Re: Is TCPA broken?

2002-08-12 Thread Joseph Ashwood 

I need to correct myself.
- Original Message -
From: "Joseph Ashwood" <[EMAIL PROTECTED]>

> Suspiciously absent though is the requirement for symmetric encryption
(page
> 4 is easiest to see this). This presents a potential security issue, and
> certainly a barrier to its use for non-authentication/authorization
> purposes. This is by far the biggest potential weak point of the system.
No
> server designed to handle the quantity of connections necessary to do this
> will have the ability to decrypt/sign/encrypt/verify enough data for the
> purely theoretical universal DRM application.

I need to correct this DES, and 3DES are requirements, AES is optional. This
functionality appears to be in the TSS. However I can find very few
references to the usage, and all of those seem to be thoroughly wrapped in
numerous layers of "SHOULD" and "MAY." Since is solely the realm of the TSS
(which had it's command removed July 12, 2001 making this certainly
incomplete), it is only accessible through few commands (I won't bother with
VerifySignature). However looking at the TSS_Bind it says explicitly on page
157 "To bind data that is larger than the RSA public key modulus it is the
responsibility of the caller to perform the blocking" indicating that the
expected implementation is RSA only. The alternative is wrapping the key,
but that is clearly targeted at using RSA to encrypt a key. The Identity
commands, this appears to use a symmetric key, but deals strictly with
TPM_IDENTITY_CREDENTIAL. Regardless the TSS is a software entity (although
it may be assisted by hardware), this is and of itself presents some
interesting side-effects on security.
Joe

Conference Calls Save Time and Money

2002-08-12 Thread Telcom center 
Title: Lowest Rate Services





  
  
Conferencing Made Easy
Only 18 Cents Per Minute!
(Including Long Distance!)


  
  

  No setup fees
  No contracts or monthly fees
  Call anytime, from anywhere, to anywhere
  Connects up to 100 Participants
  Simplicity in set up and administration
  Operator Help available 24/7 


  
  
The Highest Quality Service For The Lowest Rate In The Industry!


  
  
Fill out the form below to find out how you can lower your phone bill every month.
Required Input Field*


  
  

  
  


  Name*
  

  Web
Address
  

  Company
Name*
  

  
State*
  

  Business
Phone*
  

  Home
Phone
  

  Email
Address*
  

  Type of
Business
  
  



  
  
To be removed from our distribution lists, please
  Click
  here.

Is TCPA broken?

2002-08-12 Thread Joseph Ashwood 

- Original Message -
From: "Mike Rosing" <[EMAIL PROTECTED]>
> Are you now admitting TCPA is broken?

I freely admit that I haven't made it completely through the TCPA
specification. However it seems to be, at least in effect although not
exactly, a motherboard bound smartcard.

Because it is bound to the motherboard (instead of the user) it can be used
for various things, but at the heart it is a smartcard. Also because it
supports the storage and use of a number of private RSA keys (no other type
supported) it provides some interesting possibilities.

Because of this I believe that there is a core that is fundamentally not
broken. It is the extensions to this concept that pose potential breakage.
In fact looking at Page 151 of the TCPA 1.1b spec it clearly states (typos
are mine) "the OS can be attacked by a second OS replacing both the
SEALED-block encryption key, and the user database itself." There are
measures taken to make such an attack cryptographically hard, but it
requires the OS to actually do something.

Suspiciously absent though is the requirement for symmetric encryption (page
4 is easiest to see this). This presents a potential security issue, and
certainly a barrier to its use for non-authentication/authorization
purposes. This is by far the biggest potential weak point of the system. No
server designed to handle the quantity of connections necessary to do this
will have the ability to decrypt/sign/encrypt/verify enough data for the
purely theoretical universal DRM application.

The second substantial concern is that the hardware is substantially limited
in the size of the private keys, being limited to 2048 bits, the second
concern is that it is additionally bound to SHA-1. Currently these are both
sufficient for security, but in the last year we have seen realistic claims
that 1500 bit RSA may be subject to viable attack (or alternately may not
depending on who you believe). While attacks on RSA tend to be spread a fair
distance apart, this never the less puts 2048 bit RSA at fairly close to the
limit of security, it would be much preferable to support 4096-bit RSA from
a security standpoint. SHA-1 is also currently near its limit. SHA-1 offer
2^80 security, a value that it can be argued may be too small for long term
security.

For the time being TCPA seems to be unbroken, 2048-bit RSA is sufficient,
and SHA-1 is used as a MAC for important points. For the future though I
believe these choices may prove to be a weak point in the system, for those
that would like to attack the system, these are the prime targets. The
secondary targets would be forcing debugging to go unaddressed by the OS,
which since there is no provision for smartcard execution (except in
extremely small quantities just as in a smartcard) would reveal very nearly
everything (including the data desired).
Joe

HIGH $$ PAID NE

2002-08-12 Thread Jessica 

HIGH $$ PAID!!  14-Year-Old Hi-tech industry leader in an emerging 90 billion dollar 
environmental marketplace seeks U.S. and 
Canadian entrepreneurs for market expansion. We have an immediate need and are willing 
to train and develop aggressive individuals in local markets. Candidates must be 
motivated individuals with the entrepreneurial drive to run their own independent 
business part-time, full-time or spare-time from home backed with full company 
support. Here are some highlights:
 
Please visit http://www.basetel.com/success for full details.

Huge compensation benefits program offered:
* Uncapped commissions and bonuses.
* Qualified Mgrs. Avg. up to $8,892/mo. or more!
 
Total Flexibility:
* No commuting necessary! Work from home environment. 
* P/T or F/T positions available.
* Create your own schedule and hours.
 
Company Support:
* Each independently run business is backed with full company support.
* Up to 99.0% start up funding available, if needed.
 
Complete Training:
* Personal one-on-one training by top company leaders.
* Proven step-by-step marketing system. 
* Product sells itself. (No selling or cold calling!).
 
Perks:
* Luxury company car ($800/mo).
* National/International all expense paid vacations, business or pleasure.
* Profit sharing program.
* Medical benefits available.
 
To maintain regulatory compliance, we are unable to name our company in this ad. 
However, you will soon discover that our 14 
year old INC 500 company has developed a proprietary technology that helps solve a 
common problem that up to 82% or more 
population suffers from and helps solve it quickly and easily in a 90 billion dollar 
untapped marketplace.
 
Candidate profile:
* Strong work ethic required.
* Honesty and integrity expected.
* Management / leadership skills helpful, but not necessary.
* No sales experience expected or needed. (Product sells itself!)
 
LOCAL POSITIONS ARE GOING FAST.  Interested parties should respond IMMEDIATELY!
 
GO TO: http://www.basetel.com/success
 
*
To receive a FREE information pack including an audiocassette and corporate video on 
this amazing hi-tech product and how YOU 
CAN START MAKING MONEY FROM HOME with it now!! 
 
->>>  GO TO: http://www.basetel.com/success <<<-

To be removed from our mailing list visit
http://www.basetel.com/success/remove.html

hantuweb

2002-08-12 Thread 
Title: ººÍ¼¹ã¸æ--¡°ÔÞÃÀÎÒÃǵÄÎÄ»¯¡±



 

EXPAND YOUR MARKET WITH DIRECT MAIL.

2002-08-12 Thread Diane 
Dear cynyr ,




COST EFFECTIVE Direct Email Advertising
Promote Your Business For As Low As 
$50 Per 
1 Million
 Email Addresses
MAXIMIZE YOUR MARKETING DOLLARS!
Complete and fax this information form to 309-407-7378.
A Consultant will contact you to discuss your marketing needs.


NAME:___
COMPANY:___
ADDRESS:
CITY:_
STATE:___
PHONE:___
E-MAIL:__
WEBSITE: (Not Required)___
___
___
*COMMENTS: (Provide details, pricing, etc. on the products and services you wish to market)
___
___
___
___






 [H&*TG0BK5NKIYs5]

Re: Seth on TCPA at Defcon/Usenix

2002-08-12 Thread Mike Rosing 

On Mon, 12 Aug 2002, AARG! Anonymous wrote:

> It is clear that software hacking is far from "almost trivial" and you
> can't assume that every software-security feature can and will be broken.

Anyone doing "security" had better assume software can and will be
broken.  That's where you *start*.

> Furthermore, even when there is a break, it won't be available to
> everyone.  Ordinary people aren't clued in to the hacker community
> and don't download all the latest patches and hacks to disable
> security features in their software.  Likewise for business customers.
> In practice, if Microsoft wanted to implement a global, facist DRL,
> while some people might be able to patch around it, probably 95%+ of
> ordinary users would be stuck with it.

Yes, this the problem with security today.  That's why lots of people
are advocating that the OS should be built from the ground up with
security as the prime goal rather than ad hoc addons as it is now.
Nobody wants to pay for it tho :-)

> In short, while TCPA could increase the effectiveness of global DRLs,
> they wouldn't be *that* much more effective.  Most users will neither
> hack their software nor their hardware, so the hardware doesn't make
> any difference for them.  Hackers will be able to liberate documents
> completely from DRL controls, whether they use hardware or software
> to do it.  The only difference is that there will be fewer hackers,
> if hardware is used, because it is more difficult.  Depending on the
> rate at which important documents go on DRLs, that may not make any
> difference at all.

So what's the point of TCPA if a few hackers can steal the most
expensive data?  Are you now admitting TCPA is broken?  You've got
me very confused now!

I'm actually really confused about the whole DRM business anyway.  It
seems to me that any data available to human perceptions can be
duplicated.  Period.  The idea of DRM (as I understand it) is that you can
hand out data to people you don't trust, and they can't copy it.  To me,
DRM seems fundamentally impossible.

Patience, persistence, truth,
Dr. mike

"We Found Your Money", Oprah Winfrey Show

2002-08-12 Thread Special Deals 
$7,000,000,000 waiting to be
claimed, Click Here! 
  Entitledto claim any of
the $7,000,000.00 Read below to find out!   
 DearSir or Madam  
   Foundmoney.com brings you an incredibly exciting
program.There is$7,000,000,000.00 (SEVEN BILLION
DOLLARS!) in unclaimed moneysfrom bank accounts,
wills, insurance settlements, over paid taxbills and
estates. Three out of five American families are owedmoney
in some form. Since inception in 1995, Foundmoney.com has   
helped hundreds of thousands of people find millions of dollars   
on the internet.   Click Here  to claim yours!   

 Click here or
on the linkbelow to find out in seconds... if you or
anyone you know is entitledto claim any of the $7
BILLION that's owed to millions onAmericans... The
SEARCH IS FREE, and you have everythingto gain, and
nothing to lose... This is the amazing website thatwas
featured on "The Oprah Winfrey Show"... Click here 
  now to see if you can claim any of the
$7,000,000,000.00! 
Sincerely,  Payment Transfer Systems
Disbursement Unit   
Entitledto claim
any of the $7,000,000.00? Click  
 Here to claim yours!
 
 


 
 
 
   You have
signed up with one of our network partners to receive email providing you
with special offers that may appeal to you. If you do not wish to receive
these offers in the future, reply to this email with "unsubscribe" in the
subject or simply click on the following link: Unsubscribe

"3pc Dragon Samurai Sword Set"

2002-08-12 Thread Dragon 
Title: 3pc Dragon Samurai Sword Set with wooden furniture grade rack





  
  3pc Dragon Samurai Sword Set with wooden furniture grade rack. Each handle 
has a beautifully hand carved likeness of a dragon head. Sword lengths are 
21 inches, 30 inches and 44-1/2 inches. Sharp surgical stainless steel blades 
are sheathed in cloth covered scabbards. Lifetime warranty. 11 lbs . 
  
  Click 
Here 





If you would like to be removed from our mailing list, just email us back,
type "remove" in the subject line, and we will remove you from our database.
Thank You.

BEAT THE RECESSION

2002-08-12 Thread Greatdeals23d3d 

THIS IS A ONE TIME MESSAGE, NO NEED TO UNSUBSCRIBE

 I'll make you a promise.  READ THIS E-MAIL TO THE END! - Follow what
 it says to the letter - and you will not worry whether a RECESSION  is
coming
 or not, who is President, or whether you keep your current job or  not.
Yes, I
 know what you are thinking.  I never responded to one of these before
either.  One
 day though, something just said "you throw away $25.00 going to a movie
 for
 2 hours with your wife".  "What the heck."  Believe me, no matter where
 you
 believe "those feelings" come from, I thank every day that I had that
feeling.

 I cannot imagine where I would be or what I would be doing had I not.
 Read
 on.  It's true.  Every word of it.  It is legal. Simply because you are
 buying and selling something of value.

 AS SEEN ON NATIONAL TV:

 "Making over half million dollars every 4 to 5 months from your
 home for an investment of only $25 US Dollars expense one time.
 THANKS TO THE COMPUTER AGE AND THE INTERNET!
 BE A MILLIONAIRE LIKE OTHERS WITHIN A YEAR!!!
 Before you say "Bull", please read the following.
 This is the letter you have been hearing about on the news lately.
 Due to the popularity of this letter on the Internet, a national
 weekly news program recently devoted an entire show to the
 investigation of this program described below, to see if it really
 can make people money. The show also investigated whether
 or not the program was legal. Their findings proved once and
 for all that there are "absolutely NO laws prohibiting the
 participation in the program and if people can follow the
 simple instructions, they are bound to make some mega bucks
 with only $25 out of pocket cost".

 DUE TO THE RECENT INCREASE OF POPULARITY
 & RESPECT THIS PROGRAM HAS ATTAINED, IT IS
 CURRENTLY WORKING BETTER THAN EVER.
 This is what one had to say: "Thanks to this profitable
 opportunity. I was approached many times before but each
 time I passed on it. I am so glad I finally joined just to see
 what one could expect in return for the minimal effort and
 money required.  To my astonishment, I received a total
 $610,470.00 in 21 weeks, with money still coming in."
 Pam Hedland, Fort Lee, New Jersey.

 =

 Here is another testimonial:
 "This program has been around for a long time but I never
 believed in it. But one day when I received this again in the
 mail I decided to gamble my $25 on it. I followed the simple
 instructions and walaa .. 3 weeks later the money started
 to come in.  First month I only made $240.00 but the next 2
 months after that I made a total of $290,000.00. So far, in
 the past 8 months by re-entering the program, I have made
 over $710,000.00 and I am playing it again. The key to
 success in this program is to follow the simple steps and
 NOT change anything.''

 More testimonials later but first,

 $$

 PRINT THIS NOW FOR YOUR FUTURE REFERENCE

 $$

 If you would like to make at least $500,000 every 4 to 5
 months easily and comfortably, please read the following,
 THEN READ IT AGAIN AND AGAIN!!

 $$

 FOLLOW THE SIMPLE INSTRUCTIONS BELOW
 AND YOUR FINANCIAL DREAMS WILL COME
 TRUE, GUARANTEED!

 INSTRUCTIONS:

 ==Order all 5 reports shown on the list below=

 For each report, send US $5 CASH, THE NAME & NUMBER
 OF THE REPORT YOU ARE ORDERING AND YOUR
 E-MAIL ADDRESS to the person whose name appears
 ON THAT LIST next to the report.  MAKE SURE YOUR
 RETURN ADDRESS IS ON YOUR ENVELOPE TOP
 LEFT CORNER in case of any mail problems. When you
 place your order, make Sure you order each of the 5 reports.
 You will need all 5 reports so that you Can save them on
 your computer and resell them.

 YOUR TOTAL COST... $ 5 X 5 = $ 25.00. Within a few
 days you will receive, via e-mail, each of the 5 reports from
 these 5 different individuals.  Save them on your computer
 so they will be accessible for you to send to the 1,000's of
 people who will order them from you. Also make a floppy
 of these reports and keep it on your desk in case something
 happens to your computer.

 IMPORTANT: DO NOT alter the names of the people
 who are listed next to each report, or their sequence on
 the list, in any way other than what is instructed below in
 each step "1 through 6" or you will lose out on majority
 of your profits.  Once you understand the way this works,
 you will also see how  it does not work if you change it.
 Remember, this method has been tested, and if you alter,
 it will NOT work!! People have tried to put their
 friends/relatives names on all five thinking they could
 get all the money. But it does not work this way. Believe
 us, we all have tried to be greedy and then nothing
 happened. So Do Not try to change anything other

Yahoo - Encryption Flaw May Decode E-Mail (PGP) (fwd)

2002-08-12 Thread Jim Choate 


http://biz.yahoo.com/ap/020812/encryption_flaw_1.html


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

子彈造型驗鈔打火機新上市免費索取試用benlist-all-04:17-08/12-P12JH

2002-08-12 Thread 212nisan80 
Title: E-Mail








  

  

  
  
  
  
  
   
  
  
   
   
  ¡@ 
    
   ¤l¼u«¬Åç¶r¥´¤õ¾÷·s¤W¥«§K¶O¯Á¨ú¸Õ¥Î 
   
  ¬¡°Ê»¡©ú¡G 
  ¨C¦ìºô¤Í¶È­­¯Á¨ú1²Õ¡A­­¶q1²Õ¡A¯Á¨úªÌ¥u¶·­t¾áÃØ«~§@·~³B²z¶O199¤¸¡A¦¹¶O¥Î¥]§t­ÜÀx¡B¥]¸Ë¡Bª«¬y¶O¤Î¬ÛÃö§@·~³B²z¶O¥Î¡AµL¶·¦A¤ä¥I¥ô¦ó¶O¥Î¡C 
   
  °t°e¤è¦¡¡G 
  ±Ä¨ú³fª«°e¨ì¦A¥I´Úµ¹°e³f¤H­û¡A§Ö»¼°e³f¨ì«ü©w¦aÂI¡A°t°e¹Lµ{¤£¯à¶ñ¥R¥Ë´µ®ð¡A½Ð¦Û¦æ¶ñ¥R¥Ë´µ®ð¡C 
   
  °Ó«~»¡©ú¡G 
   ³o¥x¤pªF¦è±N¥´¤õ¾÷¸òÅç¶r¾÷§¹¬üªºµ²¦X¦b¤@°_¡A¤£¶È¥~«¬¬üÆ[¬¯ÄR¡A¥´¤õ¾÷ªº¤õ¬O·|Åܦâ©M¨¾­·¤£·Àªº¡AÅç¶r¿O¥ú§ó¬O¶W«G¡Aµ´«D¤@¯ëÅç¶r¾÷¥i·B¬ü¡CÄâ±a¥~¥X§ó®i²{¥X±z¤£¤Zªº«~¨ý¡A¬Oe¥@¥Nªº±z¥Í¬¡«K§QªºÀH¨­§Q¾¹¡C 
 
   ¡@¡@¡@¡@ 
   ¡@¥ß§Y¶ñ¼g¯Á¨úªí
  
 ²£«~¦WºÙ¡G
  ¤l¼u«¬Åç¶r¥´¤õ¾÷·s¤W¥«§K¶O¯Á¨ú¸Õ¥Îsogi-zyme08-all-fazai

 ©m¡@ 
¦W¡G¶·¶ñ¼g¤¤¤å¥þ¦W¡A¤Å¶ñ¼gÎîºÙ
 ¦í  ¡@§}¡G
 ¦í¦v¹q¸Ü¡G
 ¤½¥q¹q¸Ü¡G
 ¤â   
¾÷¡G
 ¹q¤l¶l¥ó¡G
   
 
 
¡@ 
¡@ 
  
  



  

Hiding in the noise and chaos (New optical commo) (fwd)

2002-08-12 Thread Jim Choate 


http://www.eurekalert.org/pub_releases/2002-08/oonr-hit081202.php


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

RE: Lead Generation

2002-08-12 Thread Lead Generation 


  


  Professional Appointment 
  Setting

  Commercial & Residential
Leads

  Immediately catapults your sales

• Burglar Alarms 
• Home Improvement
• Software 
• Mortgage
• Insurance  
• 
  Many
More!!!
Dedicated sales
professionals with proven resultsHigher Quality Leads + Higher Quantity Leads = Higher
Profits
Call us
1-517-664-2631 
 



  
  
  
  
  To remove your address, please send an e-mail message
with 
  the word REMOVE in the subject line to: [EMAIL PROTECTED]

 
 



 
 

Make Up To $10,000 per Month Working from Home

2002-08-12 Thread workfromhome 
Title: STRESSED?





		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		
		


   
 
   
 
 
   
   
 
   
 
 
   
 

   
 
 
   
 
   
   
 
   
 
 
   
   
   Laura
 KaufmanGallery Owner"Ive
 earned
 over
 $25,000 the
 past few months by following the Proven
 Formula!" 
  
 
 
   
   
   Ron WigginsShoe
 Sales"Thanks
 to the Proven Formula, my wife and I make over $10,000 a
 month. 
Not bad for
 a shoe salesman!"
  
 
 
   
 
 
   
   Artemis Limpert Corporate America"I made $8835
 this month thanks
 to following the Proven Formula exactly as I was
 taught!" 
 
 
 
   
   
 






   
   
 
   You are receiving this email as a subscriber
   to our mailing list. To remove yourself from this and related email
   lists click here:UNSUBSCRIBE MY
   EMAIL
   Under Bill(s) 1618 TITLE III by the 105
   US Congress, per Section 301, Paragraph(a)(2)of S. 1618, a letter cannot
   be considered Spam if the sender includes contact information and a
   method of "removal".

Bushitlers east coast.State of siege.

2002-08-12 Thread Matthew X 

Bork Still In Hospital
by Vickie 10:47pm Sun Aug 11 '02 (Modified on 3:01pm Mon Aug 12 '02)
http://dc.indymedia.org/
MAYDAY DC Activist still in hospital
Bork suffered an asthma attack yesterday while in custody of US Marshals. 
She was arrested Friday morning during the MAYDAY DC action at Franklin 
School. Her asthma attack was most likely triggered by chemicals used to 
clean cells. (Her asthma problem was originally caused by the sadistic 
Philadelphia Police when she was sprayed a large quantity of pepper spray 
straight in the mouth during the RNK2000 protest. She’s been suffering 
respiratory problems ever since.) She was rushed to Howard University 
Hospital after her release – sometime around 3:00 PM yesterday. She was 
treated in the emergency room and looked OK in the evening. However today 
her condition deteriorated. She is visibly in pain, very pale, and will 
spend a second night in the hospital. She’s also quite irritable (ask 
Earthworm)! The phone number in her room is 202-865-5420.
SS at work
http://dc.indymedia.org/front.php3?article_id=26978&group=webcast
The disappeared...
http://dc.indymedia.org/front.php3?article_id=26862&group=webcast

Cough up SUCKA!

2002-08-12 Thread Matthew X 

http://dc.indymedia.org/front.php3?article_id=26862&group=webcast
"“They Owe Us”: Slavery Reparations Sought 
by Indypendent Staff 11:51pm Mon Aug 5 '02 (Modified on 11:41am Tue Aug 6
'02) 
From the August Issue of the Indypendent 
If a capitol is meant to reflect the rest of the nation, Washington
D.C. reflects more then just pools. The construction of the White House
and the Capitol building contained not only Roman designs and impressive
rotundas; it was partly built by slave labor. Out of the 650 workers who
built the U.S. Capitol, 450 were slaves. These slaves, of course,
received nothing for their labor. Their descendents and others are coming
to Washington on Aug. 17 to change that."

**Pornstars Giving Private Shows..Special Inside** - No CC Needed! - pfnll

2002-08-12 Thread P-o-r-n King 
Want to Watch Some Sexy Ladies Stripping?

We have the best looking models
Stripping all day and night long.
What more could you ask for than a beautiful lady
Stripping just for you?

Click here now and I promise you won't be dissapointed!
Or click here to watch live sex shows!


This email was sent to you because your email address is part of a targeted 
opt-in list.You have received this email by either requesting more information 
on one of our sites or someone may have used your email address. If you received 
this email in error, please accept our apologies. If you do not wish to receive 
further offers, please click below and enter your email to remove your email 
from future offers. 
Click Here to Remove 
Anti-SPAM Policy Disclaimer: Under Bill s.1618 Title III passed by the 105th 
U. S. Congress, mail cannot be considered spam as long as we include contact 
information and a remove link for removal from this mailing list. If this e-mail 
is unsolicited, please accept our apologies. Per the proposed H.R. 3113 
Unsolicited Commercial Electronic Mail Act of 2000, further transmissions to you 
by the sender may be stopped at NO COST to you! 

aefvfcalvkvqbgsnvmejrnpvdvcdfwyiniimfjw

You rotten scum.

2002-08-12 Thread Matthew X 

http://www.infoshop.org/inews/stories.php?story=02/08/07/8267185
How dare you?
...and don't get me started on guns.
The International Longshore and Warehouse
Union (ILWU), long a defender of
human rights, is in an historic battle with the Pacific
Maritime Association (PMA). The PMA bosses are trying to slash hard won
health benefits and break the union.
[...]
In au,since the defeat of a union(MUA) in a major
struggle,'ships of shame' have been running into our priceless coasts and
reefs.Its only a matter of time before we have an exxon valdisaster
downunder.The whole worlds losing.
I'm going DD'ing.
http://www.infoshop.org/inews/stories.php?story=02/08/12/7771979

"Imagine theres a girlfriend,imagine theres a job."

2002-08-12 Thread Matthew X 

"Good times?,good god."
A - I N F O S N E W S S E R V I C E
http://www.ainfos.ca/
 'Aspects of Anarchism', a new collection of articles by the Anarchist Federation is now online at: http://flag.blackened.net/af/ace/aspects.html Aspects vary from Federalism, Green Politics, Internationalism, Direct Action, Solidarity, Organisation, Human Nature, Exploitation, Work, Leadership, Patriarchy, Racism, Crime and Punishment and Class Consciousness. http://www.afireland.cjb.net http://flag.blackened.net/af http://flag.blackened.net/af/alba 
"I'm wicked and I'm lazy." Tell me if theres anything there.

Re: CDR: Re: Seth on TCPA at Defcon/Usenix

2002-08-12 Thread Jamie Lawrence 

On Mon, 12 Aug 2002, AARG! Anonymous wrote:

> His analysis actually applies to a wide range of security features,
> such as the examples given earlier: secure games, improved P2P,
> distributed computing as Adam Back suggested, DRM of course, etc..
> TCPA is a potentially very powerful security enhancement, so it does
> make sense that it can strengthen all of these things, and DRLs as well.
> But I don't see that it is fair to therefore link TCPA specifically with
> DRLs, when there are any number of other security capabilities that are
> also strengthened by TCPA.

Sorry, but now you're just trolling. 

Acid is great for removing all manner of skin problems. It also happens
to cause death, but linking fatalities to it is unfair, considering
that's not what acid was _intended_ to do. 

Creating cheat-proof gaming at the cost of allowing document revoking
enabled software sounds like a bad idea.

-j

Get yer grid on.

2002-08-12 Thread Matthew X 

http://www.zdnet.com.au/newstech/enterprise/story/0,225001,20267287,00.htm
"Cluster computing is about resources aggregation in a single
administrative domain," he (Rajkumar Buyya) explains. "Grid
computing in about resource sharing and aggregation across multiple
domains." 
I have no idea what that means,however ..."Having recently completed
a doctoral thesis outlining the
economic paradigm which might underpin such a system in the commercial
environment, Buyya points to the Grid's scheduling capabilities as the
most crucial difference between grid and cluster computing."
Oh and get your old MMflash off,soon,so I can get in.

Delay Tolerant? Semantic? We can dream that for you wholesale!

2002-08-12 Thread Matthew X 

Right here at Cpunks-the data protection professionals.
http://www.wired.com/news/business/0,1367,54416,00.html
"..."Part of what Tim is trying to do is open the Internet up
to different forms of human communication that are much less
constrained," ..."
Substitute 'J' for 'T'. 
Jim for instance, is one of the sweetest human beings I've ever met. His
essential good-heartedness has been embedded in the culture of the
Internet." 
Thats why ISP's want to ban IRC!
http://www.wired.com/news/business/0,1367,54184,00.html
Good heartedness is undergoing violent attack,If you've yet to try this
expect a satellite gap of about 1 second.(not to mention risking being
declared a dacoit)
Do you believe in astroturf,PRI,CATO and countless other liars for money?
Dont read this...
Humanity Loses $250 Billion a Year in Wild
Habitat 
Environment News Service.
Everyone is witless. Everyone is a journalist.

trade-offs of secure programming with Palladium (Re: Palladium: technical limits and implications)

2002-08-12 Thread Adam Back 

I think you are making incorrect presumptions about how you would use
Palladium hardware to implement a secure DRM system.  If used as you
suggest it would indeed suffer the vulnerabilities you describe.

The difference between an insecure DRM application such as you
describe and a secure DRM application correctly using the hardware
security features is somewhat analogous to the current difference
between an application that relies on not being reverse engineered for
it's security vs one that encrypts data with a key derived from a user
password.

In a Palladium DRM application done right everything which sees keys
and plaintext content would reside inside Trusted Agent space, inside
DRM enabled graphics cards which retrict access to video RAM, and
later DRM enabled monitors with encrypted digital signal to the
monitor, and DRM enabled soundcards, encrypted content to speakers.
(The encrypted contentt to media related output peripherals is like
HDCP, only done right with non-broken crypto).

Now all that will be in application space that you can reverse
engineer and hack on will be UI elements and application logic that
drives the trusted agent, remote attesation, content delivery and
hardware.  At no time will keys or content reside in space that you
can virtualize or debug.


In the short term it may be that some of these will be not fully
implemented so that content does pass through OS or application space,
or into non DRM video cards and non DRM monitors, but the above is the
end-goal as I understand it.

As you can see there is still the limit of the non-remote
exploitability of the trusted agent code, but this is within the
control of the DRM vendor.  If he does a good job of making a simple
software architecture and avoiding potential for buffer overflows he
stands a much better chance of having a secure DRM platofrm than if as
you describe exploited OS code or rogue driver code can subvert his
application.


There is also I suppose possibility to push content decryption on to
the DRM video card so the TOR does little apart from channel key
exchange messages from the SCP to the video card, and channel remote
attestation and key exchanges between the DRM license server and the
SCP.  The rest would be streaming encrypted video formats such as CSS
VOB blocks (only with good crypto) from the network or disk to the
video card.


Similar kinds of arguments about the correct break down between
application logic and placement of security policy enforcing code in
Trusted Agent space apply to general applications.  For example you
could imagine a file sharing application which hid the data the users
machine was serving from the user.  If you did it correctly, this
would be secure to the extent of the hardware tamper resistance (and
the implementers ability to keep the security policy enforcing code
line-count down and audit it well).


At some level there has to be a trade-off between what you put in
trusted agent space and what becomes application code.  If you put the
whole application in trusted agent space, while then all it's
application logic is fully protected, the danger will be that you have
added too much code to reasonably audit, so people will be able to
gain access to that trusted agent via buffer overflow.


So therein lies the crux of secure software design in the Palladium
style secure application space: choosing a good break-down between
security policy enforcement, and application code.  There must be a
balance, and what makes sense and is appropriate depends on the
application and the limits of the ingenuity of the protocol designer
in coming up with clever designs that cover to hardware tamper
resistant levels the the applications desired policy enforcement while
providing a workably small and pracitcally auditable associated
trusted agent module.


So there are practical limits stemming from realities to do with code
complexity being inversely proportional to auditability and security,
but the extra ring -1, remote attestation, sealing and integrity
metrics really do offer some security advantages over the current
situation.

Adam

On Mon, Aug 12, 2002 at 03:28:15PM -0400, Tim Dierks wrote:
> At 07:30 PM 8/12/2002 +0100, Adam Back wrote:
> >(Tim Dierks: read the earlier posts about ring -1 to find the answer
> >to your question about feasibility in the case of Palladium; in the
> >case of TCPA your conclusions are right I think).
> 
> The addition of an additional security ring with a secured, protected 
> memory space does not, in my opinion, change the fact that such a ring 
> cannot accurately determine that a particular request is consistant with 
> any definable security policy. I do not think it is technologically 
> feasible for ring -1 to determine, upon receiving a request, that the 
> request was generated by trusted software operating in accordance with the 
> intent of whomever signed it.
> 
> Specifically, let's presume that a Palladium-enabled application is being 
> used

How to torture a child.

2002-08-12 Thread Matthew X 

http://smh.com.au/articles/2002/08/12/1029113895915.html
"...Israeli Attorney-General, Elyakim Rubinstein, was revealed to have been 
close at hand when soldiers beat a Palestinian child and two Palestinian 
men at the main Israeli checkpoint outside Ramallah last week."
Entire Island fingerprinted?
http://smh.com.au/articles/2002/08/12/1029113895934.html
Morg,bucket and chinny cleared thank god.

Re: dangers of TCPA/palladium

2002-08-12 Thread Mike Rosing 

On Mon, 12 Aug 2002, AARG! Anonymous wrote:

> I don't believe that is an accurate paraphrase of what Mike Rosing said.
> He said the purpose (not effect) was to remove (not reduce) his control,
> and make the platform trusted to one entity (not "for the benefit of
> others").  Unless you want to defend the notion that the purpose of TCPA
> is to *remove* user control of his machine, and make it trusted to only
> *one other entity* (rather than a general capability for remote trust),
> then I think you should accept that what he said was wrong.

That does seem to be the purpose - but may not be what was planned - it
could simply be a "fortuitous accident".  There are way too many unknowns
really, so conjecture is all we've got to go on.  So far we know that
the guys writing Palldium are not happy with TCPA - it doesn't solve
their problems the way they like.  We know less about the TPM.  What's
"right" or "wrong" about vaporware is kind of hard to pin down.  There
are some basic conceptual things we do know, and we know there are already
commercial solutions to problems that TCPA claims to attempt to solve.

I'm working from what I know about those existing devices and project that
onto TCPA.  I may well be wrong, and hopefully somebody who's actually
building TCPA and TPM can give us concrete answers.

> And Mike said more than this.  He said that if he could install his own
> key into the TPM that would make it a very useful tool.  This is wrong;
> it would completely undermine the trust guarantees of TCPA, make it
> impossible for remote observers to draw any useful conclusions about the
> state of the system, and render the whole thing useless.  He also talked
> about how this could be used to make systems "phone home" at boot time.
> But TCPA has nothing to do with any such functionality as this.

I have to disagree.  If I control the content of the TPM, *I* can trust
it,  and anybody who trusts *me* can trust it too.  What other remote
observers of my system are there than the ones *I* trust?  Or to put
in another way - I only want remote observers that I trust to have the
ability to check my TPM.

This is what it all boils down to - "who is in charge of what?"  If I
create a fixed key, I can authenticate myself via multiple channels and
build trust to multiple and independent parties.  That is how TPM becomes
useful.

If somebody else controls the TPM, they may well *not* trust me, and they
may put my computer to work doing something I don't like.  In that case,
I can not trust my computer, because my computer does not trust me.  (I
said may, just because it's possible doesn't mean it will happen.)

What started this very long and interesting discussion was the fear
that TCPA is going to be mandated by law.  That is a very bad idea,
and as long as the fear is real, we need some very good arguments to
prevent it from happening.  The main one is economic, the secondary
one is that we don't need it - you can buy hardware that does the same
thing off the shelf and plug it in to any generic PC.

If the authors of Palladium want their software to work, they should
look at the commercial hardware security computing platforms already
available and get their stuff to work with it.  Ditch TCPA and get your
stuff on the market now, and see how people really deal with it.  It will
be an interesting experiment.

Patience, persistence, truth,
Dr. mike

Rum plan for global death squads.

2002-08-12 Thread Matthew X 

http://smh.com.au/articles/2002/08/12/1029113895506.html
"...United States special forces may be sent to operate under cover 
throughout the world, under proposals being discussed by the Defence 
Secretary, Donald Rumsfeld, and senior military officers.
Mr Rumsfeld is anxious to expand the role of Special Operations..."
Battlefield prep.
"The plans could lead Special Operations units to get more deeply involved 
in long-term covert operations in countries where the US is not at war and, 
in some cases, where the local government is not informed of their presence.
This expansion of the military's involvement in clandestine activities 
could be justified, Pentagon officials said, by defining it as "preparation 
of the battlefield"
"(the plans)...may at some point conflict with the presidential ban on 
assassinations.
  "With a stealthy, mercurial adversary like al-Qaeda, which learnt quickly 
and adapted its tactics to the US response, the military had to be allowed 
to react just as quickly, a senior administration official said.
The head of the Special Operations Command, General Charles Holland, has 
briefed Mr Rumsfeld and a small group of senior Defence Department and 
military officers on initial proposals."
Assassination politics? Why should they have all the fun?
TATTOOED 'LEMON'
Hired killer refuses to murder
A Czech hired killer known as 'The Lemon' has turned himself in to police 
so he would not kill his latest target, an investigative journalist and her 
young son. He was paid about $11,600 to blow them up after she uncovered 
shady government property deals. more
AND
Gay-hate murders 'done as sport'
By Ruth Pollard
August 13 2002
Many gay-hate murderers were exceptionally brutal, surprisingly young, and 
killed to support a society they believed approved of their actions, a 
report released yesterday says.
http://smh.com.au/articles/2002/08/12/1029113894539.html
APster; reach out and kill someone.Everybodies doin' it.

The friends of declan mccullagh.

2002-08-12 Thread Matthew X 

http://www.moldea.com/rightwing.html
Right-Wing Interactive: Investigating America's
Right-Wing ... 
... Association of Literary Scholars and
Critics. Bradley Foundation. Cato ... National
Right to Work. * National Taxpayers Union. NewsMax.Com. Pacific
Research Institute. ... 
www.moldea.com/rightwing.html
- 16k - Cached - Similar pages

Re: Palladium: technical limits and implications

2002-08-12 Thread Adam Back 

Peter Biddle, Brian LaMacchia or other Microsoft employees could
short-cut this guessing game at any point by coughing up some details.
Feel free guys... enciphering minds want to know how it works.

(Tim Dierks: read the earlier posts about ring -1 to find the answer
to your question about feasibility in the case of Palladium; in the
case of TCPA your conclusions are right I think).

On Mon, Aug 12, 2002 at 10:55:19AM -0700, AARG!Anonymous wrote:
> Adam Back writes:
> > +---++  
> > | trusted-agent | user mode  |  
> > |space  | app space  |  
> > |(code  ++  
> > | compartment)  | supervisor |  
> > |   | mode / OS  |  
> > +---++
> > | ring -1 / TOR  |
> > ++  
> > | hardware / SCP key manager |
> > ++  
> 
> I don't think this works.  According to Peter Biddle, the TOR can be
> launched even days after the OS boots.

I thought we went over this before?  My hypothesis is: I presumed
there would be a stub TOR loaded bvy the hardware.  The hardware would
allow you to load a new TOR (presumably somewhat like loading a new
BIOS -- the TOR and hardware has local trusted path to some IO
devices).

> It does not underly the ordinary user mode apps and the supervisor
> mode system call handlers and device drivers.

I don't know what leads you to this conclusion.

> +---++  
> | trusted-agent | user mode  |  
> |space  | app space  |  
> |(code  ++  
> | compartment)  | supervisor |  
> |   | mode / OS  |  
> +---+   +---++
> |SCP|---| ring -1 / TOR |
> +---+   +---+

How would the OS or user mode apps communicate with trusted agents
with this model?  The TOR I think would be the mediator of these
communications (and of potential communications between trusted
agents).  Before loading a real TOR, the stub TOR would not implement
talking to trusted agents.

I think this is also more symmstric and therefore more likely.  The
trusted agent space is the same as supervisor mode that the OS runs
in.  It's like virtualization in OS360: there are now multiple "OSes"
operating under a micro-kernel (the TOR in ring -1): the real OS and
the multiple trusted agents.  The TOR is supposed to be special
purpose, simple and small enough to be audited as secure and stand a
chance of being so.

The trusted agents are the secure parts of applications (dealing with
sealing, remote attestation, DRM, authenticated path to DRM
implementing graphics cards, monitors, sound cards etc; that kind of
thing).  Trusted agents should also be small, simple special purpose
to avoid them also suffering from remote compromise.  There's limited
point putting a trusted agent in a code compartment if it becomes a
full blown complex application like MS word, because then the trusted
agent would be nearly as likely to be remotely exploited as normal
OSes.

> [...] It doesn't follow that the nub has anything to do with the OS
> proper.  If the OS can run fine without it, as I think you agreed,
> then why would the entire architecture have to reorient itself once
> the TOR is launched?

trusted-agents will also need to use OS services, the way you have it
they can't.

> In other words, isn't my version simpler, as it adjoins the column at
> the left to the pre-existing column at the right, when the TOR launches,
> days after boot?  Doesn't it require less instantaneous, on-the-fly,
> reconfiguration of the entire structure of the Windows OS at the moment
> of TOR launch?  

I don't think it's a big problem to replace a stub TOR with a given
TOR sometime after OS boot.  It's analogous to modifying kernel code
with a kernel module, only a special purpose micro-kernel in ring -1
instead of ring 0.  No big deal.

> > The parallel stack to the right: OS is computed by TOR; Application is
> > computed OS.
> 
> No, that doesn't make sense.  Why would the TOR need to compute a metric
> of the OS?  

In TCPA which does not have a ring -1, this is all the TPM does
(compute metrics on the OS, and then have the OS compute metrics on
applications.

While Trusted Agent space is separate and better protected as there
are fewer lines of code that a remote exploit has to be found in to
compromise one of them, I hardly think Palladium would discard the
existing windows driver signing, code signing scheme.  It also seems
likely therefore that even though it offers lower assurance the code
signing would be extended to include metrics and attestation for the
OS, drivers and even applications.

> Peter has said that Palladium does not give information about other
> apps running on your machine:

I take this to mean that as stated somewhere in the available docs the
OS can not observe or even know how many trusted agents are running.
So he's stating that they've made OS design

Re: Thanks, Lucky, for helping to kill gnutella

2002-08-12 Thread Sunder 

Ok Mr. Smarty Pants Aarg! Anonymous remailer user, you come up with such a
method.  Cypherpunsk write code, yes?  So write some code.

Meanwhile, this is why it can't be done:

If you have a client that sends a signature of it's binary back to it's
mommy, you can also have a rogue client that sends the same signature back
to it's mommy, but is a different binary.

So how does mommy know which is the real client, and which is the rogue
client?

After all, the rogue could simply keep a copy of the real client's binary,
and send the checksum/hash for the real copy, but not run it.


If you embedd one half of a public key in the real client, what's to stop
the attacker from reverse engineering the real client and extracting the
key, then sign/encrypt things with that half of the key?  Or to patch the
client using a debugger so it does other things also?  Or runs inside an
emulator where every operation it does is logged - so that a new rogue can
be built that does the same?  Or runs under an OS whose kernel is patched
to allow another process to access your client's memory and
routines? Or has modded dynamic libraries which your client depends on 
to do the same, etc.


Show us the code instead of asking us to write it for you.  I say, you
can't do it.  Prove me wrong.  As long as you do not have full exclusive
control of the client hardware, you can't do what you ask with any degree
of confidence beyond what security through obscurity buys you.  In the
end, if someone cares enough, they will break it.


All this pointless bickering has already been discussed:  A long while
ago, Dennis Ritchie of K&R discussed how he introduced a backdoor into
login.c, then modified the C compiler to recognize when login.c was
compiled, and had it inject the back door, then removed the changes to
login.c.

How do you propose to have a client run in a hostile environment and
securely authenticate itself without allowing rogues to take over it's
function or mimic it?


Either propose a way to do what you're asking us to do - which IMHO is
impossible without also having some sort of cop out such as having trusted
hardware, or go away and shut the fuck up.

--Kaos-Keraunos-Kybernetos---
 + ^ + :NSA got $20Bill/year|Passwords are like underwear. You don't /|\
  \|/  :and didn't stop 9-11|share them, you don't hang them on your/\|/\
<--*-->:Instead of rewarding|monitor, or under your keyboard, you   \/|\/
  /|\  :their failures, we  |don't email them, or put them on a web  \|/
 + v + :should get refunds! |site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

On Fri, 9 Aug 2002, AARG! Anonymous wrote:

> If only there were a technology in which clients could verify and yes,
> even trust, each other remotely.  Some way in which a digital certificate
> on a program could actually be verified, perhaps by some kind of remote,
> trusted hardware device.  This way you could know that a remote system was
> actually running a well-behaved client before admitting it to the net.
> This would protect Gnutella from not only the kind of opportunistic
> misbehavior seen today, but the future floods, attacks and DOSing which
> will be launched in earnest once the content companies get serious about
> taking this network down.

Re: Challenge to David Wagner on TCPA

2002-08-12 Thread Brian A. LaMacchia 

I just want to point out that, as far as Palladium is concerned, we really
don't care how the keys got onto the machine. Certain *applications* written
on top of Palladium will probably care, but all the hardware & the security
kernel really care about is making sure that secrets are only divulged to
the code that had them encrypted in the first place.  It's all a big trust
management problem (or a series of trust management problems) --
applications that are going to rely on SCP keys to protect secrets for them
are going to want some assurances about where the keys live and whether
there's a copy outside the SCP.  I can certainly envision potential
applications that would want guarantees that the key was generated on the
SCP & never left, and I can see other applications that want guarantees that
the key has a copy sitting on another SCP on the other side of the building.

So the complexity isn't in how the keys get initialized on the SCP (hey, it
could be some crazy little hobbit named Mel who runs around to every machine
and puts them in with a magic wand).  The complexity is in the keying
infrastructure and the set of signed statements (certificates, for lack of a
better word) that convey information about how the keys were generated &
stored.  Those statements need to be able to represent to other applications
what protocols were followed and precautions taken to protect the private
key.  Assuming that there's something like a cert chain here, the root of
this chain chould be an OEM, an IHV, a user, a federal agency, your company,
etc. Whatever that root is, the application that's going to divulge secrets
to the SCP needs to be convinced that the key can be trusted (in the
security sense) not to divulge data encrypted to it to third parties.
Palladium needs to look at the hardware certificates and reliably tell
(under user control) what they are. Anyone can decide if they trust the
system based on the information given; Palladium simply guarantees that it
won't tell anyone your secrets without your explicit request..

--bal

P.S. I'm not sure that I actually *want* the ability to extract the private
key from an SCP after it's been loaded, because presumably if I could ask
for the private key then a third party doing a black-bag job on my PC could
also ask for it.  I think what I want is the ability to zeroize the SCP,
remove all state stored within it, and cause new keys to be generated
on-chip.  So long as I can zero the chip whenever I want (or zero part of
it, or whatever) I can eliminate the threat posed by the manufacturer who
initialized the SCP in the first place.

Lucky Green <[EMAIL PROTECTED]> wrote:
> Ray wrote:
>>
>>> From: "James A. Donald" <[EMAIL PROTECTED]>
>>> Date: Tue, 30 Jul 2002 20:51:24 -0700
>>
>>> On 29 Jul 2002 at 15:35, AARG! Anonymous wrote:
 both Palladium and TCPA deny that they are designed to restrict
 what applications you run.  The TPM FAQ at
 http://www.trustedcomputing.org/docs/TPM_QA_071802.pdf reads
 
>>>
>>> They deny that intent, but physically they have that capability.
>>
>> To make their denial credible, they could give the owner
>> access to the private key of the TPM/SCP.  But somehow I
>> don't think that jibes with their agenda.
>
> Probably not surprisingly to anybody on this list, with the exception
> of potentially Anonymous, according to the TCPA's own TPM Common
> Criteria Protection Profile, the TPM prevents the owner of a TPM from
> exporting the TPM's internal key. The ability of the TPM to keep the
> owner of a PC from reading the private key stored in the TPM has been
> evaluated to E3 (augmented). For the evaluation certificate issued by
> NIST, see:
>
> http://niap.nist.gov/cc-scheme/PPentries/CCEVS-020016-VR-TPM.pdf
>
>> If I buy a lock I expect that by demonstrating ownership I
>> can get a replacement key or have a locksmith legally open it.
>
> It appears the days when this was true are waning. At least in the PC
> platform domain.
>
> --Lucky
>
>
> -
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> [EMAIL PROTECTED]

Re: dangers of TCPA/palladium

2002-08-12 Thread AARG! Anonymous 

Mike Rosing wrote:

> The difference is fundamental: I can change every bit of flash in my BIOS.
> I can not change *anything* in the TPM.  *I* control my BIOS.  IF, and
> only IF, I can control the TPM will I trust it to extend my trust to
> others.  The purpose of TCPA as spec'ed is to remove my control and
> make the platform "trusted" to one entity.  That entity has the master
> key to the TPM.
> 
> Now, if the spec says I can install my own key into the TPM, then yes,
> it is a very useful tool.  It would be fantastic in all the portables
> that have been stolen from the FBI for example.  Assuming they use a
> password at turn on, and the TPM is used to send data over the net,
> then they'd know where all their units are and know they weren't
> compromised (or how badly compromised anyway).
> 
> But as spec'ed, it is very seriously flawed.

Ben Laurie replied:

> Although the outcome _may_ be like this, your understanding of the TPM 
> is seriously flawed - it doesn't prevent your from running whatever you 
> want, but what it does do is allow a remote machine to confirm what you 
> have chosen to run.

David Wagner commented:

> I don't understand your objection.  It doesn't look to me like Rosing
> said anything incorrect.  Did I miss something?
>
> It doesn't look like he ever claimed that TCPA directly prevents one from
> running what you want to; rather, he claimed that its purpose (or effect)
> is to reduce his control, to the benefit of others.  His claims appear
> to be accurate, according to the best information I've seen.

I don't believe that is an accurate paraphrase of what Mike Rosing said.
He said the purpose (not effect) was to remove (not reduce) his control,
and make the platform trusted to one entity (not "for the benefit of
others").  Unless you want to defend the notion that the purpose of TCPA
is to *remove* user control of his machine, and make it trusted to only
*one other entity* (rather than a general capability for remote trust),
then I think you should accept that what he said was wrong.

And Mike said more than this.  He said that if he could install his own
key into the TPM that would make it a very useful tool.  This is wrong;
it would completely undermine the trust guarantees of TCPA, make it
impossible for remote observers to draw any useful conclusions about the
state of the system, and render the whole thing useless.  He also talked
about how this could be used to make systems "phone home" at boot time.
But TCPA has nothing to do with any such functionality as this.

In contrast, Ben Laurie's characterization of TCPA is 100% factual and
accurate.  Do you at least agree with that much, even if you disagree
with my criticism of Mike Rosing's comments?

Re: responding to claims about TCPA

2002-08-12 Thread AARG! Anonymous 

David Wagner wrote:
> To respond to your remark about bias: No, bringing up Document Revocation
> Lists has nothing to do with bias.  It is only right to seek to understand
> the risks in advance.  I don't understand why you seem to insinuate
> that bringing up the topic of Document Revocation Lists is an indication
> of bias.  I sincerely hope that I misunderstood you.

I believe you did, because if you look at what I actually wrote, I did not
say that "bringing up the topic of DRLs is an indication of bias":

> The association of TCPA with SNRLs is a perfect example of the bias and
> sensationalism which has surrounded the critical appraisals of TCPA.
> I fully support John's call for a fair and accurate evaluation of this
> technology by security professionals.  But IMO people like Ross Anderson
> and Lucky Green have disqualified themselves by virtue of their wild and
> inaccurate public claims.  Anyone who says that TCPA has SNRLs is making
> a political statement, not a technical one.

My core claim is the last sentence.  It's one thing to say, as you
are, that TCPA could make applications implement SNRLs more securely.
I believe that is true, and if this statement is presented in the context
of "dangers of TCPA" or something similar, it would be appropriate.
But even then, for a fair analysis, it should make clear that SNRLs can
be done without TCPA, and it should go into some detail about just how
much more effective a SNRL system would be with TCPA.  (I will write more
about this in responding to Joseph Ashwood.)

And to be truly unbiased, it should also talk about good uses of TCPA.

If you look at Ross Anderson's TCPA FAQ at
http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html, he writes (question 4):

: When you boot up your PC, Fritz takes charge. He checks that the boot
: ROM is as expected, executes it, measures the state of the machine;
: then checks the first part of the operating system, loads and executes
: it, checks the state of the machine; and so on. The trust boundary, of
: hardware and software considered to be known and verified, is steadily
: expanded. A table is maintained of the hardware (audio card, video card
: etc) and the software (O/S, drivers, etc); Fritz checks that the hardware
: components are on the TCPA approved list, that the software components
: have been signed, and that none of them has a serial number that has
: been revoked.

He is not saying that TCPA could make SNRLs more effective.  He says
that "Fritz checks... that none of [the software components] has a
serial number that has been revoked."  He is flatly stating that the
TPM chip checks a serial number revocation list.  That is both biased
and factually untrue.

Ross's whole FAQ is incredibly biased against TCPA.  I don't see how
anyone can fail to see that.  If it were titled "FAQ about Dangers of
TCPA" at least people would be warned that they were getting a one-sided
presentation.  But it is positively shameful for a respected security
researcher like Ross Anderson to pretend that this document is giving
an unbiased and fair description.

I would be grateful if someone who disagrees with me, who thinks that
Ross's FAQ is fair and even-handed, would speak up.  It amazes me that
people can see things so differently.

And Lucky's slide presentation, http://www.cypherpunks.to, is if anything
even worse.  I already wrote about this in detail so I won't belabor
the point.  Again, I would be very curious to hear from someone who
thinks that his presentation was unbiased.

Re: Palladium: technical limits and implications

2002-08-12 Thread AARG! Anonymous 

Adam Back writes:
> +---++  
> | trusted-agent | user mode  |  
> |space  | app space  |  
> |(code  ++  
> | compartment)  | supervisor |  
> |   | mode / OS  |  
> +---++
> | ring -1 / TOR  |
> ++  
> | hardware / SCP key manager |
> ++  

I don't think this works.  According to Peter Biddle, the TOR can be
launched even days after the OS boots.  It does not underly the ordinary
user mode apps and the supervisor mode system call handlers and device
drivers.

+---++  
| trusted-agent | user mode  |  
|space  | app space  |  
|(code  ++  
| compartment)  | supervisor |  
|   | mode / OS  |  
+---+   +---++
|SCP|---| ring -1 / TOR |
+---+   +---+



This is more how I would see it.  The SCP is more like a peripheral
device, a crypto co-processor, that is managed by the TOR.  Earlier you
quoted Seth's blog:

| The nub is a kind of trusted memory manager, which runs with more
| privilege than an operating system kernel. The nub also manages access
| to the SCP.

as justification for putting the nub (TOR) under the OS.  But I think in
this context "more privilege" could just refer to the fact that it is in
the secure memory, which is only accessed by this ring--1 or ring-0 or
whatever you want to call it.  It doesn't follow that the nub has anything
to do with the OS proper.  If the OS can run fine without it, as I think
you agreed, then why would the entire architecture have to reorient itself
once the TOR is launched? 

In other words, isn't my version simpler, as it adjoins the column at
the left to the pre-existing column at the right, when the TOR launches,
days after boot?  Doesn't it require less instantaneous, on-the-fly,
reconfiguration of the entire structure of the Windows OS at the moment
of TOR launch?  And what, if anything, does my version fail to accomplish
that we know that Palladium can do?


> Integrity Metrics in a given level are computed by the level below.
>
> The TOR starts Trusted Agents, the Trusted Agents are outside the OS
> control.  Therefore a remote application based on remote attestation
> can know about the integrity of the trusted-agent, and TOR.
>
> ring -1/TOR is computed by SCP/hardware; Trusted Agent is computed by
> TOR;

I had thought the hardware might also produce the metrics for trusted
agents, but you could be right that it is the TOR which does so.
That would be consistent with the "incremental extension of trust"
philosophy which many of these systems seem to follow.

> The parallel stack to the right: OS is computed by TOR; Application is
> computed OS.

No, that doesn't make sense.  Why would the TOR need to compute a metric
of the OS?  Peter has said that Palladium does not give information about
other apps running on your machine:

: Note that in Pd no one but the user can find out the totality of what SW is
: running except for the nub (aka TOR, or trusted operating root) and any
: required trusted services. So a service could say "I will only communicate
: with this app" and it will know that the app is what it says it is and
: hasn't been perverted. The service cannot say "I won't communicate with this
: app if this other app is running" because it has no way of knowing for sure
: if the other app isn't running.


> So for general applications you still have to trust the OS, but the OS
> could itself have it's integrity measured by the TOR.  Of course given
> the rate of OS exploits especially in Microsoft products, it seems
> likley that the aspect of the OS that checks integrity of loaded
> applications could itself be tampered with using a remote exploit.

Nothing Peter or anyone else has said indicates that this is a property of
Palladium, as far as I can remember.

> Probably the latter problem is the reason Microsoft introduced ring -1
> in palladium (it seems to be missing in TCPA).

No, I think it is there to prevent debuggers and supervisor-mode drivers
from manipulating secure code.  TCPA is more of a whole-machine spec
dealing with booting an OS, so it doesn't have to deal with the question
of running secure code next to insecure code.

Re: dangers of TCPA/palladium

2002-08-12 Thread Ben Laurie 

David Wagner wrote:
> Ben Laurie  wrote:
> 
>>Mike Rosing wrote:
>>
>>>The purpose of TCPA as spec'ed is to remove my control and
>>>make the platform "trusted" to one entity.  That entity has the master
>>>key to the TPM.
>>>
>>>Now, if the spec says I can install my own key into the TPM, then yes,
>>>it is a very useful tool.
>>
>>Although the outcome _may_ be like this, your understanding of the TPM 
>>is seriously flawed - it doesn't prevent your from running whatever you 
>>want, but what it does do is allow a remote machine to confirm what you 
>>have chosen to run.
>>
>>It helps to argue from a correct starting point.
> 
> 
> I don't understand your objection.  It doesn't look to me like Rosing
> said anything incorrect.  Did I miss something?
> 
> It doesn't look like he ever claimed that TCPA directly prevents one from
> running what you want to; rather, he claimed that its purpose (or effect)
> is to reduce his control, to the benefit of others.  His claims appear
> to be accurate, according to the best information I've seen.

The part I'm objecting to is that it makes the platform trusted to one 
entity. In fact, it can be trusted by any number of entities, and you 
(the owner of the machine) get to choose which ones.

Now, it may well be that if this is allowed to proceed unchecked that in 
practice there's only a small number of entities there's any point in 
choosing, but that is a different matter.

Chers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Do you like jammin'?

2002-08-12 Thread Matthew X 

Employ a GPS jammer. Most U.S. jets, bombs and ships use the satellites for 
navigation and timing.
The squadron built one jammer small enough to fit in a cigarette pack. It 
had a weak signal and would have to be close to the antennae to work.
Another jammer, about 15 feet tall, could interrupt the signal from farther 
away.
It was relatively easy to build. The airmen bought the plans online for 
$35. The amplifier came from an electronics store, the generator from a 
ham-radio operators convention. The rest - PVC pipe, copper tubing, wood 
supports and hardware - came from a home improvement store. The total cost 
was less than $9,000.
"This is not something cosmic," said Lt. Col. Rad Widman, who until 
recently commanded the squadron.
GPS jamming usually can be defeated by changing a channel frequency, but 
operators must realize they are being jammed, Widman said.
Next week-What traffic analysis tells,Wardriving 
warbases.us.http://www.gazette.com/stories/0811top2.php

FOX Encryption 24-7.

2002-08-12 Thread Matthew X 

24-3am to 4am. Research
files.Encryption.http://www.fox.com/24/research.html
"Encryption is a means by which a digital message can be coded so
that only
the recipient with the proper'key'can decode and understand the
message.
Encryption technology has ,in fact,gotten so good that its raised serious

concerns that messages will become unbreakable,thus putting all manner
of
criminal activity-from child pornography to espionage to organized
crime
communiques-beyond the ability of the Govt.to investigate.
To address these concerns a key recovery approach called KMI (key
management
infrastructure) is being talked about in Washington.KMI is designed to
allow
law enforcement to have access to encrypted on an International
basis.
es (sic.jacks is?)a flatbed scanner in his car which works like a copy

machine..."
Theres more...4am to 5,mentions CALEA.5 to 6-the presidents
analyst.8to9,the SS.
9to10-wireless tracing.10-11- knives.(not
fibreglass.)11-12.GPS.12-1.Ultrasound.
2-3.Mi5.4-5.Fibre optics.6-7.Power grids 3 way split.9-10.CTU-CIA.
Hate to feed anyones paranoia but a quick KMI search yields...
Applications and Operating Systems Consulting
and Technical ... 
KMI, a top Microsoft Certified Solution Provider
Partner, is a consulting services
company that provides design and planning, implementation, and support of
... 
Description: Back Office implementation and support services.
Category: Computers > Consultants >
Microsoft
www.kminet.com/
- 15k - Cached -
Similar pages

Re: Saving money - this is the plan for you RHUHLOFQ

2002-08-12 Thread Diana Burnell 
      Dear HOMEOWNER,Shop hundreds of lenders at the click of a mouse!Interest rates are at their lowest point in 40 years! We help you find the best rate for your situation by matching your needs with hundreds of lenders! Home Improvement, Refinance, Second Mortgage, Home Equity Loans, and More! Even with less than perfect credit!  Click Here for a Free Quote!Save the time and hassle of shopping for a new loan!NO OBLIGATIONFREE CONSULTATIONALL CREDIT GRADES ACCEPTED Rates won't stay this low forever!Click for your Free Quote, NOW!  Apply now and one of our lending partners will get back to you within 48 hours.  Further transmissions to you by the sender of this email may be stopped at no cost to you by "Clicking Here" .

BIND-PE

2002-08-12 Thread Steve Schear 

BIND-PE is a "personal use" automatically installed DNS (Domain Name 
System) caching only name server. Similar to (but more efficient) than 
using your default ISP DNS servers.

BIND-PE is a complete DNS Server based on the "ISC BIND 9.2.1" engine. 
BIND-PE once installed will act as a fully recursive and caching 
multi-threaded DNS Server (default), with persistent cache capabilities 
(cache will be maintained between reboots), this will speed up your 
Internet resolving queries and make name resolutions much more reliable. 
BIND-PE Version 1.0 distro is aimed at home/SOHO users on WinNT4 SP6, 
Win2000 and WinXP workstations.
BIND-PE simplifies the task of installing and correctly configuring the DNS 
service using a completely custom BIND compile for WinNT Operating Systems 
with an automated "One-Click" setup process for Dial-up, Cable modem, and 
DSL networks for workstations. Post-install manual changes to 
configurations are compatible with the standard ISC BIND 9 configuration 
syntax and examples. For your convenience, a Control Panel similar to BIND 
8 versions is active and included with on screen data details (instead of 
write to file).

All standard as well as new TLD's (.aero etc.) are included and accessible 
for DNS name resolutions and browsing. Alternate TLD's like http://BBC.news 
and http://Atlantic.Ocean (almost 200 additional TLD's) websites which were 
not normally available in Legacy setups will now be viewable in browsers.


http://ntcanuck.com/

Govt.claims ownership of all encrypted files seized.

2002-08-12 Thread Matthew X 

http://cryptome.org/Free Speech Contents of RaiseTheFist.com
http://www.melbourne.indymedia.org/front.php3?article_id=31475&group=webcast
"...An interesting feature of the seizure procedure described in the search 
warrant, pointed out by John Young at Cryptome, is this wording:

iii. Any data that is encrypted and unreadable will not be returned unless 
law enforcement personnel have determined that the data is not (1) an 
instrumentality of the offense, (2) a fruit of the criminal activity, (3) 
contraband, (4) otherwise unlawfully possessed, or (5) evidence of the 
offense specified above..."

Politechnical?

Encryption must be approaching ubiquity/banality with this from my TV guide 
for mon.12.au.
"24.US Thriller series.2am to 3am.
Jack verifies the key card was encrypted on Nina's computer...etc.
http://www.fox.com/24/research.html

Re: On the outright laughability of internet "democracy"

2002-08-12 Thread R. A. Hettinga 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At 4:20 PM +0200 on 8/12/02, Nomen Nescio wrote, in excruciating,
hilarious and even elegant detail:

<...all about how I was trolled. :-).>

> Good fish. Thank you for playing.

LOL...

You're welcome. Guilty as charged. I admit to being absolutely
trollable about some things. It's even fun on occasion. As always,
you know where the 'd' key is. Or, apparently, I can also tell you
where to find it in several languages. I love the net...


Meaning that, as it always has been, since people began repeating
themselves about six months out from its founding, this list is just
a watering hole, and not a salon. That, and you never really know how
exactly you're going to get your kicks next. :-).


However, if I may be permitted to flop back into the bilge a little
while to add *some* content to the discussion again, my point --
well, two, actually -- still holds.

1.) You cannot have truly anonymous voting on the net without also
being perfectly free to sell your vote. In short, the only voting
that matters on the net is *financial* voting -- voting your control,
total or fractional, of an asset of some kind. Don't take my word for
it. Look it up. Read the protocols. Figure it out for yourself. It's
impossible. And, in so doing you will discover something that I've
also said said too much before, also to the consternation of folks
like you:

2.) Financial cryptography is the *only* cryptography that matters.

[If you respond to a patently content-free fulmination by an
obviously trollee with another troll of your own, what, exactly, does
that make you, troller -- or trollee? :-)]


Cheers,
RAH

-BEGIN PGP SIGNATURE-
Version: PGP 7.5

iQA/AwUBPVffd8PxH8jf3ohaEQId/gCg8bSQsIpLv67eVoLDwO8YSTL1S7UAnRA3
rpyy0mOPtS0ydZLaPz7DCyT3
=g1DF
-END PGP SIGNATURE-

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Palladium: technical limits and implications

2002-08-12 Thread Adam Back 

On Mon, Aug 12, 2002 at 01:52:39PM +0100, Ben Laurie wrote:
> AARG!Anonymous wrote:
> > [...]
> > What Palladium can do, though, is arrange that the app can't get at
> > previously sealed data if the OS has meddled with it.  The sealing
> > is done by hardware based on the app's hash.  So if the OS has changed
> > the app per the above, it won't be able to get at old sealed data.
> 
> I don't buy this: how does Palladium know what an app is without the OS' 
> help?

Here's a slightly updated version of the diagram I posted earlier:

+---++  
| trusted-agent | user mode  |  
|space  | app space  |  
|(code  ++  
| compartment)  | supervisor |  
|   | mode / OS  |  
+---++
| ring -1 / TOR  |
++  
| hardware / SCP key manager |
++  

Integrity Metrics in a given level are computed by the level below.

The TOR starts Trusted Agents, the Trusted Agents are outside the OS
control.  Therefore a remote application based on remote attestation
can know about the integrity of the trusted-agent, and TOR.

ring -1/TOR is computed by SCP/hardware; Trusted Agent is computed by
TOR;

The parallel stack to the right: OS is computed by TOR; Application is
computed OS.

So for general applications you still have to trust the OS, but the OS
could itself have it's integrity measured by the TOR.  Of course given
the rate of OS exploits especially in Microsoft products, it seems
likley that the aspect of the OS that checks integrity of loaded
applications could itself be tampered with using a remote exploit.

Probably the latter problem is the reason Microsoft introduced ring -1
in palladium (it seems to be missing in TCPA).

Adam
--
http://www.cypherspace.org/adam/

URGENT ATTENTION PLEASE.

2002-08-12 Thread Joshua Isong 
PERSONAL AND STRICTLY CONFIDENTIAL
DEAR SIR:
I am Mrs NSAKKA ISONG Serraleonian widow with an only son JOSUA ISONG. My husband was the chief security officer to the ousted President JOHNIE JOHNSON ofserraleon. During the over throw of 24th December 1999, my husband was among the people that were killed by the military. Since after his death, I ran awaywith my only son, I do hereby wish to ask for your  assistance in urgent business transaction that requires absolute honesty and secrecy.
Although I did not in any way disclose to my friend the details of this my proposal due to confidential nature of this transaction. By virtue of my husband's position. The former President Johnie Johnson gave him US 20.000.000.00 Dollars (Twenty million US dollars) cash in US100.00 dollars bill stacked in a box when he got information that the militaries were planning to over throw him. Immediately my husband was confirmed dead, I made away with this box with my only son sothat we can not be reached by Mr BEDIE. I have really been waiting for a more suitable time and opportunity to contact you concerning thistransaction.
Right now, the money is in a safe place, I deposited it with a security company for safe keeping. I am using this opportunity to seek for your assistance tomove this money to your country, to be invested on behalf of my only son.For this business to be concluded immediately, all you need to do is to arrange to meet with me and my son where this box is been lodged, open an account in yourname, pay in the whole money after clearing and transfering it to your chosen account. We can't do that on our own because on my agreement with the TrustCompany I made an agreement that the deposited trunk box is meant for my husband foreign partner this was done to avoid people eyeing the fund,I don't haveaccount else where,moreover, we don't have any business to cover-up that is why we needed your assistance.
 I am ready to offer you 25% of the total sum and give you the full power to manage the remaining 75% on behalf of my son.
Contact my son JOSHUA ISONG where we are curently staying in a sister's house in Abidjan-Cote d'Ivoire.This money we deposited it in the best security company in Abidjan-cote d'Ivoire.
Upon conclusion of arrangement, we shall forward to you the certificate of deposit, and the phone and fax number of the security company for confirmationimmediately you recieve this e-mail message or call me at this number (0022507912620) Please I want us to finish this business as quikly as possible.
Yours faithfull MRS NSAKKA ISONG.
 Do You Yahoo!?
HotJobs, a Yahoo! service - Search Thousands of New Jobs

Straight out of CATO.

2002-08-12 Thread Matthew X 

 >>I'm surprised the article didn't complain about John Young's efforts:<<

I'm surprised Mr McCatohead is surprised because he should know by now that 
cryptome is widely mirrored.If he didn't know that he would be an 
incompetent imbecile.
If he did know then he is only surprised about the articles seeming naivete 
and wanting to appear superior 'dobs jya in', or 'gives him a plug,' take 
your pick.As jya has described our man in CATO as a canary,the 1st 
possibility seems a safe bet.
Declan could be the death of cypherpunks but it'll be a marvelous book deal.

Brian Regan,a scalp for the NSA?

2002-08-12 Thread Matthew X 

"Several countries abandoned Crypto AG but failed to ensure secrecy. The 
Libyans switched to Gretag units after the NSA cited secret communications 
to allege Libyan involvement in the 1986 La Belle disco bombing in West 
Berlin. One senior US official said the fact that the Libyans were making 
their codes more difficult to crack would "make our job tougher." But the 
NSA seemed to have the Gretag base covered as well. According to one 
knowledgeable cryptographic industry expert, NSA's program to co-opt the 
services of encryption manufactures probably extends to all those within 
reach of NSA operatives."
http://mediafilter.org/caq/cryptogate/
So how was Regan blown anyway?
If the fix wasn't in then TEMPEST/intercepts are another possibility or a 
defector/double agent.The least likely scenario?Possibly the one presented 
in court.

Re: On the outright laughability of internet "democracy"

2002-08-12 Thread Nomen Nescio 

On Sun, 11 Aug 2002 22:07:11 -0400, R. A. Hettinga <[EMAIL PROTECTED]> wrote:
160 lines, 1,150 words, 6,393 characters, all insisting on describing his being 
guthooked, sinker 
eating, line chewing and flopping up into the greasy bilge, furiously spewing offense 
and defense, 
in serious, righteous and angry pursuit of the diaphanous illusion of anoned 
bait-spilth, becoming 
clearly the easiest, but also the lowest calorie catch o' the day. Back over the side 
with you, 
little fellow.

Good fish. Thank you for playing.

Washington DC evacuation plan... for federal employees

2002-08-12 Thread Declan McCullagh 

1. Government creates new Washington evacuation plan
By Jason Peckenpaugh

The federal government has created a new procedure for evacuating federal 
employees in Washington in the case of possible terrorist attacks on the 
nation's capital.

The protocol, which took effect in May, tells who can decide to evacuate 
federal employees from agencies and how the government will communicate the 
decision to employees and to city and state agencies that would be affected 
by a mass exodus of civil servants from Washington. It is an attempt to 
improve on the ad hoc process used on Sept. 11, when the Office of 
Personnel Management closed federal agencies without first notifying state 
and transit officials in the Washington area.

"Basically the only emergency plan that was available that this area had 
[on Sept. 11] was the snow emergency plan," said Scott Hatch, OPM's 
director of communications. The new protocol was designed to handle federal 
evacuations in Washington, but could be used to make evacuation decisions 
for civil servants in other cities, he said.

Full story: http://www.govexec.com/dailyfed/0802/080902p1.htm

Return to Top

Make you look and feel 20 YEARS YOUNGER!19056

2002-08-12 Thread andreacarpenterhuaa 

As seen on N.B.C., C.B.S., C.N.N., and even OpRah!! The health discovery that 
actuallyreverses aging while burning fat, without dieting or exercise! This 
provendiscovery has even been reported on by the New England Journal of 
Medicine.Forget aging and dieting forever! And it's Guaranteed! 

Click below to enter our web site:
http://www205.fastwebsnet.com/hgh/

Would you like to lose weight while you sleep!
No dieting!
No hunger pains!
No Cravings!
No strenuous exercise!
Change your life forever! 

100% GUARANTEED!

1.Body Fat Loss 82% improvement.
2.Wrinkle Reduction 61% improvement.
3.Energy Level 84% improvement.
4.Muscle Strength 88% improvement.
5.Sexual Potency 75% improvement.
6.Emotional Stability 67% improvement.
7.Memory 62% improvement.

Click below to enter our web site:
http://www205.fastwebsnet.com/hgh/

**
**
To be removed from our list please email at- [EMAIL PROTECTED] (subject=remove 
"your email")
**

Insight on the News Email Edition

2002-08-12 Thread Insight on the News 

INSIGHT NEWS ALERT!

A new issue of Insight on the News is now online.

http://insightmag.com

...

Folks, we’ve managed to get a reporter on the scene in the search for bin-Laden. 
You won’t want to miss Martin Arostegui’s inside report 
http://insightmag.com/news/260506.html. And Kelly O’Meara’s comments on new lows 
on Wall Street will make your eyes water http://insightmag.com/news/260511.html. 
As will her expose of how a Harvard gang set out to fleece Russian capitalism 
http://insightmag.com/news/260507.html. Until next time from here in the Bunker. 
Your newsman in Washington, signing off.

...

SEARCHING FOR OSAMA

Insight reporter Martin Arostegui joins the hunt for Osama and uncovers 
startling accounts of how the wily terrorist mastermind and his al-Qaeda cohorts 
avoided capture.

http://insightmag.com/news/260506.html

...

DYNACORP STILL TAKING THE MORAL LOW GROUND

Kelly O’Meara digs out even more dirt.

http://insightmag.com/news/260511.html

...

IS AMERICA AT WAR?

Michael Waller reports that the persistent warnings of President George W. Bush 
that the United States is in a real war against terrorism have lost much of 
their impact. Both well-meaning friends and his political adversaries have 
behaved as if the president's top priority were not to win the war.

http://insightmag.com/news/260503.html



 

   IS BIN-LADEN THE PAWN OF CHINA?

On September 11, 2001, a Chinese Peoples Liberation Army transport aircraft from 
Beijing landed in Kabul with the most important delegation the ruling Taliban 
had ever received.  They had come to sign the contract with Afghanistan that 
Osama bin-Laden had asked for, that would provide the Taliban state of the art 
air defense systems in exchange for the Taliban's promise to end the attacks by 
Muslim extremists in China's north-western regions.  Hours later, CIA Director 
George Tenet received a coded "red alert" message from Mossad's Tel Aviv 
headquarters that presented what he called a "worst case scenario" -- that China 
would use a ruthless surrogate, bin-Laden, to attack the United States.  In 
SEEDS OF FIRE, Gordon Thomas asks the question: In the war on terror, is China 
with us or against us?  Click here: 
http://www.conservativebookservice.com/BookPage.asp?prod_cd=C5969&sour_cd=INT003901

 



LOOTING RUSSIA’S FREE MARKET

Kelly O’Meara reveals that as communism collapsed in the former Soviet Union, 
U.S. economic 'reformers,' led by a Harvard University clique, took free-market 
capitalism to a new low.

http://insightmag.com/news/260507.html

...

LABOR PAINS IN HOMELAND DEFENSE

Jennifer Hickey writes that ongoing negotiations to reach a settlement 
concerning provisions in President George W. Bush's homeland-security proposal 
to grant greater flexibility in matters of national security are not so 
promising.

http://insightmag.com/news/260530.html

...

STUDENTS BRAVE TERRORISM IN ISRAEL

Brandon Spun tells us that turmoil in the Middle East and State Department 
travel warnings have not deterred young American students from visiting the holy 
land for a one-of-a-kind learning experience.

http://insightmag.com/news/260510.html

...

NEWS ALERT!

Wade-Hahn Chan and Daniel George write that supporters of meat irradiation feel 
vindicated by the e-coli outbreak.

http://insightmag.com/news/260525.html





  INSIGHT PRINT EDITION SPECIAL

 72% off if you act now!

   https://www.collegepublisher.com/insightsub/subform1.cfm


You have received this newsletter because you have a user name and password at 
Insight on the News.
To unsubscribe from this newsletter, visit 
"http://insightmag.com/main.cfm?include=unsubscribe";. You may also log into 
Insight on the News and edit your account preferences on the Web.

If you have forgotten or don't know your user name and password, it will be 
emailed to you after visiting the following link:
http://insightmag.com/main.cfm?include=emailPassword&serialNumber=16oai891z5&[EMAIL PROTECTED]

Re: Palladium: technical limits and implications

2002-08-12 Thread Ben Laurie 

AARG!Anonymous wrote:
> Adam Back writes:
> 
>>I have one gap in the picture: 
>>
>>In a previous message in this Peter Biddle said:
>>
>>
>>>In Palladium, SW can actually know that it is running on a given
>>>platform and not being lied to by software. [...] (Pd can always be
>>>lied to by HW - we move the problem to HW, but we can't make it go
>>>away completely).
>>
> 
> Obviously no application can reliably know anything if the OS is hostile.
> Any application can be meddled with arbitrarily by the OS.  In fact
> every bit of the app can be changed so that it does something entirely
> different.  So in this sense it is meaningless to speak of an app that
> can't be lied to by the OS.
> 
> What Palladium can do, though, is arrange that the app can't get at
> previously sealed data if the OS has meddled with it.  The sealing
> is done by hardware based on the app's hash.  So if the OS has changed
> the app per the above, it won't be able to get at old sealed data.

I don't buy this: how does Palladium know what an app is without the OS' 
help?

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Slashdot | Outside the Cable Box - The move to create universal set top boxes - Fed mandated...

2002-08-12 Thread Jim Choate 

http://slashdot.org/articles/02/08/12/0110221.shtml?tid=129
-- 

 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

The Register - SSL defeated in IE and Konqueror, no security, get over it...

2002-08-12 Thread Jim Choate 

http://www.theregister.co.uk/content/4/26620.html
-- 

 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

The Register - Acatel owns US employee's thoughts

2002-08-12 Thread Jim Choate 

http://www.theregister.co.uk/content/7/26627.html
-- 

 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

[±¤°í]±¹ºñÁö¿ø IT ±³À°»ý ¸ðÁý..

2002-08-12 Thread Áß¾ÓÀü»êÀü¹®Çб³ 





 
O º» ¸ÞÀÏÀº Á¤º¸Åë½Å¸Á ÀÌ¿ëÃËÁø ¹× Á¤º¸º¸È£ µî¿¡ °üÇÑ ¹ý·ü Á¦50Á¶¿¡ ÀÇ°ÅÇÑ[±¤°í]¸ÞÀÏÀÔ´Ï´Ù.
O ¸ÞÀÏÁÖ¼Ò´Â ÀÎÅͳݻ󿡼­ ÃëµæÇÏ¿´À¸¸ç, ÁÖ¼Ò¿Ü ¾î¶°ÇÑ °³ÀÎ Á¤º¸µµ °¡Áö°í ÀÖÁö ¾Ê½À´Ï´Ù.


 
¢Æ¼ö¿ø±³À°Àå


±³À°°úÁ¤
±³À°ºñ
(°³Àκδã±Ý)
±³À°³»¿ë
±³À°ÀÏÁ¤
±³À°½Ã°£
(¿ÀÀü 9:00 ~ ¿ÀÈÄ 6:00)

±³À°´ë»ó


 Mobile
Java Programmer
¢¹ÀÚ¼¼È÷
¿Â¶óÀνÅû
 120,000(±³ÀçºñÆ÷ÇÔ)
2002.09.24
~ 2003.03.27
 


°í¿ëº¸Çè°¡ÀÔ
½ÇÁ÷ÀÚ




HTML,
CSS/DHTML, Java-Script, DataBase °³·Ð, SQL 
DBMS, Linux System, Java °³¹ßȯ°æ, Java Beginning 
Identifier, Type, Array, Object Oriented Programming 
Exception, Stream I/O, Abstract Window Toolkit, Event JFC Swing,
Applet, Java Network, Thread, Servlet/JSP JDBC, Java- XML, Java
Mobile, ½Ã½ºÅÛ ºÐ¼® ¹× ¼³°è, Project 


 Business
Internet Programming
¢¹ÀÚ¼¼È÷
¿Â¶óÀνÅû
 120,000(±³ÀçºñÆ÷ÇÔ)
2002.10.07
~ 2003.04.08
  


ºñÁÖ¾ó
º£ÀÌÁ÷ ±âº»ÀÍÈ÷±â, DataBase ÇÁ·Î±×·¡¹Ö, ASP
XML, Windows2000, MS-SQL 2000 Server, DB°³·ÐHTML/DHTML, Java-Script,
Photoshop, Flash 
Windows 2000 Server ±¸¼ºÇϱâ, InterNet Information Server 5.0, Project
(¸¹Àº IT¾÷ü°¡ ASP¸¦ »ç¿ëÇÏ°í ÀÖ½À´Ï´Ù.)
 °í¿ëº¸Çè°¡ÀÔ
½ÇÁ÷ÀÚ



¢Æ¼º³²±³À°Àå


±³À°°úÁ¤
±³À°ºñ
(°³Àκδã±Ý)
±³À°³»¿ë
±³À°ÀÏÁ¤
±³À°½Ã°£
(¿ÀÀü 9:00 ~ ¿ÀÈÄ 6:00)

±³À°´ë»ó



Mobile
Java Programmer 
¢¹ÀÚ¼¼È÷ 
¿Â¶óÀνÅû


200,000
¿ø(±³ÀçºñÆ÷ÇÔ)

2002.08.22
~ 2003.02.21




°í¿ëº¸Çè°¡ÀÔ
½ÇÁ÷ÀÚ





HTML,
CSS/DHTML, Java-Script, DataBase °³·Ð, SQL DBMS, Linux System, Java
°³¹ßȯ°æ, Java Beginning 
Identifier, Type, Array, Object Oriented Programming 
Exception, Stream I/O, Abstract Window Toolkit, Event JFC Swing, Applet,
Java Network, Thread, Servlet/JSP JDBC, Java- XML, Java Mobile, ½Ã½ºÅÛ
ºÐ¼® ¹× ¼³°è, Project 




Business Internet Programming
¢¹ÀÚ¼¼È÷
¿Â¶óÀνÅû


200,000
¿ø (±³ÀçºñÆ÷ÇÔ)

2002.09.09 ~ 2003.03.20
 


ºñÁÖ¾ó º£ÀÌÁ÷ ±âº»ÀÍÈ÷±â,
DataBase ÇÁ·Î±×·¡¹Ö, ASP
XML, Windows2000, MS-SQL 2000 Server, DB°³·ÐHTML/DHTML, Java-Script,
Photoshop, Flash 
Windows 2000 Server ±¸¼ºÇϱâ, InterNet Information Server 5.0, Project
(¸¹Àº IT¾÷ü°¡ ASP¸¦ »ç¿ëÇÏ°í ÀÖ½À´Ï´Ù.)

°í¿ëº¸Çè°¡ÀÔ
½ÇÁ÷ÀÚ





¢Æ¼ö¿ø±³À°Àå


±³À°°úÁ¤
±³À°ºñ
(°³Àκδã±Ý)
±³À°³»¿ë
±³À°ÀÏÁ¤
±³À°½Ã°£
(¿ÀÈÄ2:00 ~ ¿ÀÈÄ 6:00)

±³À°´ë»ó


 CG Àü¹®°¡

¢¹ÀÚ¼¼È÷
¿Â¶óÀνÅû

440,000(±³ÀçºñÆ÷ÇÔ)

2002.08.24
~ 2002.11.02

 



Photoshop 6.0 -
ÆÈ·¹Æ®/·¹ÀÌ¾î ¼Ó¼º/Åø¹Ù »ç¿ë ¹æ¹ýÀ̹ÌÁö Á¤¹ÐÇÏ°Ô ¼öÁ¤Çϱâ, À̹ÌÁö »çÁø ÇÕ¼º, Ä«Å»·Î±× Á¦ÀÛ 

Illustrator
9.0 - ÇÁ·Î±×·¥ÀÇ ÀÎÅÍÆäÀ̽º/¿ÀºêÁ§Æ®°³³ä/ Åø¹Ú½º/±×¶óµð¾ðÆ®ÆÈ·¹Æ®,ÆÐÅϸ¸µé±â/Åø¹Ú½º/objecte¸Þ´º-Transform/TransformÆÈ·¹Æ®/veiw¸Þ´º/edit¸Þ´º/type¸Þ´º/strokeÆÈ·¹Æ®/pathfinder/¸¶½ºÅ©/Ŭ¸®ÇÎÆнº/ºí·»µåÅø



ÀϹÝÀÎ ¹×
Çлý,ÀçÁ÷ÀÚ






¢¹ ¿Â¶óÀÎ
»ó´ãÇÏ·¯°¡±â ¼ö¿ø(www.eok.or.kr),¼º³²(www.jok.or.kr)
¢¹ ÀüÈ­: ¼ö¿ø(031-298-2324), ¼º³²(031-758-6114)
¢¹ À§Ä¡: ¼ö¿ø(1È£¼± ¼º´ë¿ª 3ºÐ), ¼º³²(Àüö8È£¼± ¸ð¶õ¿ª 5¹øÃⱸ °í¿ë¾ÈÁ¤¼¾Å¸°Ç¹°5Ãþ)



¢Æ ¼ö¿ø±³À°Àå





 ¢¹ ÀÌ ¸§



 ¢¹ ÀüÈ­¹øÈ£





 ¢¹ E-Mail



 ¢¹ °úÁ¤¸í


¸ð¹ÙÀÏÀÚ¹ÙÇÁ·Î±×·¡¸Ó
B-ÀÎÅÍ³Ý ÇÁ·Î±×·¡¹Ö
CG Àü¹®°¡















¢Æ ¼º³²±³À°Àå





 ¢¹ ÀÌ ¸§



 ¢¹ ÀüÈ­¹øÈ£





 ¢¹ E-Mail



 ¢¹ °úÁ¤¸í


¸ð¹ÙÀÏÀÚ¹ÙÇÁ·Î±×·¡¸Ó
B-ÀÎÅÍ³Ý ÇÁ·Î±×·¡¹Ö















O »çÀü Çã¶ô¾øÀÌ ¸ÞÀÏÀ» º¸³»°Ô µÈÁ¡
»ç°úµå¸³´Ï´Ù.
O ¸ÞÀÏ ¼ö½ÅÀ» ¿øÇϽÃÁö ¾ÊÀ¸½Ã¸é ¼ö½Å°ÅºÎ¸¦ Ŭ¸¯ÇØ ÁÖ¼¼¿ä

Fw: Keep it under wraps, but this one works a treat! QMCRMX

2002-08-12 Thread FLORETTA RODRIGUES 
 

What your Life Insurance CO does NOT WANT you to know.. F

2002-08-12 Thread Term Life Insurance Companies of America. 

   Since
1996, term life insurance rates have been reduced by as much as 70% !40 year old male - $250,000 - 10 year level term As low as $10.45 per month !At TermQuotes Life Insurance Companies of America, we will survey the top life insurance companies for you and provide you with the best rates available. Compare the rates and see for yourself. Fill out this quick form below for further information.The quote is FREE. There is no obligation to buy.Results of computer survey 08-12-02 Sample Annual Premiums* 10 Year Level Premium Term Rates *Age$250,000$500,000$1,000,00035$115$175$30545$210$375$67055$500$935$1,37065$1,305$2,550$4,92070$2,265$4,480$7,510 *Above rates guaranteed to remain level for 10 yearsRates based on male preferred class 1 non-smoker Policies are guaranteed renewable to age 95Policies with 15, 20, 25, and 30 year level premiums also available.Universal Life, Second-to-Die and Estate Planning products also provided.Attention All Smokers: You may qualify for special reduced smoker rates!Submit This Form for a Free Term Insurance Quote !Name Insured:  Amount of Coverage:    $250,000$300,000$400,000$500,000$600,000$700,000$800,000$900,000$1,000,000Date of Birth: Month  010203040506070809101112  Day  01020304050607080910111213141516171819202122232425262728293031 Year Sex:  Male  Female Height:  FT in Weight:  lbs.Occupation:  xxxHave You Ever Had:High Blood Pressure:  Yes   No Heart Attack or Stroke:  Yes   No Cancer:  Yes   No Diabetes:  Yes   No Have You  Smoked Within the Last 12 Months:  Yes   No xxxPerson Completing Request:  Mailing Address:   City:  State  Zip Daytime Phone:  Evening Phone:   Email Address:   Best time to contact:  Morning After noon Evening Weekend When you click submit it may activate your spell check, please click "Ignore" if it does.  

   This could be your ad!


  
  Email Us for
  your next e-marketing campaign.

YOUR
  INTERNET ADVERTISING 

ÿA9MCMXCVI -MMII.
  All Rights Reserved
  If you think that you will not benefit from this correspondence, and you do
  not want to be notified along with the others on this list, please 
  Click Here.

Online photo album with your own audio narration..

2002-08-12 Thread Kye Aliff 



Email 
  your photos in a slideshow format, complete with your own personalized
audio 
  narration, with your very own
  
  Email Memory Book!
  
  Share all the special
times in 
  your life with those you love both near and far. Unique idea for thank
you's, 
  invitations and announcements. A thoughtful gift for anniversaries,
retirements, 
  weddings or any occasion. Capture any event and let those who couldn't be
there 
  share in your precious memories. Great way to communicate with loved ones
serving 
  in the military. A treasured keepsake of a birthday, religious occasion,
vacation, 
  graduation, class reunion, etc.--  the possibilities are endless.
For a 
  full list of occasions or to create your own, visit: www.emailmemorybook.com
  
  To see a
sample, CLICK 
  HERE
  
  Keep in mind First Day of School and Grandparents Day are
just 
  around the corner. 



Save the Planet, Save the Trees, Save the Ozone.
Advertise via E-mail, No wasted paper.
Delete with one simple keystroke.
Click Here To Be Removed.

Life Insurance Price Wars 840

2002-08-12 Thread Dawnetta Aceuedo 


this is unbelievable

TOP Life Companies Continue to Slash
Rates 
Save up to 70% on your LIFE INSURANCE today! 
Term Insurance
Comparisons 
Permanent (Whole/Universal) Life 
Burial/Final Expense 
Get
a Quote Here! 
Choose the
coverage that 
Bests suits YOUR needs. 
Quotes from over 300 top rated companies

 
 

We don't want anyone to receive
correspondence
who does not wish too.  Just go to http://www.all-life/stopit
and you will not get any mail from us in the future.
.

Stoner says, "Call now, we're open"

2002-08-12 Thread Garcia 

***
Now Open Seven Days A Week! 
Call This Weekend for a 2 for 1 Special!!
1-623-974-2295
***

>From the ethnobotanical herbalists who brought the herba supplementals; Kathmandu 
>Temple Kiff “1” & “2” “Personal-Choice”, pipe-smoking products/substances to the 
>common market!!!  

We are finally able to offer for your “Sensitive/Responsive”, “Personal Choice” 
Smoking Enjoyment….the “Seventh Heaven” Temple “3” Ragga Dagga (TM) Pipe-Smoking 
Substance Supplemental Product…. Introduced after three years of research and 
development; Temple “3” is “Personal Choice” legal Smoking/Indulgence….Redefined!!!  

Thanks to recent, dramatic, technological advances in the laboratorial processes for 
the extraction of alkaloid and glycocide supplements from botanicals/herbas/plant 
matter, we are now able to offer….in more cultivated/enhanced/viripotent/substantiated 
format….what had actually already been the most significant, lawful, “Personal Choice” 
smoking substance available on the planet….  “Seventh Heaven” Temple “3” Ragga Dagga 
(TM) is the sweet, sweet evolution of all of that…. 

* A 20 X MORE VIRIPOTENT HERBA SUPPLEMENT THAN ITS PREDESSORS (TEMPLE “1” & “2”).

* HAPPIER, HAPPY SMOKING!!!

* INDEED, A DEPRESSIVE REGRESSIVE, SUPPLEMENTAL MOOD-ENHANCER.

* MORE SOPHISTICATED, UPLIFTING & POISED THAN ILLEGAL SMOKING  SUBSTANCES.

* NO REGULATION, NO ILLEGALITY, NO FAILED DRUG TESTS!!!

* INHIBITS STRESS AND ANXIETY….

* INSPIRES CONTEMPLATIVENESS & CREATIVITY….

* ENHANCES THE SEXUAL EXPERIENCE!!!

* GENERATES MORE RESTFUL SLEEP & LUCID DREAMING….

* A SIGNIFICANT HERBA / BOTANICAL SUPPLEMENT IN THE BATTLES AGAINST DRUG AND ALCOHOL 
DEPENDENCE

* EASILY IGNITED & STOKED.

* SMOKES SWEETLY! 

* ABSOLUTELY LEGAL / NON-INVASIVE / NO DOWNSIDE!!!

* LINGERS FOR A GOOD, GOODLY WHILE!

* POSSESSES MANY FINE GANJA VIRTUES WITH NONE OF THE NEGATIVES!!!

* JUST A LITTLE SNIPPET / PINCH GOES A LONG, LONG WAY….JUST 4 OR 5 DRAWS OF YOUR PIPE 
(A traditional hand herb-pipe is included with each package of Ragga Dagga).

Temple “3” Ragga Dagga (TM) is an exclusive, botanical/herba, proprietary; Nepalesian 
formulated, ultra-“Sensitive/Responsive”, pipe-smoking/stoking substance and is 
undoubtedly the most prestigious, legal offering of its sort on the planet!!!  

So smokin/stokin potent is this cutting edge formulation, that we have even been able 
to establish a very happy clientele market base within the hard-core stoner arena and 
have made positive, happy, smoking differences in many, many lives.

ABSOLUTELY LEGAL!  MARVELOUSLY POTENT!!

A one-of-a-kind, proprietary amalgamation, comprised of extreme high-ratio 
concentrated extracts which are derived from various common and uncommon 
“sensitive/responsive” herbas primarily cultivated within and imported from the 
southern and eastern hemispheres; Temple “3” Ragga Dagga (TM) high-ratio factored 
botanical extractions are master-crafted into solid jiggets/bars which are 
structurally reminiscent of what one might find in the “happiness” coffee and tea 
houses of Nepal/Kathmandu/Amsterdam and in many aspects, possesses a more collected 
and more focused, less scattered ambiance.  

Ingredients:

Temple smoking substances and Temple “3” Ragga Dagga (TM) have always been and will 
always remain exclusive EXOTIC BOTANICAL RESOURCES “House Smoking Substance 
Specialties”.  Temple “3” Ragga Dagga (TM) is both a euphonious/celebratory and 
relaxing/calming pipe-smoking substance that offers both physical and cerebral 
significators.  Temple “3” Ragga Dagga (TM) is a proprietary, prescribed botanical 
amalgamation which includes the following synergistically/synesthesia conglomerated, 
core-refined, ratio-enhanced herbas/botanicals, resins, essences, flower-tops and oils 
in extreme ratio extractment ranging from 8.5 to 1, to 100 to 1 viripotent 
concentrations Drachasha, Chavana Prash, Trikatu, Black Seed Herb, Hybrid Flowering 
Turnera Diffusa, Capillaris Herba, Angelica Root, Wild Dagga mature leaf matter, 
Haritaki, Shatavari, Labdunum, Neroli, Unicorn Root, Papaver Rhoes, Dendrobian stems, 
Calea Zacalechichi buddings, Rue, Amla, Salvia Divinorum, Crocus Sativa, Lotus and 
Gokshu!
 ra!
 cuttings. 

Please Note:  Temple “3” Ragga Dagga (TM) is an absolutely legal, herba/botanical, 
“Personal Choice”, pipe-smoking substantiality product!!!  No included botanical 
factor therein is regulated by law or considered to be harmful by regulatory agencies. 
 There is no tobacco in Temple “3” Ragga Dagga (TM).  There is certainly no 
cannabis/marijuana in Temple “3” Ragga Dagga (TM)….  And although we are not 
age-governed by law….Temple “3” Ragga Dagga (TM) is intended exclusively for 
sophisticated adult usage! Subsequently, it is our MANDATORY ethical policy that 
Temple “3” Ragga Dagga (TM) may not be sold, offered, or given to any person that has 
not attained at least twenty-on

Long distance for only $9.95

2002-08-12 Thread save 
Title: New Page 1







  
 
  
  

  LOW 
  COST 
  =LONG  
  DISTANCE
  =
  
  
 
  
  
 
  Six Plans
  To
  Choose From Including:
  $9.95 Plan  * Unlimited Plan 
  * Travel Plan
  Canadian Plans * 
  International   *  Intra/Inter State
  


  

  Stop paying the
  high cost of long distance.
  
    Simple to understand all-inclusive pricing so you save big!
  
  

  Email
  us now with your phone number to hear how crystal clear your
  connection will be.
  
  

  
  

  
  

  To
  be removed please click
  here