ÉϺ£ÎïÁ÷Ê¢»á¼´½«ÕÙ¿ª
ÖйúÎïÁ÷Óë²É¹ºÁªºÏ»á ÖÐ ¹ú ´¬ ¶« Ð »á ÖÐ ¹ú ¸Û ¿Ú Ð »á Öйú¹ú¼Ê»õÔË´úÀíлá Îļþ ÖÐ ¹ú Ãñ Óà º½¿Õлá ÖÐ ¹ú ¹« · ѧ »á ÖÐ ¹ú Ìú µÀ ѧ »á ÎïÁª»á×Ö[2002]47 ºÅ ¹ØÓÚÕÙ¿ªµÚÈý½ìÖйú¹ú¼Ê ÎïÁ÷¸ß·å»áµÄ²¹³ä֪ͨ ¸÷Óйص¥Î»: Ϊ´Ù½øÖйúÎïÁ÷·¢Õ¹,³ä·ÖÕûºÏ¹úÄÚÍâÉç»á×ÊÔ´,°ïÖú¸÷ÀàÆóÒµ¼°Ê±ÕÆÎÕ¹úÄÚÍâÎïÁ÷·¢Õ¹¶¯Ì¬,´î½¨Õþ¸®¡¢ÆóÒµ¼ä½»Á÷Óë¶Ô»°Æ½Ì¨£¬È«Ãæչʾ¹úÄÚÍâÎïÁ÷·¢Õ¹µÄ×îгɹûÓëµä·¶£¬ÅàÓýÖйúÎïÁ÷´óÊг¡£¬ÖйúÎïÁ÷Óë²É¹ºÁªºÏ»á¡¢Öйú´¬¶«Ð»á¡¢Öйú¸Û¿ÚлᡢÖйú¹ú¼Ê»õÔË´úÀíлᡢÖйúÃñÓú½ Ò»¡¢»áÒé±³¾°²ÄÁÏ Öйú¹ú¼ÊÎïÁ÷¸ß·å»áÊǹ²Í¬ÍƽøÎïÁ÷·¢Õ¹ÁªÏ¯»áÒéµÄÆ·ÅÆ»áÒ飬ÔÚ¸Ã×éÖ¯³ÉÁ¢ÒÔÇ°£¬ÒÑÓÉÏÖÁªÏ¯»áÒé³ÉÔ±µ¥Î»ÓÚ2000Äê6Ô¡¢2001Äê9ÔÂÔÚÉϺ£¡¢±±¾©·Ö±ðÖ÷°ìÁ˵ÚÒ»¡¢µÚ¶þ½ìÖйú¹ú¼ÊÎïÁ÷¸ß·å»á¡£ÎªÈÃÓë»áÕ߸üÉú¶¯ÐÎÏóµØÁ˽â¹úÄÚÍâÎïÁ÷·¢Õ¹µÄ×îгɹû£¬±¾´Î»áÒ齫²ÉÓùú¼Ê»¯µÄ²ß»®£¬È µÚÈý½ìÖйú¹ú¼ÊÎïÁ÷¸ß·å»áÒÔ¼ÓÈëWTOÓëÖйúÎïÁ÷·¢Õ¹ÎªÖ÷Ì⣬ּÔÚ´Ù½ø¹úÄÚÍâÎïÁ÷½çµÄ¼¼Êõ½»Á÷ÓëºÏ×÷£¬È«Ãæչʾ¹úÄÚÍâÎïÁ÷·¢Õ¹µÄ×îгɹûÓëµä·¶£¬×ܽáÏÖ´úÎïÁ÷µÄ·¢Õ¹Àú³Ì£¬¹æ»®Õ¹ÍûÖйúÎïÁ÷·¢Õ¹µÄδÀ´£¬ÔÚÖйúÆóÒµ¹ÜÀí²ãÖÐÊ÷Á¢È«ÐµÄÎïÁ÷Ïû·ÑÒâʶ£¬´´ÔìÎïÁ÷Ïû·Ñ£¬¿ª·¢ÖйúÎïÁ÷ ±¾½ì¸ß·å»á½«ÑûÇëÀ´×ÔÈÕ±¾¡¢ÃÀ¹ú¡¢Å·ÃË¡¢°Ä´óÀûÑÇ¡¢Ð¼ÓÆ¡¢º«¹ú¡¢¸Û°ÄµÈ¹ú¼ÒºÍµØÇøµÄÕþ¸®¹ÙÔ±¡¢ÊÀ½çÖøÃûÎïÁ÷ÉçÍÅ×éÖ¯»ú¹¹¸ºÔðÈË¡¢¹úÄÚÍâÖøÃûÆóÒµ¸ºÔðÈË£¬ÖøÃû¾¼Ãѧ¼Ò¡¢ÎïÁ÷Ó빩ӦÁ´¹ÜÀíÁìÓòÖøÃûר¼Ò¡¢Ñ§Õß¡¢º£ÍâÁôѧÈËÔ±¡¢¹úÄÚÍâ×Éѯ¹ÜÀí»ú¹¹µÈ×ÊÉîÈËÊ¿²Î¼Ó±¾½ì¸ß·å»áÂÛ̳¡ ×÷ΪÓë±¾½ì¸ß·å»áÅäÌ×µÄ2002Öйú£¨ÉϺ££©¹ú¼Ê½»Í¨/ÎïÁ÷¼¼ÊõÉ豸չÀÀ»á½«»ã¾Û¹úÄÚÍ⽻ͨ/ÎïÁ÷ÆóÒµ¼°Ïà¹ØÆóÒµµÄ´ú±í£¬Á¦Çó´ÓÕ¹ÀÀÉϳä·ÖÈ«ÃæµØÌåÏÖµ±½ñ½»Í¨/ÎïÁ÷¼¼ÊõÓë×°±¸·¢Õ¹Ë®Æ½¡¢Ó¦Óóɹû¡£Õ¹ÀÀ½«¾Ù°ì·á¸»¶à²ÊµÄ»î¶¯£¬×î´óÏ޶ȵØÎüÒýÀ´×Ô¾³ÄÚÍâµÄ²ÎÕ¹ÉÌ¡¢Óû§ºÍרҵÈËÊ¿ÔÚ ¶þ¡¢¸ß·å»á×éÖ¯·½°¸ Ö÷Ìâ¼ÓÈëWTOÓëÖйúÎïÁ÷Òµ·¢Õ¹ ¸±Ìâ´óÊг¡¡¢´ó˼·¡¢´óºÏ×÷¡¢´ó·¢Õ¹ ±¨µ½Ê±¼ä2002Äê9ÔÂ23ÈÕ ±¨µ½µØµãµÚÒ»µØµã£ºÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê µÚ¶þµØµã£ºÉϺ£ÃÀÀöÔ°´ó·¹µê »áÒéʱ¼ä2002Äê9ÔÂ24ÈÕ--2002Äê9ÔÂ26ÈÕ ÈÕ ³Ì °² ÅÅ 9ÔÂ23ÈÕ Ê±¼ä²Î»áÈË ÄÚÈݵصã 18£º30©¦©¦20£º30 ¹ú¼ÒÎïÁ÷Ïà¹Ø²úÒµÕþ¸®¹ÙÔ±¡¢ÉϺ£ÊÐÕþ¸®¹ÙÔ±¼°ÎïÁ÷²úÒµÖ÷Òª¹ÙÔ±¡¢³öϯ¸ß·å»áµÄÖøÃûÆóÒµ¸ºÔðÈ˺ÍÔÞÖúÆóÒµ¸ºÔðÈË VIPÔ²×À»áÒéÂÛ̳ ÉϺ£Ëļ¾¾Æµê¹ó±öÌü 9ÔÂ24ÈÕ Ê±¼ä²Î»áÈË ÄÚÈݵصã 08£º30 |09£º00 Õþ¸®¹ÙÔ±¡¢¼Î±ö¡¢ËùÓб¨Ãû²Î»áÕß¡¢¼ÇÕß¿ªÄ»Ê½ ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µêµÛÍõÌü 09£º00|11£º40 Õþ¸®¹ÙÔ±¡¢¼Î±ö¡¢ËùÓб¨Ãû²Î»áÕß¡¢¼ÇÕßÕþ²ß·¨¹æÓëºê¹Û¾¼Ã»¥¶¯ÂÛ̳ ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê µÛÍõÌü 12£º00|13£º30 Õþ¸®¹ÙÔ±¡¢¼Î±ö¡¢ËùÓб¨Ãû²Î»áÕß¡¢¼ÇÕßÎç²Í¼°Îç¼äÐÝϢʱ¼ä ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê »ªÏÄÌü 13£º30|15£º40 Õþ¸®¹ÙÔ±¡¢¼Î±ö¡¢ËùÓб¨Ãû²Î»áÕß¡¢¼ÇÕßÍâ×ÊÆóÒµÔÚÖйúרÌâÂÛ̳ ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê µÛÍõÌü 16£º00©¦17£º30 Õþ¸®¹ÙÔ±¡¢¼Î±ö¡¢ËùÓб¨Ãû²Î»áÕß¡¢¼ÇÕß ÖÐÍâÆóÒµ×ܲû¥¶¯ÂÛ̳£¨¶Ô»°ÐÎʽ£©ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê µÛÍõÌü 17£º30©¦18£º30 ´ú±í×ÔÓɻÓë½»Á÷ʱ¼ä 18£º30©¦20£º30 ËùÓб¨Ãû²Î»áµÄÓë»á´ú±í¡¢¹ú¼ÒÕþ¸®²¿ÃźÍÉϺ£ÊÐÕþ¸®¹ÙÔ±¡¢VIP¼Î±ö Ö÷ÌâÍíÑçºÍÂÛÎÄ°ä½± ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê µÛÍõÌü 9ÔÂ25ÈÕ Ê± ¼ä ·ÖÂÛ̳ÌâÄ¿ Ö÷ Ìâ µØ µã 09£º00©¦11£º40 ÆóÒµÎïÁ÷¾ÓªÕ½ÂÔÂÛ̳×ÔÓªÎïÁ÷ÓëÍâ°üÎïÁ÷ ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê µÛÍõÌüA ÆóÒµÎïÁ÷²É¹º¹ÜÀíÂÛ̳²É¹ºÖÐÐÄÎïÁ÷¹ÜÀí¼¼ÇÉÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê µÛÍõÌüB ÆóÒµÎïÁ÷ÐÅÏ¢¼¼ÊõÂÛ̳ÆóÒµÐÅÏ¢»¯ÓëÁ÷³ÌÔÙÔìÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê µÛÍõÌüC ÆóÒµÎïÁ÷¹¤³Ì¼¼ÊõÂÛ̳ÏÖ´ú»¯ÎïÁ÷ÖÐÐÄÉè¼ÆÓ뽨ÉèÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê »ªÏÄÌüA ÆóÒµÎïÁ÷Ͷ×ʼ沢ÂÛ̳ÎïÁ÷Ͷ×ÊÏîÄ¿ÆÀ¹ÀÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê »ªÏÄÌüB 11£º40|12£º00 ´ú±íÌáÎÊÓëÏ໥½»Á÷Ǣ̸ 12£º20|13£º30 ´ú±íÎç²ÍÐÝϢʱ¼ä 13£º30|17£º30 ÏÖ³¡²Î¹Û2002ÄêÖйú£¨ÉϺ££©¹ú¼Ê½»Í¨/ÎïÁ÷¼¼ÊõÉ豸չÀÀ»á ÏÖ³¡²Î¹ÛÏß·һ ÖÆÔìÒµÆóÒµÎïÁ÷ÖÐÐIJιÛ(ÒâÏòÉϺ£Í¨ÓÃÆû³µGM) ÏÖ³¡²Î¹ÛÏß·¶þ ÎïÁ÷ÒµÆóÒµÎïÁ÷ÖÐÐIJιÛ(ÒâÏòÉϺ£ÆÖ¶«FEDEX) ÏÖ³¡²Î¹ÛÏß·Èý Á¬ËøÒµÆóÒµÎïÁ÷ÖÐÐIJιÛ(ÒâÏòÉϺ£»ªÁª³¬ÊÐ) 18£º30 |21£º30 ÎïÁ÷¹©ÐèË«·½½»Á÷¾Æ»á²Î¼ÓÈËÔ±£ºËùÓб¨Ãû²Î»áµÄÓë»á´ú±í¡¢¹ú¼ÒÕþ¸®²¿ÃźÍÉϺ£ÊÐÕþ¸®¹ÙÔ±¡¢VIP¼Î±ö¡¢ÉϺ£ÊÐÌØÑûÍâ×ÊÆóÒµ¡¢¹úÓÐÆóÒµ¡¢Íâ¹úפ»¦ÁìʹÝÉÌÎñ´¦¡¢Íâ¹úפ»¦ÐÂÎÅýÌå¼ÇÕß¡¢ÒÔ¼°Ïà¹ØÌØÑû¼Î±ö 9ÔÂ26ÈÕ 09£º00|12£º00 ÆóÒµ¿ì¼þÎïÁ÷רҵÂÛ̳¹ú¼Ê¡¢³Ç¼Ê¡¢³ÇÊÐÎïÁ÷¿ì¼þ¹ÜÀí ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê µÛÍõÌüA ÆóÒµÉÌÒµÎïÁ÷רҵÂÛ̳Á¬ËøÅäËÍÓëÎïÁ÷ÖÐÐĹÜÀí ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê µÛÍõÌüB ´ú±í²Î¼Ó½»Á÷»î¶¯£¨²èЪ£© ÆóÒµÎïÁ÷´´Ð¹ÜÀíÂÛ̳µÚËÄ·½ÎïÁ÷Óë»ØÊÕÎïÁ÷ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê µÛÍõÌüC »õÖ÷ÆóÒµÎïÁ÷¹ÜÀíÂÛ̳¹©Ó¦Á´¹ÜÀíÓëÆóÒµÎïÁ÷KPIÆÀ¹ÀÌåϵ ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê »ªÏÄÌüA ÆóÒµÎïÁ÷È˲ŽÌÓýÂÛ̳·ûºÏÖйú¹úÇéÎïÁ÷ÏÖ´úÈ˲ÅÅàѵÌåϵÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê »ªÏÄÌüB 12£º00 ±ÕĻʽÓëËͱðÎçÑç 13£º00|17£º00 ÖÐÍâÆóÒµÏîÄ¿½»Á÷»áôßÏÖ³¡×Éѯ½»Á÷»á ÎïÁ÷»ùµØÕÐÉÌÎïÁ÷¼¼Êõ×ÉѯÎïÁ÷¹ÜÀí×ÉѯÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê µÛÍõÌü Èý¡¢»áÒéÒéÌâ 01£®¼ÓÈëWTOºóÎÒ¹úÎïÁ÷ÒµÃæÁÙµÄÌôÕ½Óë»úÓö 02£®¹ú¼ÊÎïÁ÷·¢Õ¹µÄÏÖ×´¼°Î´À´Ç÷ÊÆ 03£®¹úÍâÎïÁ÷ʵ¼ùµÄ³É¹¦Óëʧ°Ü£¬Î´À´ºÍ»ú»á 04£®ÎïÁ÷Òµ·¨ÂÉ·¨¹æÏÖ×´¼°ÊµÊ©Çé¿ö 05£®¹©Ó¦Á´Õ½ÂÔºÏ×÷»ï°éµÄÑ¡ÔñÓëÆÀ¼Û 06£®ÏÖ´úÎïÁ÷ÓëÖÐСÆóÒµ·¢Õ¹Õ½ÂÔ 07£®ÖÐСÆóҵʵÐй©Ó¦Á´¹ÜÀíµÄ²ßÂÔ 08£®Á¬ËøÁãÊÛÒµµÄ¹©Ó¦Á´¹ÜÀí 09. ÎïÁ÷ÆóÒµÐÅÏ¢»¯µÄÌصãÓëģʽ 10. µç×ÓÉÌÎñ»·¾³ÏµÄÎïÁ÷ÔË×÷ģʽ 11. Éú²úÆóÒµÎïÁ÷¸ïÐÂÓëÔËÓªÕ½ÂÔ 12. µÚÈý·½ÎïÁ÷·þÎñÓëÊг¡ÓªÏú½â¾ö·½°¸ 13. ÆóÒµÎïÁ÷Íâ°üÓëÎïÁ÷·þÎñ³Ð°üÐÎʽ 14. ÎïÁ÷ÆóÒµ¹ÜÀíģʽ´´ÐµÄʵ¼ù 15.
Be Patient.
http://www.smh.com.au/articles/2002/08/10/1028158034347.html Health records base a step closer By Jenny Sinclair August 13 2002 Next Data quality and security are emerging as key issues for computerisation of patient health records around the world. Last week's Health Informatics Conference (HIC 2002) in Melbourne heard that patient records were increasingly becoming computerised but the transfer of information between systems still caused problems. The issues could have ramifications for an ambitious project under consideration for a supercomputing organisation. The Victorian Partnership for Advanced Computing (VPAC), aims to use patient records as a massive database for health research. Speakers at an HIC session on electronic patient records told of four projects, all aimed at finding the perfect solution for the masses of information needed in health care. William Goossen, a researcher and consultant to a Dutch attempt to set up a national electronic patient records model, said the Netherlands had needed to combine many attempts at creating such systems. The answer was to set up a national effort, bringing together the government, health providers and nursing associations in a single body. Major factors in a successful patient records system were identified as the information structure or content, the technical infrastructure, safety and security issues, and having the new body do the work of developing a workable solution. Professor Bill Appelbe, chief executive of supercomputing group VPAC, has said he would like to see standards set up for bringing together all kinds of medical records and tests. Speaking before the conference, he said that most information from clinical trials was only available in hard copy and recorded manually. This made data mining impossible, depriving researchers of potentially valuable sources of information. Similarly, having the general population's health records available electronically (in an anonymous form) would allow the possibility of faster and more accurate medical research. He said VPAC had had interest from large software vendors in developing such systems, acting as a trusted third party to broker between the medical research industry and large database developers. VPAC could take part in developing such specialised systems by applying modern software development (principles) to scientific software and hiring out its supercomputer's data-crunching facilities. In Victoria work has been under way on a universal health-care database for mental health patients for five years. The database project has been slowed by problems with messaging systems transferring data and by user feedback on early versions. The Victorian mental health-care approach has been to develop a centralised database with a unique patient indentifier, and to link it to clinic and hospital systems via an intermediary interface, pending development of a universal solution. The database was divided into an archive database and an operational data store for current work. Speaking for the project, Damian Curran said issues of training, insufficient bandwidth to local clinics and corruption of records had all needed to be overcome. The department is about to move to a new phase of trying to connect clinics and hospitals directly to the central database. Curran said key lessons from the project included the need to have proper documentation to allow for staff moving on, close monitoring of subcontractors, making sure the work kept up with current practices in the medical field, and it's not cheap - costs could be high. At the Distributed Systems Technology Centre (DSTC) in Queensland, trials of a so-called Good Electronic Health Record (GEHR) are about to move to real-world testing. The GEHR is a worldwide attempt to standardise the way medical records are kept. Researcher Andrew Goodchild said the group had had excellent feedback from doctors participating in the trial. The DSTC has helped develop editing software that allows medical practitioners to create simple archetypes or templates in which to store different kinds of information. The templates have parameters built into them that allow practitioners to specify what information must be entered, and what ranges are normal; so a template used to report blood tests, for instance, can automatically identify results out of the normal range. Goodchild said that anyone setting up a records system for doctors should first find out what's politically and culturally, and work-wise acceptable for the clinicians. The trial editor will be available for free download from the DSTC's site soon. A working electronic patient records system has already been set up at the busy emergency section of the Austin and Repatriation Medical Centre in Melbourne. The hospital engaged Sydney software company TrakHealth for the pilot scheme, which has allowed the emergency room to replace its giant whiteboard showing patient
Telepsych.2000.
Introduction The Victorian Telepsychiatry Program was established in 1996 to improve access to mental health services for rural Victorians. The Program funded the establishment of 27 telepsychiatry facilities located at Area Mental Health Service sites in rural base hospitals, mental health centres and community-based locations across regional Victoria, and facilities at six specialist service locations. The specialist services targeted by the Program were: ·The Mental Health Review Board (MHRB) ·Forensic Mental Health Service ·Early Psychosis Prevention and Intervention Centre (EPPIC) Statewide Service ·Child and Adolescent Mental Health Services (CAMHS) at three locations: Austin and Repatriation Medical Centre, Royal Children's Hospital and Monash Medical Centre. The Program established linkages of two types: ·Intra-service: from major rural centres such as Bendigo, to smaller rural communities such as Swan Hill and Kyneton More on http://www.health.vic.gov.au/mentalhealth/publications/telepsychiatry/
(±¤°í) Áßdz.Ä¡¸Å Àü¹®¿ä¾ç¿øÀÔ´Ï´Ù.
style="COLOR: #3366ff; mso-fareast-font-family: µ¸¿òü"> °ü½ÉÀÖ´Â Å©¸®½ºÃ®ÀÇ µ¿¿ªµµ ¿øÇÕ´Ï´Ù.(Á÷¿ø¸ðÁý) THE PLUS ACTION OF HOUSE
OUT WITH THE OLD-IN WITH THE NEW!!! epern
You've seen the car you want. American or Foreign. With the low interest rates of today,it's still rather expensive for that top of the line car you want. How about if you could contact someone, a company, and tell them the exact car you were looking for and they told you were, close to you, to get it for ONLY $50 over dealer cost! This isn't a joke! $50 OVER DEALER COST!!! You tell them the exact car you want and they tell you were to pick it up! If you want to know more: Send $5 cash (U.S. CURRENCY) for the: HOW TO BUY A NEW CAR FOR $50 OVER DEALERS COST Report. Checks NOT accepted. Make sure the cash is concealed by wrapping it in at least 2 sheets of paper. On one of those sheets of paper, write the NAME of the Report you are ordering along with YOUR E-MAIL ADDRESS and your name and postal address, just in case something happens during mailing. SEND TO: R.B. PO BOX 863 Franklin Lakes, NJ 07417 USA PLACE YOUR ORDER FOR THIS REPORT TODAY!!! HOW TO BUY A NEW CAR FOR $50 OVER CEALERS COST fvwmxrgorwmutjrm
YOU CAN OWN AN ADULT SITE AND MAKE HUGE £££/$$$ 0150feRG7-268orDY3-17
My name is PEGGY and I live in Switzerland.I just want to propose a business opportunity to you in the millionaire Adult Industry. FACTS: · I have earn $3 800 up to now and I can send you my profit stats for you to see. · If you are not a sex surfer you can approach this just as a business opportunity without ever looking at the adult content. · You will earn 50% recurring commissions and you will receive your check twice a month. · This is an established, highly reputable company, with 6 years experience running adult web sites online. They are debt free, listed on Dun Bradstreet and specialize in allowing you to cash in FAST and EASILY on the exploding online adult entertainment business without any experience other than surfing the web. I OFFER: · Complete support for you to replicate my work in order to have the same results · If you become a member I will give you my phone number, address and personal e-mail address for a perfect contact · The links to the tools I use to promote If you are interested just e-mail me to [EMAIL PROTECTED] with MORE INFO in the subject line, or REMOVE if you prefer to be removed from my mailing list. 2277GHpa5-684JmzJ3746mbug0-967mcPi6230lGl38
INTRESTED??RESPOND PROMPTLY
ATTN:SIR, My wish at its peak is that you're in good health because health is wealth. I know you dont know me so I have to introduce myself to you. My name is malik Abacha, a second cousin to the late Nigerian Head of state Gen.Sani Abacha who rule between 1993 and 1998. For more reference to me I would love you to know more about my uncle. Please view this site and read it contents carefully; http://news.bbc.co.uk/hi/english/world/africa/newsid_741000/741506.stm During the 4th year of his rule, he gave me a sum of US$23M to boost my business which I just opened in Ogba area of Lagos. Unfortunately, the complex which I was using as a ware-house got burnt by a very ragious inferno. I decided to keep the money until the next year when I would start importing new goods from a contractor in Germany which I had signed earlier before the incident. My uncle died the next year and everything blew up, the new government started probing the whole family members and freezed most of the family accounts. To cut the long story short, they have not detected the money which I secured in a Security company in Holland. Please, I would need you to assist me in retrieving the fund from the company because if I want to retrieve it and they know my identity they would definitely freeze the money in their account. What you have to do is very simple, you will claim the fund as a beneficiary from a contract which was executed by an uncle of yours. All paper works would be put in place for you to claim the money for me. The total amount involved is US$16.5M. 10% would be for any expenses incured during the transaction, 30% would be for your support, while the remaining 60% remains mine. I'm an African who believes in divine direction and you have been divinely chosen to handle this transaction. I hope to hear from you soon. Thanks. Yours Malik Abacha.
look good and feel great
As seen NBC, CBS, CNN, and even Oprah. As reported on in the New England Journal of Medicine. Reverses aging while burning fat, without dieting or exercise. Forget aging and dieting forever And it's Guaranteed! 1.Body Fat Loss 2.Wrinkle Reduction 3.Increased Energy Levels 4.Muscle Strength improvement 5.Increased Sexual Potency 6.Improved Emotional Stability 7.Better Memory Lose weight while building lean muscle mass and reversing the ravages of aging all at once. Check out the benefits of and absolute satisfaction guarantee for this health product on this web page: http://202.108.221.18/www205/ To unsubscribe from future offers, just click here: mailto:[EMAIL PROTECTED]?Subject=off
cypherpunks,Life Changing Breakthrough Now Available For You!
Hello, [EMAIL PROTECTED]Human Growth Hormone Therapy Lose weight while building lean muscle massand reversing the ravages of aging all at once. As seen on NBC, CBS, and CNN, and even Oprah! The health discovery that actually reverses aging while burning fat, without dieting or exercise! This proven discovery has even been reported on by the New England Journal of Medicine. Forget aging and dieting forever! And it's Guaranteed! Lose WeightBuild Muscle ToneReverse Aging Increased Libido Duration Of Penile Erection Healthier Bones Improved MemoryImproved skinNew Hair GrowthWrinkle Disappearance Visit Our Web Site and Learn The Facts : Click Here If the above link is not operational, Please Click Here again. You are receiving this email as a subscriber to the Opt-In America Mailing List. To remove yourself from all related maillists, just Click Here
Your web site.
Dear Subscriber, If I could show you a way to get up to 17,169 visitors a day to any web site, absolutely free of charge, and taking up only 30 minutes a day of your time would you be interested? Just click on the link (or copy and paste to your browser) for more information: http://203.48.169.235/your/mpam/moreinfo.asp?[EMAIL PROTECTED] Sincerely Mike p.s. The information provided is absolutely free, and you will be amazed at how quickly the visitors to your site will begin arriving, and by following a simple 12 lesson plan your visitors (and income) will rise. http://203.48.169.235/your/mpam/moreinfo.asp?[EMAIL PROTECTED] You are receiving this email either as agreed to when you posted to one of our many ffa pages, classified ad sites or search engines (either manually or through an automatic submission service), or you are on a list of people who have expressed an interest in increasing their web site traffic and full or part-time income. If this is not the case we sincerely regret the intrusion and ask that you PLEASE accept our sincerest apologies. Just follow the link below to unsubscribe from our mailing list. http://203.48.169.235/your/unsubscribe.asp?[EMAIL PROTECTED]
µçÄÔÅä¼þ¹©Ó¦
̨ÖÐÊ¢´ï¼¯ÍÅ´ó½°ìÊ´¦ ÎÒ¹«Ë¾³¤ÆÚ¾ÓªÔ×°½ø¿Ú²úÆ·.ÏÖÓеçÄÔÅä¼þ.±Ê¼Ç±¾.±Ê¼Ç±¾Åä¼þ.ÊýÂëÏà»ú.ÉãÏñ»ú.ͶӰÉè ±¸. ͶӰ¸½¼þ.Æû³µ.ÊÖ»ú.¼ÒÓõçÆ÷.²Êµç.¿Õµ÷..ÓÐÒâÔÚ¸÷µØ³ÏÕ÷´úÀíÖ±ÏúÉÌ. Ϊ±£Ö¤ÐÅÓþ ʵÐлõµ½¸¶¿î. Ò²ÐíÄú¶ÔÎÒÃǵļ۸ñÖ®µÍ±íʾ»³ÒÉ,µ«ÄúÊÇ·ñÖªµÀÎÒÃÇ´ÓµçÄÔÊг¡»òÉ̵êÂò»ØÀ´µÄ²úÆ·ÊǾ ¹ý¸÷¼¶´úÀí²ã²ã¼Ó¼ÛµÄ½á¹û.Ó볧¼Ò³ö³§µÄ¼Û¸ñÓÐ×ÅÌìÈÀÖ®±ð.¶øÎÒÃǹ«Ë¾Í¨¹ýÌØÊâµÄ½ø»õÇþµÀ ͨ¹ýÍøÂçÖ±ÏúÄÜ°ÑÖмä´úÀí·ÑÓÃÈ«²¿Ìê³ý,ʵÏÖÕæÕýµÄ¿Í»§Ó빫˾˫Ӯ½á¹û. ¿¼Âǵ½ÍøÂçµÄÐÅÓÃÎÊÌâ,ÎÒÃÇËù³öÊ۵IJúÆ·¾ùʵÐлõµ½¸¶¿îµÄÔÔò.ÕâÖÖ·½Ê½Ëä»áÔö¼ÓÎÒÃÇµÄ ÔËÓª³É±¾,µ«ÎÒÃÇÏ£ÍûÒÔ³ÏÐŵķþÎñ°Ñ×Ô¼º×ö´ó×öÇ¿.ÓëÄúÁªÏµºÏ×÷ÊÂÒê. ( ÇëÎðÖ±½Ó»Ø¸´£¬ÓÐÒâÇëÀ´µçÁªÏµ.ÁªÏµÈË:ºú¿Ë ÁªÏµµç»°: 0138-59709838) µçÄÔÅä¼þ(RMB.Ôª): A:Ö÷°å: ΢ÐÇ 845Pro2-LE(Socket,i845,SDRAM,AC97Éù¿¨) 380Ôª 845Pro (Socket,i845,SDRAM,AC97Éù¿¨) 430Ôª 850Pro5 (Socket,i850,8738Éù¿¨) 520Ôª 645UITRA (Socket478,SiS645оƬ 3DDR AC97) 330Ôª K7T266Pro (SocketA,KT266,3DDR,AC97) 310Ôª K7T266Pro2-LE(SocketA,AC97,ATA100) 270Ôª K7t266Pro2(SocketA,Ö§³ÖXP,3DDR,AC97) 310Ôª 815EPT Pro-NL(Socket370,i815EP,Ö§³ÖÐÂPIII,AC97,ATA100) 270Ôª 815EP Pro-R (Socket370,i850EP,IDE RAID) 280Ôª 815EP-NL (Socket370,i815EP,AC97) 250Ôª 815ET Pro (Socket370,i815E,ÐÂPIII,i752,AC97) 340Ôª 694D Pro2-IR (Socket370,VIA694X/686B,RAID) 320Ôª 6309NL100 (Socket370,VIA694X/686B,AC97) 160Ôª 6309NL/-A (Socket370,VIA694X/686B,AC97,´´ÐÂ5880 190Ôª ÃÀ´ï KT133B (SocketA,KT133/686B,ATA100,AC97) 180Ôª 6VA694XB (Socket370,VIA694x/686B,AC97,ATA100) 135Ôª °º´ï VP266+128M DDR 295Ôª VP266 (Socket370,VIA/APOLLO/PRO266/AC97) 200Ôª VK266 (SocketA,KT133A/686B/AC97/ATA100) 190Ôª VT-133PLUS(SocketA,KT133/686B/AC97/ATA100) 190Ôª ID815E (Socket370,i815E/i752/AC97/ATA100) 195Ôª ID815EP (Socket370,i815EP/AC97/ATA100) 190Ôª ID810 (Socket370,i810/ATA66/i752ÏÔ¿¨/AC97Éù¿¨) 140Ôª VP4-133PLUS(Socket370,VIA694x/686B/AC97/ATA100) 160Ôª Vp4-133/M (Socket370,VIA694/596B/CMI8738Éù¿¨/ATA66) 140Ôª VP-133 (Socket370,VIA693A/596B/CMI8738Éù¿¨/ATA66) 150Ôª SIS730S (SocketA,SiS300/AC97/10/100MÍø¿¨) 155Ôª SIS630E (Socket370,SIS630E/SiS300ÏÔ¿¨/AC97) 175Ôª B:Ó²ÅÌ Maxtor(ÂõÍØ) 40GB£¨ Plus 60/É¢£©7200ת\»º´æ:2MB 180Ôª 40.9GB£¨ VL40/É¢£©5400ת\»º´æ:2MB 160Ôª 160GB£¨ D540X/É¢£©5400ת\»º´æ:2MB 530Ôª 120GB£¨D540X/É¢£©5400ת\»º´æ:2MB 350Ôª 20GB£¨ Plus 60/É¢£© 7200ת\»º´æ:2MB 140Ôª 30GB£¨ Plus 60/É¢£©7200ת\»º´æ:2MB 170Ôª 81.9GB£¨ 80/É¢£©5400ת\»º´æ:2MB 250Ôª 20GB£¨ Plus D740X/É¢£©7200ת\»º´æ:2MB 170Ôª 40GB£¨ Plus D740X/É¢£©7200ת\»º´æ:2MB 180Ôª 20GB£¨ 541DX/É¢£©5400ת\»º´æ:2MB 160Ôª 60GB£¨ D540X/É¢£©5400ת\»º´æ:2MB 200Ôª 20GB£¨ 541DX/ºÐ£©5400ת\»º´æ:2MB 150Ôª 60GB£¨ Plus D740X/É¢£©7200ת\»º´æ:2MB 220Ôª 80GB£¨ Plus D740X/É¢£©7200ת\»º´æ:2MB 300Ôª 40GB£¨ D540X/É¢£©5400ת\»º´æ:2MB 160Ôª 20.4GB£¨ VL40/É¢£©5400ת\»º´æ:2MB 140Ôª 40GB£¨ Plus D740X/ºÐ£©7200ת\»º´æ:2MB 200Ôª 60GB£¨Plus D740X/ºÐ£©7200ת\»º´æ:2MB 230Ôª 80GB£¨ Plus D740X/ºÐ£©7200ת\»º´æ:2MB 350Ôª 40GB£¨ D540X/ºÐ£©5400ת\»º´æ:2MB 185Ôª 80GB£¨ D540X/ºÐ£©5400ת\»º´æ:2MB 280Ôª 20GB£¨ Plus D740X/ºÐ£©7200ת\»º´æ:2MB 160Ôª 40GB£¨ 536DX/ºÐ£©5400ת\»º´æ:2MB 190Ôª 80GB£¨ 536DX/ºÐ£©5400ת\»º´æ:2MB 280Ôª 60GB£¨ Plus 60/ºÐ£©7200ת\»º´æ:2MB 250Ôª 120GB£¨D540X/ºÐ£©5400ת\»º´æ:2MB 400Ôª 81.9GB£¨ 80/ºÐ£©5400ת\»º´æ:2MB 270Ôª 60GB£¨ 536DX/ºÐ£©5400ת\»º´æ:2MB 230Ôª 100GB£¨ 536DX/ºÐ£©5400ת\»º´æ:2MB 800Ôª 60GB£¨ D540X/ºÐ£©5400ת\»º´æ:2MB 270Ôª 160GB£¨ D540X/ºÐ£©5400ת\»º´æ:2MB 900Ôª 30.7GB£¨ VL40/É¢£©5400ת\»º´æ:2MB 210Ôª 61.4GB£¨ 80/É¢£©5400ת\»º´æ:2MB 270Ôª 40GB£¨ 536DX/É¢£©5400ת\»º´æ:2MB 170Ôª 15GB£¨531DX/É¢£©5400ת\»º´æ:2MB 160Ôª 20GB£¨Plus 60/ºÐ£©7200ת\»º´æ:2MB 180Ôª Ï£½Ý 40.8GB£¨U Series 6£©5400ת\»º´æ:2MB 250Ôª 40GB£¨Barracuda ATA IV£©7200ת\»º´æ:2MB 170Ôª 60GB£¨Barracuda ATA IV£©7200ת\»º´æ:2MB 200Ôª 20.4GB£¨U Series 6£©5400ת\»º´æ:512KB 140Ôª 80GB£¨Barracuda ATA IV£©7200ת\»º´æ:2MB 250Ôª 20GB£¨Barracuda ATA IV£©7200ת\»º´æ:2MB 160Ôª 30GB£¨Barracuda ATA III£©7200ת\»º´æ:2MB 170Ôª 20GB£¨U Series 5£©5400ת\»º´æ:512KB 130Ôª 40GB£¨U Series 5£©5400ת\»º´æ:512KB 160Ôª 20GB£¨Barracuda ATA III£©7200ת\»º´æ:2MB 160Ôª 40GB£¨Barracuda ATA III£©7200ת\»º´æ:2MB 170Ôª 10.2GB£¨Barracuda ATA III£©7200ת\»º´æ:2MB 135Ôª 10GB£¨U Series 5£©5400ת\»º´æ:512KB 100Ôª 15.3GB£¨Barracuda ATA III£©7200ת\»º´æ:2MB 165Ôª 30GB£¨U Series 5£©5400ת\»º´æ:512KB 200Ôª 15.3GB£¨U Series 5£©5400ת\»º´æ:512KB 180Ôª ST39236/LW 1ת\»º´æ:2MB\ÈÝÁ¿:9.2GB 350Ôª ST39236/LCV 7200ת\»º´æ:4MB\ÈÝÁ¿:9.2GB 400Ôª IBM 60GB£¨Deskstar 60GXP£©7200ת\»º´æ:2MB 190Ôª 10GB£¨Travelstar 20GN£©4200ת\»º´æ:512KB 140Ôª 40GB£¨Deskstar 60GXP£©7200ת\»º´æ:2MB 170Ôª 40GB£¨Deskstar 120GXP£©7200ת\»º´æ:2MB 170Ôª 80GB£¨Deskstar 120GXP£©7200ת\»º´æ:2MB 230Ôª 30GB£¨Travelstar 20GN£© ±Ê¼Ç±¾Ó²ÅÌ\תËÙ:4200ת\»º´æ:512KB 320Ôª 40GB£¨Travelstar 20GN£© ±Ê¼Ç±¾Ó²ÅÌ\תËÙ:4200ת\»º´æ:512KB 400Ôª 120GB£¨Deskstar 120GXP£© ̨ʽ»úÓ²ÅÌ\תËÙ:7200ת\»º´æ:2MB 430Ôª 18.3GB£¨Ultrastar 36LZX/68£© ·þÎñÆ÷Ó²ÅÌ\תËÙ:1ת\»º´æ:4MB 420Ôª 18.3GB£¨Ultrastar 36LZX/80£©
FWD: CAN YOU READ THIS PLEASE
ÿA9 Copyright 2002 - All rights reservedIf you would no longer like us to contact you or feel that you havereceived this email in error, please click here to unsubscribe.
Business Class Specials
Title: EARN MORE COMMISSION Last Minute Airfares For Domestic And International Cities Supplying the travel industry for over 15 yearsNO ADVANCED PURCHASES! EARN MORE COMMISSIONS NO ADVANCE PURCHASE / NO MINIMUM STAY LAST MINUTE BUSINESS CLASS FARE ECONOMY CLASS FARES AVAILABLE WE SPECIALIZE IN ASIA, MIDDLE EAST, EUROPE, CENTRAL, AND SOUTH AMERICA Why pay more when you don't have to! Fill out form below to have representativecontact you with flight information. Required Input field * *Name: Email: *Phone: Phone 2: Best Time to contact: Departure City: Arrival City: To be removed please click here
µçÄԵͼÛÅäËÍ
Àö¶¼ÏòÄãÎʺÃ! ÎÒ¹«Ë¾³¤ÆÚ´Óʹú¼ÊóÒ×,ΪÍÚ¾òÊг¡Ç±Á¦¡¢À©´ó¾Óª¹æÄ£,ÒâÔÚ¹óµØ Ñ°ÕÒÁôÒ×´°¿Ú,Ìؽ«´Ë¼Ûͬ±í³Ê¹óµ¥Î»²Î¿¼.ÎÒ˾ÌṩһÁ÷Æ·ÖÊ,Ò»Á÷·þÎñ,ËÍ»õÉÏÃÅ, »õµ½¸¶¿î, ÅúÁí¾ù¿É.»¶Ó¸÷½çÅóÓÑÀ´µç´¹Ñ¯¼°Ö§³Ö.¶àл!!! Àö¶¼¹ú¼ÊóÒ×¹«Ë¾ ÖйúITóÒײ¿ :Ëï½£·å ÇëÎðÖ±½Ó»Ø¸´£¬ÓÐÒâÕßÇëÀ´µç --0135-15049234 Ò».µçÄÔÅä¼þ(RMB.Ôª): A:ÏÔʾÆ÷ SONY CPD-G420/ÌØÀöçç\ÏÔÏñ¹Ü³ß´ç:19\µã¾à:0.25mm\ÊÓƵ´ø¿í:230MHz 2300 CPD-E230/ÌØÀöçç\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.25mm 1100 CPD-G220/ÌØÀöçç\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.25mm\ÊÓƵ´ø¿í:203MHz 1600 CPD-G520/ÌØÀöçç\ÏÔÏñ¹Ü³ß´ç:21\µã¾à:0.24mm\ÊÓƵ´ø¿í:341MHz 4000 ·ÉÀûÆÖ 107P/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.25mm\ÊÓƵ´ø¿í:203MHz 800 107E/ ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.27mm\ÊÓƵ´ø¿í:108MHz 500 105S/ ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:15\µã¾à:0.28mm\ÊÓƵ´ø¿í:79MHZ 380 201B/Òñդʽ´¿Æ½¹Ü\ÏÔÏñ¹Ü³ß´ç:21\µã¾à:0.25mm\ÊÓƵ´ø¿í:261MHz 2400 109B/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:19\µã¾à:0.25mm\ÊÓƵ´ø¿í:234MHz 1250 109P/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:19\µã¾à:0.24mm\ÊÓƵ´ø¿í:261MHz 1800 109S/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:19\µã¾à:0.27mm\ÊÓƵ´ø¿í:203MHz 1000 201P/Òñդʽ´¿Æ½¹Ü\ÏÔÏñ¹Ü³ß´ç:21\µã¾à:0.24mm\ÊÓƵ´ø¿í:320MHz 3900 105E/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:15\µã¾à:0.28mm\ÊÓƵ´ø¿í:65MHz 350 107B3/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.25mm\ÊÓƵ´ø¿í:176MHz 680 107G/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.24mm\ÊÓƵ´ø¿í:108MHz 580 107T/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.25mm\ÊÓƵ´ø¿í:108MHz 600 ÈýÐÇ 551S/15\µã¾à:0.24mm\ÊÓƵ´ø¿í:65MHz 320 753DF/DynaFlat´¿Æ½\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.20mm\ÊÓƵ´ø¿í:110MHz 490 753S/17\µã¾à:0.23mm\ÊÓƵ´ø¿í:110MHz 500 1100P/21\µã¾à:0.22mm\ÊÓƵ´ø¿í:230MHz 2600 755DF/17\µã¾à:0.20mm\ÊÓƵ´ø¿í:135MHz 600 743DF/ 17\µã¾à:0.20mm\ÊÓƵ´ø¿í:110MHz 480 753DFX/17\µã¾à:0.20mm\ÊÓƵ´ø¿í:110MHz 580 755DFX/17\µã¾à:0.20mm\ÊÓƵ´ø¿í:185MHz 560 757DFX/17\µã¾à:0.20mm\ÊÓƵ´ø¿í:250MHz 810 1200NF/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:22\µã¾à:0.24mm\ÊÓƵ´ø¿í:340MHz 3700 550S/15\µã¾à:0.24mm\ÊÓƵ´ø¿í:80MHz 400 955DF/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:19\µã¾à:0.20mm\ÊÓƵ´ø¿í:185MHz 1150 750S/17\µã¾à:0.24mm\ÊÓƵ´ø¿í:110MHz 580 EMC DX787/ÈýÐǵ¤ÄȹÜ\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.25mm\ÊÓƵ´ø¿í:150MHz 550 PF797/ÈýÐǵ¤ÄȹÜ\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.25mm\ÊÓƵ´ø¿í:202.5MHz 600 DX997N/HitachiºÚ¾§¾ØÕó¹Ü\ÏÔÏñ¹Ü³ß´ç:19\µã¾à:0.25mm\ÊÓƵ´ø¿í:202.5MHz 980 PX558/15\µã¾à:0.28mm 300 FX772N/17\µã¾à:0.27mm\ÊÓƵ´ø¿í:120MHz 500 DZ777NS/ ÈýÐǵ¤ÄȹÜ\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.20mm\ÊÓƵ´ø¿í:110MHz 500 LT541/15\Òº¾§°åµã¾à:0.297mm 600 HG562/15\Òº¾§°åµã¾à:0.297mm 690 BM468/14.1\Òº¾§°åµã¾à:0.279mm\ÁÁ¶È:180cd/m2\¶Ô±È¶È:200:1 500 568 II/15\Òº¾§°åµã¾à:0.279mm\ÁÁ¶È:200cd/m2\¶Ô±È¶È:400:1 730 BM568/15\Òº¾§°åµã¾à:0.3mm\ÁÁ¶È:200cd/m2\¶Ô±È¶È:350:1 1500 ÈýÐÇ 151S/15\Òº¾§°åµã¾à:0.297mm\ÁÁ¶È:250cd/m2\¶Ô±È¶È:330:1 780 171S/17\Òº¾§°åµã¾à:0.264mm\ÁÁ¶È:250cd/m2\¶Ô±È¶È:350:1 1820 151MP/15\Òº¾§°åµã¾à:0.297mm\ÁÁ¶È:250cd/m2\¶Ô±È¶È:330:1 1600 171MP/17\Òº¾§°åµã¾à:0.264mm\ÁÁ¶È:240cd/m2\¶Ô±È¶È:400:1 2500 210T/21.3\Òº¾§°åµã¾à:0.270mm\ÁÁ¶È:230cd/m2\¶Ô±È¶È:400:1 12000 151BM/15\Òº¾§°åµã¾à:0.297mm\ÁÁ¶È:250cd/m2\¶Ô±È¶È:330:1 900 240T/ 24.06\Òº¾§°åµã¾à:0.270mm\ÁÁ¶È:230cd/m2\¶Ô±È¶È:500:1 19000 151B/15\Òº¾§°åµã¾à:0.297mm\ÁÁ¶È:250cd/m2\¶Ô±È¶È:330:1 1000 SONY SMD-M51/15.1\Òº¾§°åµã¾à:0.3mm\ÁÁ¶È:200 cd/m2\¶Ô±È¶È:300:1 980 SMD-M81/18.1\Òº¾§°åµã¾à:0.3mm\ÁÁ¶È:200 cd/m2\¶Ô±È¶È:300:1 3200 SDM-N50/15\Òº¾§°åµã¾à:0.297mm\ÁÁ¶È:200cd/m2\¶Ô±È¶È:300:1 3000 B:CPU 1..7G£¨Socket 478/ºÐ£© Ö÷Ƶ:1.7GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 500 1.6G£¨Socket 478/É¢£© Ö÷Ƶ:1.6GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 500 1.6G£¨Socket 478/ºÐ£© Ö÷Ƶ:1.6GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 510 1.5G£¨Socket 478/É¢£© Ö÷Ƶ:1.5GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 450 4 1.7G£¨Socket 478/É¢£© Ö÷Ƶ:1.7GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 490 1.5G£¨Socket 478/ºÐ£© Ö÷Ƶ:1.5GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 480 4 1.8GA£¨Socket 478/NORTHWOOD/ºÐ£© Ö÷Ƶ:1.8GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:512KB 550 2.0GA£¨Socket 478/NORTHWOOD/ºÐ£© Ö÷Ƶ:2.0GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:512KB 600 1.8G£¨Socket 478/É¢£© Ö÷Ƶ:1.8GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 590 1.6GA£¨Socket 478/NORTHWOOD/É¢£© Ö÷Ƶ:1.6GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:512KB 510 1.8GA£¨Socket 478/NORTHWOOD/É¢£© Ö÷Ƶ:1.8GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:512KB 580 2.0GA£¨Socket 478/NORTHWOOD/É¢£© Ö÷Ƶ:2.0GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:512KB 620 1.6G£¨Socket 423/É¢£© Ö÷Ƶ:1.6GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 423\¶þ¼¶»º´æ:256KB 500 1.8G£¨Socket 478/ºÐ£© Ö÷Ƶ:1.8GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 620 1.6GA£¨Socket 478/NORTHWOOD/ºÐ£© Ö÷Ƶ:1.6GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:512KB 540 2.0G£¨Socket 478/ºÐ£© Ö÷Ƶ:2.0GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 700 1.5G£¨Socket 423/ºÐ£© Ö÷Ƶ:1.5GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 423\¶þ¼¶»º´æ:256KB 430 1.5G£¨Socket 423/É¢£© Ö÷Ƶ:1.5GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 423\¶þ¼¶»º´æ:256KB 460 1.7G£¨Socket
Re: CDR: status of various projects?
It's more than 'distributed publishing', it's distributed everything. Have your grid and eat it too! Use Plan 9: http://plan9.bell-labs.com The Hangar 18 Co-Op: http:[EMAIL PROTECTED] On Wed, 14 Aug 2002, Miles Fidelman wrote: It seems like a lot of interesting projects haven't been active for a while - notably Free Haven and Eternity Usenet. Where is the most active work, these days, on distributed publishing systems? ** The Center for Civic Networking PO Box 600618 Miles R. Fidelman, President Newtonville, MA 02460-0006 Director, Municipal Telecommunications Strategies Program617-558-3698 fax: 617-630-8946 [EMAIL PROTECTED]http://civic.net/ccn.html Information Infrastructure: Public Spaces for the 21st Century Let's Start With: Internet Wall-Plugs Everywhere Say It Often, Say It Loud: I Want My Internet! ** -- Conform and be dull..J. Frank Dobie [EMAIL PROTECTED] www.ssz.com [EMAIL PROTECTED] www.open-forge.org
SSZ Downtime - Schedule Change
Hi, We're facing a last minute change in our scheduled downtime. The current window is from Fri., Aug. 16 through Sun., Aug. 25. This is from tomorrow (Fri.) through Sunday of next weekend. I apologize for the short notice on the change and any inconvenience this might cause. We do not expect to experience such extended downtimes in the (near) future. See you in about a week! -- Conform and be dull..J. Frank Dobie [EMAIL PROTECTED] www.ssz.com [EMAIL PROTECTED] www.open-forge.org
Insight on the News Email Edition
INSIGHT NEWS ALERT! New stories from Insight on the News are now online. http://insightmag.com/ ... Folks, we really struck a nerve with Mike Wallers cover story on the ways many in power are turning the war on terror to their own ends. In case you missed it, we still have it posted http://insightmag.com/news/260503.html. The same goes for Doug Burtons pro and con on whether the NAACP should lose its tax exemption (because its an arm of the Democratic Party) http://insightmag.com/news/260519.html. Thats it for today. Check out our website then go sit in the shade. From the Bunker, I remain your newsman in Washington. ... SYMPOSIUM PRO CON SHOULD THE NAACP LOSE ITS TAX EXEMPTION? ARMSTRONG WILLIAMS SAYS -- YES: It's time the IRS investigated the NAACP for advancing a clearly partisan agenda. http://insightmag.com/news/260519.html REP. SHEILA JACKSON LEE SAYS -- NO: The NAACP's decades-long fight for justice does not amount to political partisanship. [By: Rep. Sheila Jackson Lee] http://insightmag.com/news/260520.html ... HOUSE EXPULSION OF TRAFICANT IS A POT CALLING A KETTLE BLACK Tom Adkins says: punishment? Yes. But expulsion? From the same group that boasts 29 wife-beaters, seven defrauders (including House Minority Leader Dick Gephardt, who lied on a home-loan application), 19 check kiters, three assaulters and two apparent child rapists? A select club that boasts 14 drug arrests, eight shoplifters and countless drunk drivers? http://insightmag.com/news/260513.html ... MEDIA MANUFACTURE CLOUD OF SUSPICION OVER HATFILL Nicholas Stix asks where did all the rumors about the bioweapons expert originate? http://insightmag.com/news/260804.html William F. Buckley, Jr.: Pied Piper for the Establishment HAVE YOU BEEN DECEIVED? Discover Buckleys promotion of liberal causes and how he has been leading Americans away from true conservatism since the 1960s. http://www.jbs.org/buckley/insight2.htm KYOTO ALL OVER AGAIN Martin Walker tells us that the U.S. is about to become the Global Warming Meanie one more time. http://insightmag.com/news/260776.html ... TWO CHEERS FOR TRIAL LAWYERS Christopher Whalen writes that their critics liken them to parasites, but others say trial lawyers are the only remaining champions of consumer rights thanks to the federal government's indifference. http://insightmag.com/news/260508.html ... FERC SAYS POWER FIRMS MAYBE GAMED MARKETS Hill Anderson asks if energy companies did manipulate the western electricity markets. http://insightmag.com/news/260778.html ... A CONSTANT THORN IN CLINTONS SIDE Stephen Goode tells us that whether hes investigating Bill Clinton's skulduggery or the effects of lax immigration control, David Bossie and Citizens United aim to be timely, tough and truthful. http://insightmag.com/news/260517.html ... HOW THE WEST BECAME NUMBER 1 Hans Nichols says Dinesh D'Souza defangs the multiculturalists. http://insightmag.com/news/260512.html INSIGHT SUBSCRIPTION SPECIAL! Save $50.83 (Off Our Newsstand Price) https://www.collegepublisher.com/insightsub/subform1.cfm You have received this newsletter because you have a user name and password at Insight on the News. To unsubscribe from this newsletter, visit http://insightmag.com/main.cfm?include=unsubscribe;. You may also log into Insight on the News and edit your account preferences on the Web. If you have forgotten or don't know your user name and password, it will be emailed to you after visiting the following link: http://insightmag.com/main.cfm?include=emailPasswordserialNumber=16oai891z5[EMAIL PROTECTED]
Hello ! 8638URua6-230yEiM3882Kxky-24
: ))) Subject: Give away FREE CD's - Earn $5K in 30 Days! PROOF! May I send you this FREE CD? Pop it into your computer, and get the preliminary details on how YOU can be an INVESTOR in the Network Marketing Industry and earn 400-700% return in 4 months... and NEVER sell ANYTHING to ANYBODY or RECRUIT anyone to sell ANYTHING to ANYBODY! I am a real person - a mom of 5 and a proud grandma - and on this CD you will see PROOF that we earned *** $26,087.58 in our first 94 days! *** $10.192.83 just yesterday!!! *** If you can GIVE AWAY free CD's and products, and let ME talk to people FOR you, then I have an EXACT business plan to show you PRECISELY what returns you can expect and in exactly what time frame. Let US work FULL TIME for you. We've helped others... Julie P. earned $750 in one week with us Jeff A. earned $6500 in 5 weeks with us Kate B. earned $740 in 11 days with us And we NOW have an EXACT business plan for you and can tell you EXACTLY what to expect with where you're starting. No guesswork - we've done it. See the PROOF with your own eyes - let me send YOU this FREE CD today! To get your FREE CD , please send the following information: Name Address Phone Number mailto:[EMAIL PROTECTED]?subject=FREE_CD To be removed from future mailings, please mailto:[EMAIL PROTECTED]?subject=REMOVE 8018jlGr9-193Lwgm5489GclE3-017WrhU6903jHDs8-978cKQQ8234nNCB3-652OnSR6645okAz4-921PIl78
Search
Pursuantto seeing your information on the web today, the following information provides a background of our Company and specifically in the search we are engaged in to complete for one of our Clients. Further information is provided below. Since 1977, Joseph Chris Partners has specialized in recruiting outstanding professional and executive level talent for Residential and Commercial (Office, Retail, Industrial) Development and Construction Industry. We have successfully completed over 3000 search assignments in 46 states and 5 countries and are recognized as the leading search firm exclusive to Real Estate, Development and Construction Industries. Please consider this exceptional opportunity and provide us with any referrals of others that may find this a benefit. In addition, we would like the opportunity to assist you and senior level staffing and recruiting projects for your Company. Sincerely, Donna Rossi, PartnerJoseph Chris Partners608-831-3511 X 24 (Office)608-831-4870 (Fax)[EMAIL PROTECTED]www.josephchris.com JOSEPH CHRIS PARTNERS EXECUTIVE SEARCH Senior Underwriter COMPANY DESCRIPTION: Our Client is a national real estate Lending organization that provides borrowers, brokers and financial institutions commercial mortgages, equity, small business loans, defeasance and Fannie Mae financing options. Our Client is a national company with East and West coast offices. POSITION REQUIREMENTS: Our Client is seeking a Senior Underwriter to join their Atlanta, GA Management Team. Responsibilities include DUS underwriting, screening Fannie Mae loans and delivering Multifamily mortgages. Yield maintenance negotiation skills, working with percentage pre-payment premium methods, defeasance, property appraisals, environmental assessments and physical needs assessments are beneficial. An outgoing personality and leadership skills is a plus. SEARCH FIRM INFORMATION: Since, 1977 JOSEPH CHRIS PARTNERS, is the leading specialized executive search and recruiting firm to the Real Estate, Development and Construction Industry. Real Estate Owners, Developers, Construction, Investment, and Management of Residential and Commercial projects retain our firm for mid-senior level recruiting assignments. COMMENTS BY SEARCH DIRECTOR: The opportunity for upside in this position is tremendous along with a lucrative base salary. Dynamic management team, enormous opportunity for an underwriter who wants to be a key strategist for this well respected company. Executive search consultants to the multifamily industry
ADV: Interest rates slashed! Don't wait! xpqpd
INTEREST RATES HAVE JUST BEEN CUT!!! NOW is the perfect time to think about refinancing your home mortgage! Rates are down! Take a minute and fill out our quick online form. http://ww2.watershedmoment.com/refi/ Easy qualifying, prompt, courteous service, low rates! Don't wait for interest rates to go up again, lock in YOUR low rate now! --- To unsubscribe, go to: http://ww2.watershedmoment.com/stopthemailplease/ Please allow 48-72 hours for removal.
TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)
[resend via different node: [EMAIL PROTECTED] seems to be dead -- primary MX refusing connections] Phew... the document is certainly tortuous, and has a large number of similarly and confusingly named credentials, certificates and keys, however from what I can tell this is what is going on: Summary: I think the endorsement key and it's hardware manufacturers certificate is generated at manufacture and is not allowed to be changed. Changing ownership only means (typically) deleting old identities and creating new ones. The longer version... - endorsement key generation and certification - There is one endorsement key per TPM which is created and certified during manufacture. The creation and certification process is 1) create endorsement key pair, 2) export public key endorsement key, 3) hardware manufacturer signs endorsement public key to create an endorsement certificate (to certify that that endorsement public key belongs to this TPM), 4) the certificate is stored in the TPM (for later use in communications with the privacy CA.) - ownership - Then there is the concept of ownership. The spec says the TPM MUST ship with no Owner installed. The owner when he wishes to claim ownership choose a authentication token which is sent into the TPM encrypted with the endorsement key. (They give the example of the authentication token being the hash of a password). Physical presence tests apply to claiming ownership (eg think BIOS POST with no networking enabled, or physical pin on motherboard like BIOS flash enable). The authentication token and ownership can be changed. The TPM can be reset back to a state with no current owner. BUT _at no point_ does the TPM endorsement private key leave the TPM. The TPM_CreateEndorsementKeyPair function is allowed to be called once (during manufacture) and is thereafter disabled. - identity keys - Then there is the concept of identity keys. The current owner can create and delete identities, which can be anonymous or pseudonymous. Presumably the owner would delete all identity keys before giving the TPM to a new owner. The identity public key is certified by the privacy CA. - privacy ca - The privacy CA accepts identity key certification requests which contain a) identity public key b) a proof of possession (PoP) of identity private key (signature on challenge), c) the hardware manufacturers endorsement certificate containing the TPM's endorsement public key. The privacy CA checks whether the endorsement certificate is signed by a hardware manufacturer it trusts. The privacy CA sends in response an identity certificate encrypted with the TPM's endorsement public key. The TPM decrypts the encrypted identity certifate with the endorsement private key. - remote attestation - The owner uses the identity keys in the remote attestation functions. Note that the identity private keys are also generated on the TPM, the private key also never leaves the TPM. The identity private key is certified by the privacy CA as having been requested by a certified endorsement key. The last two paragraphs imply something else interesting: the privacy CA can collude with anyone to create a virtualized environment. (This is because the TPM endorsement key is never directly used in remote attestation for privacy reasons.) All that is required to virtualize a TPM is an attestation from the privacy CA in creating an identity certificate. So there are in fact three avenues for FBI et al to go about obtaining covert access to the closed space formed by TCPA applications: (A) get one of the hardware manufacturers to sign an endorsement key generated outside a TPM (or get the endorsement CA's private key), or (B) get a widely used and accepted privacy CA to overlook it's policy of demanding a hardware manufacturer CA endorsed endorsement public key and sign an identity public key created outside of a TPM (or get the privacy CA's private key). (C) create their own privacy CA and persuade an internet server they wish to investigate the users of to accept it. Create themselves a virtualized client using their own privacy CA, look inside. I think to combat problem C) as a user of a service you'd want the remote attestation of software state to auditably include it's accepted privacy CA database to see if there are any strange Privacy CAs on there. I think you could set up and use your own privacy CA, but you can be sure the RIAA/MPAA will never trust your CA. A bit like self-signing SSL site keys. If you and your friends add your CA to their trusted root CA database it'll work. In this case however people have to trust your home-brew privacy CA not to issue identity certificates without having seen a valid hardware-endorsement key if they care about preventing virtualization for the privacy or security of some network application. Also, they seem to take explicit steps to prevent you getting multiple privacy CA certificates on the same identity key. (I'm not sure why.)
Re: Overcoming the potential downside of TCPA
[Repost] Joe Ashwood writes: Actually that does nothing to stop it. Because of the construction of TCPA, the private keys are registered _after_ the owner receives the computer, this is the window of opportunity against that as well. Actually, this is not true for the endoresement key, PUBEK/PRIVEK, which is the main TPM key, the one which gets certified by the TPM Entity. That key is generated only once on a TPM, before ownership, and must exist before anyone can take ownership. For reference, see section 9.2, The first call to TPM_CreateEndorsementKeyPair generates the endorsement key pair. After a successful completion of TPM_CreateEndorsementKeyPair all subsequent calls return TCPA_FAIL. Also section 9.2.1 shows that no ownership proof is necessary for this step, which is because there is no owner at that time. Then look at section 5.11.1, on taking ownership: user must encrypt the values using the PUBEK. So the PUBEK must exist before anyone can take ownership. The worst case for cost of this is to purchase an additional motherboard (IIRC Fry's has them as low as $50), giving the ability to present a purchase. The virtual-private key is then created, and registered using the credentials borrowed from the second motherboard. Since TCPA doesn't allow for direct remote queries against the hardware, the virtual system will actually have first shot at the incoming data. That's the worst case. I don't quite follow what you are proposing here, but by the time you purchase a board with a TPM chip on it, it will have already generated its PUBEK and had it certified. So you should not be able to transfer a credential of this type from one board to another one. The expected case; you pay a small registration fee claiming that you accidentally wiped your TCPA. The best case, you claim you accidentally wiped your TCPA, they charge you nothing to remove the record of your old TCPA, and replace it with your new (virtualized) TCPA. So at worst this will cost $50. Once you've got a virtual setup, that virtual setup (with all its associated purchased rights) can be replicated across an unlimited number of computers. The important part for this, is that TCPA has no key until it has an owner, and the owner can wipe the TCPA at any time. From what I can tell this was designed for resale of components, but is perfectly suitable as a point of attack. Actually I don't see a function that will let the owner wipe the PUBEK. He can wipe the rest of the TPM but that field appears to be set once, retained forever. For example, section 8.10: Clear is the process of returning the TPM to factory defaults. But a couple of paragraphs later: All TPM volatile and non-volatile data is set to default value except the endorsement key pair. So I don't think your fraud will work. Users will not wipe their endorsement keys, accidentally or otherwise. If a chip is badly enough damaged that the PUBEK is lost, you will need a hardware replacement, as I read the spec. Keep in mind that I only started learning this stuff a few weeks ago, so I am not an expert, but this is how it looks to me.
Re: Spam blocklists?
From: Sunder [EMAIL PROTECTED] None of those things work. Most spammers don't give a shit if you don't receive email. I can attest to this by the slew of spam going to hostmaster, webmaster, and the like on many networks. What they're really selling is ten million addresses and spam software. Even if 9 million of those are bullshit, they couldn't care less. The more things with @ signs in'em the more money they make off clueless businesses. We talk about different things then :) I don't care that they make money off clueless businesses... I care that they don't send ME spam. If I can solve the second problem, the first one will take care of itself. Mark
CT-RSA 2003 -- preliminary call for papers
[From sci.crypt -pt] From: [EMAIL PROTECTED] (Marc Joye) Newsgroups: sci.crypt.research, sci.crypt Subject: CT-RSA 2003 -- preliminary call for papers Date: Thu, 15 Aug 2002 12:20:39 + (UTC) === Preliminary Call for Papers -- CT-RSA 2003 Submission deadline: Oct. 1, 2002 Cryptographers' Track, RSA Conference 2003 (CT-RSA 2003) April 13-17, 2003, Moscone Center, San Francisco, USA http://reg2.lke.com/rs3/rsa2003/crypto.html (see also http://www.rsaconference.net/) === Following the success of the two previous editions, the Cryptographers' Track of RSA Conference 2003 (CT-RSA 2003) will be run as an anonymously refereed conference with proceedings. The proceedings of CT-RSA 2001 and CT-RSA 2002 were published in Springer-Verlag's Lecture Notes in Computer Science series as LNCS 2020 and LNCS 2271, respectively. Original research papers pertaining to all aspects of cryptography as well as tutorials are solicited. Submissions may present theory, techniques, applications and practical experience on topics including, but not limited to: fast implementations, secure electronic commerce, network security and intrusion detection, formal security models, comparison and assessment, tamper resistance, certification and time-stamping, cryptographic data formats and standards, encryption and signature schemes, public key infrastructure, protocols, elliptic curve cryptography, cryptographic algorithm design and cryptanalysis, discrete logarithms and factorization techniques, lattice reduction, and provable security. IMPORTANT DATES: Submission deadline: Oct. 1, 2002 Acceptance notification: Nov. 1, 2002 Proceedings version: Nov. 17, 2002 INSTRUCTIONS FOR AUTHORS: The program committee invites research contributions and tutorials in the broad area of applications and theory of cryptography. Correspondence, including submissions, will take place entirely via e-mail. All submissions will be blind refereed. To make a submission, please send two separate e-mail messages to [EMAIL PROTECTED] (the first message should contain the paper's title, the names and affiliations of the authors and should identify the contact author, including e-mail and postal addresses; the second message should contain the submission itself in PostScript or in PDF). The paper must be anonymous, with no author names, affiliations, acknowledgements, or obvious references. It should begin with a title, a short abstract, and a list of keywords. The paper should be at most 12 pages (excluding the bibliography and clearly marked appendices), and at most 18 pages in total, using at least 11-point font and reasonable margins. Submissions not meeting these guidelines risk rejection without consideration of their merits. PROCEEDINGS For an accepted paper to be included in the proceedings, the authors of the paper must guarantee that at least one of the co-authors will attend the conference and deliver the talk (registration fees will be waived for the co-author delivering the talk). PROGRAM COMMITTEE: Giuseppe Ateniese Chi-Sung Laih John Black Tatsuaki Okamoto Daniel Bleichenbacher David Pointcheval Rosario GennaroBart Preneel Stuart Haber Jean-Jacques Quisquater Helena Handschuh Tsuyoshi Takagi Markus Jakobsson Gene Tsudik Antoine Joux Serge Vaudenay Marc Joye (Chair) Sung-Ming Yen Kwangjo KimMoti Yung Seungjoo Kim Yuliang Zheng
TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)
Phew... the document is certainly tortuous, and has a large number of similarly and confusingly named credentials, certificates and keys, however from what I can tell this is what is going on: Summary: I think the endorsement key and it's hardware manufacturers certificate is generated at manufacture and is not allowed to be changed. Changing ownership only means (typically) deleting old identities and creating new ones. The longer version... - endorsement key generation and certification - There is one endorsement key per TPM which is created and certified during manufacture. The creation and certification process is 1) create endorsement key pair, 2) export public key endorsement key, 3) hardware manufacturer signs endorsement public key to create an endorsement certificate (to certify that that endorsement public key belongs to this TPM), 4) the certificate is stored in the TPM (for later use in communications with the privacy CA.) - ownership - Then there is the concept of ownership. The spec says the TPM MUST ship with no Owner installed. The owner when he wishes to claim ownership choose a authentication token which is sent into the TPM encrypted with the endorsement key. (They give the example of the authentication token being the hash of a password). Physical presence tests apply to claiming ownership (eg think BIOS POST with no networking enabled, or physical pin on motherboard like BIOS flash enable). The authentication token and ownership can be changed. The TPM can be reset back to a state with no current owner. BUT _at no point_ does the TPM endorsement private key leave the TPM. The TPM_CreateEndorsementKeyPair function is allowed to be called once (during manufacture) and is thereafter disabled. - identity keys - Then there is the concept of identity keys. The current owner can create and delete identities, which can be anonymous or pseudonymous. Presumably the owner would delete all identity keys before giving the TPM to a new owner. The identity public key is certified by the privacy CA. - privacy ca - The privacy CA accepts identity key certification requests which contain a) identity public key b) a proof of possession (PoP) of identity private key (signature on challenge), c) the hardware manufacturers endorsement certificate containing the TPM's endorsement public key. The privacy CA checks whether the endorsement certificate is signed by a hardware manufacturer it trusts. The privacy CA sends in response an identity certificate encrypted with the TPM's endorsement public key. The TPM decrypts the encrypted identity certifate with the endorsement private key. - remote attestation - The owner uses the identity keys in the remote attestation functions. Note that the identity private keys are also generated on the TPM, the private key also never leaves the TPM. The identity private key is certified by the privacy CA as having been requested by a certified endorsement key. The last two paragraphs imply something else interesting: the privacy CA can collude with anyone to create a virtualized environment. (This is because the TPM endorsement key is never directly used in remote attestation for privacy reasons.) All that is required to virtualize a TPM is an attestation from the privacy CA in creating an identity certificate. So there are in fact three avenues for FBI et al to go about obtaining covert access to the closed space formed by TCPA applications: (A) get one of the hardware manufacturers to sign an endorsement key generated outside a TPM (or get the endorsement CA's private key), or (B) get a widely used and accepted privacy CA to overlook it's policy of demanding a hardware manufacturer CA endorsed endorsement public key and sign an identity public key created outside of a TPM (or get the privacy CA's private key). (C) create their own privacy CA and persuade an internet server they wish to investigate the users of to accept it. Create themselves a virtualized client using their own privacy CA, look inside. I think to combat problem C) as a user of a service you'd want the remote attestation of software state to auditably include it's accepted privacy CA database to see if there are any strange Privacy CAs on there. I think you could set up and use your own privacy CA, but you can be sure the RIAA/MPAA will never trust your CA. A bit like self-signing SSL site keys. If you and your friends add your CA to their trusted root CA database it'll work. In this case however people have to trust your home-brew privacy CA not to issue identity certificates without having seen a valid hardware-endorsement key if they care about preventing virtualization for the privacy or security of some network application. Also, they seem to take explicit steps to prevent you getting multiple privacy CA certificates on the same identity key. (I'm not sure why.) It seems like a bad thing as it forces you to trust just one CA, it prevents web of trust which
Re: trade-offs of secure programming with Palladium (Re: Palladium: technical limits and implications)
Adam Back writes: So there are practical limits stemming from realities to do with code complexity being inversely proportional to auditability and security, but the extra ring -1, remote attestation, sealing and integrity metrics really do offer some security advantages over the current situation. You're wearing your programmer's hat when you say that. But the problem isn't programming, but is instead economic. Switch hats. The changes that you list above may or may not offer some security advantages. Who cares? What really matters is whether they increase the cost of copying. I say that the answer is no, for a very simple reason: breaking into your own computer is a victimless crime. In a crime there are at least two parties: the victim and the perpetrator. What makes the so-called victimless crime unique is that the victim is not present for the perpetration of the crime. In such a crime, all of the perpetrators have reason to keep silent about the comission of the crime. So it will be with people breaking into their own TCPA-protected computer and application. Nobody with evidence of the crime is interested in reporting the crime, nor in stopping further crimes. Yes, the TCPA hardware introduces difficulties. If there is way around them in software, then someone need only write it once. The whole TCPA house of cards relies on no card ever falling down. Once it falls down, people have unrestricted access to content. And that means that we go back to today's game, where the contents of CDs are open and available for modification. Someone could distribute a pile of random bits, which, when xored with the encrypted copy, becomes an unencrypted copy. -- -russ nelson http://russnelson.com | Crynwr sells support for free software | PGPok | businesses persuade 521 Pleasant Valley Rd. | +1 315 268 1925 voice | governments coerce Potsdam, NY 13676-3213 | +1 315 268 9201 FAX |
Re: status of various projects?
On Wed, 2002-08-14 at 10:58, Miles Fidelman wrote: It seems like a lot of interesting projects haven't been active for a while - notably Free Haven and Eternity Usenet. Where is the most active work, these days, on distributed publishing systems? Try Mnet (http://mnet.sf.net/). It's the continuation of the Mojo Nation code base. We are close to a stable release (0.5.1), but there are a lot of known bugs that we are leaving in the system (because we are rewriting the code that the bugs are found in). Our main goal for the next release is to make it easier for new coders to understand what's going on under the hood. That and replacing the single point of failure metatracker system with a distributed hash table. The old mojo token based system is no longer in use, but we hope to replace it with an OpenDBS based system, or a stamp based system. myers
Re: Overcoming the potential downside of TCPA
Joe Ashwood writes: Actually that does nothing to stop it. Because of the construction of TCPA, the private keys are registered _after_ the owner receives the computer, this is the window of opportunity against that as well. Actually, this is not true for the endoresement key, PUBEK/PRIVEK, which is the main TPM key, the one which gets certified by the TPM Entity. That key is generated only once on a TPM, before ownership, and must exist before anyone can take ownership. For reference, see section 9.2, The first call to TPM_CreateEndorsementKeyPair generates the endorsement key pair. After a successful completion of TPM_CreateEndorsementKeyPair all subsequent calls return TCPA_FAIL. Also section 9.2.1 shows that no ownership proof is necessary for this step, which is because there is no owner at that time. Then look at section 5.11.1, on taking ownership: user must encrypt the values using the PUBEK. So the PUBEK must exist before anyone can take ownership. The worst case for cost of this is to purchase an additional motherboard (IIRC Fry's has them as low as $50), giving the ability to present a purchase. The virtual-private key is then created, and registered using the credentials borrowed from the second motherboard. Since TCPA doesn't allow for direct remote queries against the hardware, the virtual system will actually have first shot at the incoming data. That's the worst case. I don't quite follow what you are proposing here, but by the time you purchase a board with a TPM chip on it, it will have already generated its PUBEK and had it certified. So you should not be able to transfer a credential of this type from one board to another one. The expected case; you pay a small registration fee claiming that you accidentally wiped your TCPA. The best case, you claim you accidentally wiped your TCPA, they charge you nothing to remove the record of your old TCPA, and replace it with your new (virtualized) TCPA. So at worst this will cost $50. Once you've got a virtual setup, that virtual setup (with all its associated purchased rights) can be replicated across an unlimited number of computers. The important part for this, is that TCPA has no key until it has an owner, and the owner can wipe the TCPA at any time. From what I can tell this was designed for resale of components, but is perfectly suitable as a point of attack. Actually I don't see a function that will let the owner wipe the PUBEK. He can wipe the rest of the TPM but that field appears to be set once, retained forever. For example, section 8.10: Clear is the process of returning the TPM to factory defaults. But a couple of paragraphs later: All TPM volatile and non-volatile data is set to default value except the endorsement key pair. So I don't think your fraud will work. Users will not wipe their endorsement keys, accidentally or otherwise. If a chip is badly enough damaged that the PUBEK is lost, you will need a hardware replacement, as I read the spec. Keep in mind that I only started learning this stuff a few weeks ago, so I am not an expert, but this is how it looks to me.
You deserve a vacation
We are strongly against sending unsolicited emails to those who do not wish to receive our special mailings. You have opted in to one or more of our affiliate sites requesting to be notified of any special offers we may run from time to time. We also have attained the services of an independent 3rd party to overlook list management and removal services. This is NOT unsolicited email. If you do not wish to receive further mailings, please click this link . Please accept our apologies if you have been sent this email in error. We honor all removal requests 5
RE: trade-offs of secure programming with Palladium (Re: Palladiu m: technical limits and implications)
Russell Nelson[SMTP:[EMAIL PROTECTED]] writes: You're wearing your programmer's hat when you say that. But the problem isn't programming, but is instead economic. Switch hats. The changes that you list above may or may not offer some security advantages. Who cares? What really matters is whether they increase the cost of copying. I say that the answer is no, for a very simple reason: breaking into your own computer is a victimless crime. In a crime there are at least two parties: the victim and the perpetrator. What makes the so-called victimless crime unique is that the victim is not present for the perpetration of the crime. In such a crime, all of the perpetrators have reason to keep silent about the comission of the crime. So it will be with people breaking into their own TCPA-protected computer and application. Nobody with evidence of the crime is interested in reporting the crime, nor in stopping further crimes. [...] Russ: Take off your economic hat, and try on a law-enforcement one. With DMCA, etal, the tools to get around TCPA's taking of your right to use your property as you please have been criminalized. (Don't argue that TCPA will always be voluntary. I don't beleive that). I have little patience with arguments which say 'Yeah, they can make X against the law, but clever people like me can always get around it, and won't get caught, so I don't care.' Maybe you can, some of the time, but that's not the point. Most people won't, either because it's too hard, they don't know what they've lost, or because of a misplaced respect for the whims of The Men with Guns. This is not a Good Thing. A freedom to skulk in the shadows, hoping not to be noticed, is not the legacy I wish to leave behind. Peter Trei
Re: 2seks
Hic bir yerde bulup izleyemeyeceginiz icerigi size http://www.2seks.com sunuyor. TURK VE AVRUPALI AMATOR KIZLAR BULGAR KIZLARI ROMEN HATUNLAR TURK TECAVUZ FILMLERI KIZLAR YURDU ALMANYA'NIN SAPIK HATUNLARI OTELDEKI GIZLI KAMERALAR VE DAHASI... Hepsi orjinal ve kaliteli kayitlar. Hemen giris yapin ve tadini cikartin http://www.2seks.com
Re: 2seks
Hic bir yerde bulup izleyemeyeceginiz icerigi size http://www.2seks.com sunuyor. TURK VE AVRUPALI AMATOR KIZLAR BULGAR KIZLARI ROMEN HATUNLAR TURK TECAVUZ FILMLERI KIZLAR YURDU ALMANYA'NIN SAPIK HATUNLARI OTELDEKI GIZLI KAMERALAR VE DAHASI... Hepsi orjinal ve kaliteli kayitlar. Hemen giris yapin ve tadini cikartin http://www.2seks.com
Hundreds of lenders compete for you
Title: Get A Mortgage Today Now you can have HUNDREDS of lenders compete for your loan! Refinancing New Home Loans Debt Consolidation Debt Consultation Auto Loans Credit Cards Student Loans Second Mortgage Home Equity Dear Homeowner, Interest Rates are at their lowest point in 40 years! We help you find the best rate for your situation by matching your needs with hundreds of lenders! Home Improvement, Refinance, Second Mortgage, Home Equity Loans, and More! Even with less than perfect credit! This service is 100% FREE to home owners and new home buyers without any obligation. Just fill out a quick, simple form and jump-start your future plans today! Click Here To Begin Go here to be taken off
YOU CAN OWN AN ADULT SITE AND MAKE HUGE £££/$$$ 6082dOCs9-767dfNF0563epzi0-178-28
My name is PEGGY and I live in Switzerland.I just want to propose a business opportunity to you in the millionaire Adult Industry. FACTS: · I have earn $3 750 up to now and I can send you my profit stats for you to see. · If you are not a sex surfer you can approach this just as a business opportunity without ever looking at the adult content. · You will earn 50% recurring commissions and you will receive your check twice a month. · This is an established, highly reputable company, with 6 years experience running adult web sites online. They are debt free, listed on Dun Bradstreet and specialize in allowing you to cash in FAST and EASILY on the exploding online adult entertainment business without any experience other than surfing the web. I OFFER: · Complete support for you to replicate my work in order to have the same results · If you become a member I will give you my phone number, address and personal e-mail address for a perfect contact · The links to the tools I use to promote If you are interested just e-mail me to [EMAIL PROTECTED] with MORE INFO in the subject line, or REMOVE if you prefer to be removed from my mailing list. 1439SZIf0-277aIgD1760quRf6-833cNIL0972zDDR5-477WaQw2388zDPL6-976KOtG5094l68
TCPA hack delay appeal
It seems that there is (a rather brilliant) way to bypass TCPA (as spec-ed.) I learned about it from two separate sources, looks like two independent slightly different hacks based on the same protocol flaw. Undoubtedly, more people will figure this out. It seems wise to suppress the urge and craving for fame and NOT to publish the findings at this time. Let them build the thing into zillion chips first. If you must, post the encrypted time-stamped solution identifying you as the author but do not release the key before TCPA is in many, many PCs.
Re: TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)
On Thu, 15 Aug 2002, Adam Back wrote: Summary: I think the endorsement key and it's hardware manufacturers certificate is generated at manufacture and is not allowed to be changed. Changing ownership only means (typically) deleting old identities and creating new ones. Are there 2 certificates? One from the manufacturer and one from the privacy CA? - endorsement key generation and certification - There is one endorsement key per TPM which is created and certified during manufacture. The creation and certification process is 1) create endorsement key pair, 2) export public key endorsement key, 3) hardware manufacturer signs endorsement public key to create an endorsement certificate (to certify that that endorsement public key belongs to this TPM), 4) the certificate is stored in the TPM (for later use in communications with the privacy CA.) So finding the manufacturers signature key breaks the whole system right? Once you have that key you can create as many fake TPM's as you want. TPM can be reset back to a state with no current owner. BUT _at no point_ does the TPM endorsement private key leave the TPM. The TPM_CreateEndorsementKeyPair function is allowed to be called once (during manufacture) and is thereafter disabled. But it's easier to manufacture it by burning fuse links so it can't be read back - ala OTP. so the manufacturer could have a list of every private key (just because they aren't supposed to doesn't prevent it.) It still meets the spec - the key never leaves the chip. - identity keys - Then there is the concept of identity keys. The current owner can create and delete identities, which can be anonymous or pseudonymous. Presumably the owner would delete all identity keys before giving the TPM to a new owner. The identity public key is certified by the privacy CA. - privacy ca - The privacy CA accepts identity key certification requests which contain a) identity public key b) a proof of possession (PoP) of identity private key (signature on challenge), c) the hardware manufacturers endorsement certificate containing the TPM's endorsement public key. The privacy CA checks whether the endorsement certificate is signed by a hardware manufacturer it trusts. The privacy CA sends in response an identity certificate encrypted with the TPM's endorsement public key. The TPM decrypts the encrypted identity certifate with the endorsement private key. How does the CA check the endorsement certificate? If it's by checking the signature, then finding the manufacturer's private key is very worthwhile - the entire TCPA for 100's of millions of computers gets compromised. If it's by matching with the manufacturer's list then anonymity is impossible. Thanks for the analysis Adam. It seems like there are a couple of obvious points to attack this system at. I would think it's easy to break for a large enough government. Patience, persistence, truth, Dr. mike
Create a PAYCHECK with you COMPUTER
You get emails every day, offering to show you how to make money. Most of these emails are from people who are NOT making any and they expect you to listen to them? Enough. If you want to make money with your computer, then you should hook up with a group that is actually DOING it. We are making a large, continuing income every month. What's more we will show YOU how to do the same thing. This business is done completely by internet and email, and you can even join for free to check it out first. If you can send an email, you can do this. No special skills are require. How much are we making? Below are a few examples. These are real people, and most of them work at this business part-time. But keep in mind, they do WOEK at it - I am not going to insult your intelligence by saying you can sign up, do no work and rake in the cash. That kind of job does not exist. But if you are willing to put in 10 - 12 hours per week, this might just be the thing you are looking for. N. Gallagher; $3000 per month T. Hopkins; $1000 per month S. Johnson; $6000 - $7000 per month V. Patalano; $2000 per month M. South; $5000 per month J. Henslin; $7000 per month This is not income that is determined by luck, or work that is done FOR you - it is all based on your effort. But, as I said there are no special skills required. This income is real meaning that it continues each month (and it tends to increase each month also). Interested? I invite you to find out more. You can get in as a free member, at no cost, and no obligation to continue if you decide it is not for you. We are just looking for people who have that burning desire to find an opportunity that will pay them incredibly well, if they work at it. To grab a FREE ID#, simply reply to: [EMAIL PROTECTED] and write this phrase; Email me details about the club's business and consumer opportunities. Be sure to include your; 1. First name 2. Last name 3. Email address (if different from above) We will confirm your position and send you a special report as soon as possible, and also your free Member Number. That's all there is to it. We'll then send you info, and you can make up your own mind. Looking forward to hearing from you! Sincerely, Esther Rodriguez P.S. After having several negative experiences with network marketing companies I had pretty much given up on them. This is different - there is value, integrity, and a REAL opportunity to have your own home-based business . And finally make real money on the Internet. Don't pass this up. . You can sign up and test - drive the program for FREE. All you need to do is get your free Membership. Unsubscribe: Send a blank email to: [EMAIL PROTECTED] Remove in the subject line. 5966csiZ3-051aPNd7987bpKq1-077MeBc15l34
Consider this if you will.
Consider this: An inarticulate, politically inexperienced man with family links to a previous national regime comes to provincial leadership. Subsequently he gains the highest national office without winning the popular vote. The election in which he was declared the victor is considered compromised by his brother's province. He appoints a chief law enforcement officer who has repeatedly called for constitutional revisions. Regulatory agencies are filled with those previously regulated. Soldiers patrol transportation centers. International treaties are abrogated. International legal organizations are shunned. Roles of police and military are blurred. Law enforcement agencies are centralized. Individual civil rights are reduced. A shadow government is created. Domestic surveillance is increased. People are encouraged to spy on each other. Military budgets are increased. The military establishes a disinformation program. Media access to government is limited. Consultations with the legislative branch decline. Connections to corrupt corporate sponsors are disavowed. Efforts to further plunder natural resources for profit are initiated. Access to past administrations' documents is limited. A war mentality is established with imprecise enemies. Nebulous fear- inducing alerts are periodically released. National level profiling is introduced. People are imprisoned without public charges and unknown others are disappeared. http://www.indymedia.org/front.php3?article_id=198145group=webcast Don't mention the war.
Re: TCPA hack delay appeal
Well, it's probably safer to publish the hack anonymously and see if it withstands counter-hacking. Could be Microsoft is baiting and waiting for just such attacks. The giant might even leak and spread a few itself in order to shoot them down, to boost its eye-mote credibility. Send the hack to Cryptome anonymously if there's no better way to test its effectiveness. Keeping snakeoil secret is a sure way to uncontested success, aka the way of Redmond.
Re: TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)
I think a number of the apparent conflicts go away if you carefully track endorsement key pair vs endorsement certificate (signature on endorsement key by hw manufacturer). For example where it is said that the endorsement _certificate_ could be inserted after ownership has been established (not the endorsement key), so that apparent conflict goes away. (I originally thought this particular one was a conflict also, until I noticed that.) I see anonymous found the same thing. But anyway this extract from the CC PP makes clear the intention and an ST based on this PP is what a given TPM will be evaluated based on: http://niap.nist.gov/cc-scheme/PPentries/CCEVS-020016-PP-TPM1_9_4.pdf p 20: | The TSF shall restrict the ability to initialize or modify the TSF | data: Endorsement Key Pair [...] to the TPM manufacturer or designee. (if only they could have managed to say that in the spec). Adam -- http://www.cypherspace.org/adam/
Apply For a Cell Phone And Get a FREE VACATION!!!
Title: Free Phone Search You have signed up with one of our network partners to receive email providing you with special offers that may appeal to you. If you do not wish to receive these offers in the future, reply to this email with "unsubscribe" in the subject or simply click on the following link: Unsubscribe
employment market for applied cryptographers?
On the employment situation... it seems that a lot of applied cryptographers are currently unemployed (Tim Dierks, Joseph, a few ex-colleagues, and friends who asked if I had any leads, the spate of recent security consultant .sigs, plus I heard that a straw poll of attenders at the codecon conference earlier this year showed close to 50% out of work). Are there any more definitive security industry stats? Are applied crypto people suffering higher rates of unemployment than general application programmers? (From my statistically too small sample of acquaintances it might appear so.) If this is so, why is it? - you might think the physical security push following the world political instability worries following Sep 11th would be accompanied by a corresponding information security push -- jittery companies improving their disaster recovery and to a lesser extent info sec plans. - governments are still harping on the info-war hype, national information infrastructure protection, and the US Information Security Czar Clarke making grandiose pronouncements about how industry ought to do various things (that the USG spent the last 10 years doing it's best to frustrate industry from doing with it's dumb export laws) - even Microsoft has decided to make a play of cleaning up it's security act (you'd wonder if this was in fact a cover for Palladium which I think is likely a big play for them in terms of future control points and (anti-)competitive strategy -- as well as obviously a play for the home entertainment system space with DRM) However these reasons are perhaps more than cancelled by: - dot-com bubble (though I saw some news reports earlier that though there is lots of churn in programmers in general, that long term unemployment rates were not that elevated in general) - perhaps security infrastructure and software upgrades are the first things to be canned when cash runs short? - software security related contract employees laid off ahead of full-timers? Certainly contracting seems to be flat in general, and especially in crypto software contracts look few and far between. At least in the UK some security people are employed in that way (not familiar with north america). - PKI seems to have fizzled compared to earlier exaggerated expectations, presumably lots of applied crypto jobs went at PKI companies downsizing. (If you ask me over use of ASN.1 and adoption of broken over complex and ill-defined ITU standards X.500, X.509 delayed deployment schedules by order of magnitude over what was strictly necessary and contributed to interoperability problems and I think significantly to the flop of PKI -- if it's that hard because of the broken tech, people will just do something else.) - custom crypto and security related software development is perhaps weighted towards dot-coms that just crashed. - big one probably: lack of measurability of security -- developers with no to limited crypto know-how are probably doing (and bodging) most of the crypto development that gets done in general, certainly contributing to the crappy state of crypto in software. So probably failure to realise this issue or perhaps just not caring, or lack of financial incentives to care on the part of software developers. Microsoft is really good at this one. The number of times they re-used RC4 keys in different protocols is amazing! Other explanations? Statistics? Sample-of-one stories? Adam -- yes, still employed in sofware security industry; and in addition have been doing crypto consulting since 97 (http://www.cypherspace.net/) if you have any interesting applied crypto projects; reference commissions paid.
Fw: A faster test for PRIMALITY?
- Original Message - From: Gary Jeffers [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 14, 2002 5:47 PM Subject: Fw: A faster test for PRIMALITY? - Original Message - From: Gary Jeffers [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 13, 2002 9:25 PM Subject: A faster test for PRIMALITY? My fellow Cypherpunks, Lucky Green says: AFICT, the proposed algorithm is for a test for primality and does not represent an algorithm to factor composites. Well, pardon me! I was in a hurry and should have proof read. As a save, however, I did put a question mark at the end :-) Yours Truly, Gary Jeffers Beat State!!! And the other oppressors.
Re: TCPA not virtualizable during ownership change
-- On 15 Aug 2002 at 15:26, AARG! Anonymous wrote: Basically I agree with Adam's analysis. At this point I think he understands the spec equally as well as I do. He has a good point about the Privacy CA key being another security weakness that could break the whole system. It would be good to consider how exactly that problem could be eliminated using more sophisticated crypto. Lucky claims to have pointed this out two years ago, proposed more sophisticated crypto, and received a hostile reception. Which leads me to suspect that the capability of the powerful to break the system is a designed in feature. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG JjoH8U8qZ1eOdT/yGjfV7Xz9andBZPeYWaOLC+NP 2/OJG2MZSnAqcyuvUsNZTsQAcffGGST6LJ7e9vFbK
.. the productive and most profitable way to organize is to disintegrate.
The Declustering of America: With the new telecommunications technology, it is increasingly easy for a firm to operate in a dispersed manner. Although only really discussing geography, I find articles like this fascinating, of course, because today are living early forms of the next company described by Peter Drucker: By now the new information technology Internet and e-mail have practically eliminated the physical costs of communications. This has meant that the most productive and most profitable way to organize is to disintegrate. 6:36:27 AM http://www.ozzie.net/blog/
Re: TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)
I arrived at that decision over four years ago ... TCPA possibly didn't decide on it until two years ago. In the assurance session in the TCPA track at spring 2001 intel developer's conference I claimed my chip was much more KISS, more secure, and could reasonably meet the TCPA requirements at the time w/o additional modifications. One of the TCPA guys in the audience grossed that I didn't have to contend with the committees of hundreds helping me with my design. There are actually significant similarities between my chip and the TPM chips. I'm doing key gen at very first, initial power-on/test of wafer off the line (somewhere in dim past it was drilled into me that everytime something has to be handled it increases the cost). Also, because of extreme effort at KISS, the standard PP evaluation stuff gets much simpler and easier because most (possibly 90 percent) of the stuff is N/A or doesn't exist early ref: http://www.garlic.com/~lynn/aadsm2.htm#staw or refs at (under subject aads chip strawman): http://www.garlic.com/~lynn/index.html#aads brand other misc. stuff: http://www.asuretee.com/ random evauation refs: http://www.garlic.com/~lynn/aadsm12.htm#13 anybody seen (EAL5) semi-formal specification for FIPS186-2/x9.62 ecdsa? http://www.garlic.com/~lynn/2002j.html#86 formal fips186-2/x9.62 definition for eal 5/6 evaluation [EMAIL PROTECTED] on 8/15/2002 6:44 pm wrote: I think a number of the apparent conflicts go away if you carefully track endorsement key pair vs endorsement certificate (signature on endorsement key by hw manufacturer). For example where it is said that the endorsement _certificate_ could be inserted after ownership has been established (not the endorsement key), so that apparent conflict goes away. (I originally thought this particular one was a conflict also, until I noticed that.) I see anonymous found the same thing. But anyway this extract from the CC PP makes clear the intention and an ST based on this PP is what a given TPM will be evaluated based on: http://niap.nist.gov/cc-scheme/PPentries/CCEVS-020016-PP-TPM1_9_4.pdf p 20: | The TSF shall restrict the ability to initialize or modify the TSF | data: Endorsement Key Pair [...] to the TPM manufacturer or designee. (if only they could have managed to say that in the spec). Adam -- http://www.cypherspace.org/adam/
au PROMIS
Searched the web for police realtime online management system. Results 1 - 10 of about 2,740. Search took 0.23 seconds. Rapport de l'OICS pour 2001 - Table des matières- [Translate this page ] ... PNUCID Programme des Nations Unies pour le contrôle international des drogues PROMIS Police Realtime Online Management Information System (Australie) SADC ... www.incb.org/f/ar/2001/menu.htm - 18k - Cached - Similar pages Informe de la JIFE de 2001 - Índice- [Translate this page ] ... PNUFID Programa de las Naciones Unidas para la Fiscalización Internacional de Drogas PROMIS Police Realtime Online Management Information System (Australia ... www.incb.org/s/ar/2001/menu.htm - 18k - Cached - Similar pages [ More results from www.incb.org ] July 1996 - Technology Snapshot ... Local police and sheriffs' departments in Louisiana now ... access to the Louisiana Law Enforcement Management System, ... to implement CAD/Partner, a realtime, online ... www.govtech.net/magazine/gt/1996/ july/snapjuly/snapjuly.phtml - 20k - Cached - Similar pages May 1997 - Raising Highway IQ ... general office, Emergency Management Agency, State Police, ... will be able to obtain realtime, online ... system, a relational database management system, realtime ... www.govtech.net/magazine/gt/1997/may/may1997-raisinghighwayiq/ may1997-raisinghighwayiq.phtml - 24k - Cached - Similar pages [ More results from www.govtech.net ] Intelligent Enterprise Magazine - Smarter, Faster, More ... ... of an overall effort by the state to provide online ... by defrauders, Target hopes to profit handsomely from realtime, ... The West Midlands, UK, Police Department. ... www.intelligententerprise.com/ 011004/415smarter1_2.shtml - 27k - Cached - Similar pages Enterprise Systems | Past Issues Archive ... logistics and procurement functions for all Royal Canadian Mounted Police assets ... An Online Transaction Processing (OLTP) allows realtime management ... www.esj.com/back_issues/toc.asp?MON=11YR=2000 - 35k - Cached - Similar pages News - Global Telematics Announces 100th Order for Online Vehicle ... ... Global Telematics announces 100th order for online ... fleet markets, including local authorities and police, ... include vehicle and equipment load tracking, realtime ... www.itsa.org/ITSNEWS.NSF/4e0650bef6193b3e852562350056a3a7/ 0872c3daee4e54b885256a6a0066ea61?OpenDocument - 12k - Cached - Similar pages SchlumbergerSema | Public Sector: Criminal Justice Management ... The movement and management of secure ... are part of this new system and ... Commission; Lord Chancellor's Department; Police ... www.slb.com/Hub/Docs/SchlumbergerSema/ publicsector/cjm2001/cjm2001.htm - 30k - 15 Aug 2002 - Cached - Similar pages [RTF]Title File Format: Rich Text Format - View as HTML ... Development Environment. NATURAL. Core Applications. Interfaces. Online feed to ... PROMIS - Police Realtime Management System. Interfaces. Issues. Have approval to be ... www.law.gov.au/crimtrac/app5.rtf - Similar pages
seized computers case.
http://www.eastsidejournal.com/sited/story/html/101835 Police must return library computers 2002-08-14 by Nora Doyle Journal Reporter SEATTLE -- A U.S. District Court judge said Tuesday that Kent police must return the two computers they took from the Kent library without a search warrant. In taking the computers, police did irreparable harm to both privacy and property rights, said Judge Marcia Pechman.
Jim Bell system 2.
http://www.anti-state.com/vroman/vroman9.html The Jim Bell System Revisited by Robert Vroman Ed. note: This article reflects the views of the author ONLY, not the editors. We have no official opinion whatsoever on the Jim Bell System, aka Assassination Politics. Please see Robert Vroman's original AP article, as well as both Bob Murphy's and Adam Young's response. Let me re-emphasize that I have neither the knowledge nor the will to implement this system. I certainly don't like the State, but I would rather concentrate my energies on constructive rather than destructive solutions. That said, I still think governments everywhere are going to be staring down the barrel of an encrypted gun in the near future, and this article attempts to explain why, in response to numerous objections received since my last article. I also want to point out some areas where I think Jim Bell is completely off base. First of all, his insistence that AP is somehow residing in a loophole of the American legal system that only he is aware of, is absurd, as rightly pointed out by many of his critics. I have no delusions that AP would somehow survive its day in court or that even if, due to some arcane technicality, AP is a legal enterprise that that would stop the State from pursuing it relentlessly. Furthermore, I am mystified by Bell's fascination with confrontation and martyrdom (as exemplified by his personal life) and do not think AP will be started by the self sacrificing, or that it's even necessarily a good idea to have that mindset when designing the system. Bell also overestimates the enthusiasm that ordinary people will have for AP by a long shot. I still have reasons to believe there will sufficient customers, but they are not going to be primarily heartland regular Joes, who Bell envisions watching AP's deadly progress with amusement. Bell also gives some slightly cockeyed responses to a number of the objections to his invention. In fact really the main thing I take away from his writing is the system itself, not necessarily any of his justifications. My friend and business partner, Bob Murphy presented some powerhouse arguments against my pet theory in our recent columnist debate over the infamous Assassination Politics concept. I contend that under closer examination, his insightful questions can be answered satisfactorily. Additionally, Adam Young has presented a thoroughly researched historical analysis against AP, which I will address first. Young has three main points. First, that assassination has been ineffectual in the past for destroying states. Second, assassinations will instead create a backlash against anarchism by government and citizens alike. Third he does not like the moral implications of the very likely possibility of collateral damage from sloppy AP prize-hunters, given the relatively poor caliber of historical attempts. The first point, despite all its exhaustive research, is I'm afraid to say, totally erroneous, because the mechanism by which AP kills its victims is fundamentally different then assassination campaigns of the past. I am not at all surprised to read that a handful of suicidal ideologues gunning down a few unlucky aristocrats failed to exorcise the nation state. Assume for the moment that AP's basic functions materialize (I will get to Murphy's objections later). The pool of assassins has instantaneously expanded from only insane political extremists, to every single violent opportunist in the world who can access a computer. AP represents a veritable full scale war against the State, fought by the scum of society and funded by every partisan malcontent across the political spectrum. A dozen assassinations per century is certainly not going to give any politicians second thoughts about their career choice, any more than the dozen or so plane hijackings in the past 50 years makes me nervous seeing a turban in business class. However, logically speaking there must be some tipping point at which the body count is the most pressing statistic a politician has in mind. AP will surpass this tipping point, where history's basket case revolutionaries were doomed to fail. The State will of course respond in nasty ways, but inevitably these will prove ineffective in the face of an impenetrable network supporting a sustained and wide spread offensive. Secondly, Young fears that AP will re-enforce the stereotype of anarchists as the 19th century mad bomber and 20th century Starbucks arsonist. This will then erase any chance of our winning hearts and minds via soul stirring online essays, and worst of all, get the lot of us gulagged. What he fails to realize is the absolute lack of a reason for there to be any connection between anarchists and AP. If AP were actually launched, I for one would certainly not be publicly cheering it on (I probably wouldn't even risk staying in the country, having written this article). The
Millicent Ghetto
http://www.generossextreme.com/Whack Attack 16: Sweet Ass Butt Kisses Kinky D. Tom Byron. Ashley Blue, Veronica Caine, Nikita Denise, Kinky, Savanna Rain, Brooke Daze The opening montages are working better than ever, but as he winds up the lest leg of his illustrious sexual world tour, Tom Byron couldn't go out with a bang better than the one he gets with the team of Kinky and Nikita Denise. In a scene that establishes both blistering genital and ass-to-mouth contact ratio, the ladies join forces to give the Icon's arsehole the tongue bath of its life. And for most guys being played for a butt trumpet would be a pleasant enough way of ending a day- akin to settling back in a rocking chair with a tall mint julep on the veranda at sunset. But because he's not a plantation owner but a video company owner with a pressing new release schedule, Byron's hot footing it in Denise's snatch splitting the beard and fucking her accent loose prio to taking a whack at Kinky's vowels and syllables. The British lass is first to get it in the ass as Nikita laps the residue off Byron's cock between strokes. Kinky reciprocates when it's Nikita's turn for a crowbar in the ass. And for the pop shot, both girls have their eager tongues out. Besides offering the viewer one of the last opportunities he'll have of watching a legendary craftsman at work in a woman's rectum, what makes this tape particularly noteworthy is the fact that Brooke no show Daze and hers actually showed up for it. Yes, it's true. No mistaking the Tiffany Mynx resemblance, Daze resides in the flesh and Dale Dabone resides in her ass before all's said and done. A lusty pile driver with Dale taking the shit chute to cocoa town highlights a pairing that caps with another ass to mouth finisher. Very pretty with an asshole as wholesome as her face, Ashley Blue's the leadoff girl in this sparking ensemble. Although Blue's tits are near to non existent, it's her trimmed vagina that Mark Davis is cuddling up to. Then, with a throttling choke hold, Davis is all romance as he handles her basically like a marionette on Quaaludes. Ashley displays an unbridled vocal enthusiasm for having her snatch French kissed. And with more love and kisses in the offing, Mark spits down her throat and fucks her esophagus. Their anal time together is also considerable with penis-to-mouth love very much a part of the goodwill vibe. No stranger to a man being in her ass, or, for that fact, many strangers being in her ass, Veronica Caine and Joey Ray re-enact the bun fight at the BM corral. Like a man on a mission, the mission being one of excavating a new shit hole, Joey runs some major cable through Veronica their best statement being a side saddler with a rim-to-maw finale. Savanna Rain, who opts for a black evening dress, warns Lee Stone that she's got a tight ass which is like warning a huge hand about a small glove. Nevertheless Lee makes it fit and Rain's got to quit but only after some wincing gestures, a great pile driver and another ATM puts any chance of Rain having second thoughts out of the way. The Porn Industry is a Dirty Business From the Palm Beach Post: Six weeks into her new job, Jessica Lee is still giddy with her good fortune. I work three to five hours a day naked at home, says Lee, 24, a UCLA grad living in Miami. I can't believe the money. Lee claims she's making $2,000 a day as an entry-level Internet porn star. For more read: http://www.gopbi.com/partners/pbpost/epaper/editions/thursday/accent_d395587185f5426700c2.html
Netdog to porn valley intercept.
JoJo Rufus Writes: I'm the owner of a rather large paysite and always wanted to get my head in the door to those people out in Porn Valley. Until I went to Internext in Florida. I was invited to an invite-only party with some of the bigger names on the Internet. We're talking people who run massive paysites scaling millions of dollars a year, tremendous TGP players, PHP programmers, traffic masters, AVS marketers. Everyone is lowkey and real. They're just like average people yet wear Rolex watches but drink domestic beer. Then I realize how fucked up porn people really are. All I ever hear in the Valley are all these motherfuckers whining and complaining and bitching and moaning. This guy ripped me off, my distributor is taking too much of a cut, I never have enough money, maybe I'll make some money by referring this whore I picked up in Palmdale. It's funny. Nobody ever has any money. And I'll tell you why. For a person to start a new venture and try to set up and own his own titles, you have about as fat a chance of making money than a clam trying to grow a pearl. You know why? Cause you'll never get paid. Term deals? Great! There are really only a few talented filmmakers who have enough talent to create good product without dishing out a bunch of generic crap. Everything's been done. Meanwhile, the boys who are ruling the Internet are fucking liquid. They have cash. And they have the cash to go after the biggest and brightest people. They don't deal with these fuckups in porn who flunk out of company after company and somehow always land a job. Chuck Martino. Kid Vegas. John T. Bone. The list goes on and on. You know why? The Internet requires skills and accountability. Porn Valley has nothing but a bunch of backstabbing cunts with IQs of room temperature trying to figure out how they can skim off the top. But guess what? You rip someone off and it fucking lasts. Also, you shoot a brand new girl on the Internet and it's up that day. You shoot a brand new girl on video and it's up in a few months but who cares. She's on the box of a dozen titles to boot. How new is that? The immediacy is what matters. Shoot with the Net in mind. Don't pigeonhole yourself into thinking about measly video distribution. So you sell 1000 units out the door if you're lucky. Half the distributors don't pay you on time. You have to beg, borrow and steal. Then you wait. Meanwhile you ain't got enough money to pay rent and you're left eating cheese and crackers like some starving Third World buffoon. You are fucking stuck. The Internext tells us one thing. If you don't embrace the net, you are doomed. Like when people didn't embrace the VCR. Or the camcorder. Or DVDs. But guess what? The Internet requires a hell of alot more skills that those past technological advances and, of course, Porn Valley tends to attract scumbags. Ain't that about a bitch.
Mike Allen back in the news.
For being a dipshit of course...Scooped AVN: Cincinnati Couple Go to Trial August 19 Remember what I said a couple of days ago what was going to happen in Cincinnati in wake of adult movies being pulled from pay-per-view. I'm sure we'll be seeing more of the following cases with attorney Lou Sirkin working overtime: This time a Cincinnati couple- Jennifer Dute, 31, and her husband Alan, 61 will be going to trial next week. The Dutes were indicted by a Hamilton County grand jury this past April on four counts of pandering obscenity, charges that carry a maximum sentence of four years in prison. Their company, AJ Specialty, also was indicted on four counts of pandering obscenity and faces a maximum fine of $40,000. The search warrant was served March 21. Hamilton County Prosecutor Mike Allen said the pair sold pornographic videos by mail despite a court order prohibiting such sales to or from Hamilton County. Authorities said sales were made Feb. 11, March 4, March 7, and March 21. Officials said the Dutes pleaded guilty to similar charges three years ago. In 1999, Jennifer Dute faced two counts of pandering obscenity and a possible three years in jail. At that time she was accused of starring in two videos Jennifer 2 and Jennifer 3 and then marketing them on a Web site and in a local newspaper, Everybody's News- now defunct. Prosecutor Mike Allen said the Hamilton County Sheriff's office investigated the case and purchased copies of the videos. Allen said investigators determined they may violate community standards for obscenity. Dute avoided going to prison when she swore she'd never again sell her home-made porn tapes in or from Hamilton County. But Hamilton County officials say she lied because they bought more home-made porn tapes - starring the 31-year-old Ms. Dute - from her Anderson Township home at least four times in February and March. Allen was the brains trust behind the great professor rat hunt of 2001.
TIPS San diego style.
Dave Cummings posts: If any of you have involved any government authorities in any aspect of the past emails from pornstar hater, zodia killer (aka: bryan sullivan?), please let FBI Special Agent Mike Wagoner at the San Diego FBI office (858-499-7736) know so that he can contact those agencies and integrate information and coordinate with them on any ongoing investigations the San Diego FBI has now opened an active investigation into the below email, and others of a threatening nature that seem of concern to them. I've advised FBI Agent Wagoner that there was a posting a few months ago about the St Louis FBI office supposedly having contacted the individual; I also advised him that I reported the below email to the Army's Criminal Investigative Division and Department of Defense, in case war crimes might be involved. And, that my copy of the Chad Luke latter was faxed, as requested by them, to Postal Inspectors (just in case, as some folks have speculated, the letters many of us received might possibly have actually been from bryan sullivan). The FBI asked that I place my letter and envelope into a sealed plastic bag in case it might later be needed for examination for fingerprints and other tracings of evidence--if you still have your copy, you might want to do likewise? If sullivan gets wind of this email, I imagine that there might soon be emails forthcoming from him (possibly disguised as another name/sender?) with disparaging remarks about me; but, though I strongly and wholeheartedly defend his right of free speech and right to voice his opinions, I feel that we all have a responsibility to report info of a possible criminal nature to the authorities. Again, so that the FBI has access to ALL info that might be being processed presently by other agencies, please advise FBI Agent Wagoner of anything you might have initiated--to email him, use [EMAIL PROTECTED] and make the subject For Special Agent Mike Wagoner, or phone him at 858-499-7736 If any of you have received any emails from Mr Sullivan in the last three weeks (I have NOT), would you forward them to me---I'll then forward one copy of each new email to Agent Wagoner (in that way, he's not getting separate emails from many of us, all with the same info). I also advised the FBI that one of the Internet writers might have a copy of the (posted) email Sullivan sent to him regarding the past visit he received from the FBI--they are interested in seeing Sullivan's comments. I gave him the phone number to the writer who probably has it in his files. Dave Gene sez: Coincidentally to the fact, I just received a call from agent Wagoner and will be of assistance in any way possible. Now I have a reason. Person or persons [Sullivan?] is using my name to send viruses to select people in the business.End. As long as the filth is there,why not use the fucks for some honest labor.I have done this myself once when assaulted and its Mongo approved.Mind you APster IS the future of law enforcement.
Sex.com update
Sex.com Saga Continues- At Least for a Couple More Weeks That Gary Kremen, the owner of sex.com will never see the $65 million the courts have awarded him in his legal battles against Stephen Cohen is almost a given. Now Kremen will have to wait a few more weeks to see what the 9th District Court of Appeals will come up with. Kremen yesterday presented a case in San Francisco in which he holds Network Solutions, a division of VeriSign accountable for the whole sex.com mess to begin with. It's Kremen's contention that Network Solutions never bothered to verify Cohen's forged request to transfer the domain from Kremen. Kremen is saying that the largest U.S. domain name registry should be held accountable for an error that put the Internet address in the hands of Cohen, a known con artist. In a hearing before a federal appeals court panel, Kremen's lawyers argued that Network Solutions committed a breach of contract when it failed to verify the forged request. This all could have been prevented with a simple call or e-mail to Mr. Kremen saying: Did you authorize this? said James Wagstaffe, the attorney for Kremen, who's seeking monetary damages. This is Kremen's second try at a court judgment against Network Solutions. Kremen lost the first case in May, 2000 when federal judge James J. Ware in San Jose, California ruled against him basing his decision in part on the fact that at the time Kremen registered the site, in 1994, domains were free. Ware contended that because Network Solutions was offered nothing of value in exchange for its efforts, it not should be held financially liable for its error. But Ware also held Cohen, liable to the tune of $65 million in largely uncollected damages. Cohen's attorneys were also in appellate court Tuesday, seeking to undo that ruling. In yesterday's appellate hearing, attorney Wagstaffe argued that even though Network Solutions didn't get money for registering the domain, it did get personal information about Kremen for its database. Wagstaffe said that should count as something of value. The company was also able to begin charging registrants shortly afterward, having developed its initial database of free registrations. Attorneys for Network Solutions, disagreed rejecting the argument that a domain name's entry in Network Solutions central domain name server, or DNS, constitutes proof of ownership of that Internet address. http://www.generossextreme.com/ Is this guy the matt Drudge of the naughties or what? http://www.newarchitectmag.com/documents/s=2443/na0902f/index.html Study carefully,there will be questions. ICANN of Worms The Internet governing body is short on answers and out of time.
RE: TCPA hack delay appeal
AARG! Wrote: It seems that there is (a rather brilliant) way to bypass TCPA (as spec-ed.) I learned about it from two separate sources, looks like two independent slightly different hacks based on the same protocol flaw. Undoubtedly, more people will figure this out. Hopefully some of those people will not limit themselves to hypothetical attacks against The Spec, but will actually test those supposed attacks on shipping TPMs. Which are readily available in high-end IBM laptops. --Lucky Green
Create A PAYCHECK With Your COMPUTER
Hello You get emails every day, offering to show you how to make money. Most of these emails are from people who are NOT making any money. And they expect you to listen to them? Enough. If you want to make money with your computer, then you should hook up with a group that is actually DOING it. We are making a large, continuing income every month. What's more - we will show YOU how to do the same thing. This business is done completely by internet and email, and you can even join for free to check it out first. If you can send an email, you can do this. No special skills are required. How much are we making? Below are a few examples. These are real people, and most of them work at this business part-time. But keep in mind, they do WORK at it - I am not going to insult your intelligence by saying you can sign up, do no work, and rake in the cash. That kind of job does not exist. But if you are willing to put in 10-12 hours per week, this might be just the thing you are looking for. N. Gallagher: $3000 per month T. Hopkins: $1000 per month S. Johnson: $6000 -$7000 per month V. Patalano: $2000 per month M. South: $5000 per month J. Henslin: $7000 per month This is not income that is determined by luck, or work that is done FOR you - it is all based on your effort. But, as I said, there are no special skills required. And this income is RESIDUAL - meaning that it continues each month (and it tends to increase each month also). Interested? I invite you to find out more. You can get in as a free member, at no cost, and no obligation to continue if you decide it is not for you. We are just looking for people who still have that burning desire to find an opportunity that will reward them incredibly well, if they work at it. To grab a FREE ID#, simply reply to:[EMAIL PROTECTED] and write this phrase: Email me details about the club's business and consumer opportunities Be sure to include your: 1. First name 2. Last name 3. Email address (if different from above) We will confirm your position and send you a special report as soon as possible, and also Your free Member Number. That's all there's to it. We'll then send you info, and you can make up your own mind. Looking forward to hearing from you! Sincerely, Jackie Brunson P.S. After having several negative experiences with network marketing companies I had pretty much given up on them. This is different - there is value, integrity, and a REAL opportunity to have your own home-based business... and finally make real money on the internet. Don't pass this up..you can sign up and test-drive the program for FREE. All you need to do is get your free membership. Unsubscribing: Send a blank email to: [EMAIL PROTECTED] with Remove in the subject line. 9487kwZB7-524uPtX3642FwxG9-046rKJT2577lxnU5-467TWRx7466xMvJ9-446HjNL4l65
A faster test for PRIMALITY.
OK, the following addition is a little cleaner than the 1st edition. My fellow Cypherpunks, Lucky Green says: AFICT, the proposed algorithm is for a test for primality and does not represent an algorithm to factor composites. Well, pardon me! I was in a hurry and should have proof read. As a save, however, I did put a question mark at the end :-) Yours Truly, Gary Jeffers Beat State!!! And the other oppressors.
A faster algorithm for finding primality.
OK, this edition is probably cleaner than the 1st edition. My fellow Cypherpunks, Tim May writes: Faster even than the usual algorithm? The factors of a prime number are 1 and the number itself. Always the gracious one, Tim May takes time out of his busy schedule to assist me. Well, now, I posted quickly and didn't take time to make a neat statement. In a recent post I mentioned that the ? mark is a save. I'll go even further than this! An algorithm attempting to factor a prime would fail. - Thusly, implying primality :-) I believe that I would be literally correct even without the ? :-) And, yes, the factors of a prime are 1 and the number itself. In some circles this is considered trivial. Yours Truly, Gary Jeffers BEAT STATE!!!
Give Mongo his due.
Pay attention to the antitrust angle. I guarantee you that Microsoft believes Pd is a way to extend its market share, not to increase competition Bruce. This was the first thing our resident state hater Mong picked up on.Its would be under ACCC investigation down here in 5 nanoseconds...I prefer to pay attention to the anti-state angle me self ala APster.Its time to leave the nest.(I will miss judge jackson a little.) Never doubt that a small group of thoughtful, committed citizens can change the world. Indeed, it is the only thing that ever has. - Margaret Mead
SSZ Downtime - Schedule Change
Hi, We're facing a last minute change in our scheduled downtime. The current window is from Fri., Aug. 16 through Sun., Aug. 25. This is from tomorrow (Fri.) through Sunday of next weekend. I apologize for the short notice on the change and any inconvenience this might cause. We do not expect to experience such extended downtimes in the (near) future. See you in about a week! -- Conform and be dull..J. Frank Dobie [EMAIL PROTECTED] www.ssz.com [EMAIL PROTECTED] www.open-forge.org
Re: Re: Overcoming the potential downside of TCPA
- Original Message - From: Ben Laurie [EMAIL PROTECTED] The important part for this, is that TCPA has no key until it has an owner, and the owner can wipe the TCPA at any time. From what I can tell this was designed for resale of components, but is perfectly suitable as a point of attack. If this is true, I'm really happy about it, and I agree it would allow virtualisation. I'm pretty sure it won't be for Palladium, but I don't know about TCPA - certainly it fits the bill for what TCPA is supposed to do. I certainly don't believe many people to believe me simply because I say it is so. Instead I'll supply a link to the authority of TCPA, the 1.1b specification, it is available at http://www.trustedcomputing.org/docs/main%20v1_1b.pdf . There are other documents, unfortunately the main spec gives substantial leeway, and I haven't had time to read the others (I haven't fully digested the main spec yet either). From that spec, all 332 pages of it, I encourage everyone that wants to decide for themselves to read the spec. If you reach different conclusions than I have, feel free to comment, I'm sure there are many people on these lists that would be interested in justification for either position. Personally, I believe I've processed enough of the spec to state that TCPA is a tool, and like any tool it has both positive and negative aspects. Provided the requirement to be able to turn it off (and for my preference they should add a requirement that the motherboard continue functioning even under the condition that the TCPA module(s) is/are physically removed from the board). The current spec though does seem to have a bend towards being as advertised, being primarily a tool for the user. Whether this will remain in the version 2.0 that is in the works, I cannot say as I have no access to it, although if someone is listening with an NDA nearby, I'd be more than happy to review it. Joe
status of various projects?
It seems like a lot of interesting projects haven't been active for a while - notably Free Haven and Eternity Usenet. Where is the most active work, these days, on distributed publishing systems? ** The Center for Civic Networking PO Box 600618 Miles R. Fidelman, President Newtonville, MA 02460-0006 Director, Municipal Telecommunications Strategies Program 617-558-3698 fax: 617-630-8946 [EMAIL PROTECTED] http://civic.net/ccn.html Information Infrastructure: Public Spaces for the 21st Century Let's Start With: Internet Wall-Plugs Everywhere Say It Often, Say It Loud: I Want My Internet! **
Re: Overcoming the potential downside of TCPA
Joseph Ashwood wrote: - Original Message - From: Ben Laurie [EMAIL PROTECTED] Joseph Ashwood wrote: There is nothing stopping a virtualized version being created. What prevents this from being useful is the lack of an appropriate certificate for the private key in the TPM. Actually that does nothing to stop it. Because of the construction of TCPA, the private keys are registered _after_ the owner receives the computer, this is the window of opportunity against that as well. The worst case for cost of this is to purchase an additional motherboard (IIRC Fry's has them as low as $50), giving the ability to present a purchase. The virtual-private key is then created, and registered using the credentials borrowed from the second motherboard. Since TCPA doesn't allow for direct remote queries against the hardware, the virtual system will actually have first shot at the incoming data. That's the worst case. The expected case; you pay a small registration fee claiming that you accidentally wiped your TCPA. The best case, you claim you accidentally wiped your TCPA, they charge you nothing to remove the record of your old TCPA, and replace it with your new (virtualized) TCPA. So at worst this will cost $50. Once you've got a virtual setup, that virtual setup (with all its associated purchased rights) can be replicated across an unlimited number of computers. The important part for this, is that TCPA has no key until it has an owner, and the owner can wipe the TCPA at any time. From what I can tell this was designed for resale of components, but is perfectly suitable as a point of attack. If this is true, I'm really happy about it, and I agree it would allow virtualisation. I'm pretty sure it won't be for Palladium, but I don't know about TCPA - certainly it fits the bill for what TCPA is supposed to do. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ Available for contract work. There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: Overcoming the potential downside of TCPA
- Original Message - From: Ben Laurie [EMAIL PROTECTED] Joseph Ashwood wrote: There is nothing stopping a virtualized version being created. What prevents this from being useful is the lack of an appropriate certificate for the private key in the TPM. Actually that does nothing to stop it. Because of the construction of TCPA, the private keys are registered _after_ the owner receives the computer, this is the window of opportunity against that as well. The worst case for cost of this is to purchase an additional motherboard (IIRC Fry's has them as low as $50), giving the ability to present a purchase. The virtual-private key is then created, and registered using the credentials borrowed from the second motherboard. Since TCPA doesn't allow for direct remote queries against the hardware, the virtual system will actually have first shot at the incoming data. That's the worst case. The expected case; you pay a small registration fee claiming that you accidentally wiped your TCPA. The best case, you claim you accidentally wiped your TCPA, they charge you nothing to remove the record of your old TCPA, and replace it with your new (virtualized) TCPA. So at worst this will cost $50. Once you've got a virtual setup, that virtual setup (with all its associated purchased rights) can be replicated across an unlimited number of computers. The important part for this, is that TCPA has no key until it has an owner, and the owner can wipe the TCPA at any time. From what I can tell this was designed for resale of components, but is perfectly suitable as a point of attack. Joe
CATO evacuation plans
a)Tell declan and other media whores and shills to stay,Its just a drill. b) Shred all tobacco documents c) Ditto all wind farming cruft,global warming malarky. d) All donation information must be burned.(and I don't mean on to a dvd,goddamit.) e) Don't run or drive fast,act nonchalant,but get the hell 40k out.AT LEAST. d) Don't go freakin' near RR. e) Don't pick up hitchers.Even if they look like Fawn Hall and are topless.(exceptions may be made if they are waving money,we are free enterprise remember. f) Be glad you invested in a SUV with a bullbar.
Re: CDR: status of various projects?
It's more than 'distributed publishing', it's distributed everything. Have your grid and eat it too! Use Plan 9: http://plan9.bell-labs.com The Hangar 18 Co-Op: http:[EMAIL PROTECTED] On Wed, 14 Aug 2002, Miles Fidelman wrote: It seems like a lot of interesting projects haven't been active for a while - notably Free Haven and Eternity Usenet. Where is the most active work, these days, on distributed publishing systems? ** The Center for Civic Networking PO Box 600618 Miles R. Fidelman, President Newtonville, MA 02460-0006 Director, Municipal Telecommunications Strategies Program617-558-3698 fax: 617-630-8946 [EMAIL PROTECTED]http://civic.net/ccn.html Information Infrastructure: Public Spaces for the 21st Century Let's Start With: Internet Wall-Plugs Everywhere Say It Often, Say It Loud: I Want My Internet! ** -- Conform and be dull..J. Frank Dobie [EMAIL PROTECTED] www.ssz.com [EMAIL PROTECTED] www.open-forge.org
Re: A faster way to factor prime numbers found?
On Tuesday, August 13, 2002, at 03:07 PM, Gary Jeffers wrote: A faster way to factor prime numbers found? Faster even than the usual algorithm?: The factors of a prime number are 1 and the number itself. --Tim May That the said Constitution shall never be construed to authorize Congress to infringe the just liberty of the press or the rights of conscience; or to prevent the people of the United States who are peaceable citizens from keeping their own arms. --Samuel Adams
Re: Signing as one member of a set of keys
Anonymous User wrote: This program can be used by anonymous contributors to release partial information about their identity - they can show that they are someone from a list of PGP key holders, without revealing which member of the list they are. Maybe it can help in the recent controvery over the identity of anonymous posters. It's a fairly low-level program that should be wrapped in a nicer UI. I'll send a couple of perl scripts later that make it easier to use. Hmm. So has anyone managed to get the signature to verify? Doesn't work for me! But perhaps things got mangled in the mail? Or I chose the wrong subset of the email to verify (I tried all the obvious ones)? Sending this stuff as attachments instead of inline would work better, of course. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ Available for contract work. There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: Spam blocklists?
From: Sunder [EMAIL PROTECTED] None of those things work. Most spammers don't give a shit if you don't receive email. I can attest to this by the slew of spam going to hostmaster, webmaster, and the like on many networks. What they're really selling is ten million addresses and spam software. Even if 9 million of those are bullshit, they couldn't care less. The more things with @ signs in'em the more money they make off clueless businesses. We talk about different things then :) I don't care that they make money off clueless businesses... I care that they don't send ME spam. If I can solve the second problem, the first one will take care of itself. Mark
TCPA hack delay appeal
It seems that there is (a rather brilliant) way to bypass TCPA (as spec-ed.) I learned about it from two separate sources, looks like two independent slightly different hacks based on the same protocol flaw. Undoubtedly, more people will figure this out. It seems wise to suppress the urge and craving for fame and NOT to publish the findings at this time. Let them build the thing into zillion chips first. If you must, post the encrypted time-stamped solution identifying you as the author but do not release the key before TCPA is in many, many PCs.
Re: status of various projects?
On Wed, 2002-08-14 at 10:58, Miles Fidelman wrote: It seems like a lot of interesting projects haven't been active for a while - notably Free Haven and Eternity Usenet. Where is the most active work, these days, on distributed publishing systems? Try Mnet (http://mnet.sf.net/). It's the continuation of the Mojo Nation code base. We are close to a stable release (0.5.1), but there are a lot of known bugs that we are leaving in the system (because we are rewriting the code that the bugs are found in). Our main goal for the next release is to make it easier for new coders to understand what's going on under the hood. That and replacing the single point of failure metatracker system with a distributed hash table. The old mojo token based system is no longer in use, but we hope to replace it with an OpenDBS based system, or a stamp based system. myers
TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)
Phew... the document is certainly tortuous, and has a large number of similarly and confusingly named credentials, certificates and keys, however from what I can tell this is what is going on: Summary: I think the endorsement key and it's hardware manufacturers certificate is generated at manufacture and is not allowed to be changed. Changing ownership only means (typically) deleting old identities and creating new ones. The longer version... - endorsement key generation and certification - There is one endorsement key per TPM which is created and certified during manufacture. The creation and certification process is 1) create endorsement key pair, 2) export public key endorsement key, 3) hardware manufacturer signs endorsement public key to create an endorsement certificate (to certify that that endorsement public key belongs to this TPM), 4) the certificate is stored in the TPM (for later use in communications with the privacy CA.) - ownership - Then there is the concept of ownership. The spec says the TPM MUST ship with no Owner installed. The owner when he wishes to claim ownership choose a authentication token which is sent into the TPM encrypted with the endorsement key. (They give the example of the authentication token being the hash of a password). Physical presence tests apply to claiming ownership (eg think BIOS POST with no networking enabled, or physical pin on motherboard like BIOS flash enable). The authentication token and ownership can be changed. The TPM can be reset back to a state with no current owner. BUT _at no point_ does the TPM endorsement private key leave the TPM. The TPM_CreateEndorsementKeyPair function is allowed to be called once (during manufacture) and is thereafter disabled. - identity keys - Then there is the concept of identity keys. The current owner can create and delete identities, which can be anonymous or pseudonymous. Presumably the owner would delete all identity keys before giving the TPM to a new owner. The identity public key is certified by the privacy CA. - privacy ca - The privacy CA accepts identity key certification requests which contain a) identity public key b) a proof of possession (PoP) of identity private key (signature on challenge), c) the hardware manufacturers endorsement certificate containing the TPM's endorsement public key. The privacy CA checks whether the endorsement certificate is signed by a hardware manufacturer it trusts. The privacy CA sends in response an identity certificate encrypted with the TPM's endorsement public key. The TPM decrypts the encrypted identity certifate with the endorsement private key. - remote attestation - The owner uses the identity keys in the remote attestation functions. Note that the identity private keys are also generated on the TPM, the private key also never leaves the TPM. The identity private key is certified by the privacy CA as having been requested by a certified endorsement key. The last two paragraphs imply something else interesting: the privacy CA can collude with anyone to create a virtualized environment. (This is because the TPM endorsement key is never directly used in remote attestation for privacy reasons.) All that is required to virtualize a TPM is an attestation from the privacy CA in creating an identity certificate. So there are in fact three avenues for FBI et al to go about obtaining covert access to the closed space formed by TCPA applications: (A) get one of the hardware manufacturers to sign an endorsement key generated outside a TPM (or get the endorsement CA's private key), or (B) get a widely used and accepted privacy CA to overlook it's policy of demanding a hardware manufacturer CA endorsed endorsement public key and sign an identity public key created outside of a TPM (or get the privacy CA's private key). (C) create their own privacy CA and persuade an internet server they wish to investigate the users of to accept it. Create themselves a virtualized client using their own privacy CA, look inside. I think to combat problem C) as a user of a service you'd want the remote attestation of software state to auditably include it's accepted privacy CA database to see if there are any strange Privacy CAs on there. I think you could set up and use your own privacy CA, but you can be sure the RIAA/MPAA will never trust your CA. A bit like self-signing SSL site keys. If you and your friends add your CA to their trusted root CA database it'll work. In this case however people have to trust your home-brew privacy CA not to issue identity certificates without having seen a valid hardware-endorsement key if they care about preventing virtualization for the privacy or security of some network application. Also, they seem to take explicit steps to prevent you getting multiple privacy CA certificates on the same identity key. (I'm not sure why.) It seems like a bad thing as it forces you to trust just one CA, it prevents web of trust which
Re: Overcoming the potential downside of TCPA
[Repost] Joe Ashwood writes: Actually that does nothing to stop it. Because of the construction of TCPA, the private keys are registered _after_ the owner receives the computer, this is the window of opportunity against that as well. Actually, this is not true for the endoresement key, PUBEK/PRIVEK, which is the main TPM key, the one which gets certified by the TPM Entity. That key is generated only once on a TPM, before ownership, and must exist before anyone can take ownership. For reference, see section 9.2, The first call to TPM_CreateEndorsementKeyPair generates the endorsement key pair. After a successful completion of TPM_CreateEndorsementKeyPair all subsequent calls return TCPA_FAIL. Also section 9.2.1 shows that no ownership proof is necessary for this step, which is because there is no owner at that time. Then look at section 5.11.1, on taking ownership: user must encrypt the values using the PUBEK. So the PUBEK must exist before anyone can take ownership. The worst case for cost of this is to purchase an additional motherboard (IIRC Fry's has them as low as $50), giving the ability to present a purchase. The virtual-private key is then created, and registered using the credentials borrowed from the second motherboard. Since TCPA doesn't allow for direct remote queries against the hardware, the virtual system will actually have first shot at the incoming data. That's the worst case. I don't quite follow what you are proposing here, but by the time you purchase a board with a TPM chip on it, it will have already generated its PUBEK and had it certified. So you should not be able to transfer a credential of this type from one board to another one. The expected case; you pay a small registration fee claiming that you accidentally wiped your TCPA. The best case, you claim you accidentally wiped your TCPA, they charge you nothing to remove the record of your old TCPA, and replace it with your new (virtualized) TCPA. So at worst this will cost $50. Once you've got a virtual setup, that virtual setup (with all its associated purchased rights) can be replicated across an unlimited number of computers. The important part for this, is that TCPA has no key until it has an owner, and the owner can wipe the TCPA at any time. From what I can tell this was designed for resale of components, but is perfectly suitable as a point of attack. Actually I don't see a function that will let the owner wipe the PUBEK. He can wipe the rest of the TPM but that field appears to be set once, retained forever. For example, section 8.10: Clear is the process of returning the TPM to factory defaults. But a couple of paragraphs later: All TPM volatile and non-volatile data is set to default value except the endorsement key pair. So I don't think your fraud will work. Users will not wipe their endorsement keys, accidentally or otherwise. If a chip is badly enough damaged that the PUBEK is lost, you will need a hardware replacement, as I read the spec. Keep in mind that I only started learning this stuff a few weeks ago, so I am not an expert, but this is how it looks to me.
TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)
[resend via different node: [EMAIL PROTECTED] seems to be dead -- primary MX refusing connections] Phew... the document is certainly tortuous, and has a large number of similarly and confusingly named credentials, certificates and keys, however from what I can tell this is what is going on: Summary: I think the endorsement key and it's hardware manufacturers certificate is generated at manufacture and is not allowed to be changed. Changing ownership only means (typically) deleting old identities and creating new ones. The longer version... - endorsement key generation and certification - There is one endorsement key per TPM which is created and certified during manufacture. The creation and certification process is 1) create endorsement key pair, 2) export public key endorsement key, 3) hardware manufacturer signs endorsement public key to create an endorsement certificate (to certify that that endorsement public key belongs to this TPM), 4) the certificate is stored in the TPM (for later use in communications with the privacy CA.) - ownership - Then there is the concept of ownership. The spec says the TPM MUST ship with no Owner installed. The owner when he wishes to claim ownership choose a authentication token which is sent into the TPM encrypted with the endorsement key. (They give the example of the authentication token being the hash of a password). Physical presence tests apply to claiming ownership (eg think BIOS POST with no networking enabled, or physical pin on motherboard like BIOS flash enable). The authentication token and ownership can be changed. The TPM can be reset back to a state with no current owner. BUT _at no point_ does the TPM endorsement private key leave the TPM. The TPM_CreateEndorsementKeyPair function is allowed to be called once (during manufacture) and is thereafter disabled. - identity keys - Then there is the concept of identity keys. The current owner can create and delete identities, which can be anonymous or pseudonymous. Presumably the owner would delete all identity keys before giving the TPM to a new owner. The identity public key is certified by the privacy CA. - privacy ca - The privacy CA accepts identity key certification requests which contain a) identity public key b) a proof of possession (PoP) of identity private key (signature on challenge), c) the hardware manufacturers endorsement certificate containing the TPM's endorsement public key. The privacy CA checks whether the endorsement certificate is signed by a hardware manufacturer it trusts. The privacy CA sends in response an identity certificate encrypted with the TPM's endorsement public key. The TPM decrypts the encrypted identity certifate with the endorsement private key. - remote attestation - The owner uses the identity keys in the remote attestation functions. Note that the identity private keys are also generated on the TPM, the private key also never leaves the TPM. The identity private key is certified by the privacy CA as having been requested by a certified endorsement key. The last two paragraphs imply something else interesting: the privacy CA can collude with anyone to create a virtualized environment. (This is because the TPM endorsement key is never directly used in remote attestation for privacy reasons.) All that is required to virtualize a TPM is an attestation from the privacy CA in creating an identity certificate. So there are in fact three avenues for FBI et al to go about obtaining covert access to the closed space formed by TCPA applications: (A) get one of the hardware manufacturers to sign an endorsement key generated outside a TPM (or get the endorsement CA's private key), or (B) get a widely used and accepted privacy CA to overlook it's policy of demanding a hardware manufacturer CA endorsed endorsement public key and sign an identity public key created outside of a TPM (or get the privacy CA's private key). (C) create their own privacy CA and persuade an internet server they wish to investigate the users of to accept it. Create themselves a virtualized client using their own privacy CA, look inside. I think to combat problem C) as a user of a service you'd want the remote attestation of software state to auditably include it's accepted privacy CA database to see if there are any strange Privacy CAs on there. I think you could set up and use your own privacy CA, but you can be sure the RIAA/MPAA will never trust your CA. A bit like self-signing SSL site keys. If you and your friends add your CA to their trusted root CA database it'll work. In this case however people have to trust your home-brew privacy CA not to issue identity certificates without having seen a valid hardware-endorsement key if they care about preventing virtualization for the privacy or security of some network application. Also, they seem to take explicit steps to prevent you getting multiple privacy CA certificates on the same identity key. (I'm not sure why.)
Re: Overcoming the potential downside of TCPA
Joe Ashwood writes: Actually that does nothing to stop it. Because of the construction of TCPA, the private keys are registered _after_ the owner receives the computer, this is the window of opportunity against that as well. Actually, this is not true for the endoresement key, PUBEK/PRIVEK, which is the main TPM key, the one which gets certified by the TPM Entity. That key is generated only once on a TPM, before ownership, and must exist before anyone can take ownership. For reference, see section 9.2, The first call to TPM_CreateEndorsementKeyPair generates the endorsement key pair. After a successful completion of TPM_CreateEndorsementKeyPair all subsequent calls return TCPA_FAIL. Also section 9.2.1 shows that no ownership proof is necessary for this step, which is because there is no owner at that time. Then look at section 5.11.1, on taking ownership: user must encrypt the values using the PUBEK. So the PUBEK must exist before anyone can take ownership. The worst case for cost of this is to purchase an additional motherboard (IIRC Fry's has them as low as $50), giving the ability to present a purchase. The virtual-private key is then created, and registered using the credentials borrowed from the second motherboard. Since TCPA doesn't allow for direct remote queries against the hardware, the virtual system will actually have first shot at the incoming data. That's the worst case. I don't quite follow what you are proposing here, but by the time you purchase a board with a TPM chip on it, it will have already generated its PUBEK and had it certified. So you should not be able to transfer a credential of this type from one board to another one. The expected case; you pay a small registration fee claiming that you accidentally wiped your TCPA. The best case, you claim you accidentally wiped your TCPA, they charge you nothing to remove the record of your old TCPA, and replace it with your new (virtualized) TCPA. So at worst this will cost $50. Once you've got a virtual setup, that virtual setup (with all its associated purchased rights) can be replicated across an unlimited number of computers. The important part for this, is that TCPA has no key until it has an owner, and the owner can wipe the TCPA at any time. From what I can tell this was designed for resale of components, but is perfectly suitable as a point of attack. Actually I don't see a function that will let the owner wipe the PUBEK. He can wipe the rest of the TPM but that field appears to be set once, retained forever. For example, section 8.10: Clear is the process of returning the TPM to factory defaults. But a couple of paragraphs later: All TPM volatile and non-volatile data is set to default value except the endorsement key pair. So I don't think your fraud will work. Users will not wipe their endorsement keys, accidentally or otherwise. If a chip is badly enough damaged that the PUBEK is lost, you will need a hardware replacement, as I read the spec. Keep in mind that I only started learning this stuff a few weeks ago, so I am not an expert, but this is how it looks to me.
Re: TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)
On Thu, 15 Aug 2002, Adam Back wrote: Summary: I think the endorsement key and it's hardware manufacturers certificate is generated at manufacture and is not allowed to be changed. Changing ownership only means (typically) deleting old identities and creating new ones. Are there 2 certificates? One from the manufacturer and one from the privacy CA? - endorsement key generation and certification - There is one endorsement key per TPM which is created and certified during manufacture. The creation and certification process is 1) create endorsement key pair, 2) export public key endorsement key, 3) hardware manufacturer signs endorsement public key to create an endorsement certificate (to certify that that endorsement public key belongs to this TPM), 4) the certificate is stored in the TPM (for later use in communications with the privacy CA.) So finding the manufacturers signature key breaks the whole system right? Once you have that key you can create as many fake TPM's as you want. TPM can be reset back to a state with no current owner. BUT _at no point_ does the TPM endorsement private key leave the TPM. The TPM_CreateEndorsementKeyPair function is allowed to be called once (during manufacture) and is thereafter disabled. But it's easier to manufacture it by burning fuse links so it can't be read back - ala OTP. so the manufacturer could have a list of every private key (just because they aren't supposed to doesn't prevent it.) It still meets the spec - the key never leaves the chip. - identity keys - Then there is the concept of identity keys. The current owner can create and delete identities, which can be anonymous or pseudonymous. Presumably the owner would delete all identity keys before giving the TPM to a new owner. The identity public key is certified by the privacy CA. - privacy ca - The privacy CA accepts identity key certification requests which contain a) identity public key b) a proof of possession (PoP) of identity private key (signature on challenge), c) the hardware manufacturers endorsement certificate containing the TPM's endorsement public key. The privacy CA checks whether the endorsement certificate is signed by a hardware manufacturer it trusts. The privacy CA sends in response an identity certificate encrypted with the TPM's endorsement public key. The TPM decrypts the encrypted identity certifate with the endorsement private key. How does the CA check the endorsement certificate? If it's by checking the signature, then finding the manufacturer's private key is very worthwhile - the entire TCPA for 100's of millions of computers gets compromised. If it's by matching with the manufacturer's list then anonymity is impossible. Thanks for the analysis Adam. It seems like there are a couple of obvious points to attack this system at. I would think it's easy to break for a large enough government. Patience, persistence, truth, Dr. mike
Re: trade-offs of secure programming with Palladium (Re: Palladium: technical limits and implications)
Adam Back writes: So there are practical limits stemming from realities to do with code complexity being inversely proportional to auditability and security, but the extra ring -1, remote attestation, sealing and integrity metrics really do offer some security advantages over the current situation. You're wearing your programmer's hat when you say that. But the problem isn't programming, but is instead economic. Switch hats. The changes that you list above may or may not offer some security advantages. Who cares? What really matters is whether they increase the cost of copying. I say that the answer is no, for a very simple reason: breaking into your own computer is a victimless crime. In a crime there are at least two parties: the victim and the perpetrator. What makes the so-called victimless crime unique is that the victim is not present for the perpetration of the crime. In such a crime, all of the perpetrators have reason to keep silent about the comission of the crime. So it will be with people breaking into their own TCPA-protected computer and application. Nobody with evidence of the crime is interested in reporting the crime, nor in stopping further crimes. Yes, the TCPA hardware introduces difficulties. If there is way around them in software, then someone need only write it once. The whole TCPA house of cards relies on no card ever falling down. Once it falls down, people have unrestricted access to content. And that means that we go back to today's game, where the contents of CDs are open and available for modification. Someone could distribute a pile of random bits, which, when xored with the encrypted copy, becomes an unencrypted copy. -- -russ nelson http://russnelson.com | Crynwr sells support for free software | PGPok | businesses persuade 521 Pleasant Valley Rd. | +1 315 268 1925 voice | governments coerce Potsdam, NY 13676-3213 | +1 315 268 9201 FAX |
Re: status of various projects?
On Wed, Aug 14, at 10:58AM, Miles Fidelman wrote: | It seems like a lot of interesting projects haven't been active for a | while - notably Free Haven and Eternity Usenet. Where is the most active | work, these days, on distributed publishing systems? I forwarded this to Roger Dingledine who heads up the FreeHaven project. His answer is below. From [EMAIL PROTECTED] Thu Aug 15 16:46:59 2002 Date: Thu, 15 Aug 2002 16:46:59 -0400 From: Roger Dingledine [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: free haven status At this point, Free Haven has 3 major flaws, and I'm putting it on the back burner while I address them: * The reputation system is tricky and won't work. We need to replace the gossip/credibility system with a mechanism for verifiable transactions. See http://freehaven.net/doc/cfp02/cfp02.html for more details. * Retrieval is currently broadcast, which is insane. I'm letting other projects work on solutions here (eg Chord), and I'll pick my favorite when the time comes. * There is no anonymous communications infrastructure. This is the area we're focusing on currently. See http://mixminion.net/minion-design.pdf and http://pdos.lcs.mit.edu/tarzan/ --Roger
Re: TCPA not virtualizable during ownership change
Basically I agree with Adam's analysis. At this point I think he understands the spec equally as well as I do. He has a good point about the Privacy CA key being another security weakness that could break the whole system. It would be good to consider how exactly that problem could be eliminated using more sophisticated crypto. Keep in mind that there is a need to be able to revoke Endorsement Certificates if it is somehow discovered that a TPM has been cracked or is bogus. I'm not sure that would be possible with straight Chaum blinding or Brands credentials. I would perhaps look at Group Signature schemes; there is one with efficient revocation being presented at Crypto 02. These involve a TTP but he can't forge credentials, just link identity keys to endorsement keys (in TCPA terms). Any system which allows for revocation must have such linkability, right? As for Joe Ashwood's analysis, I think he is getting confused between the endorsement key, endorsement certificate, and endorsement credentials. The first is the key pair created on the TPM. The terms PUBEK and PRIVEK are used to refer to the public and private parts of the endorsement key. The endorsement certificate is an X.509 certificate issued on the endorsement key by the manufacturer. The manufacturer is also called the TPM Entity or TPME. The endorsement credential is the same as the endorsement certificate, but considered as an abstract data structure rather than as a specific embodiment. The PRIVEK never leaves the chip. The PUBEK does, but it is considered sensitive because it is a de facto unique identifier for the system, like the Intel processor serial number which caused such controversy a few years ago. The endorsement certificate holds the PUBEK value (in the SubjectPublicKeyInfo field) and so is equally a de facto unique identifier, hence it is also not too widely shown.
Schneier on Arming Airplane Pilots (was Re: CRYPTO-GRAM, August 15, 2002)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 My sister-in-law had a brilliantly simple answer to the problem of hijacking which was, close, but, um, no spliff, :-), to Vin Suprynowicz's notorious Ganja and Guns Airline column of a few years back. She said, on September 12 or so last year, Why don't you have a certification on your concealed-carry permit that allows you to carry on an airplane? That means, like a hazmat certificate on a commercial driver's license, you've been trained. You know how to shoot on a plane: what kinds of frangible bullets to use, who to shoot at :-), and so on. At check-in time, the firearm owner pulls out her concealed-carry license with the cabin-carry certificate, shows someone the frangible ammo she's using, and is checked through to the gate. I figure if even Tim May thinks armed passengers are a bad idea, :-), and Bruce thinks even arming the *pilots* is a bad idea, I'm certainly leaning into the wind a bit here, but, I think it's a *great* idea, myself. It doesn't matter if someone smuggles a *machine gun* onto the plane, they don't know *who* is on the plane, with a gun, and *qualified* to take them out. Think of it as statistical process control for the rest of us. Or evolution in action. Or geodesic warfare. Cheers, RAH PS: I think we're going to *need* counter-attack scenarios on the net. Like Whit Diffie said, infowar will be fought between businesses. Governments are too slow, and not, paradoxically, nearly ubiquitous enough to do the job. All we need is bearer cash, :-), and, someday, machines even can handle it themselves... - - At 3:53 PM -0500 on 8/15/02, Bruce Schneier wrote: Arming Airplane Pilots It's a quintessentially American solution: our nation's commercial aircraft are at risk, so let's allow pilots to carry guns. We have visions of these brave men and women as the last line of defense on an aircraft, and courageously defending the cockpit against terrorists at 30,000 feet. I can just imagine the made-for-TV movie. Reality is more complicated than television, though. Sometimes, security systems cause more problems than they solve. Putting guns on aircraft will make us more vulnerable to attack, not less. When people think of potential problems with an weapons in a cockpit, they think of accidental shootings in the air, holes in the fuselage, and possibly even equipment shattered by a stray bullet. This is a problem, certainly, but not a major one. A bullet hole is small, and doesn't let a whole lot of air out. And airplanes are designed to handle equipment failures -- even serious failures -- and remain in the air. If I ran an airline, I would worry more about accidents involving passengers, who are much less able to survive a bullet wound and much more likely to sue. The real dangers, though, involve the complex systems that must be put in place before the first gun can ride along in the cockpit. There are major areas of risk. One, we need a system for getting the gun on the airplane. How does the pilot get the gun? Does he carry it through the airport and onto the plane? Is it issued to him after he's in the cockpit but before the plane takes off? Is it secured in the cockpit at all times, even when there is no one there? Any one of these solutions has its own set of security vulnerabilities. The last thing we want is for an attacker to exploit one of these systems in order to get himself a gun. Or maybe the last thing we want is a shootout in a crowded airport. Second, we need a procedure for storing the gun on the airplane. Does the pilot carry it on his hip? Is it locked in a cabinet? If so, who has the key? Is there one gun, or do the pilot and co-pilot each have one? However the system works, it's ripe for abuse. If the gun is always at the pilot's hip, an attacker can take it away from him when he leaves the cockpit. (Don't laugh; policemen get their guns taken away from them all the time, and they're trained to prevent that.) If the guns remain in the cockpit when it is unoccupied, we have a whole new set of problems to worry about. Third, we need a system of training pilots in gun handling and marksmanship. Guns require training to use well; how much training can we expect our pilots to have? This is different from training sky marshals. Security is the primary job of a sky marshal; they're expected to learn how to use a gun. Flying planes is the primary job of a pilot. Giving pilots guns is a disaster waiting to happen. The current system spends a lot of time and effort keeping weapons off airplanes and out of airports; the proposed scheme would inject thousands of handguns into that system. There are just too many pilots and too many flights every day; mistakes will happen. Someone will do an inventory one night and find a gun missing, or ten. Someone will find one left in a
Re: TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)
I think a number of the apparent conflicts go away if you carefully track endorsement key pair vs endorsement certificate (signature on endorsement key by hw manufacturer). For example where it is said that the endorsement _certificate_ could be inserted after ownership has been established (not the endorsement key), so that apparent conflict goes away. (I originally thought this particular one was a conflict also, until I noticed that.) I see anonymous found the same thing. But anyway this extract from the CC PP makes clear the intention and an ST based on this PP is what a given TPM will be evaluated based on: http://niap.nist.gov/cc-scheme/PPentries/CCEVS-020016-PP-TPM1_9_4.pdf p 20: | The TSF shall restrict the ability to initialize or modify the TSF | data: Endorsement Key Pair [...] to the TPM manufacturer or designee. (if only they could have managed to say that in the spec). Adam -- http://www.cypherspace.org/adam/
employment market for applied cryptographers?
On the employment situation... it seems that a lot of applied cryptographers are currently unemployed (Tim Dierks, Joseph, a few ex-colleagues, and friends who asked if I had any leads, the spate of recent security consultant .sigs, plus I heard that a straw poll of attenders at the codecon conference earlier this year showed close to 50% out of work). Are there any more definitive security industry stats? Are applied crypto people suffering higher rates of unemployment than general application programmers? (From my statistically too small sample of acquaintances it might appear so.) If this is so, why is it? - you might think the physical security push following the world political instability worries following Sep 11th would be accompanied by a corresponding information security push -- jittery companies improving their disaster recovery and to a lesser extent info sec plans. - governments are still harping on the info-war hype, national information infrastructure protection, and the US Information Security Czar Clarke making grandiose pronouncements about how industry ought to do various things (that the USG spent the last 10 years doing it's best to frustrate industry from doing with it's dumb export laws) - even Microsoft has decided to make a play of cleaning up it's security act (you'd wonder if this was in fact a cover for Palladium which I think is likely a big play for them in terms of future control points and (anti-)competitive strategy -- as well as obviously a play for the home entertainment system space with DRM) However these reasons are perhaps more than cancelled by: - dot-com bubble (though I saw some news reports earlier that though there is lots of churn in programmers in general, that long term unemployment rates were not that elevated in general) - perhaps security infrastructure and software upgrades are the first things to be canned when cash runs short? - software security related contract employees laid off ahead of full-timers? Certainly contracting seems to be flat in general, and especially in crypto software contracts look few and far between. At least in the UK some security people are employed in that way (not familiar with north america). - PKI seems to have fizzled compared to earlier exaggerated expectations, presumably lots of applied crypto jobs went at PKI companies downsizing. (If you ask me over use of ASN.1 and adoption of broken over complex and ill-defined ITU standards X.500, X.509 delayed deployment schedules by order of magnitude over what was strictly necessary and contributed to interoperability problems and I think significantly to the flop of PKI -- if it's that hard because of the broken tech, people will just do something else.) - custom crypto and security related software development is perhaps weighted towards dot-coms that just crashed. - big one probably: lack of measurability of security -- developers with no to limited crypto know-how are probably doing (and bodging) most of the crypto development that gets done in general, certainly contributing to the crappy state of crypto in software. So probably failure to realise this issue or perhaps just not caring, or lack of financial incentives to care on the part of software developers. Microsoft is really good at this one. The number of times they re-used RC4 keys in different protocols is amazing! Other explanations? Statistics? Sample-of-one stories? Adam -- yes, still employed in sofware security industry; and in addition have been doing crypto consulting since 97 (http://www.cypherspace.net/) if you have any interesting applied crypto projects; reference commissions paid.
Re: TCPA not virtualizable during ownership change
-- On 15 Aug 2002 at 15:26, AARG! Anonymous wrote: Basically I agree with Adam's analysis. At this point I think he understands the spec equally as well as I do. He has a good point about the Privacy CA key being another security weakness that could break the whole system. It would be good to consider how exactly that problem could be eliminated using more sophisticated crypto. Lucky claims to have pointed this out two years ago, proposed more sophisticated crypto, and received a hostile reception. Which leads me to suspect that the capability of the powerful to break the system is a designed in feature. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG JjoH8U8qZ1eOdT/yGjfV7Xz9andBZPeYWaOLC+NP 2/OJG2MZSnAqcyuvUsNZTsQAcffGGST6LJ7e9vFbK
Re: Overcoming the potential downside of TCPA
On Thu, 15 Aug 2002, Anonymous wrote: [Repost] Joe Ashwood writes: Actually that does nothing to stop it. Because of the construction of TCPA, the private keys are registered _after_ the owner receives the computer, this is the window of opportunity against that as well. Actually, this is not true for the endoresement key, PUBEK/PRIVEK, which is the main TPM key, the one which gets certified by the TPM Entity. That key is generated only once on a TPM, before ownership, and must exist before anyone can take ownership. For reference, see section 9.2, The first call to TPM_CreateEndorsementKeyPair generates the endorsement key pair. After a successful completion of TPM_CreateEndorsementKeyPair all subsequent calls return TCPA_FAIL. Also section 9.2.1 shows that no ownership proof is necessary for this step, which is because there is no owner at that time. Then look at section 5.11.1, on taking ownership: user must encrypt the values using the PUBEK. So the PUBEK must exist before anyone can take ownership. The worst case for cost of this is to purchase an additional motherboard (IIRC Fry's has them as low as $50), giving the ability to present a purchase. The virtual-private key is then created, and registered using the credentials borrowed from the second motherboard. Since TCPA doesn't allow for direct remote queries against the hardware, the virtual system will actually have first shot at the incoming data. That's the worst case. I don't quite follow what you are proposing here, but by the time you purchase a board with a TPM chip on it, it will have already generated its PUBEK and had it certified. So you should not be able to transfer a credential of this type from one board to another one. ... / But I think you claimed No root key.. Is this not a root key? oo--JS.