question "Did you send this to me?". If the answer is "yes", enjoy the file. If "no" just delete email and empty Deleted files folder. Make sure to reply with the message that he may be sending a potential virus. 2. Install (unwise to pinch pennies here) and never turn off Antivirus software. We recommend Norton Antivirus. In Norton properties, set Auto Update for weekly automatic downloads. 3. Do not rely (sorry, folks!) on MacAfee Anti-virus software pre-installed on your PC from the manufacturer. This is what has happened to me--system admin--for a second time. Two years ago I bought Sony notebook for home use and MacAfee did not catch "happy99" virus. Several months ago I bought another GREAT notebook from Sony, got lazy about uninstalling MacAfee ! and replacing with Norton. MacAfee slept well with W32-SirCam at MM from 18th of July, until I received from a friend -----> a positive comment on the file that I never sent to him <------- !!! I installed my old-time buddy Norton Antivirus and here we go W32-SirCam at MM was found! We came to the conclusion of sending this message to all friends and partners of this Prison Ministry, after we received 30 infected emails yesterday. We need to join forces to stop the spread of this virus. Please, pass this message on to your correspondents so they can take all precautionary measurements and clean their PCs too. Have a truly blessed day, pray, and enjoy worry-free internet experience. Take a look at one of the most inspirational pages here http://www.ipm.org/guests/God's_creation/thanksgiving.htm Serge Taran -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 8415 bytes Desc: not available URL: From ministry at ipm.org Sat Jul 29 16:14:07 2000 From: ministry at ipm.org (In Him) Date: Sat, 29 Jul 2000 18:14:07 -0500 Subject: Good Virus info. Working fix. Highly recommended. Message-ID: <131361022000762923147220@ipm.org> If your email client does not show this email formatted, please, go here. AOL users may cut-paste this link onto the browser http://www.ipm.org/av/SirCam _______________________________________________________________________________________________________________________ Do you remember seeing this message? Hi! How are you? I send you this file in order to have your advice. See you later. Thanks Do you remember READING the attached file? If the answer is "yes" to both, your PC is infected with one of the trickiest and most dangerous viruses that takes internet by storm. _______________________________________________________________________________________________________________________________ Worm W32-SirCam at MM Why the trickiest? It comes with an innocent request for advice from someone that you know (message can be in Spanish). Attachment - is a real file from a real person's PC; it might even be relevant to the field of interests of the person it came from. You will even feel obligated to reply. Why the most dangerous? When you read the attached file, worm W32-SirCam at MM comes out of the document, goes in to your Windows registry, and here's where the fun begins. 1. It looks in your PC for every file that is a Document (*.doc, *.txt), image (*.gif, jpg, etc.) compressed files (*.zip, rar). 2. It takes found documents, copies itself into bod! y ! of text an d sends silently to ea Is there any precaution against this and similar viruses? Yes, 1. Never open attachments from people that you do not know. If indeed interested in the attachment, or it comes from a friend, always reply to the sender with the question "Did you send this to me?". If the answer is "yes", enjoy the file. If "no" just delete email and empty Deleted files folder. Make sure to reply with the message that he may be sending a potential virus. 2. Install (unwise to pinch pennies here) and never turn off Antivirus software. We recommend Norton Antivirus. In Norton properties, set Auto Update for weekly automatic downloads. 3. Do not rely (sorry, folks!) on MacAfee Anti-virus software pre-installed on your PC from the manufacturer. This is what has happened to me--system admin--for a second time. Two years ago I bought Sony notebook for home use and MacAfee did not catch "happy99" virus. Several months ago I bought another GREAT notebook from Sony, got lazy about uninstalling MacAfee ! an! d replacin g with Norton. MacAfee Serge Taran -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 8415 bytes Desc: not available URL: