ÉϺ£ÎïÁ÷Ê¢»á¼´½«ÕÙ¿ª

[Ò¦ÎÄÑâ]

ÖйúÎïÁ÷Óë²É¹ºÁªºÏ»á
ÖÐ ¹ú ´¬  ¶«  Э  »á
ÖÐ ¹ú ¸Û  ¿Ú  Э  »á
Öйú¹ú¼Ê»õÔË´úÀíЭ»á   Îļþ
ÖÐ ¹ú Ãñ Óà º½¿ÕЭ»á
ÖÐ ¹ú ¹«  ·  ѧ  »á
ÖÐ ¹ú Ìú  µÀ  ѧ  »á
ÎïÁª»á×Ö[2002]47 ºÅ
¹ØÓÚÕÙ¿ªµÚÈý½ìÖйú¹ú¼Ê
ÎïÁ÷¸ß·å»áµÄ²¹³ä֪ͨ
¸÷Óйص¥Î»:
Ϊ´Ù½øÖйúÎïÁ÷·¢Õ¹,³ä·ÖÕûºÏ¹úÄÚÍâÉç»á×ÊÔ´,°ïÖú¸÷ÀàÆóÒµ¼°Ê±ÕÆÎÕ¹úÄÚÍâÎïÁ÷·¢Õ¹¶¯Ì¬,´î½¨Õþ¸®¡¢ÆóÒµ¼ä½»Á÷Óë¶Ô»°Æ½Ì¨£¬È«Ãæչʾ¹úÄÚÍâÎïÁ÷·¢Õ¹µÄ×îгɹûÓëµä·¶£¬ÅàÓýÖйúÎïÁ÷´óÊг¡£¬ÖйúÎïÁ÷Óë²É¹ºÁªºÏ»á¡¢Öйú´¬¶«Ð­»á¡¢Öйú¸Û¿ÚЭ»á¡¢Öйú¹ú¼Ê»õÔË´úÀíЭ»á¡¢ÖйúÃñÓú½

Ò»¡¢»áÒé±³¾°²ÄÁÏ
Öйú¹ú¼ÊÎïÁ÷¸ß·å»áÊǹ²Í¬ÍƽøÎïÁ÷·¢Õ¹ÁªÏ¯»áÒéµÄÆ·ÅÆ»áÒ飬ÔÚ¸Ã×éÖ¯³ÉÁ¢ÒÔÇ°£¬ÒÑÓÉÏÖÁªÏ¯»áÒé³ÉÔ±µ¥Î»ÓÚ2000Äê6Ô¡¢2001Äê9ÔÂÔÚÉϺ£¡¢±±¾©·Ö±ðÖ÷°ìÁ˵ÚÒ»¡¢µÚ¶þ½ìÖйú¹ú¼ÊÎïÁ÷¸ß·å»á¡£ÎªÈÃÓë»áÕ߸üÉú¶¯ÐÎÏóµØÁ˽â¹úÄÚÍâÎïÁ÷·¢Õ¹µÄ×îгɹû£¬±¾´Î»áÒ齫²ÉÓùú¼Ê»¯µÄ²ß»®£¬È

µÚÈý½ìÖйú¹ú¼ÊÎïÁ÷¸ß·å»áÒÔ¼ÓÈëWTOÓëÖйúÎïÁ÷·¢Õ¹ÎªÖ÷Ì⣬ּÔÚ´Ù½ø¹úÄÚÍâÎïÁ÷½çµÄ¼¼Êõ½»Á÷ÓëºÏ×÷£¬È«Ãæչʾ¹úÄÚÍâÎïÁ÷·¢Õ¹µÄ×îгɹûÓëµä·¶£¬×ܽáÏÖ´úÎïÁ÷µÄ·¢Õ¹Àú³Ì£¬¹æ»®Õ¹ÍûÖйúÎïÁ÷·¢Õ¹µÄδÀ´£¬ÔÚÖйúÆóÒµ¹ÜÀí²ãÖÐÊ÷Á¢È«ÐµÄÎïÁ÷Ïû·ÑÒâʶ£¬´´ÔìÎïÁ÷Ïû·Ñ£¬¿ª·¢ÖйúÎïÁ÷

±¾½ì¸ß·å»á½«ÑûÇëÀ´×ÔÈÕ±¾¡¢ÃÀ¹ú¡¢Å·ÃË¡¢°Ä´óÀûÑÇ¡¢Ð¼ÓÆ¡¢º«¹ú¡¢¸Û°ÄµÈ¹ú¼ÒºÍµØÇøµÄÕþ¸®¹ÙÔ±¡¢ÊÀ½çÖøÃûÎïÁ÷ÉçÍÅ×éÖ¯»ú¹¹¸ºÔðÈË¡¢¹úÄÚÍâÖøÃûÆóÒµ¸ºÔðÈË£¬ÖøÃû¾­¼Ãѧ¼Ò¡¢ÎïÁ÷Ó빩ӦÁ´¹ÜÀíÁìÓòÖøÃûר¼Ò¡¢Ñ§Õß¡¢º£ÍâÁôѧÈËÔ±¡¢¹úÄÚÍâ×Éѯ¹ÜÀí»ú¹¹µÈ×ÊÉîÈËÊ¿²Î¼Ó±¾½ì¸ß·å»áÂÛ̳¡

×÷ΪÓë±¾½ì¸ß·å»áÅäÌ×µÄ2002Öйú£¨ÉϺ££©¹ú¼Ê½»Í¨/ÎïÁ÷¼¼ÊõÉ豸չÀÀ»á½«»ã¾Û¹úÄÚÍ⽻ͨ/ÎïÁ÷ÆóÒµ¼°Ïà¹ØÆóÒµµÄ´ú±í£¬Á¦Çó´ÓÕ¹ÀÀÉϳä·ÖÈ«ÃæµØÌåÏÖµ±½ñ½»Í¨/ÎïÁ÷¼¼ÊõÓë×°±¸·¢Õ¹Ë®Æ½¡¢Ó¦Óóɹû¡£Õ¹ÀÀ½«¾Ù°ì·á¸»¶à²ÊµÄ»î¶¯£¬×î´óÏ޶ȵØÎüÒýÀ´×Ô¾³ÄÚÍâµÄ²ÎÕ¹ÉÌ¡¢Óû§ºÍרҵÈËÊ¿ÔÚ

¶þ¡¢¸ß·å»á×éÖ¯·½°¸
Ö÷Ìâ¼ÓÈëWTOÓëÖйúÎïÁ÷Òµ·¢Õ¹
¸±Ìâ´óÊг¡¡¢´ó˼·¡¢´óºÏ×÷¡¢´ó·¢Õ¹
±¨µ½Ê±¼ä2002Äê9ÔÂ23ÈÕ
±¨µ½µØµãµÚÒ»µØµã£ºÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê  µÚ¶þµØµã£ºÉϺ£ÃÀÀöÔ°´ó·¹µê
»áÒéʱ¼ä2002Äê9ÔÂ24ÈÕ--2002Äê9ÔÂ26ÈÕ
ÈÕ ³Ì °² ÅÅ
9ÔÂ23ÈÕ Ê±¼ä²Î»áÈË  ÄÚÈݵصã
18£º30©¦©¦20£º30
¹ú¼ÒÎïÁ÷Ïà¹Ø²úÒµÕþ¸®¹ÙÔ±¡¢ÉϺ£ÊÐÕþ¸®¹ÙÔ±¼°ÎïÁ÷²úÒµÖ÷Òª¹ÙÔ±¡¢³öϯ¸ß·å»áµÄÖøÃûÆóÒµ¸ºÔðÈ˺ÍÔÞÖúÆóÒµ¸ºÔðÈË
  VIPÔ²×À»áÒéÂÛ̳ ÉϺ£Ëļ¾¾Æµê¹ó±öÌü
9ÔÂ24ÈÕ Ê±¼ä²Î»áÈË  ÄÚÈݵصã
08£º30  |09£º00 Õþ¸®¹ÙÔ±¡¢¼Î±ö¡¢ËùÓб¨Ãû²Î»áÕß¡¢¼ÇÕß¿ªÄ»Ê½  
ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µêµÛÍõÌü
09£º00|11£º40   Õþ¸®¹ÙÔ±¡¢¼Î±ö¡¢ËùÓб¨Ãû²Î»áÕß¡¢¼ÇÕßÕþ²ß·¨¹æÓëºê¹Û¾­¼Ã»¥¶¯ÂÛ̳ 
 ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê  µÛÍõÌü
12£º00|13£º30   Õþ¸®¹ÙÔ±¡¢¼Î±ö¡¢ËùÓб¨Ãû²Î»áÕß¡¢¼ÇÕßÎç²Í¼°Îç¼äÐÝϢʱ¼ä  
ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê  »ªÏÄÌü
13£º30|15£º40   Õþ¸®¹ÙÔ±¡¢¼Î±ö¡¢ËùÓб¨Ãû²Î»áÕß¡¢¼ÇÕßÍâ×ÊÆóÒµÔÚÖйúרÌâÂÛ̳  
ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê  µÛÍõÌü
16£º00©¦17£º30  Õþ¸®¹ÙÔ±¡¢¼Î±ö¡¢ËùÓб¨Ãû²Î»áÕß¡¢¼ÇÕß
ÖÐÍâÆóÒµ×ܲû¥¶¯ÂÛ̳£¨¶Ô»°ÐÎʽ£©ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê   µÛÍõÌü
17£º30©¦18£º30   ´ú±í×ÔÓɻÓë½»Á÷ʱ¼ä
18£º30©¦20£º30  ËùÓб¨Ãû²Î»áµÄÓë»á´ú±í¡¢¹ú¼ÒÕþ¸®²¿ÃźÍÉϺ£ÊÐÕþ¸®¹ÙÔ±¡¢VIP¼Î±ö   
Ö÷ÌâÍíÑçºÍÂÛÎÄ°ä½±  ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê   µÛÍõÌü
9ÔÂ25ÈÕ Ê±  ¼ä  ·ÖÂÛ̳ÌâÄ¿  Ö÷ Ìâ   µØ   µã
09£º00©¦11£º40  ÆóÒµÎïÁ÷¾­ÓªÕ½ÂÔÂÛ̳×ÔÓªÎïÁ÷ÓëÍâ°üÎïÁ÷  ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê 
  µÛÍõÌüA
ÆóÒµÎïÁ÷²É¹º¹ÜÀíÂÛ̳²É¹ºÖÐÐÄÎïÁ÷¹ÜÀí¼¼ÇÉÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê   µÛÍõÌüB
ÆóÒµÎïÁ÷ÐÅÏ¢¼¼ÊõÂÛ̳ÆóÒµÐÅÏ¢»¯ÓëÁ÷³ÌÔÙÔìÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê   µÛÍõÌüC
ÆóÒµÎïÁ÷¹¤³Ì¼¼ÊõÂÛ̳ÏÖ´ú»¯ÎïÁ÷ÖÐÐÄÉè¼ÆÓ뽨ÉèÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê   
»ªÏÄÌüA
ÆóÒµÎïÁ÷Ͷ×ʼ沢ÂÛ̳ÎïÁ÷Ͷ×ÊÏîÄ¿ÆÀ¹ÀÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê   »ªÏÄÌüB
11£º40|12£º00   ´ú±íÌáÎÊÓëÏ໥½»Á÷Ǣ̸
12£º20|13£º30   ´ú±íÎç²ÍÐÝϢʱ¼ä
13£º30|17£º30   ÏÖ³¡²Î¹Û2002ÄêÖйú£¨ÉϺ££©¹ú¼Ê½»Í¨/ÎïÁ÷¼¼ÊõÉ豸չÀÀ»á
ÏÖ³¡²Î¹ÛÏß·һ  ÖÆÔìÒµÆóÒµÎïÁ÷ÖÐÐIJιÛ(ÒâÏòÉϺ£Í¨ÓÃÆû³µGM)
ÏÖ³¡²Î¹ÛÏß·¶þ  ÎïÁ÷ÒµÆóÒµÎïÁ÷ÖÐÐIJιÛ(ÒâÏòÉϺ£ÆÖ¶«FEDEX)
ÏÖ³¡²Î¹ÛÏß·Èý  Á¬ËøÒµÆóÒµÎïÁ÷ÖÐÐIJιÛ(ÒâÏòÉϺ£»ªÁª³¬ÊÐ)
18£º30  |21£º30 
ÎïÁ÷¹©ÐèË«·½½»Á÷¾Æ»á²Î¼ÓÈËÔ±£ºËùÓб¨Ãû²Î»áµÄÓë»á´ú±í¡¢¹ú¼ÒÕþ¸®²¿ÃźÍÉϺ£ÊÐÕþ¸®¹ÙÔ±¡¢VIP¼Î±ö¡¢ÉϺ£ÊÐÌØÑûÍâ×ÊÆóÒµ¡¢¹úÓÐÆóÒµ¡¢Íâ¹úפ»¦ÁìʹÝÉÌÎñ´¦¡¢Íâ¹úפ»¦ÐÂÎÅýÌå¼ÇÕß¡¢ÒÔ¼°Ïà¹ØÌØÑû¼Î±ö

9ÔÂ26ÈÕ 09£º00|12£º00   ÆóÒµ¿ì¼þÎïÁ÷רҵÂÛ̳¹ú¼Ê¡¢³Ç¼Ê¡¢³ÇÊÐÎïÁ÷¿ì¼þ¹ÜÀí
ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê   µÛÍõÌüA
ÆóÒµÉÌÒµÎïÁ÷רҵÂÛ̳Á¬ËøÅäËÍÓëÎïÁ÷ÖÐÐĹÜÀí  ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê   µÛÍõÌüB
´ú±í²Î¼Ó½»Á÷»î¶¯£¨²èЪ£©
ÆóÒµÎïÁ÷´´Ð¹ÜÀíÂÛ̳µÚËÄ·½ÎïÁ÷Óë»ØÊÕÎïÁ÷ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê   µÛÍõÌüC
»õÖ÷ÆóÒµÎïÁ÷¹ÜÀíÂÛ̳¹©Ó¦Á´¹ÜÀíÓëÆóÒµÎïÁ÷KPIÆÀ¹ÀÌåϵ ÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê   
»ªÏÄÌüA
ÆóÒµÎïÁ÷È˲ŽÌÓýÂÛ̳·ûºÏÖйú¹úÇéÎïÁ÷ÏÖ´úÈ˲ÅÅàѵÌåϵÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê 
  »ªÏÄÌüB
12£º00  ±ÕĻʽÓëËͱðÎçÑç
13£º00|17£º00   ÖÐÍâÆóÒµÏîÄ¿½»Á÷»áôßÏÖ³¡×Éѯ½»Á÷»á  
ÎïÁ÷»ùµØÕÐÉÌÎïÁ÷¼¼Êõ×ÉѯÎïÁ÷¹ÜÀí×ÉѯÉϺ£¹ú¼Ê¹ó¶¼´ó·¹µê  µÛÍõÌü
Èý¡¢»áÒéÒéÌâ
01£®¼ÓÈëWTOºóÎÒ¹úÎïÁ÷ÒµÃæÁÙµÄÌôÕ½Óë»úÓö
02£®¹ú¼ÊÎïÁ÷·¢Õ¹µÄÏÖ×´¼°Î´À´Ç÷ÊÆ
03£®¹úÍâÎïÁ÷ʵ¼ùµÄ³É¹¦Óëʧ°Ü£¬Î´À´ºÍ»ú»á
04£®ÎïÁ÷Òµ·¨ÂÉ·¨¹æÏÖ×´¼°ÊµÊ©Çé¿ö
05£®¹©Ó¦Á´Õ½ÂÔºÏ×÷»ï°éµÄÑ¡ÔñÓëÆÀ¼Û
06£®ÏÖ´úÎïÁ÷ÓëÖÐСÆóÒµ·¢Õ¹Õ½ÂÔ
07£®ÖÐСÆóҵʵÐй©Ó¦Á´¹ÜÀíµÄ²ßÂÔ
08£®Á¬ËøÁãÊÛÒµµÄ¹©Ó¦Á´¹ÜÀí
09. ÎïÁ÷ÆóÒµÐÅÏ¢»¯µÄÌصãÓëģʽ
10. µç×ÓÉÌÎñ»·¾³ÏµÄÎïÁ÷ÔË×÷ģʽ
11. Éú²úÆóÒµÎïÁ÷¸ïÐÂÓëÔËÓªÕ½ÂÔ
12. µÚÈý·½ÎïÁ÷·þÎñÓëÊг¡ÓªÏú½â¾ö·½°¸
13. ÆóÒµÎïÁ÷Íâ°üÓëÎïÁ÷·þÎñ³Ð°üÐÎʽ
14. ÎïÁ÷ÆóÒµ¹ÜÀíģʽ´´ÐµÄʵ¼ù
15. 

Be Patient.

[Matthew X]

http://www.smh.com.au/articles/2002/08/10/1028158034347.html
Health records base a step closer
By Jenny Sinclair
August 13 2002
Next
Data quality and security are emerging as key issues for computerisation of 
patient health records around the world.
Last week's Health Informatics Conference (HIC 2002) in Melbourne heard 
that patient records were increasingly becoming computerised but the 
transfer of information between systems still caused problems.
The issues could have ramifications for an ambitious project under 
consideration for a supercomputing organisation.
The Victorian Partnership for Advanced Computing (VPAC), aims to use 
patient records as a massive database for health research.
Speakers at an HIC session on electronic patient records told of four 
projects, all aimed at finding the perfect solution for the masses of 
information needed in health care.
William Goossen, a researcher and consultant to a Dutch attempt to set up a 
national electronic patient records model, said the Netherlands had needed 
to combine many attempts at creating such systems.
The answer was to set up a national effort, bringing together the 
government, health providers and nursing associations in a single body.
Major factors in a successful patient records system were identified as the 
information structure or content, the technical infrastructure, safety and 
security issues, and having the new body do the work of developing a 
workable solution.
Professor Bill Appelbe, chief executive of supercomputing group VPAC, has 
said he would like to see standards set up for bringing together all kinds 
of medical records and tests.
Speaking before the conference, he said that most information from clinical 
trials was only available in hard copy and recorded manually.
This made data mining impossible, depriving researchers of potentially 
valuable sources of information. Similarly, having the general population's 
health records available electronically (in an anonymous form) would allow 
the possibility of faster and more accurate medical research.
He said VPAC had had interest from large software vendors in developing 
such systems, acting as a trusted third party to broker between the 
medical research industry and large database developers.
VPAC could take part in developing such specialised systems by applying 
modern software development (principles) to scientific software and hiring 
out its supercomputer's data-crunching facilities.
In Victoria work has been under way on a universal health-care database for 
mental health patients for five years.
The database project has been slowed by problems with messaging systems 
transferring data and by user feedback on early versions. The Victorian 
mental health-care approach has been to develop a centralised database with 
a unique patient indentifier, and to link it to clinic and hospital systems 
via an intermediary interface, pending development of a universal solution.
The database was divided into an archive database and an operational data 
store for current work.
Speaking for the project, Damian Curran said issues of training, 
insufficient bandwidth to local clinics and corruption of records had all 
needed to be overcome.
The department is about to move to a new phase of trying to connect clinics 
and hospitals directly to the central database.
Curran said key lessons from the project included the need to have proper 
documentation to allow for staff moving on, close monitoring of 
subcontractors, making sure the work kept up with current practices in the 
medical field, and it's not cheap - costs could be high.
At the Distributed Systems Technology Centre (DSTC) in Queensland, trials 
of a so-called Good Electronic Health Record (GEHR) are about to move to 
real-world testing. The GEHR is a worldwide attempt to standardise the way 
medical records are kept. Researcher Andrew Goodchild said the group had 
had excellent feedback from doctors participating in the trial.
The DSTC has helped develop editing software that allows medical 
practitioners to create simple archetypes or templates in which to store 
different kinds of information. The templates have parameters built into 
them that allow practitioners to specify what information must be entered, 
and what ranges are normal; so a template used to report blood tests, for 
instance, can automatically identify results out of the normal range.
Goodchild said that anyone setting up a records system for doctors should 
first find out what's politically and culturally, and work-wise acceptable 
for the clinicians.
The trial editor will be available for free download from the DSTC's site soon.
A working electronic patient records system has already been set up at the 
busy emergency section of the Austin and Repatriation Medical Centre in 
Melbourne.
The hospital engaged Sydney software company TrakHealth for the pilot 
scheme, which has allowed the emergency room to replace its giant 
whiteboard showing patient 

Telepsych.2000.

[Matthew X]

Introduction 
The Victorian Telepsychiatry Program was established in 1996
to improve access to mental health services for rural Victorians. 
The Program funded the establishment of 27 telepsychiatry facilities
located at Area Mental Health Service sites in rural base hospitals,
mental health centres and community-based locations across regional
Victoria, and facilities at six specialist service locations. 
The specialist services targeted by the Program were: 
·The
Mental Health Review Board (MHRB) 
·Forensic
Mental Health Service 
·Early
Psychosis Prevention and Intervention Centre (EPPIC) Statewide Service

·Child
and Adolescent Mental Health Services (CAMHS) at three locations: Austin
and Repatriation Medical Centre, Royal Children's Hospital and Monash
Medical Centre. 
The Program established linkages of two types: 
·Intra-service:
from major rural centres such as Bendigo, to smaller rural communities such as Swan Hill and Kyneton 
More on
http://www.health.vic.gov.au/mentalhealth/publications/telepsychiatry/

(±¤°í) Áßdz.Ä¡¸Å Àü¹®¿ä¾ç¿øÀÔ´Ï´Ù.

[kimyoungsang]

  
  style="COLOR: #3366ff; mso-fareast-font-family: µ¸¿òü"> °ü½ÉÀÖ´Â Å©¸®½ºÃ®ÀÇ µ¿¿ªµµ
  ¿øÇÕ´Ï´Ù.(Á÷¿ø¸ðÁý)
  THE PLUS ACTION OF HOUSE
  
  
  
 

OUT WITH THE OLD-IN WITH THE NEW!!! epern

[CAR BUYERS REPORT]

  You've seen the car you want. American or Foreign. With
the low interest rates of today,it's still rather expensive
for that top of the line car you want.

  How about if you could contact someone, a company, and tell 
them the exact car you were looking for and they told you were, 
close to you, to get it for ONLY $50 over dealer cost!
  This isn't a joke!

  $50 OVER DEALER COST!!!

  You tell them the exact car you want and they tell you were to 
pick it up!

  If you want to know more: 

 Send $5 cash (U.S. CURRENCY) for the:
 
HOW TO BUY A NEW CAR FOR $50 OVER DEALERS COST Report. 

 Checks NOT accepted. Make sure the 
cash is concealed by wrapping it in at least 2 
sheets of paper. On one of those sheets of paper, 
write the NAME of the Report you are 
ordering along with YOUR E-MAIL ADDRESS and your 
name and postal address, just in case something happens 
during mailing. 

SEND TO:

R.B.
PO BOX 863
Franklin Lakes, NJ 07417
USA 

PLACE YOUR ORDER FOR THIS REPORT TODAY!!!

HOW TO BUY A NEW CAR FOR $50 OVER CEALERS COST

fvwmxrgorwmutjrm

YOU CAN OWN AN ADULT SITE AND MAKE HUGE £££/$$$ 0150feRG7-268orDY3-17

[prospects5464p21]

My name is PEGGY  and I live in Switzerland.I just want to propose a business 
opportunity to you in the millionaire Adult Industry.

FACTS:

·   I have earn $3 800 up to now and I can send you my profit stats for you to see.

·   If you are not a sex surfer you can approach this just as a business 
opportunity without ever looking at the adult content.

·   You will earn 50% recurring commissions and you will receive your check twice 
a month.

·   This is an established, highly reputable company, with 6 years experience 
running adult web sites online. They are debt free, listed on Dun  Bradstreet and 
specialize in allowing you to cash in FAST and EASILY on the exploding online adult 
entertainment business without any experience other than surfing the web.


I OFFER:

·   Complete support for you to replicate my work in order to have the same 
results 

·   If you become a member I will give you my phone number, address and personal 
e-mail address for a perfect contact

·   The links to the tools I use to promote

If you are interested just e-mail me to [EMAIL PROTECTED]  with MORE INFO in the 
subject line, or REMOVE if you prefer to be removed from my mailing list.

2277GHpa5-684JmzJ3746mbug0-967mcPi6230lGl38

INTRESTED??RESPOND PROMPTLY

[MALIK ABACHA]

ATTN:SIR,

My wish at its peak is that you're in good health
because health is wealth.


I know you dont know me so I have to introduce myself
to you. My name is malik Abacha, a second cousin to the
late Nigerian Head of state Gen.Sani Abacha who rule
between 1993 and 1998. For more reference to me I would
love you to know more about my uncle. Please view this
site and read it contents carefully;

http://news.bbc.co.uk/hi/english/world/africa/newsid_741000/741506.stm

During the 4th year of his rule, he gave me a sum of
US$23M to boost my business which I just opened in Ogba
area of Lagos. Unfortunately, the complex which I was
using as a ware-house got burnt by a very ragious
inferno. I decided to keep the money until the next
year when I would start importing new goods from a
contractor in Germany which I had signed earlier before
the incident.

My uncle died the next year and everything blew up, the
new government started probing the whole family members
and freezed most of the family accounts.

To cut the long story short, they have not detected the
money which I secured in a Security company in Holland.
Please, I would need you to assist me in retrieving the
fund from the company because if I want to retrieve it
and they know my identity they would definitely freeze
the money in their account.

What you have to do is very simple, you will claim the
fund as a beneficiary from a contract which was
executed by an uncle of yours. All paper works would
be put in place for you to claim the money for me.

The total amount involved is US$16.5M. 10% would be for
any expenses incured during the transaction, 30% would
be for your support, while the remaining 60% remains
mine. I'm an African who believes in divine direction
and you have been divinely chosen to handle this
transaction.

I hope to hear from you soon.

Thanks.

Yours 
Malik Abacha.

look good and feel great

[Aileen]

As seen NBC, CBS, CNN, and even Oprah. As reported on in  
the New England Journal of Medicine.
Reverses aging while burning fat, without dieting or exercise.
Forget  aging and dieting forever And it's Guaranteed! 

1.Body Fat Loss 
2.Wrinkle Reduction
3.Increased Energy Levels
4.Muscle Strength improvement
5.Increased Sexual Potency
6.Improved Emotional Stability
7.Better Memory

Lose weight while building lean muscle mass
and reversing the ravages of aging all at once.
Check out the benefits of and absolute satisfaction guarantee
for this health product on this web page:

http://202.108.221.18/www205/
  
To unsubscribe from future offers,
just click here:
mailto:[EMAIL PROTECTED]?Subject=off 

cypherpunks,Life Changing Breakthrough Now Available For You!

[Alfred Irwin]

Hello, [EMAIL PROTECTED]Human Growth Hormone Therapy
Lose weight while building lean muscle massand reversing the ravages of aging all at once.
 
As seen on NBC, CBS, and CNN, and even Oprah! The health
discovery that actually reverses aging while burning fat,
without dieting or exercise! This proven discovery has even
been reported on by the New England Journal of Medicine.
Forget aging and dieting forever! And it's Guaranteed!

  
Lose WeightBuild Muscle ToneReverse Aging
Increased Libido
  Duration Of Penile Erection
  
  
Healthier Bones
Improved MemoryImproved skinNew Hair GrowthWrinkle Disappearance 

  Visit Our Web Site and Learn The Facts : Click Here
  
  If the above link is not operational, Please Click 
  Here again.
  
  
  You are receiving this email as a subscriber
  to the Opt-In America Mailing List. 
  To remove yourself from all related maillists,
  just Click 
  Here

Your web site.

[Mike]

Dear Subscriber,

If I could show you a way to get up to 17,169 visitors a day to any web site, 
absolutely free of charge, and taking up only 30 minutes a day of your time 
would you be interested?

Just click on the link (or copy and paste to your browser) for more information:

http://203.48.169.235/your/mpam/moreinfo.asp?[EMAIL PROTECTED]

Sincerely

Mike

p.s. The information provided is absolutely free, and you will be amazed at how 
quickly the visitors to your site will begin arriving, and by following a simple 12 
lesson plan your visitors (and income) will rise.

http://203.48.169.235/your/mpam/moreinfo.asp?[EMAIL PROTECTED]


You are receiving this email either as agreed to when you posted to one of our
many ffa pages, classified ad sites or search engines (either manually or through
an automatic submission service), or you are on a list of people who have
expressed an interest in increasing their web site traffic and full or part-time 
income.

If this is not the case we sincerely regret the intrusion and ask that you PLEASE
accept our sincerest apologies. Just follow the link below to unsubscribe from our
mailing list.

http://203.48.169.235/your/unsubscribe.asp?[EMAIL PROTECTED]

µçÄÔÅä¼þ¹©Ó¦

[[EMAIL PROTECTED]]

̨ÖÐÊ¢´ï¼¯ÍÅ´ó½°ìÊ´¦ 
ÎÒ¹«Ë¾³¤ÆÚ¾­ÓªÔ­×°½ø¿Ú²úÆ·.ÏÖÓеçÄÔÅä¼þ.±Ê¼Ç±¾.±Ê¼Ç±¾Åä¼þ.ÊýÂëÏà»ú.ÉãÏñ»ú.ͶӰÉè
±¸. ͶӰ¸½¼þ.Æû³µ.ÊÖ»ú.¼ÒÓõçÆ÷.²Êµç.¿Õµ÷..ÓÐÒâÔÚ¸÷µØ³ÏÕ÷´úÀíÖ±ÏúÉÌ. Ϊ±£Ö¤ÐÅÓþ
ʵÐлõµ½¸¶¿î.
 
Ò²ÐíÄú¶ÔÎÒÃǵļ۸ñÖ®µÍ±íʾ»³ÒÉ,µ«ÄúÊÇ·ñÖªµÀÎÒÃÇ´ÓµçÄÔÊг¡»òÉ̵êÂò»ØÀ´µÄ²úÆ·ÊǾ­
¹ý¸÷¼¶´úÀí²ã²ã¼Ó¼ÛµÄ½á¹û.Ó볧¼Ò³ö³§µÄ¼Û¸ñÓÐ×ÅÌìÈÀÖ®±ð.¶øÎÒÃǹ«Ë¾Í¨¹ýÌØÊâµÄ½ø»õÇþµÀ
ͨ¹ýÍøÂçÖ±ÏúÄÜ°ÑÖмä´úÀí·ÑÓÃÈ«²¿Ìê³ý,ʵÏÖÕæÕýµÄ¿Í»§Ó빫˾˫Ӯ½á¹û.

¿¼Âǵ½ÍøÂçµÄÐÅÓÃÎÊÌâ,ÎÒÃÇËù³öÊ۵IJúÆ·¾ùʵÐлõµ½¸¶¿îµÄÔ­Ôò.ÕâÖÖ·½Ê½Ëä»áÔö¼ÓÎÒÃǵÄ
ÔËÓª³É±¾,µ«ÎÒÃÇÏ£ÍûÒÔ³ÏÐŵķþÎñ°Ñ×Ô¼º×ö´ó×öÇ¿.ÓëÄúÁªÏµºÏ×÷ÊÂÒê.
 ( ÇëÎðÖ±½Ó»Ø¸´£¬ÓÐÒâÇëÀ´µçÁªÏµ.ÁªÏµÈË:ºú¿Ë ÁªÏµµç»°: 0138-59709838) 

 µçÄÔÅä¼þ(RMB.Ôª): 
A:Ö÷°å:
΢ÐÇ 845Pro2-LE(Socket,i845,SDRAM,AC97Éù¿¨) 380Ôª
845Pro (Socket,i845,SDRAM,AC97Éù¿¨) 430Ôª
850Pro5 (Socket,i850,8738Éù¿¨) 520Ôª
645UITRA (Socket478,SiS645оƬ 3DDR AC97) 330Ԫ
K7T266Pro (SocketA,KT266,3DDR,AC97) 310Ôª
K7T266Pro2-LE(SocketA,AC97,ATA100) 270Ôª
K7t266Pro2(SocketA,Ö§³ÖXP,3DDR,AC97) 310Ôª
815EPT Pro-NL(Socket370,i815EP,Ö§³ÖÐÂPIII,AC97,ATA100) 270Ôª
815EP Pro-R (Socket370,i850EP,IDE RAID) 280Ôª
815EP-NL (Socket370,i815EP,AC97) 250Ôª 
815ET Pro (Socket370,i815E,ÐÂPIII,i752,AC97) 340Ôª
694D Pro2-IR (Socket370,VIA694X/686B,RAID) 320Ôª
6309NL100 (Socket370,VIA694X/686B,AC97) 160Ôª
6309NL/-A (Socket370,VIA694X/686B,AC97,´´ÐÂ5880 190Ôª
ÃÀ´ï KT133B (SocketA,KT133/686B,ATA100,AC97) 180Ôª
6VA694XB (Socket370,VIA694x/686B,AC97,ATA100) 135Ôª
°º´ï VP266+128M DDR 295Ôª
VP266 (Socket370,VIA/APOLLO/PRO266/AC97) 200Ôª
VK266 (SocketA,KT133A/686B/AC97/ATA100) 190Ôª
VT-133PLUS(SocketA,KT133/686B/AC97/ATA100) 190Ôª
ID815E (Socket370,i815E/i752/AC97/ATA100) 195Ôª
ID815EP (Socket370,i815EP/AC97/ATA100) 190Ôª
ID810 (Socket370,i810/ATA66/i752ÏÔ¿¨/AC97Éù¿¨) 140Ôª
VP4-133PLUS(Socket370,VIA694x/686B/AC97/ATA100) 160Ôª
Vp4-133/M (Socket370,VIA694/596B/CMI8738Éù¿¨/ATA66) 140Ôª
VP-133 (Socket370,VIA693A/596B/CMI8738Éù¿¨/ATA66) 150Ôª
SIS730S (SocketA,SiS300/AC97/10/100MÍø¿¨) 155Ôª
SIS630E (Socket370,SIS630E/SiS300ÏÔ¿¨/AC97) 175Ôª
B:Ó²ÅÌ
Maxtor(ÂõÍØ)
40GB£¨ Plus 60/É¢£©7200ת\»º´æ:2MB 180Ôª 
40.9GB£¨ VL40/É¢£©5400ת\»º´æ:2MB 160Ôª 
160GB£¨ D540X/É¢£©5400ת\»º´æ:2MB 530Ôª 
120GB£¨D540X/É¢£©5400ת\»º´æ:2MB 350Ôª 
20GB£¨ Plus 60/É¢£© 7200ת\»º´æ:2MB 140Ôª
30GB£¨ Plus 60/É¢£©7200ת\»º´æ:2MB 170Ôª 
81.9GB£¨ 80/É¢£©5400ת\»º´æ:2MB 250Ôª 
20GB£¨ Plus D740X/É¢£©7200ת\»º´æ:2MB 170Ôª 
40GB£¨ Plus D740X/É¢£©7200ת\»º´æ:2MB 180Ôª 
20GB£¨ 541DX/É¢£©5400ת\»º´æ:2MB 160Ôª 
60GB£¨ D540X/É¢£©5400ת\»º´æ:2MB 200Ôª 
20GB£¨ 541DX/ºÐ£©5400ת\»º´æ:2MB 150Ôª 
60GB£¨ Plus D740X/É¢£©7200ת\»º´æ:2MB 220Ôª
80GB£¨ Plus D740X/É¢£©7200ת\»º´æ:2MB 300Ôª 
40GB£¨ D540X/É¢£©5400ת\»º´æ:2MB 160Ôª
20.4GB£¨ VL40/É¢£©5400ת\»º´æ:2MB 140Ôª
40GB£¨ Plus D740X/ºÐ£©7200ת\»º´æ:2MB 200Ôª 
60GB£¨Plus D740X/ºÐ£©7200ת\»º´æ:2MB 230Ôª
80GB£¨ Plus D740X/ºÐ£©7200ת\»º´æ:2MB 350Ôª 
40GB£¨ D540X/ºÐ£©5400ת\»º´æ:2MB 185Ôª 
80GB£¨ D540X/ºÐ£©5400ת\»º´æ:2MB 280Ôª 
20GB£¨ Plus D740X/ºÐ£©7200ת\»º´æ:2MB 160Ôª 
40GB£¨ 536DX/ºÐ£©5400ת\»º´æ:2MB 190Ôª 
80GB£¨ 536DX/ºÐ£©5400ת\»º´æ:2MB 280Ôª
60GB£¨ Plus 60/ºÐ£©7200ת\»º´æ:2MB 250Ôª
120GB£¨D540X/ºÐ£©5400ת\»º´æ:2MB 400Ôª 
81.9GB£¨ 80/ºÐ£©5400ת\»º´æ:2MB 270Ôª
60GB£¨ 536DX/ºÐ£©5400ת\»º´æ:2MB 230Ôª 
100GB£¨ 536DX/ºÐ£©5400ת\»º´æ:2MB 800Ôª 
60GB£¨ D540X/ºÐ£©5400ת\»º´æ:2MB 270Ôª 
160GB£¨ D540X/ºÐ£©5400ת\»º´æ:2MB 900Ôª 
30.7GB£¨ VL40/É¢£©5400ת\»º´æ:2MB 210Ôª
61.4GB£¨ 80/É¢£©5400ת\»º´æ:2MB 270Ôª
40GB£¨ 536DX/É¢£©5400ת\»º´æ:2MB 170Ôª
15GB£¨531DX/É¢£©5400ת\»º´æ:2MB 160Ôª 
20GB£¨Plus 60/ºÐ£©7200ת\»º´æ:2MB 180Ôª
Ï£½Ý
40.8GB£¨U Series 6£©5400ת\»º´æ:2MB 250Ôª 
40GB£¨Barracuda ATA IV£©7200ת\»º´æ:2MB 170Ôª 
60GB£¨Barracuda ATA IV£©7200ת\»º´æ:2MB 200Ôª 
20.4GB£¨U Series 6£©5400ת\»º´æ:512KB 140Ôª 
80GB£¨Barracuda ATA IV£©7200ת\»º´æ:2MB 250Ôª 
20GB£¨Barracuda ATA IV£©7200ת\»º´æ:2MB 160Ôª
30GB£¨Barracuda ATA III£©7200ת\»º´æ:2MB 170Ôª 
20GB£¨U Series 5£©5400ת\»º´æ:512KB 130Ôª
40GB£¨U Series 5£©5400ת\»º´æ:512KB 160Ôª
20GB£¨Barracuda ATA III£©7200ת\»º´æ:2MB 160Ôª 
40GB£¨Barracuda ATA III£©7200ת\»º´æ:2MB 170Ôª 
10.2GB£¨Barracuda ATA III£©7200ת\»º´æ:2MB 135Ôª 
10GB£¨U Series 5£©5400ת\»º´æ:512KB 100Ôª 
15.3GB£¨Barracuda ATA III£©7200ת\»º´æ:2MB 165Ôª
30GB£¨U Series 5£©5400ת\»º´æ:512KB 200Ôª
15.3GB£¨U Series 5£©5400ת\»º´æ:512KB 180Ôª 
ST39236/LW 1ת\»º´æ:2MB\ÈÝÁ¿:9.2GB 350Ôª
ST39236/LCV 7200ת\»º´æ:4MB\ÈÝÁ¿:9.2GB 400Ôª 
IBM
60GB£¨Deskstar 60GXP£©7200ת\»º´æ:2MB 190Ôª 
10GB£¨Travelstar 20GN£©4200ת\»º´æ:512KB 140Ôª
40GB£¨Deskstar 60GXP£©7200ת\»º´æ:2MB 170Ôª
40GB£¨Deskstar 120GXP£©7200ת\»º´æ:2MB 170Ôª 
80GB£¨Deskstar 120GXP£©7200ת\»º´æ:2MB 230Ôª
30GB£¨Travelstar 20GN£©
±Ê¼Ç±¾Ó²ÅÌ\תËÙ:4200ת\»º´æ:512KB 320Ôª
40GB£¨Travelstar 20GN£©
±Ê¼Ç±¾Ó²ÅÌ\תËÙ:4200ת\»º´æ:512KB 400Ôª
120GB£¨Deskstar 120GXP£©
̨ʽ»úÓ²ÅÌ\תËÙ:7200ת\»º´æ:2MB 430Ôª 
18.3GB£¨Ultrastar 36LZX/68£©
·þÎñÆ÷Ó²ÅÌ\תËÙ:1ת\»º´æ:4MB 420Ôª 
18.3GB£¨Ultrastar 36LZX/80£©

FWD: CAN YOU READ THIS PLEASE

[Timothy Wayne]

  
  

  


  

  

  


  
  
ÿA9
  Copyright 2002 - All rights reservedIf you would no longer like us
  to contact you or feel that you havereceived this email in error,
  please click here to
  unsubscribe.

Business Class Specials

[T.M. Airfare]

Title: EARN MORE COMMISSION







  
  

  Last Minute
  Airfares For Domestic And International Cities
  Supplying the
  travel industry for over 15 yearsNO ADVANCED
  PURCHASES!
  
  
  


  
 EARN MORE COMMISSIONS NO
ADVANCE PURCHASE / NO MINIMUM STAY LAST MINUTE BUSINESS CLASS FARE ECONOMY
CLASS FARES AVAILABLE


  WE SPECIALIZE
IN ASIA, MIDDLE EAST, EUROPE, CENTRAL, AND SOUTH AMERICA
  


  
  Why
  pay more when you don't have to!
  Fill out form below to have representativecontact you with
  flight information. 
  Required Input field *
  
  
  


  *Name:
  

  Email:
  

  *Phone:
  

  Phone 2:
  

  Best Time to contact:
  

  Departure City:
  

  Arrival City:
  
  
  
  
  
  To be removed please click
  here

µçÄԵͼÛÅäËÍ

[[EMAIL PROTECTED]]

Àö¶¼ÏòÄãÎʺÃ!
ÎÒ¹«Ë¾³¤ÆÚ´Óʹú¼ÊóÒ×,ΪÍÚ¾òÊг¡Ç±Á¦¡¢À©´ó¾­Óª¹æÄ£,ÒâÔÚ¹óµØ
Ñ°ÕÒÁôÒ×´°¿Ú,Ìؽ«´Ë¼Ûͬ±í³Ê¹óµ¥Î»²Î¿¼.ÎÒ˾ÌṩһÁ÷Æ·ÖÊ,Ò»Á÷·þÎñ,ËÍ»õÉÏÃÅ,
»õµ½¸¶¿î, ÅúÁí¾ù¿É.»¶Ó­¸÷½çÅóÓÑÀ´µç´¹Ñ¯¼°Ö§³Ö.¶àл!!!


Àö¶¼¹ú¼ÊóÒ×¹«Ë¾

ÖйúITóÒײ¿ :Ëï½£·å

ÇëÎðÖ±½Ó»Ø¸´£¬ÓÐÒâÕßÇëÀ´µç --0135-15049234






Ò».µçÄÔÅä¼þ(RMB.Ôª): 
A:ÏÔʾÆ÷
SONY
CPD-G420/ÌØÀöçç\ÏÔÏñ¹Ü³ß´ç:19\µã¾à:0.25mm\ÊÓƵ´ø¿í:230MHz 2300 
CPD-E230/ÌØÀöçç\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.25mm 1100 
CPD-G220/ÌØÀöçç\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.25mm\ÊÓƵ´ø¿í:203MHz 1600 
CPD-G520/ÌØÀöçç\ÏÔÏñ¹Ü³ß´ç:21\µã¾à:0.24mm\ÊÓƵ´ø¿í:341MHz 4000
·ÉÀûÆÖ
107P/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.25mm\ÊÓƵ´ø¿í:203MHz 800 
107E/ ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.27mm\ÊÓƵ´ø¿í:108MHz 500 
105S/ ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:15\µã¾à:0.28mm\ÊÓƵ´ø¿í:79MHZ 380 
201B/Òñդʽ´¿Æ½¹Ü\ÏÔÏñ¹Ü³ß´ç:21\µã¾à:0.25mm\ÊÓƵ´ø¿í:261MHz 2400
109B/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:19\µã¾à:0.25mm\ÊÓƵ´ø¿í:234MHz 1250 
109P/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:19\µã¾à:0.24mm\ÊÓƵ´ø¿í:261MHz 1800 
109S/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:19\µã¾à:0.27mm\ÊÓƵ´ø¿í:203MHz 1000 
201P/Òñդʽ´¿Æ½¹Ü\ÏÔÏñ¹Ü³ß´ç:21\µã¾à:0.24mm\ÊÓƵ´ø¿í:320MHz 3900 
105E/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:15\µã¾à:0.28mm\ÊÓƵ´ø¿í:65MHz 350 
107B3/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.25mm\ÊÓƵ´ø¿í:176MHz 680 
107G/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.24mm\ÊÓƵ´ø¿í:108MHz 580 
107T/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.25mm\ÊÓƵ´ø¿í:108MHz 600
ÈýÐÇ
551S/15\µã¾à:0.24mm\ÊÓƵ´ø¿í:65MHz 320 
753DF/DynaFlat´¿Æ½\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.20mm\ÊÓƵ´ø¿í:110MHz 490 
753S/17\µã¾à:0.23mm\ÊÓƵ´ø¿í:110MHz 500 
1100P/21\µã¾à:0.22mm\ÊÓƵ´ø¿í:230MHz 2600 
755DF/17\µã¾à:0.20mm\ÊÓƵ´ø¿í:135MHz 600
743DF/ 17\µã¾à:0.20mm\ÊÓƵ´ø¿í:110MHz 480 
753DFX/17\µã¾à:0.20mm\ÊÓƵ´ø¿í:110MHz 580 
755DFX/17\µã¾à:0.20mm\ÊÓƵ´ø¿í:185MHz 560 
757DFX/17\µã¾à:0.20mm\ÊÓƵ´ø¿í:250MHz 810 
1200NF/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:22\µã¾à:0.24mm\ÊÓƵ´ø¿í:340MHz 3700 
550S/15\µã¾à:0.24mm\ÊÓƵ´ø¿í:80MHz 400 
955DF/ȫƽÃæÖ±½Ç\ÏÔÏñ¹Ü³ß´ç:19\µã¾à:0.20mm\ÊÓƵ´ø¿í:185MHz 1150 
750S/17\µã¾à:0.24mm\ÊÓƵ´ø¿í:110MHz 580 
EMC
DX787/ÈýÐǵ¤ÄȹÜ\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.25mm\ÊÓƵ´ø¿í:150MHz 550
PF797/ÈýÐǵ¤ÄȹÜ\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.25mm\ÊÓƵ´ø¿í:202.5MHz 600 
DX997N/HitachiºÚ¾§¾ØÕó¹Ü\ÏÔÏñ¹Ü³ß´ç:19\µã¾à:0.25mm\ÊÓƵ´ø¿í:202.5MHz 980 
PX558/15\µã¾à:0.28mm 300 
FX772N/17\µã¾à:0.27mm\ÊÓƵ´ø¿í:120MHz 500 
DZ777NS/ ÈýÐǵ¤ÄȹÜ\ÏÔÏñ¹Ü³ß´ç:17\µã¾à:0.20mm\ÊÓƵ´ø¿í:110MHz 500
LT541/15\Òº¾§°åµã¾à:0.297mm 600 
HG562/15\Òº¾§°åµã¾à:0.297mm 690 
BM468/14.1\Òº¾§°åµã¾à:0.279mm\ÁÁ¶È:180cd/m2\¶Ô±È¶È:200:1 500 
568 II/15\Òº¾§°åµã¾à:0.279mm\ÁÁ¶È:200cd/m2\¶Ô±È¶È:400:1 730 
BM568/15\Òº¾§°åµã¾à:0.3mm\ÁÁ¶È:200cd/m2\¶Ô±È¶È:350:1 1500 
ÈýÐÇ
151S/15\Òº¾§°åµã¾à:0.297mm\ÁÁ¶È:250cd/m2\¶Ô±È¶È:330:1 780 
171S/17\Òº¾§°åµã¾à:0.264mm\ÁÁ¶È:250cd/m2\¶Ô±È¶È:350:1 1820 
151MP/15\Òº¾§°åµã¾à:0.297mm\ÁÁ¶È:250cd/m2\¶Ô±È¶È:330:1 1600 
171MP/17\Òº¾§°åµã¾à:0.264mm\ÁÁ¶È:240cd/m2\¶Ô±È¶È:400:1 2500 
210T/21.3\Òº¾§°åµã¾à:0.270mm\ÁÁ¶È:230cd/m2\¶Ô±È¶È:400:1 12000 
151BM/15\Òº¾§°åµã¾à:0.297mm\ÁÁ¶È:250cd/m2\¶Ô±È¶È:330:1 900 
240T/ 24.06\Òº¾§°åµã¾à:0.270mm\ÁÁ¶È:230cd/m2\¶Ô±È¶È:500:1 19000 
151B/15\Òº¾§°åµã¾à:0.297mm\ÁÁ¶È:250cd/m2\¶Ô±È¶È:330:1 1000 
SONY
SMD-M51/15.1\Òº¾§°åµã¾à:0.3mm\ÁÁ¶È:200 cd/m2\¶Ô±È¶È:300:1 980
SMD-M81/18.1\Òº¾§°åµã¾à:0.3mm\ÁÁ¶È:200 cd/m2\¶Ô±È¶È:300:1 3200 
SDM-N50/15\Òº¾§°åµã¾à:0.297mm\ÁÁ¶È:200cd/m2\¶Ô±È¶È:300:1 3000 
B:CPU
1..7G£¨Socket 478/ºÐ£©
Ö÷Ƶ:1.7GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 500 
1.6G£¨Socket 478/É¢£©
Ö÷Ƶ:1.6GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 500 
1.6G£¨Socket 478/ºÐ£©
Ö÷Ƶ:1.6GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 510
1.5G£¨Socket 478/É¢£©
Ö÷Ƶ:1.5GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 450 
4 1.7G£¨Socket 478/É¢£©
Ö÷Ƶ:1.7GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 490
1.5G£¨Socket 478/ºÐ£©
Ö÷Ƶ:1.5GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 480 
4 1.8GA£¨Socket 478/NORTHWOOD/ºÐ£©
Ö÷Ƶ:1.8GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:512KB 550 
2.0GA£¨Socket 478/NORTHWOOD/ºÐ£©
Ö÷Ƶ:2.0GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:512KB 600 
1.8G£¨Socket 478/É¢£©
Ö÷Ƶ:1.8GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 590 
1.6GA£¨Socket 478/NORTHWOOD/É¢£©
Ö÷Ƶ:1.6GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:512KB 510 
1.8GA£¨Socket 478/NORTHWOOD/É¢£©
Ö÷Ƶ:1.8GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:512KB 580 
2.0GA£¨Socket 478/NORTHWOOD/É¢£©
Ö÷Ƶ:2.0GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:512KB 620 
1.6G£¨Socket 423/É¢£©
Ö÷Ƶ:1.6GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 423\¶þ¼¶»º´æ:256KB 500 
1.8G£¨Socket 478/ºÐ£©
Ö÷Ƶ:1.8GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 620 
1.6GA£¨Socket 478/NORTHWOOD/ºÐ£©
Ö÷Ƶ:1.6GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:512KB 540 
2.0G£¨Socket 478/ºÐ£©
Ö÷Ƶ:2.0GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 478\¶þ¼¶»º´æ:256KB 700
1.5G£¨Socket 423/ºÐ£©
Ö÷Ƶ:1.5GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 423\¶þ¼¶»º´æ:256KB 430 
1.5G£¨Socket 423/É¢£©
Ö÷Ƶ:1.5GHz\ÍâƵ:400MHz\²å²ÛÀàÐÍ:Socket 423\¶þ¼¶»º´æ:256KB 460 
1.7G£¨Socket 

Re: CDR: status of various projects?

[Jim Choate]

It's more than 'distributed publishing', it's distributed everything. Have
your grid and eat it too!

Use Plan 9:

http://plan9.bell-labs.com

The Hangar 18 Co-Op:

http:[EMAIL PROTECTED]


On Wed, 14 Aug 2002, Miles Fidelman wrote:

 It seems like a lot of interesting projects haven't been active for a
 while - notably Free Haven and Eternity Usenet.  Where is the most active
 work, these days,  on distributed publishing systems?
 
 
 **
 The Center for Civic Networking   PO Box 600618
 Miles R. Fidelman, President Newtonville, MA 02460-0006
 Director, Municipal Telecommunications
 Strategies Program617-558-3698 fax: 617-630-8946
 [EMAIL PROTECTED]http://civic.net/ccn.html
 
 Information Infrastructure: Public Spaces for the 21st Century
 Let's Start With: Internet Wall-Plugs Everywhere
 Say It Often, Say It Loud: I Want My Internet!
 **
 


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

SSZ Downtime - Schedule Change

[Jim Choate]

Hi,

We're facing a last minute change in our scheduled downtime. The current
window is from Fri., Aug. 16 through Sun., Aug. 25. This is from tomorrow
(Fri.) through Sunday of next weekend.

I apologize for the short notice on the change and any inconvenience this
might cause. We do not expect to experience such extended downtimes in the
(near) future.

See you in about a week!


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

Insight on the News Email Edition

[Insight on the News]

INSIGHT NEWS ALERT!

New stories from Insight on the News are now online.

http://insightmag.com/

...

Folks, we really struck a nerve with Mike Waller’s cover story on the ways many 
in power are turning the war on terror to their own ends. In case you missed it, 
we still have it posted http://insightmag.com/news/260503.html. The same goes 
for Doug Burton’s  pro and con on whether the NAACP should lose its tax 
exemption (because it’s an arm of the Democratic Party) 
http://insightmag.com/news/260519.html. That’s it for today. Check out our 
website – then go sit in the shade. From the Bunker, I remain your newsman in 
Washington.

...

SYMPOSIUM – PRO  CON

SHOULD THE NAACP LOSE ITS TAX EXEMPTION?

ARMSTRONG WILLIAMS SAYS -- YES: It's time the IRS investigated the NAACP for 
advancing a clearly partisan agenda.

http://insightmag.com/news/260519.html

REP. SHEILA JACKSON LEE SAYS -- NO: The NAACP's decades-long fight for justice 
does not amount to political partisanship.

[By: Rep. Sheila Jackson Lee]

http://insightmag.com/news/260520.html

...

HOUSE EXPULSION OF TRAFICANT IS A POT CALLING A KETTLE BLACK

Tom Adkins says: punishment? Yes. But expulsion? From the same group that boasts 
29 wife-beaters, seven defrauders (including House Minority Leader Dick 
Gephardt, who lied on a home-loan application), 19 check kiters, three 
assaulters and two apparent child rapists? A select club that boasts 14 drug 
arrests, eight shoplifters and countless drunk drivers? 

http://insightmag.com/news/260513.html

...

MEDIA MANUFACTURE CLOUD OF SUSPICION OVER HATFILL

Nicholas Stix asks where did all the rumors about the bioweapons expert 
originate?

http://insightmag.com/news/260804.html





  William F. Buckley, Jr.: Pied Piper for the Establishment

HAVE YOU BEEN DECEIVED?

Discover Buckley’s promotion of liberal causes and how he has been leading 
Americans away from true conservatism since the 1960s.

http://www.jbs.org/buckley/insight2.htm





KYOTO ALL OVER AGAIN

Martin Walker tells us that the U.S. is about to become the Global Warming 
Meanie one more time.

http://insightmag.com/news/260776.html

...

TWO CHEERS FOR TRIAL LAWYERS

Christopher Whalen writes that their critics liken them to parasites, but others 
say trial lawyers are the only remaining champions of consumer rights – thanks 
to the federal government's indifference.

http://insightmag.com/news/260508.html

...

FERC SAYS POWER FIRMS MAYBE GAMED MARKETS

Hill Anderson asks if energy companies did manipulate the western electricity 
markets.

http://insightmag.com/news/260778.html

...

A CONSTANT THORN IN CLINTON’S SIDE

Stephen Goode tells us that whether he’s investigating Bill Clinton's 
skulduggery or the effects of lax immigration control, David Bossie and Citizens 
United aim to be timely, tough and truthful.

http://insightmag.com/news/260517.html

...

HOW THE WEST BECAME NUMBER 1

Hans Nichols says Dinesh D'Souza defangs the multiculturalists.

http://insightmag.com/news/260512.html





 INSIGHT SUBSCRIPTION SPECIAL!

 Save $50.83 (Off Our Newsstand Price)

 https://www.collegepublisher.com/insightsub/subform1.cfm




You have received this newsletter because you have a user name and password at 
Insight on the News.
To unsubscribe from this newsletter, visit 
http://insightmag.com/main.cfm?include=unsubscribe;. You may also log into 
Insight on the News and edit your account preferences on the Web.

If you have forgotten or don't know your user name and password, it will be 
emailed to you after visiting the following link:
http://insightmag.com/main.cfm?include=emailPasswordserialNumber=16oai891z5[EMAIL PROTECTED]

Hello ! 8638URua6-230yEiM3882Kxky-24

[sender4841y01]

: )))

Subject: Give away FREE CD's - Earn $5K in 30 Days! PROOF!


May I send you this FREE CD?

Pop it into your computer, and get the preliminary details
on how YOU can be an INVESTOR in the Network Marketing
Industry and earn 400-700% return in 4 months...

and NEVER sell ANYTHING to ANYBODY
or RECRUIT anyone to sell ANYTHING to ANYBODY!

I am a real person - a mom of 5 and a proud grandma -
and on this CD you will see PROOF that we earned

*** $26,087.58 in our first 94 days!  ***
   $10.192.83 just yesterday!!! ***

If you can GIVE AWAY free CD's and products,
and let ME talk to people FOR you, then
I have an EXACT business plan to show you
PRECISELY what returns you can expect
and in exactly what time frame.

Let US work FULL TIME for you. We've helped others...
  Julie P. earned $750 in one week with us
  Jeff A. earned $6500 in 5 weeks with us
  Kate B. earned $740 in 11 days with us

And we NOW have an EXACT business plan for you and can tell you EXACTLY
what to expect with where you're starting. No guesswork - we've done it.

See the PROOF with your own eyes - let me send YOU this FREE CD today!

To get your FREE CD , please send the following information:
Name
Address
Phone Number


mailto:[EMAIL PROTECTED]?subject=FREE_CD

To be removed from future mailings, please
mailto:[EMAIL PROTECTED]?subject=REMOVE








8018jlGr9-193Lwgm5489GclE3-017WrhU6903jHDs8-978cKQQ8234nNCB3-652OnSR6645okAz4-921PIl78

Search

[Donna Rossi]

Pursuantto 
seeing your information on the web 
today, the following information provides a background of our Company and 
specifically in the search we are engaged in to complete for one of our 
Clients. Further information is 
provided below. 
Since 1977, Joseph Chris Partners has specialized in 
recruiting outstanding professional and executive level talent for Residential 
and Commercial (Office, Retail,  Industrial) Development and Construction 
Industry. We have successfully completed over 3000 search assignments in 46 
states and 5 countries and are recognized as the leading search firm exclusive 
to Real Estate, Development and Construction Industries.
Please consider this exceptional opportunity and provide us 
with any referrals of others that may find this a benefit. In addition, we would like the 
opportunity to assist you and senior level staffing and recruiting projects for 
your Company.
Sincerely,
Donna Rossi, PartnerJoseph 
Chris Partners608-831-3511 X 24 (Office)608-831-4870 
(Fax)[EMAIL PROTECTED]www.josephchris.com
JOSEPH 
CHRIS PARTNERS
EXECUTIVE 
SEARCH
Senior 
Underwriter 
COMPANY 
DESCRIPTION:
Our 
Client is a national real estate Lending organization that provides borrowers, 
brokers and financial institutions commercial mortgages, equity, small business 
loans, defeasance and Fannie Mae financing options. Our Client is a national company with 
East and West coast offices.
POSITION REQUIREMENTS:
Our 
Client is seeking a Senior Underwriter to join their Atlanta, GA Management 
Team. Responsibilities include DUS 
underwriting, screening Fannie Mae loans and delivering Multifamily 
mortgages. Yield maintenance 
negotiation skills, working with percentage pre-payment premium methods, 
defeasance, property appraisals, environmental assessments and physical needs 
assessments are beneficial. An outgoing personality and leadership 
skills is a plus.
SEARCH FIRM INFORMATION:
Since, 1977 JOSEPH CHRIS 
PARTNERS, is the leading specialized executive search and recruiting firm to the 
Real Estate, Development and Construction Industry. Real Estate Owners, Developers, 
Construction, Investment, and Management of Residential and Commercial projects 
retain our firm for mid-senior level recruiting assignments. 
COMMENTS BY 
SEARCH DIRECTOR:
The 
opportunity for upside in this position is tremendous along with a lucrative 
base salary. Dynamic management team, enormous opportunity for an 
underwriter who wants to be a key strategist for this well respected 
company.
 

Executive 
search consultants to the multifamily industry

ADV: Interest rates slashed! Don't wait! xpqpd

[safety33o]

INTEREST RATES HAVE JUST BEEN CUT!!!
   
NOW is the perfect time to think about refinancing your home mortgage! Rates are down! 
Take a minute and fill out our quick online form. 
http://ww2.watershedmoment.com/refi/
 
Easy qualifying, prompt, courteous service, low rates! Don't wait for interest rates 
to go up again, lock in YOUR low rate now!



   

  
---
To unsubscribe, go to: 
http://ww2.watershedmoment.com/stopthemailplease/
Please allow 48-72 hours for removal.

TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)

[Adam Back]

[resend via different node: [EMAIL PROTECTED] seems to be dead --
primary MX refusing connections]

Phew... the document is certainly tortuous, and has a large number of
similarly and confusingly named credentials, certificates and keys,
however from what I can tell this is what is going on:

Summary: I think the endorsement key and it's hardware manufacturers
certificate is generated at manufacture and is not allowed to be
changed.  Changing ownership only means (typically) deleting old
identities and creating new ones.

The longer version...

- endorsement key generation and certification - There is one
endorsement key per TPM which is created and certified during
manufacture.  The creation and certification process is 1) create
endorsement key pair, 2) export public key endorsement key, 3)
hardware manufacturer signs endorsement public key to create an
endorsement certificate (to certify that that endorsement public key
belongs to this TPM), 4) the certificate is stored in the TPM (for
later use in communications with the privacy CA.)

- ownership - Then there is the concept of ownership.  The spec says
the TPM MUST ship with no Owner installed.  The owner when he wishes
to claim ownership choose a authentication token which is sent into
the TPM encrypted with the endorsement key.  (They give the example of
the authentication token being the hash of a password).  Physical
presence tests apply to claiming ownership (eg think BIOS POST with no
networking enabled, or physical pin on motherboard like BIOS flash
enable).  The authentication token and ownership can be changed.  The
TPM can be reset back to a state with no current owner.  BUT _at no
point_ does the TPM endorsement private key leave the TPM.  The
TPM_CreateEndorsementKeyPair function is allowed to be called once
(during manufacture) and is thereafter disabled.

- identity keys - Then there is the concept of identity keys.  The
current owner can create and delete identities, which can be anonymous
or pseudonymous.  Presumably the owner would delete all identity keys
before giving the TPM to a new owner.  The identity public key is
certified by the privacy CA.

- privacy ca - The privacy CA accepts identity key certification
requests which contain a) identity public key b) a proof of possession
(PoP) of identity private key (signature on challenge), c) the
hardware manufacturers endorsement certificate containing the TPM's
endorsement public key.  The privacy CA checks whether the endorsement
certificate is signed by a hardware manufacturer it trusts.  The
privacy CA sends in response an identity certificate encrypted with
the TPM's endorsement public key.  The TPM decrypts the encrypted
identity certifate with the endorsement private key.

- remote attestation - The owner uses the identity keys in the remote
attestation functions.  Note that the identity private keys are also
generated on the TPM, the private key also never leaves the TPM.  The
identity private key is certified by the privacy CA as having been
requested by a certified endorsement key.


The last two paragraphs imply something else interesting: the privacy
CA can collude with anyone to create a virtualized environment.  (This
is because the TPM endorsement key is never directly used in remote
attestation for privacy reasons.)  All that is required to virtualize
a TPM is an attestation from the privacy CA in creating an identity
certificate.

So there are in fact three avenues for FBI et al to go about obtaining
covert access to the closed space formed by TCPA applications: 

(A) get one of the hardware manufacturers to sign an endorsement key
generated outside a TPM (or get the endorsement CA's private key), or

(B) get a widely used and accepted privacy CA to overlook it's policy
of demanding a hardware manufacturer CA endorsed endorsement public
key and sign an identity public key created outside of a TPM (or get
the privacy CA's private key).

(C) create their own privacy CA and persuade an internet server they
wish to investigate the users of to accept it.  Create themselves a
virtualized client using their own privacy CA, look inside.


I think to combat problem C) as a user of a service you'd want the
remote attestation of software state to auditably include it's
accepted privacy CA database to see if there are any strange Privacy
CAs on there.

I think you could set up and use your own privacy CA, but you can be
sure the RIAA/MPAA will never trust your CA.  A bit like self-signing
SSL site keys.  If you and your friends add your CA to their trusted
root CA database it'll work.  In this case however people have to
trust your home-brew privacy CA not to issue identity certificates
without having seen a valid hardware-endorsement key if they care
about preventing virtualization for the privacy or security of some
network application.

Also, they seem to take explicit steps to prevent you getting multiple
privacy CA certificates on the same identity key.  (I'm not sure why.)

Re: Overcoming the potential downside of TCPA

[Anonymous]

[Repost]

Joe Ashwood writes:

 Actually that does nothing to stop it. Because of the construction of TCPA,
 the private keys are registered _after_ the owner receives the computer,
 this is the window of opportunity against that as well.

Actually, this is not true for the endoresement key, PUBEK/PRIVEK, which
is the main TPM key, the one which gets certified by the TPM Entity.
That key is generated only once on a TPM, before ownership, and must
exist before anyone can take ownership.  For reference, see section 9.2,
The first call to TPM_CreateEndorsementKeyPair generates the endorsement
key pair. After a successful completion of TPM_CreateEndorsementKeyPair
all subsequent calls return TCPA_FAIL.  Also section 9.2.1 shows that
no ownership proof is necessary for this step, which is because there is
no owner at that time.  Then look at section 5.11.1, on taking ownership:
user must encrypt the values using the PUBEK.  So the PUBEK must exist
before anyone can take ownership.

 The worst case for
 cost of this is to purchase an additional motherboard (IIRC Fry's has them
 as low as $50), giving the ability to present a purchase. The
 virtual-private key is then created, and registered using the credentials
 borrowed from the second motherboard. Since TCPA doesn't allow for direct
 remote queries against the hardware, the virtual system will actually have
 first shot at the incoming data. That's the worst case.

I don't quite follow what you are proposing here, but by the time you
purchase a board with a TPM chip on it, it will have already generated
its PUBEK and had it certified.  So you should not be able to transfer
a credential of this type from one board to another one.

 The expected case;
 you pay a small registration fee claiming that you accidentally wiped your
 TCPA. The best case, you claim you accidentally wiped your TCPA, they
 charge you nothing to remove the record of your old TCPA, and replace it
 with your new (virtualized) TCPA. So at worst this will cost $50. Once
 you've got a virtual setup, that virtual setup (with all its associated
 purchased rights) can be replicated across an unlimited number of computers.
 
 The important part for this, is that TCPA has no key until it has an owner,
 and the owner can wipe the TCPA at any time. From what I can tell this was
 designed for resale of components, but is perfectly suitable as a point of
 attack.

Actually I don't see a function that will let the owner wipe the PUBEK.
He can wipe the rest of the TPM but that field appears to be set once,
retained forever.

For example, section 8.10: Clear is the process of returning the TPM to
factory defaults.  But a couple of paragraphs later: All TPM volatile
and non-volatile data is set to default value except the endorsement
key pair.

So I don't think your fraud will work.  Users will not wipe their
endorsement keys, accidentally or otherwise.  If a chip is badly enough
damaged that the PUBEK is lost, you will need a hardware replacement,
as I read the spec.

Keep in mind that I only started learning this stuff a few weeks ago,
so I am not an expert, but this is how it looks to me.

Re: Spam blocklists?

[Marcel Popescu]

From: Sunder [EMAIL PROTECTED]

 None of those things work.  Most spammers don't give a shit if you don't
 receive email.  I can attest to this by the slew of spam going to
 hostmaster, webmaster, and the like on many networks.  What they're really
 selling is ten million addresses and spam software.  Even if 9 million
 of those are bullshit, they couldn't care less.  The more things with @
 signs in'em the more money they make off clueless businesses.

We talk about different things then :) I don't care that they make money off
clueless businesses... I care that they don't send ME spam. If I can solve
the second problem, the first one will take care of itself.

Mark

CT-RSA 2003 -- preliminary call for papers

[Trei, Peter]

[From sci.crypt -pt]

From: [EMAIL PROTECTED] (Marc Joye)
Newsgroups: sci.crypt.research, sci.crypt
Subject: CT-RSA 2003 -- preliminary call for papers
Date:  Thu, 15 Aug 2002 12:20:39 + (UTC)

===

   Preliminary Call for Papers -- CT-RSA 2003

   Submission deadline: Oct. 1, 2002

  Cryptographers' Track, RSA Conference 2003 (CT-RSA 2003)
   April 13-17, 2003, Moscone Center, San Francisco, USA
   http://reg2.lke.com/rs3/rsa2003/crypto.html
(see also http://www.rsaconference.net/)

===

Following the success of the two previous editions, the
Cryptographers' Track of RSA Conference 2003 (CT-RSA 2003)
will be run as an anonymously refereed conference with
proceedings. The proceedings of CT-RSA 2001 and CT-RSA 2002 were
published in Springer-Verlag's Lecture Notes in Computer Science
series as LNCS 2020 and LNCS 2271, respectively.

Original research papers pertaining to all aspects of cryptography
as well as tutorials are solicited. Submissions may present theory,
techniques, applications and practical experience on topics
including, but not limited to: fast implementations, secure
electronic commerce, network security and intrusion detection,
formal security models, comparison and assessment, tamper
resistance, certification and time-stamping, cryptographic data
formats and standards, encryption and signature schemes, public
key infrastructure, protocols, elliptic curve cryptography,
cryptographic algorithm design and cryptanalysis, discrete
logarithms and factorization techniques, lattice reduction, and
provable security.


IMPORTANT DATES:

  Submission deadline: Oct. 1, 2002
  Acceptance notification: Nov. 1, 2002
  Proceedings version: Nov. 17, 2002


INSTRUCTIONS FOR AUTHORS:

The program committee invites research contributions and tutorials
in the broad area of applications and theory of cryptography.
Correspondence, including submissions, will take place entirely
via e-mail. All submissions will be blind refereed. To make a
submission, please send two separate e-mail messages to

   [EMAIL PROTECTED]

(the first message should contain the paper's title, the names and
affiliations of the authors and should identify the contact author,
including e-mail and postal addresses; the second message should
contain the submission itself in PostScript or in PDF).

The paper must be anonymous, with no author names, affiliations,
acknowledgements, or obvious references.  It should begin with a
title, a short abstract, and a list of keywords.  The paper should
be at most 12 pages (excluding the bibliography and clearly marked
appendices), and at most 18 pages in total, using at least 11-point
font and reasonable margins.  Submissions not meeting these
guidelines risk rejection without consideration of their merits.


PROCEEDINGS

For an accepted paper to be included in the proceedings, the
authors of the paper must guarantee that at least one of the
co-authors will attend the conference and deliver the talk
(registration fees will be waived for the co-author delivering
the talk).


PROGRAM COMMITTEE:

  Giuseppe Ateniese  Chi-Sung Laih
  John Black Tatsuaki Okamoto
  Daniel Bleichenbacher  David Pointcheval
  Rosario GennaroBart Preneel
  Stuart Haber   Jean-Jacques Quisquater
  Helena Handschuh   Tsuyoshi Takagi
  Markus Jakobsson   Gene Tsudik
  Antoine Joux   Serge Vaudenay
  Marc Joye (Chair)  Sung-Ming Yen
  Kwangjo KimMoti Yung
  Seungjoo Kim   Yuliang Zheng

TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)

[Adam Back]

Phew... the document is certainly tortuous, and has a large number of
similarly and confusingly named credentials, certificates and keys,
however from what I can tell this is what is going on:

Summary: I think the endorsement key and it's hardware manufacturers
certificate is generated at manufacture and is not allowed to be
changed.  Changing ownership only means (typically) deleting old
identities and creating new ones.

The longer version...

- endorsement key generation and certification - There is one
endorsement key per TPM which is created and certified during
manufacture.  The creation and certification process is 1) create
endorsement key pair, 2) export public key endorsement key, 3)
hardware manufacturer signs endorsement public key to create an
endorsement certificate (to certify that that endorsement public key
belongs to this TPM), 4) the certificate is stored in the TPM (for
later use in communications with the privacy CA.)

- ownership - Then there is the concept of ownership.  The spec says
the TPM MUST ship with no Owner installed.  The owner when he wishes
to claim ownership choose a authentication token which is sent into
the TPM encrypted with the endorsement key.  (They give the example of
the authentication token being the hash of a password).  Physical
presence tests apply to claiming ownership (eg think BIOS POST with no
networking enabled, or physical pin on motherboard like BIOS flash
enable).  The authentication token and ownership can be changed.  The
TPM can be reset back to a state with no current owner.  BUT _at no
point_ does the TPM endorsement private key leave the TPM.  The
TPM_CreateEndorsementKeyPair function is allowed to be called once
(during manufacture) and is thereafter disabled.

- identity keys - Then there is the concept of identity keys.  The
current owner can create and delete identities, which can be anonymous
or pseudonymous.  Presumably the owner would delete all identity keys
before giving the TPM to a new owner.  The identity public key is
certified by the privacy CA.

- privacy ca - The privacy CA accepts identity key certification
requests which contain a) identity public key b) a proof of possession
(PoP) of identity private key (signature on challenge), c) the
hardware manufacturers endorsement certificate containing the TPM's
endorsement public key.  The privacy CA checks whether the endorsement
certificate is signed by a hardware manufacturer it trusts.  The
privacy CA sends in response an identity certificate encrypted with
the TPM's endorsement public key.  The TPM decrypts the encrypted
identity certifate with the endorsement private key.

- remote attestation - The owner uses the identity keys in the remote
attestation functions.  Note that the identity private keys are also
generated on the TPM, the private key also never leaves the TPM.  The
identity private key is certified by the privacy CA as having been
requested by a certified endorsement key.


The last two paragraphs imply something else interesting: the privacy
CA can collude with anyone to create a virtualized environment.  (This
is because the TPM endorsement key is never directly used in remote
attestation for privacy reasons.)  All that is required to virtualize
a TPM is an attestation from the privacy CA in creating an identity
certificate.

So there are in fact three avenues for FBI et al to go about obtaining
covert access to the closed space formed by TCPA applications: 

(A) get one of the hardware manufacturers to sign an endorsement key
generated outside a TPM (or get the endorsement CA's private key), or

(B) get a widely used and accepted privacy CA to overlook it's policy
of demanding a hardware manufacturer CA endorsed endorsement public
key and sign an identity public key created outside of a TPM (or get
the privacy CA's private key).

(C) create their own privacy CA and persuade an internet server they
wish to investigate the users of to accept it.  Create themselves a
virtualized client using their own privacy CA, look inside.


I think to combat problem C) as a user of a service you'd want the
remote attestation of software state to auditably include it's
accepted privacy CA database to see if there are any strange Privacy
CAs on there.

I think you could set up and use your own privacy CA, but you can be
sure the RIAA/MPAA will never trust your CA.  A bit like self-signing
SSL site keys.  If you and your friends add your CA to their trusted
root CA database it'll work.  In this case however people have to
trust your home-brew privacy CA not to issue identity certificates
without having seen a valid hardware-endorsement key if they care
about preventing virtualization for the privacy or security of some
network application.

Also, they seem to take explicit steps to prevent you getting multiple
privacy CA certificates on the same identity key.  (I'm not sure why.)
It seems like a bad thing as it forces you to trust just one CA, it
prevents web of trust which 

Re: trade-offs of secure programming with Palladium (Re: Palladium: technical limits and implications)

[Russell Nelson]

Adam Back writes:
  So there are practical limits stemming from realities to do with code
  complexity being inversely proportional to auditability and security,
  but the extra ring -1, remote attestation, sealing and integrity
  metrics really do offer some security advantages over the current
  situation.

You're wearing your programmer's hat when you say that.  But the
problem isn't programming, but is instead economic.  Switch hats.  The
changes that you list above may or may not offer some security
advantages.  Who cares?  What really matters is whether they increase
the cost of copying.  I say that the answer is no, for a very simple
reason: breaking into your own computer is a victimless crime.

In a crime there are at least two parties: the victim and the
perpetrator.  What makes the so-called victimless crime unique is that
the victim is not present for the perpetration of the crime.  In such
a crime, all of the perpetrators have reason to keep silent about the
comission of the crime.  So it will be with people breaking into their
own TCPA-protected computer and application.  Nobody with evidence of
the crime is interested in reporting the crime, nor in stopping
further crimes.

Yes, the TCPA hardware introduces difficulties.  If there is way
around them in software, then someone need only write it once.  The
whole TCPA house of cards relies on no card ever falling down.  Once
it falls down, people have unrestricted access to content.  And that
means that we go back to today's game, where the contents of CDs are
open and available for modification.  Someone could distribute a pile
of random bits, which, when xored with the encrypted copy, becomes
an unencrypted copy.

-- 
-russ nelson  http://russnelson.com |
Crynwr sells support for free software  | PGPok | businesses persuade
521 Pleasant Valley Rd. | +1 315 268 1925 voice | governments coerce
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   |

Re: status of various projects?

[Myers W. Carpenter]

On Wed, 2002-08-14 at 10:58, Miles Fidelman wrote:
 It seems like a lot of interesting projects haven't been active for a
 while - notably Free Haven and Eternity Usenet.  Where is the most active
 work, these days,  on distributed publishing systems?

Try Mnet (http://mnet.sf.net/).  It's the continuation of the Mojo
Nation code base.  We are close to a stable release (0.5.1), but there
are a lot of known bugs that we are leaving in the system (because we
are rewriting the code that the bugs are found in).

Our main goal for the next release is to make it easier for new coders
to understand what's going on under the hood.  That and replacing the
single point of failure metatracker system with a distributed hash
table. 

The old mojo token based system is no longer in use, but we hope to
replace it with an OpenDBS based system, or a stamp based system.

myers

Re: Overcoming the potential downside of TCPA

[AARG! Anonymous]

Joe Ashwood writes:

 Actually that does nothing to stop it. Because of the construction of TCPA,
 the private keys are registered _after_ the owner receives the computer,
 this is the window of opportunity against that as well.

Actually, this is not true for the endoresement key, PUBEK/PRIVEK, which
is the main TPM key, the one which gets certified by the TPM Entity.
That key is generated only once on a TPM, before ownership, and must
exist before anyone can take ownership.  For reference, see section 9.2,
The first call to TPM_CreateEndorsementKeyPair generates the endorsement
key pair. After a successful completion of TPM_CreateEndorsementKeyPair
all subsequent calls return TCPA_FAIL.  Also section 9.2.1 shows that
no ownership proof is necessary for this step, which is because there is
no owner at that time.  Then look at section 5.11.1, on taking ownership:
user must encrypt the values using the PUBEK.  So the PUBEK must exist
before anyone can take ownership.

 The worst case for
 cost of this is to purchase an additional motherboard (IIRC Fry's has them
 as low as $50), giving the ability to present a purchase. The
 virtual-private key is then created, and registered using the credentials
 borrowed from the second motherboard. Since TCPA doesn't allow for direct
 remote queries against the hardware, the virtual system will actually have
 first shot at the incoming data. That's the worst case.

I don't quite follow what you are proposing here, but by the time you
purchase a board with a TPM chip on it, it will have already generated
its PUBEK and had it certified.  So you should not be able to transfer
a credential of this type from one board to another one.

 The expected case;
 you pay a small registration fee claiming that you accidentally wiped your
 TCPA. The best case, you claim you accidentally wiped your TCPA, they
 charge you nothing to remove the record of your old TCPA, and replace it
 with your new (virtualized) TCPA. So at worst this will cost $50. Once
 you've got a virtual setup, that virtual setup (with all its associated
 purchased rights) can be replicated across an unlimited number of computers.
 
 The important part for this, is that TCPA has no key until it has an owner,
 and the owner can wipe the TCPA at any time. From what I can tell this was
 designed for resale of components, but is perfectly suitable as a point of
 attack.

Actually I don't see a function that will let the owner wipe the PUBEK.
He can wipe the rest of the TPM but that field appears to be set once,
retained forever.

For example, section 8.10: Clear is the process of returning the TPM to
factory defaults.  But a couple of paragraphs later: All TPM volatile
and non-volatile data is set to default value except the endorsement
key pair.

So I don't think your fraud will work.  Users will not wipe their
endorsement keys, accidentally or otherwise.  If a chip is badly enough
damaged that the PUBEK is lost, you will need a hardware replacement,
as I read the spec.

Keep in mind that I only started learning this stuff a few weeks ago,
so I am not an expert, but this is how it looks to me.

You deserve a vacation

[a10ecun]

We are strongly against sending unsolicited 
emails to those who do not wish to receive our special mailings. You have 
opted in to one or more of our affiliate sites requesting to be notified of 
any special offers we may run from time to time. We also have attained the 
services of an independent 3rd party to overlook list management and removal 
services. This is NOT unsolicited email. If you do not wish to receive 
further mailings, please
click this 
link . Please accept our apologies if you have been sent this email in 
error. We honor all removal requests



5

RE: trade-offs of secure programming with Palladium (Re: Palladiu m: technical limits and implications)

[Trei, Peter]

 Russell Nelson[SMTP:[EMAIL PROTECTED]] writes:
 
 You're wearing your programmer's hat when you say that.  But the
 problem isn't programming, but is instead economic.  Switch hats.  The
 changes that you list above may or may not offer some security
 advantages.  Who cares?  What really matters is whether they increase
 the cost of copying.  I say that the answer is no, for a very simple
 reason: breaking into your own computer is a victimless crime.
 
 In a crime there are at least two parties: the victim and the
 perpetrator.  What makes the so-called victimless crime unique is that
 the victim is not present for the perpetration of the crime.  In such
 a crime, all of the perpetrators have reason to keep silent about the
 comission of the crime.  So it will be with people breaking into their
 own TCPA-protected computer and application.  Nobody with evidence of
 the crime is interested in reporting the crime, nor in stopping
 further crimes.
 
[...]

Russ: 

Take off your economic hat, and try on a law-enforcement one.

With DMCA, etal, the tools to get around TCPA's taking of your
right to use your property as you please have been criminalized.
(Don't argue that TCPA will always be voluntary. I don't beleive 
that).

I have little patience with arguments which say 'Yeah, they can
make X against the law, but clever people like me can always
get around it, and won't get caught, so I don't care.'

Maybe you can, some of the time, but that's not the point. Most
people won't, either because it's too hard, they don't know what
they've lost, or because of a misplaced respect for the whims of 
The Men with Guns. This is not a Good Thing.

A freedom to skulk in the shadows, hoping not to be noticed, is not
the legacy I wish to leave behind.

Peter Trei

Re: 2seks

[Ser Bilgin]

Hic bir yerde bulup izleyemeyeceginiz icerigi size http://www.2seks.com sunuyor.
TURK VE AVRUPALI AMATOR KIZLAR
BULGAR KIZLARI
ROMEN HATUNLAR
TURK TECAVUZ FILMLERI
KIZLAR YURDU
ALMANYA'NIN SAPIK HATUNLARI
OTELDEKI GIZLI KAMERALAR
VE DAHASI...

Hepsi orjinal ve kaliteli kayitlar. Hemen giris yapin ve tadini cikartin
http://www.2seks.com

Re: 2seks

[Senada Gemici]

Hic bir yerde bulup izleyemeyeceginiz icerigi size http://www.2seks.com sunuyor.
TURK VE AVRUPALI AMATOR KIZLAR
BULGAR KIZLARI
ROMEN HATUNLAR
TURK TECAVUZ FILMLERI
KIZLAR YURDU
ALMANYA'NIN SAPIK HATUNLARI
OTELDEKI GIZLI KAMERALAR
VE DAHASI...

Hepsi orjinal ve kaliteli kayitlar. Hemen giris yapin ve tadini cikartin
http://www.2seks.com

Hundreds of lenders compete for you

[mariah]

Title: Get A Mortgage Today






  

Now you can
have HUNDREDS of lenders compete for your loan! 

Refinancing 
New Home Loans 
Debt Consolidation 
Debt Consultation 
Auto Loans 
Credit Cards 
Student Loans 
Second Mortgage 
Home Equity 


Dear Homeowner,

Interest Rates
are at their lowest point in 40 years! We help you find the best rate for
your situation by matching your needs with hundreds of lenders! 
Home
Improvement, Refinance, Second Mortgage, Home Equity Loans, and More!
Even with less than perfect credit!

This service is 

100% FREE to home owners and new home buyers without
any obligation. 

Just fill out a quick, simple form and jump-start your future plans today!


Click Here
To Begin
 
  










Go
here to be taken off

YOU CAN OWN AN ADULT SITE AND MAKE HUGE £££/$$$ 6082dOCs9-767dfNF0563epzi0-178-28

[prospects0732d61]

My name is PEGGY  and I live in Switzerland.I just want to propose a business 
opportunity to you in the millionaire Adult Industry.

FACTS:

·   I have earn $3 750 up to now and I can send you my profit stats for you to see.

·   If you are not a sex surfer you can approach this just as a business 
opportunity without ever looking at the adult content.

·   You will earn 50% recurring commissions and you will receive your check twice 
a month.

·   This is an established, highly reputable company, with 6 years experience 
running adult web sites online. They are debt free, listed on Dun  Bradstreet and 
specialize in allowing you to cash in FAST and EASILY on the exploding online adult 
entertainment business without any experience other than surfing the web.


I OFFER:

·   Complete support for you to replicate my work in order to have the same 
results 

·   If you become a member I will give you my phone number, address and personal 
e-mail address for a perfect contact

·   The links to the tools I use to promote

If you are interested just e-mail me to [EMAIL PROTECTED]  with MORE INFO in the 
subject line, or REMOVE if you prefer to be removed from my mailing list.

1439SZIf0-277aIgD1760quRf6-833cNIL0972zDDR5-477WaQw2388zDPL6-976KOtG5094l68

TCPA hack delay appeal

[AARG! Anonymous]

It seems that there is (a rather brilliant) way to bypass TCPA (as spec-ed.) I learned 
about it from two separate sources, looks like two independent slightly different 
hacks based on the same protocol flaw.

Undoubtedly, more people will figure this out.

It seems wise to suppress the urge and craving for fame and NOT to publish the 
findings at this time. Let them build the thing into zillion chips first. If you must, 
post the encrypted time-stamped solution identifying you as the author but do not 
release the key before TCPA is in many, many PCs.

Re: TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)

[Mike Rosing]

On Thu, 15 Aug 2002, Adam Back wrote:

 Summary: I think the endorsement key and it's hardware manufacturers
 certificate is generated at manufacture and is not allowed to be
 changed.  Changing ownership only means (typically) deleting old
 identities and creating new ones.

Are there 2 certificates?  One from the manufacturer and one from
the privacy CA?

 - endorsement key generation and certification - There is one
 endorsement key per TPM which is created and certified during
 manufacture.  The creation and certification process is 1) create
 endorsement key pair, 2) export public key endorsement key, 3)
 hardware manufacturer signs endorsement public key to create an
 endorsement certificate (to certify that that endorsement public key
 belongs to this TPM), 4) the certificate is stored in the TPM (for
 later use in communications with the privacy CA.)

So finding the manufacturers signature key breaks the whole system
right?  Once you have that key you can create as many fake TPM's
as you want.

 TPM can be reset back to a state with no current owner.  BUT _at no
 point_ does the TPM endorsement private key leave the TPM.  The
 TPM_CreateEndorsementKeyPair function is allowed to be called once
 (during manufacture) and is thereafter disabled.

But it's easier to manufacture it by burning fuse links so it
can't be read back - ala OTP.  so the manufacturer could have a
list of every private key (just because they aren't supposed to
doesn't prevent it.)  It still meets the spec - the key never leaves
the chip.

 - identity keys - Then there is the concept of identity keys.  The
 current owner can create and delete identities, which can be anonymous
 or pseudonymous.  Presumably the owner would delete all identity keys
 before giving the TPM to a new owner.  The identity public key is
 certified by the privacy CA.

 - privacy ca - The privacy CA accepts identity key certification
 requests which contain a) identity public key b) a proof of possession
 (PoP) of identity private key (signature on challenge), c) the
 hardware manufacturers endorsement certificate containing the TPM's
 endorsement public key.  The privacy CA checks whether the endorsement
 certificate is signed by a hardware manufacturer it trusts.  The
 privacy CA sends in response an identity certificate encrypted with
 the TPM's endorsement public key.  The TPM decrypts the encrypted
 identity certifate with the endorsement private key.

How does the CA check the endorsement certificate?  If it's by
checking the signature, then finding the manufacturer's private
key is very worthwhile - the entire TCPA for 100's of millions
of computers gets compromised.  If it's by matching with the
manufacturer's list then anonymity is impossible.

Thanks for the analysis Adam.  It seems like there are a couple of
obvious points to attack this system at.  I would think it's easy
to break for a large enough government.

Patience, persistence, truth,
Dr. mike

Create a PAYCHECK with you COMPUTER

[Esther52]

You get emails every day, offering to show you how to make money. Most of these emails 
are from people who are NOT making any and they expect you to listen to them?


Enough.

If you want to make money with your computer, then you should hook up with a group 
that is actually DOING it. We are making a large, continuing income every month. 
What's more we will show YOU how to do the same thing.

This business is done completely by internet and email, and you can even join for free 
to check it out first. If you can send an email, you can do this. No special skills 
are require.

How much are we making? Below are a few examples. These are real people, and most of 
them work at this business part-time. But keep in mind, they do WOEK at it - I am not 
going to insult your intelligence by saying you can sign up, do no work and rake in 
the cash. That kind of job does not exist. But if you are willing to put in 10 - 12 
hours per week, this might just be the thing you are looking for.

N. Gallagher; $3000 per month
T. Hopkins; $1000 per month
S. Johnson; $6000 - $7000 per month
V. Patalano; $2000 per month
M. South; $5000 per month
J. Henslin; $7000 per month

This is not income that is determined by luck, or work that is done FOR you - it is 
all based on your effort. But, as I said there are no special skills required. This 
income is real meaning that it continues each month (and it tends to increase each 
month also).

Interested? I invite you to find out more. You can get in as a free member, at no 
cost, and no obligation to continue if you decide it is not for you. We are just 
looking for people who have that burning desire to find an opportunity that will pay 
them incredibly well, if they work at it.

To grab a FREE ID#, simply reply to: [EMAIL PROTECTED] and write this phrase;
Email me details about the club's business and consumer opportunities.
Be sure to include your;
1.  First name
2.  Last name
3.  Email address (if different from above)

We will confirm your position and send you a special report as soon as possible, and 
also your free Member Number.

That's all there is to it.

We'll then send you info, and you can make up your own mind.

Looking forward to hearing from you!

Sincerely,

Esther Rodriguez

P.S.
After having several negative experiences with network marketing companies I had 
pretty much given up on them. This is different - there is value, integrity, and a 
REAL opportunity to have your own home-based business….
And finally make real money on the Internet.

Don't pass this up. . You can sign up and test - drive the program for FREE. All you 
need to do is get your free Membership.

Unsubscribe: Send a blank email to:  [EMAIL PROTECTED]
Remove in the subject line.


5966csiZ3-051aPNd7987bpKq1-077MeBc15l34

Consider this if you will.

[Matthew X]

Consider this: An inarticulate, politically inexperienced man with family 
links to a previous national regime comes to provincial leadership. 
Subsequently he gains the highest national office without winning the 
popular vote. The election in which he was declared the victor is 
considered compromised by his brother's province. He appoints a chief law 
enforcement officer who has repeatedly called for constitutional revisions. 
Regulatory agencies are filled with those previously regulated. Soldiers 
patrol transportation centers. International treaties are abrogated. 
International legal organizations are shunned. Roles of police and military 
are blurred. Law enforcement agencies are centralized. Individual civil 
rights are reduced. A shadow government is created.
Domestic surveillance is increased. People are encouraged to spy on each 
other. Military budgets are increased. The military establishes a 
disinformation program. Media access to government is limited. 
Consultations with the legislative branch decline. Connections to corrupt 
corporate sponsors are disavowed. Efforts to further plunder natural 
resources for profit are initiated. Access to past administrations' 
documents is limited. A war mentality is established with imprecise 
enemies. Nebulous fear- inducing alerts are periodically released. National 
level profiling is introduced. People are imprisoned without public charges 
and unknown others are disappeared.
http://www.indymedia.org/front.php3?article_id=198145group=webcast
Don't mention the war.

Re: TCPA hack delay appeal

[John Young]

Well, it's probably safer to publish the hack anonymously
and see if it withstands counter-hacking. Could be Microsoft
is baiting and waiting for just such attacks. The giant might
even leak and spread a few itself in order to shoot them down, 
to boost its eye-mote credibility.

Send the hack to Cryptome anonymously if there's no better 
way to test its effectiveness. Keeping snakeoil secret is a sure
way to uncontested success, aka the way of Redmond.

Re: TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)

[Adam Back]

I think a number of the apparent conflicts go away if you carefully
track endorsement key pair vs endorsement certificate (signature on
endorsement key by hw manufacturer).  For example where it is said
that the endorsement _certificate_ could be inserted after ownership
has been established (not the endorsement key), so that apparent
conflict goes away.  (I originally thought this particular one was a
conflict also, until I noticed that.)  I see anonymous found the same
thing.

But anyway this extract from the CC PP makes clear the intention and
an ST based on this PP is what a given TPM will be evaluated based on:

http://niap.nist.gov/cc-scheme/PPentries/CCEVS-020016-PP-TPM1_9_4.pdf

p 20:
| The TSF shall restrict the ability to initialize or modify the TSF 
| data: Endorsement Key Pair [...] to the TPM manufacturer or designee.

(if only they could have managed to say that in the spec).

Adam
--
http://www.cypherspace.org/adam/

Apply For a Cell Phone And Get a FREE VACATION!!!

[Special Deals]

Title: Free Phone Search
   



 
 
 
   You have
signed up with one of our network partners to receive email providing you
with special offers that may appeal to you. If you do not wish to receive
these offers in the future, reply to this email with "unsubscribe" in the
subject or simply click on the following link: Unsubscribe
 
 

employment market for applied cryptographers?

[Adam Back]

On the employment situation... it seems that a lot of applied
cryptographers are currently unemployed (Tim Dierks, Joseph, a few
ex-colleagues, and friends who asked if I had any leads, the spate of
recent security consultant .sigs, plus I heard that a straw poll of
attenders at the codecon conference earlier this year showed close to
50% out of work).

Are there any more definitive security industry stats?  Are applied
crypto people suffering higher rates of unemployment than general
application programmers?  (From my statistically too small sample of
acquaintances it might appear so.)

If this is so, why is it?

- you might think the physical security push following the world
political instability worries following Sep 11th would be accompanied
by a corresponding information security push -- jittery companies
improving their disaster recovery and to a lesser extent info sec
plans.

- governments are still harping on the info-war hype, national
information infrastructure protection, and the US Information Security
Czar Clarke making grandiose pronouncements about how industry ought
to do various things (that the USG spent the last 10 years doing it's
best to frustrate industry from doing with it's dumb export laws)

- even Microsoft has decided to make a play of cleaning up it's
security act (you'd wonder if this was in fact a cover for Palladium
which I think is likely a big play for them in terms of future control
points and (anti-)competitive strategy -- as well as obviously a play
for the home entertainment system space with DRM)

However these reasons are perhaps more than cancelled by:

- dot-com bubble (though I saw some news reports earlier that though
there is lots of churn in programmers in general, that long term
unemployment rates were not that elevated in general)

- perhaps security infrastructure and software upgrades are the first
things to be canned when cash runs short?  

- software security related contract employees laid off ahead of
full-timers?  Certainly contracting seems to be flat in general, and
especially in crypto software contracts look few and far between.  At
least in the UK some security people are employed in that way (not
familiar with north america).

- PKI seems to have fizzled compared to earlier exaggerated
expectations, presumably lots of applied crypto jobs went at PKI
companies downsizing.  (If you ask me over use of ASN.1 and adoption
of broken over complex and ill-defined ITU standards X.500, X.509
delayed deployment schedules by order of magnitude over what was
strictly necessary and contributed to interoperability problems and I
think significantly to the flop of PKI -- if it's that hard because of
the broken tech, people will just do something else.)

- custom crypto and security related software development is perhaps
weighted towards dot-coms that just crashed.

- big one probably: lack of measurability of security -- developers
with no to limited crypto know-how are probably doing (and bodging)
most of the crypto development that gets done in general, certainly
contributing to the crappy state of crypto in software.  So probably
failure to realise this issue or perhaps just not caring, or lack of
financial incentives to care on the part of software developers.
Microsoft is really good at this one.  The number of times they
re-used RC4 keys in different protocols is amazing!


Other explanations?  Statistics?  Sample-of-one stories?

Adam
--
yes, still employed in sofware security industry; and in addition have
been doing crypto consulting since 97 (http://www.cypherspace.net/) if
you have any interesting applied crypto projects; reference
commissions paid.

Fw: A faster test for PRIMALITY?

[Gary Jeffers]

- Original Message - 
From: Gary Jeffers [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 14, 2002 5:47 PM
Subject: Fw: A faster test for PRIMALITY?


 
 - Original Message -
 From: Gary Jeffers [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Tuesday, August 13, 2002 9:25 PM
 Subject: A faster test for PRIMALITY?
 
 
 
  My fellow Cypherpunks,
 
  Lucky Green says:
  AFICT, the proposed algorithm is for a test for primality and does not
  represent an algorithm to factor composites.
 
  Well, pardon me!  I was in a hurry and should have proof read. As a
 save,
  however, I did put a question mark at the end  :-)
 
  Yours Truly,
  Gary Jeffers
 
  Beat State!!!
  And the other oppressors.
 
 
 
 
 

Re: TCPA not virtualizable during ownership change

[James A. Donald]

--
On 15 Aug 2002 at 15:26, AARG! Anonymous wrote:
 Basically I agree with Adam's analysis.  At this point I 
 think he understands the spec equally as well as I do.  He 
 has a good point about the Privacy CA key being another 
 security weakness that could break the whole system.  It 
 would be good to consider how exactly that problem could be 
 eliminated using more sophisticated crypto.

Lucky claims to have pointed this out two years ago, proposed 
more sophisticated crypto, and received a hostile reception.

Which leads me to suspect that the capability of the powerful 
to break the system is a designed in feature.  

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 JjoH8U8qZ1eOdT/yGjfV7Xz9andBZPeYWaOLC+NP
 2/OJG2MZSnAqcyuvUsNZTsQAcffGGST6LJ7e9vFbK

.. the productive and most profitable way to organize is to disintegrate.

[Matthew X]

The Declustering of America:
With the new telecommunications technology, it is increasingly easy
for a firm to operate in a dispersed manner. Although only really
discussing geography, I find articles like this fascinating, of course,
because today are living early forms of the next company
described by Peter Drucker: By
now the new information technology — Internet and e-mail — have
practically eliminated the physical costs of communications. This has
meant that the most productive and most profitable way to organize is to
disintegrate.
6:36:27 AM 
http://www.ozzie.net/blog/

Re: TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)

[lynn . wheeler]

I arrived at that decision over four years ago ... TCPA possibly didn't
decide on it until two years ago. In the assurance session in the TCPA
track at spring 2001 intel developer's conference I claimed my chip was
much more KISS, more secure, and could reasonably meet the TCPA
requirements at the time w/o additional modifications. One of the TCPA guys
in the audience grossed that I didn't have to contend with the committees
of hundreds helping me with my design.

There are actually significant similarities between my chip and the TPM
chips.

I'm doing key gen at very first, initial power-on/test of wafer off the
line (somewhere in dim past it was drilled into me that everytime something
has to be handled it increases the cost).

Also, because of extreme effort at KISS, the standard PP evaluation stuff
gets much simpler and easier because most (possibly 90 percent) of the
stuff is N/A or doesn't exist

early ref:
http://www.garlic.com/~lynn/aadsm2.htm#staw

or refs at (under subject aads chip strawman):
http://www.garlic.com/~lynn/index.html#aads

brand  other misc. stuff:
http://www.asuretee.com/

random evauation refs:
http://www.garlic.com/~lynn/aadsm12.htm#13 anybody seen (EAL5) semi-formal
specification for FIPS186-2/x9.62 ecdsa?
http://www.garlic.com/~lynn/2002j.html#86 formal fips186-2/x9.62 definition
for eal 5/6 evaluation



[EMAIL PROTECTED] on 8/15/2002 6:44 pm wrote:

I think a number of the apparent conflicts go away if you carefully
track endorsement key pair vs endorsement certificate (signature on
endorsement key by hw manufacturer).  For example where it is said
that the endorsement _certificate_ could be inserted after ownership
has been established (not the endorsement key), so that apparent
conflict goes away.  (I originally thought this particular one was a
conflict also, until I noticed that.)  I see anonymous found the same
thing.

But anyway this extract from the CC PP makes clear the intention and
an ST based on this PP is what a given TPM will be evaluated based on:

http://niap.nist.gov/cc-scheme/PPentries/CCEVS-020016-PP-TPM1_9_4.pdf

p 20:
| The TSF shall restrict the ability to initialize or modify the TSF
| data: Endorsement Key Pair [...] to the TPM manufacturer or designee.

(if only they could have managed to say that in the spec).

Adam
--
http://www.cypherspace.org/adam/

au PROMIS

[Matthew X]

Searched the web for
police realtime online management
system. Results 1 - 10 of about 2,740. Search took 0.23 seconds.

Rapport de l'OICS pour 2001 - Table des matières- [Translate this page ]
... PNUCID Programme des Nations Unies pour le contrôle international des drogues
PROMIS Police Realtime Online Management Information System (Australie) SADC ... 
www.incb.org/f/ar/2001/menu.htm - 18k - Cached - Similar pages 
Informe de la JIFE de 2001 - Índice- [Translate this page ]
... PNUFID Programa de las Naciones Unidas para la Fiscalización Internacional de
Drogas PROMIS Police Realtime Online Management Information System (Australia ... 
www.incb.org/s/ar/2001/menu.htm - 18k - Cached - Similar pages
[ More results from www.incb.org ] 
July 1996 - Technology Snapshot
... Local police and sheriffs' departments in Louisiana now ... access to the Louisiana Law
Enforcement Management System, ... to implement CAD/Partner, a realtime, online ... 
www.govtech.net/magazine/gt/1996/ july/snapjuly/snapjuly.phtml - 20k - Cached - Similar pages 
May 1997 - Raising Highway IQ
... general office, Emergency Management Agency, State Police, ... will be able to obtain
realtime, online ... system, a relational database management system, realtime ... 
www.govtech.net/magazine/gt/1997/may/may1997-raisinghighwayiq/ may1997-raisinghighwayiq.phtml - 24k - Cached - Similar pages
[ More results from www.govtech.net ] 
Intelligent Enterprise Magazine - Smarter, Faster, More ... 
... of an overall effort by the state to provide online ... by defrauders, Target hopes to
profit handsomely from realtime, ... The West Midlands, UK, Police Department. ... 
www.intelligententerprise.com/ 011004/415smarter1_2.shtml - 27k - Cached - Similar pages 
Enterprise Systems | Past Issues Archive
... logistics and procurement functions for all Royal Canadian Mounted Police assets ... An
Online Transaction Processing (OLTP) allows realtime management ... 
www.esj.com/back_issues/toc.asp?MON=11YR=2000 - 35k - Cached - Similar pages 
News - Global Telematics Announces 100th Order for Online Vehicle ... 
... Global Telematics announces 100th order for online ... fleet markets, including local
authorities and police, ... include vehicle and equipment load tracking, realtime ... 
www.itsa.org/ITSNEWS.NSF/4e0650bef6193b3e852562350056a3a7/ 0872c3daee4e54b885256a6a0066ea61?OpenDocument - 12k - Cached - Similar pages 
SchlumbergerSema | Public Sector: Criminal Justice Management
... The movement and management of secure ... are part of this new system and ... Commission;
Lord Chancellor's Department; Police ... 
www.slb.com/Hub/Docs/SchlumbergerSema/ publicsector/cjm2001/cjm2001.htm - 30k - 15 Aug 2002 - Cached - Similar pages 
[RTF]Title
File Format: Rich Text Format - View as HTML
... Development Environment. NATURAL. Core Applications. Interfaces. Online feed to ... PROMIS
- Police Realtime Management System. Interfaces. Issues. Have approval to be ... 
www.law.gov.au/crimtrac/app5.rtf - Similar pages 

seized computers case.

[Matthew X]

http://www.eastsidejournal.com/sited/story/html/101835
Police must return library computers
2002-08-14
by Nora Doyle
Journal Reporter
SEATTLE -- A U.S. District Court judge said Tuesday that Kent police must
return the two computers they took from the Kent library without a search
warrant. 
In taking the computers, police did irreparable harm to both privacy and
property rights, said Judge Marcia Pechman.

Jim Bell system 2.

[Matthew X]

http://www.anti-state.com/vroman/vroman9.html
The Jim Bell System Revisited

by Robert Vroman

Ed. note: This article reflects the views of the author ONLY, not the 
editors. We have no official opinion whatsoever on the Jim Bell System, aka 
Assassination Politics.

Please see Robert Vroman's original AP article, as well as both Bob 
Murphy's and Adam Young's response.





Let me re-emphasize that I have neither the knowledge nor the will to 
implement this system. I certainly don't like the State, but I would rather 
concentrate my energies on constructive rather than destructive solutions. 
That said, I still think governments everywhere are going to be staring 
down the barrel of an encrypted gun in the near future, and this article 
attempts to explain why, in response to numerous objections received since 
my last article.

I also want to point out some areas where I think Jim Bell is completely 
off base. First of all, his insistence that AP is somehow residing in a 
loophole of the American legal system that only he is aware of, is absurd, 
as rightly pointed out by many of his critics. I have no delusions that AP 
would somehow survive its day in court or that even if, due to some 
arcane technicality, AP is a legal enterprise that that would stop the 
State from pursuing it relentlessly. Furthermore, I am mystified by Bell's 
fascination with confrontation and martyrdom (as exemplified by his 
personal life) and do not think AP will be started by the self sacrificing, 
or that it's even necessarily a good idea to have that mindset when 
designing the system. Bell also overestimates the enthusiasm that ordinary 
people will have for AP by a long shot. I still have reasons to believe 
there will sufficient customers, but they are not going to be primarily 
heartland regular Joes, who Bell envisions watching AP's deadly progress 
with amusement. Bell also gives some slightly cockeyed responses to a 
number of the objections to his invention. In fact really the main thing I 
take away from his writing is the system itself, not necessarily any of his 
justifications.

My friend and business partner, Bob Murphy presented some powerhouse 
arguments against my pet theory in our recent columnist debate over the 
infamous Assassination Politics concept. I contend that under closer 
examination, his insightful questions can be answered satisfactorily.

Additionally, Adam Young has presented a thoroughly researched historical 
analysis against AP, which I will address first.

Young has three main points. First, that assassination has been ineffectual 
in the past for destroying states. Second, assassinations will instead 
create a backlash against anarchism by government and citizens alike. Third 
he does not like the moral implications of the very likely possibility of 
collateral damage from sloppy AP prize-hunters, given the relatively poor 
caliber of historical attempts.

The first point, despite all its exhaustive research, is I'm afraid to say, 
totally erroneous, because the mechanism by which AP kills its victims is 
fundamentally different then assassination campaigns of the past. I am not 
at all surprised to read that a handful of suicidal ideologues gunning down 
a few unlucky aristocrats failed to exorcise the nation state. Assume for 
the moment that AP's basic functions materialize (I will get to Murphy's 
objections later). The pool of assassins has instantaneously expanded from 
only insane political extremists, to every single violent opportunist in 
the world who can access a computer. AP represents a veritable full scale 
war against the State, fought by the scum of society and funded by every 
partisan malcontent across the political spectrum. A dozen assassinations 
per century is certainly not going to give any politicians second thoughts 
about their career choice, any more than the dozen or so plane hijackings 
in the past 50 years makes me nervous seeing a turban in business class. 
However, logically speaking there must be some tipping point at which the 
body count is the most pressing statistic a politician has in mind. AP will 
surpass this tipping point, where history's basket case revolutionaries 
were doomed to fail. The State will of course respond in nasty ways, but 
inevitably these will prove ineffective in the face of an impenetrable 
network supporting a sustained and wide spread offensive.

Secondly, Young fears that AP will re-enforce the stereotype of anarchists 
as the 19th century mad bomber and 20th century Starbucks arsonist. This 
will then erase any chance of our winning hearts and minds via soul 
stirring online essays, and worst of all, get the lot of us gulagged.

What he fails to realize is the absolute lack of a reason for there to be 
any connection between anarchists and AP. If AP were actually launched, I 
for one would certainly not be publicly cheering it on (I probably wouldn't 
even risk staying in the country, having written this article). The 

Millicent Ghetto

[Matthew X]

http://www.generossextreme.com/Whack Attack 16: Sweet Ass Butt Kisses
Kinky
D. Tom Byron. Ashley Blue, Veronica Caine, Nikita Denise, Kinky, Savanna 
Rain, Brooke Daze
The opening montages are working better than ever, but as he winds up the 
lest leg of his illustrious sexual world tour, Tom Byron couldn't go out 
with a bang better than the one he gets with the team of Kinky and Nikita 
Denise. In a scene that establishes both blistering genital and 
ass-to-mouth contact ratio, the ladies join forces to give the Icon's 
arsehole the tongue bath of its life. And for most guys being played for a 
butt trumpet would be a pleasant enough way of ending a day- akin to 
settling back in a rocking chair with a tall mint julep on the veranda at 
sunset. But because he's not a plantation owner but a video company owner 
with a pressing new release schedule, Byron's hot footing it in Denise's 
snatch splitting the beard and fucking her accent loose prio to taking a 
whack at Kinky's vowels and syllables. The British lass is first to get it 
in the ass as Nikita laps the residue off Byron's cock between strokes. 
Kinky reciprocates when it's Nikita's turn for a crowbar in the ass. And 
for the pop shot, both girls have their eager tongues out.

Besides offering the viewer one of the last opportunities he'll have of 
watching a legendary craftsman at work in a woman's rectum, what makes this 
tape particularly noteworthy is the fact that Brooke no show Daze and 
hers actually showed up for it. Yes, it's true. No mistaking the Tiffany 
Mynx resemblance, Daze resides in the flesh and Dale Dabone resides in her 
ass before all's said and done. A lusty pile driver with Dale taking the 
shit chute to cocoa town highlights a pairing that caps with another ass to 
mouth finisher.

Very pretty with an asshole as wholesome as her face, Ashley Blue's the 
leadoff girl in this sparking ensemble. Although Blue's tits are near to 
non existent, it's her trimmed vagina that Mark Davis is cuddling up to. 
Then, with a throttling choke hold, Davis is all romance as he handles her 
basically like a marionette on Quaaludes. Ashley displays an unbridled 
vocal enthusiasm for having her snatch French kissed. And with more love 
and kisses in the offing, Mark spits down her throat and fucks her 
esophagus. Their anal time together is also considerable with 
penis-to-mouth love very much a part of the goodwill vibe. No stranger to a 
man being in her ass, or, for that fact, many strangers being in her ass, 
Veronica Caine and Joey Ray re-enact the bun fight at the BM corral. Like a 
man on a mission, the mission being one of excavating a new shit hole, Joey 
runs some major cable through Veronica their best statement being a side 
saddler with a rim-to-maw finale. Savanna Rain, who opts for a black 
evening dress, warns Lee Stone that she's got a tight ass which is like 
warning a huge hand about a small glove. Nevertheless Lee makes it fit and 
Rain's got to quit but only after some wincing gestures, a great pile 
driver and another ATM puts any chance of Rain having second thoughts out 
of the way.

The Porn Industry is a Dirty Business

 From the Palm Beach Post: Six weeks into her new job, Jessica Lee is still 
giddy with her good fortune. I work three to five hours a day naked at 
home, says Lee, 24, a UCLA grad living in Miami. I can't believe the 
money. Lee claims she's making $2,000 a day as an entry-level Internet 
porn star.

For more read: 
http://www.gopbi.com/partners/pbpost/epaper/editions/thursday/accent_d395587185f5426700c2.html

Netdog to porn valley intercept.

[Matthew X]

JoJo Rufus Writes: I'm the owner of a rather large paysite and always 
wanted to get my head in the door to those people out in Porn Valley. Until 
I went to Internext in Florida. I was invited to an invite-only party with 
some of the bigger names on the Internet. We're talking people who run 
massive paysites scaling millions of dollars a year, tremendous TGP 
players, PHP programmers, traffic masters, AVS marketers. Everyone is 
lowkey and real. They're just like average people yet wear Rolex watches 
but drink domestic beer. Then I realize how fucked up porn people really are.

All I ever hear in the Valley are all these motherfuckers whining and 
complaining and bitching and moaning. This guy ripped me off, my 
distributor is taking too much of a cut, I never have enough money, maybe 
I'll make some money by referring this whore I picked up in Palmdale.

It's funny. Nobody ever has any money. And I'll tell you why. For a person 
to start a new venture and try to set up and own his own titles, you have 
about as fat a chance of making money than a clam trying to grow a pearl. 
You know why? Cause you'll never get paid. Term deals? Great! There are 
really only a few talented filmmakers who have enough talent to create good 
product without dishing out a bunch of generic crap. Everything's been done.

Meanwhile, the boys who are ruling the Internet are fucking liquid. They 
have cash. And they have the cash to go after the biggest and brightest 
people. They don't deal with these fuckups in porn who flunk out of company 
after company and somehow always land a job. Chuck Martino. Kid Vegas. John 
T. Bone. The list goes on and on. You know why? The Internet requires 
skills and accountability. Porn Valley has nothing but a bunch of 
backstabbing cunts with IQs of room temperature trying to figure out how 
they can skim off the top. But guess what? You rip someone off and it 
fucking lasts.

Also, you shoot a brand new girl on the Internet and it's up that day. You 
shoot a brand new girl on video and it's up in a few months but who cares. 
She's on the box of a dozen titles to boot. How new is that?

The immediacy is what matters. Shoot with the Net in mind. Don't pigeonhole 
yourself into thinking about measly video distribution. So you sell 1000 
units out the door if you're lucky. Half the distributors don't pay you on 
time. You have to beg, borrow and steal. Then you wait. Meanwhile you ain't 
got enough money to pay rent and you're left eating cheese and crackers 
like some starving Third World buffoon. You are fucking stuck.

The Internext tells us one thing. If you don't embrace the net, you are 
doomed. Like when people didn't embrace the VCR. Or the camcorder. Or DVDs. 
But guess what? The Internet requires a hell of alot more skills that those 
past technological advances and, of course, Porn Valley tends to attract 
scumbags. Ain't that about a bitch.

Mike Allen back in the news.

[Matthew X]

For being a dipshit of course...Scooped AVN: Cincinnati
Couple Go to Trial August 19
Remember what I said a couple of days ago what was going to
happen in Cincinnati in wake of adult movies being pulled from
pay-per-view. I'm sure we'll be seeing more of the following cases with
attorney Lou Sirkin working overtime: This time a Cincinnati couple-
Jennifer Dute, 31, and her husband Alan, 61 will be going to trial next
week. The Dutes were indicted by a Hamilton County grand jury this past
April on four counts of pandering obscenity, charges that carry a maximum
sentence of four years in prison. Their company, AJ Specialty, also
was indicted on four counts of pandering obscenity and faces a maximum
fine of $40,000. 
The search warrant was served March 21. Hamilton County Prosecutor Mike
Allen said the pair sold pornographic videos by mail “despite a court
order prohibiting such sales to or from Hamilton County.” Authorities
said sales were made Feb. 11, March 4, March 7, and March 21. Officials
said the Dutes pleaded guilty to similar charges three years ago. 
In 1999, Jennifer Dute faced two counts of pandering obscenity and a
possible three years in jail. At that time she was accused of starring in
two videos — Jennifer 2 and Jennifer 3 — and then marketing
them on a Web site and in a local newspaper, Everybody's News- now
defunct. Prosecutor Mike Allen said the Hamilton County Sheriff's office
investigated the case and purchased copies of the videos. Allen said
investigators determined they may violate community standards for
obscenity. Dute avoided going to prison when she swore she'd never again
sell her home-made porn tapes in or from Hamilton County. But Hamilton
County officials say she lied because they bought more home-made porn
tapes - starring the 31-year-old Ms. Dute - from her Anderson Township
home at least four times in February and March.
Allen was the brains trust behind the great professor rat hunt of
2001.

TIPS San diego style.

[Matthew X]

Dave Cummings posts: If any of you have involved any government authorities 
in any aspect of the past emails from pornstar hater, zodia killer (aka: 
bryan sullivan?), please let FBI Special Agent Mike Wagoner at the San 
Diego FBI office (858-499-7736) know so that he can contact those agencies 
and integrate information and coordinate with them on any ongoing 
investigations the San Diego FBI has now opened an active investigation 
into the below email, and others of a threatening nature that seem of 
concern to them. I've advised FBI Agent Wagoner that there was a posting a 
few months ago about the St Louis FBI office supposedly having contacted 
the individual; I also advised him that I reported the below email to the 
Army's Criminal Investigative Division and Department of Defense, in case 
war crimes might be involved. And, that my copy of the Chad Luke latter 
was faxed, as requested by them, to Postal Inspectors (just in case, as 
some folks have speculated, the letters many of us received might possibly 
have actually been from bryan sullivan). The FBI asked that I place my 
letter and envelope into a sealed plastic bag in case it might later be 
needed for examination for fingerprints and
other tracings of evidence--if you still have your copy, you might want to 
do likewise? If sullivan gets wind of this email, I imagine that there 
might soon be emails forthcoming from him (possibly disguised as another 
name/sender?) with disparaging remarks about me; but, though I strongly and 
wholeheartedly defend his right of free speech and right to voice his 
opinions, I feel that we all have a responsibility to report info of a 
possible criminal nature to the authorities.
Again, so that the FBI has access to ALL info that might be being processed 
presently by other agencies, please advise FBI Agent Wagoner of anything 
you might have initiated--to email him, use [EMAIL PROTECTED] and make the 
subject For Special Agent Mike Wagoner, or phone him at 858-499-7736
If any of you have received any emails from Mr Sullivan in the last three 
weeks (I have NOT), would you forward them to me---I'll then forward one 
copy of each new email to Agent Wagoner (in that way, he's not getting 
separate emails from many of us, all with the same info).
I also advised the FBI that one of the Internet writers might have a copy 
of the (posted) email Sullivan sent to him regarding the past visit he 
received from the FBI--they are interested in seeing Sullivan's comments. I 
gave him the phone number to the writer who probably has it in his files. Dave
Gene sez: Coincidentally to the fact, I just received a call from agent 
Wagoner and will be of assistance in any way possible. Now I have a reason. 
Person or persons [Sullivan?] is using my name to send viruses to select 
people in the business.End.
As long as the filth is there,why not use the fucks for some honest labor.I 
have done this myself once when assaulted and its Mongo approved.Mind you 
APster IS the future of law enforcement.

Sex.com update

[Matthew X]

Sex.com Saga Continues- At Least for a Couple More
Weeks
That Gary Kremen, the owner of sex.com will never see the $65
million the courts have awarded him in his legal battles against Stephen
Cohen is almost a given. Now Kremen will have to wait a few more weeks to
see what the 9th District Court of Appeals will come up with. Kremen
yesterday presented a case in San Francisco in which he holds Network
Solutions, a division of VeriSign accountable for the whole sex.com mess
to begin with. It's Kremen's contention that Network Solutions never
bothered to verify Cohen's forged request to transfer the domain from
Kremen.
Kremen is saying that the largest U.S. domain name registry should be
held accountable for an error that put the Internet address in the hands
of Cohen, a known con artist. In a hearing before a federal appeals court
panel, Kremen's lawyers argued that Network Solutions committed a breach
of contract when it failed to verify the forged request. This all
could have been prevented with a simple call or e-mail to Mr. Kremen
saying: Did you authorize this? said James Wagstaffe, the attorney
for Kremen, who's seeking monetary damages. 
This is Kremen's second try at a court judgment against Network
Solutions. Kremen lost the first case in May, 2000 when federal judge
James J. Ware in San Jose, California ruled against him basing his
decision in part on the fact that at the time Kremen registered the site,
in 1994, domains were free. Ware contended that because Network Solutions
was offered nothing of value in exchange for its efforts, it not should
be held financially liable for its error. But Ware also held Cohen,
liable to the tune of $65 million in largely uncollected damages. Cohen's
attorneys were also in appellate court Tuesday, seeking to undo that
ruling.
In yesterday's appellate hearing, attorney Wagstaffe argued that even
though Network Solutions didn't get money for registering the domain, it
did get personal information about Kremen for its database. Wagstaffe
said that should count as something of value. The company was also able
to begin charging registrants shortly afterward, having developed its
initial database of free registrations.
Attorneys for Network Solutions, disagreed rejecting the argument that a
domain name's entry in Network Solutions central domain name server, or
DNS, constitutes proof of ownership of that Internet address.
http://www.generossextreme.com/
Is this guy the matt Drudge of the naughties or what?
http://www.newarchitectmag.com/documents/s=2443/na0902f/index.html
Study carefully,there will be questions.
ICANN of Worms
The Internet governing body is short on answers and out of time.

RE: TCPA hack delay appeal

[Lucky Green]

AARG! Wrote:
 
 It seems that there is (a rather brilliant) way to bypass 
 TCPA (as spec-ed.) I learned about it from two separate 
 sources, looks like two independent slightly different hacks 
 based on the same protocol flaw.
 
 Undoubtedly, more people will figure this out.

Hopefully some of those people will not limit themselves to hypothetical
attacks against The Spec, but will actually test those supposed attacks
on shipping TPMs. Which are readily available in high-end IBM laptops.

--Lucky Green

Create A PAYCHECK With Your COMPUTER

[jackie533cn3]

Hello

You get emails every day, offering to show you how to make money.
Most of these emails are from people who are NOT making any money.
And they expect you to listen to them?

Enough.

If you want to make money with your computer, then you should
hook up with a group that is actually DOING it.  We are making
a large, continuing income every month.  What's more - we will
show YOU how to do the same thing.

This business is done completely by internet and email, and you
can even join for free to check it out first.  If you can send
an email, you can do this.  No special skills are required.

How much are we making?  Below are a few examples.  These are
real people, and most of them work at this business part-time.
But keep in mind, they do WORK at it - I am not going to 
insult your intelligence by saying you can sign up, do no work,
and rake in the cash.  That kind of job does not exist.  But if
you are willing to put in 10-12 hours per week, this might be
just the thing you are looking for.

N. Gallagher: $3000 per month
T. Hopkins: $1000 per month
S. Johnson: $6000 -$7000 per month
V. Patalano: $2000 per month
M. South: $5000 per month
J. Henslin: $7000 per month 

This is not income that is determined by luck, or work that is
done FOR you - it is all based on your effort.  But, as I said,
there are no special skills required.  And this income is RESIDUAL -
meaning that it continues each month (and it tends to increase
each month also).

Interested?  I invite you to find out more.  You can get in as a
free member, at no cost, and no obligation to continue if you
decide it is not for you.  We are just looking for people who still
have that burning desire to find an opportunity that will reward
them incredibly well, if they work at it.

To grab a FREE ID#, simply reply to:[EMAIL PROTECTED]
and write this phrase:
Email me details about the club's business and consumer opportunities
Be sure to include your:
1. First name
2. Last name
3. Email address (if different from above)

We will confirm your position and send you a special report
as soon as possible, and also Your free Member Number.

That's all there's to it.

We'll then send you info, and you can make up your own mind.

Looking forward to hearing from you!

Sincerely, 

Jackie Brunson

P.S. After having several negative experiences with network
marketing companies I had pretty much given up on them.
This is different - there is value, integrity, and a
REAL opportunity to have your own home-based business...
and finally make real money on the internet.

Don't pass this up..you can sign up and test-drive the
program for FREE.  All you need to do is get your free
membership.

Unsubscribing: Send a blank email to: [EMAIL PROTECTED]  with
Remove in the subject line.

9487kwZB7-524uPtX3642FwxG9-046rKJT2577lxnU5-467TWRx7466xMvJ9-446HjNL4l65

A faster test for PRIMALITY.

[Gary Jeffers]

OK, the following addition is a little cleaner than the 1st edition.

 My fellow Cypherpunks,

  Lucky Green says:
AFICT, the proposed algorithm is for a test for primality and does not
represent an algorithm to factor composites.

 Well, pardon me!  I was in a hurry and should have proof read. As a
 save,
 however, I did put a question mark at the end  :-)

 Yours Truly,
 Gary Jeffers

 Beat State!!!
 And the other oppressors.

A faster algorithm for finding primality.

[Gary Jeffers]

OK, this edition is probably cleaner than the 1st edition.

My fellow Cypherpunks,

Tim May writes:

Faster even than the usual algorithm?

The factors of a prime number are 1 and the number itself.

   Always the gracious one, Tim May takes time out of his busy schedule to
assist me. Well, now, I posted quickly and didn't take time to
make a neat statement. In a recent post I mentioned that the ? mark is a
save.  I'll go even further than this! An algorithm attempting to
factor a prime would fail. - Thusly, implying primality :-) I believe that I
would be literally correct even without the ?  :-) And, yes, the factors
of a prime are 1 and the number itself. In some circles this is considered
trivial.

Yours Truly,
Gary Jeffers

BEAT STATE!!!

Give Mongo his due.

[Matthew X]

 Pay attention to the antitrust angle. I guarantee you that Microsoft  
believes Pd is a way to extend its market share, not to increase competition
Bruce.

This was the first thing our resident state hater Mong picked up on.Its 
would be under ACCC investigation down here in 5 nanoseconds...I prefer to 
pay attention to the anti-state angle me self ala APster.Its time to leave 
the nest.(I will miss judge jackson a little.)

Never doubt that a small group of thoughtful, committed citizens can 
change the world. Indeed, it is the only thing that ever has. - Margaret Mead 

SSZ Downtime - Schedule Change

[Jim Choate]

Hi,

We're facing a last minute change in our scheduled downtime. The current
window is from Fri., Aug. 16 through Sun., Aug. 25. This is from tomorrow
(Fri.) through Sunday of next weekend.

I apologize for the short notice on the change and any inconvenience this
might cause. We do not expect to experience such extended downtimes in the
(near) future.

See you in about a week!


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

Re: Re: Overcoming the potential downside of TCPA

[Joseph Ashwood]

- Original Message -
From: Ben Laurie [EMAIL PROTECTED]
  The important part for this, is that TCPA has no key until it has an
owner,
  and the owner can wipe the TCPA at any time. From what I can tell this
was
  designed for resale of components, but is perfectly suitable as a point
of
  attack.

 If this is true, I'm really happy about it, and I agree it would allow
 virtualisation. I'm pretty sure it won't be for Palladium, but I don't
 know about TCPA - certainly it fits the bill for what TCPA is supposed
 to do.

I certainly don't believe many people to believe me simply because I say it
is so. Instead I'll supply a link to the authority of TCPA, the 1.1b
specification, it is available at
http://www.trustedcomputing.org/docs/main%20v1_1b.pdf . There are other
documents, unfortunately the main spec gives substantial leeway, and I
haven't had time to read the others (I haven't fully digested the main spec
yet either). From that spec, all 332 pages of it, I encourage everyone that
wants to decide for themselves to read the spec. If you reach different
conclusions than I have, feel free to comment, I'm sure there are many
people on these lists that would be interested in justification for either
position.

Personally, I believe I've processed enough of the spec to state that TCPA
is a tool, and like any tool it has both positive and negative aspects.
Provided the requirement to be able to turn it off (and for my preference
they should add a requirement that the motherboard continue functioning even
under the condition that the TCPA module(s) is/are physically removed from
the board). The current spec though does seem to have a bend towards being
as advertised, being primarily a tool for the user. Whether this will remain
in the version 2.0 that is in the works, I cannot say as I have no access to
it, although if someone is listening with an NDA nearby, I'd be more than
happy to review it.
Joe

status of various projects?

[Miles Fidelman]

It seems like a lot of interesting projects haven't been active for a
while - notably Free Haven and Eternity Usenet.  Where is the most active
work, these days,  on distributed publishing systems?


**
The Center for Civic Networking PO Box 600618
Miles R. Fidelman, President   Newtonville, MA 02460-0006
Director, Municipal Telecommunications
Strategies Program  617-558-3698 fax: 617-630-8946
[EMAIL PROTECTED]  http://civic.net/ccn.html

Information Infrastructure: Public Spaces for the 21st Century
Let's Start With: Internet Wall-Plugs Everywhere
Say It Often, Say It Loud: I Want My Internet!
**

Re: Overcoming the potential downside of TCPA

[Ben Laurie]

Joseph Ashwood wrote:
 - Original Message -
 From: Ben Laurie [EMAIL PROTECTED]
 
Joseph Ashwood wrote:

There is nothing stopping a virtualized version being created.

 
What prevents this from being useful is the lack of an appropriate
certificate for the private key in the TPM.
 
 
 Actually that does nothing to stop it. Because of the construction of TCPA,
 the private keys are registered _after_ the owner receives the computer,
 this is the window of opportunity against that as well. The worst case for
 cost of this is to purchase an additional motherboard (IIRC Fry's has them
 as low as $50), giving the ability to present a purchase. The
 virtual-private key is then created, and registered using the credentials
 borrowed from the second motherboard. Since TCPA doesn't allow for direct
 remote queries against the hardware, the virtual system will actually have
 first shot at the incoming data. That's the worst case. The expected case;
 you pay a small registration fee claiming that you accidentally wiped your
 TCPA. The best case, you claim you accidentally wiped your TCPA, they
 charge you nothing to remove the record of your old TCPA, and replace it
 with your new (virtualized) TCPA. So at worst this will cost $50. Once
 you've got a virtual setup, that virtual setup (with all its associated
 purchased rights) can be replicated across an unlimited number of computers.
 
 The important part for this, is that TCPA has no key until it has an owner,
 and the owner can wipe the TCPA at any time. From what I can tell this was
 designed for resale of components, but is perfectly suitable as a point of
 attack.

If this is true, I'm really happy about it, and I agree it would allow 
virtualisation. I'm pretty sure it won't be for Palladium, but I don't 
know about TCPA - certainly it fits the bill for what TCPA is supposed 
to do.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff

Re: Overcoming the potential downside of TCPA

[Joseph Ashwood]

- Original Message -
From: Ben Laurie [EMAIL PROTECTED]
 Joseph Ashwood wrote:
  There is nothing stopping a virtualized version being created.

 What prevents this from being useful is the lack of an appropriate
 certificate for the private key in the TPM.

Actually that does nothing to stop it. Because of the construction of TCPA,
the private keys are registered _after_ the owner receives the computer,
this is the window of opportunity against that as well. The worst case for
cost of this is to purchase an additional motherboard (IIRC Fry's has them
as low as $50), giving the ability to present a purchase. The
virtual-private key is then created, and registered using the credentials
borrowed from the second motherboard. Since TCPA doesn't allow for direct
remote queries against the hardware, the virtual system will actually have
first shot at the incoming data. That's the worst case. The expected case;
you pay a small registration fee claiming that you accidentally wiped your
TCPA. The best case, you claim you accidentally wiped your TCPA, they
charge you nothing to remove the record of your old TCPA, and replace it
with your new (virtualized) TCPA. So at worst this will cost $50. Once
you've got a virtual setup, that virtual setup (with all its associated
purchased rights) can be replicated across an unlimited number of computers.

The important part for this, is that TCPA has no key until it has an owner,
and the owner can wipe the TCPA at any time. From what I can tell this was
designed for resale of components, but is perfectly suitable as a point of
attack.
Joe

CATO evacuation plans

[Matthew X]

a)Tell declan and other media whores and shills to stay,Its just a drill.
b) Shred all tobacco documents
c) Ditto all wind farming cruft,global warming malarky.
d) All donation information must be burned.(and I don't mean on to a 
dvd,goddamit.)
e) Don't run or drive fast,act nonchalant,but get the hell 40k out.AT LEAST.
d) Don't go freakin' near RR.
e) Don't pick up hitchers.Even if they look like Fawn Hall and are 
topless.(exceptions may be made if they are waving money,we are free 
enterprise remember.
f) Be glad you invested in a SUV with a bullbar.

Re: CDR: status of various projects?

[Jim Choate]

It's more than 'distributed publishing', it's distributed everything. Have
your grid and eat it too!

Use Plan 9:

http://plan9.bell-labs.com

The Hangar 18 Co-Op:

http:[EMAIL PROTECTED]


On Wed, 14 Aug 2002, Miles Fidelman wrote:

 It seems like a lot of interesting projects haven't been active for a
 while - notably Free Haven and Eternity Usenet.  Where is the most active
 work, these days,  on distributed publishing systems?
 
 
 **
 The Center for Civic Networking   PO Box 600618
 Miles R. Fidelman, President Newtonville, MA 02460-0006
 Director, Municipal Telecommunications
 Strategies Program617-558-3698 fax: 617-630-8946
 [EMAIL PROTECTED]http://civic.net/ccn.html
 
 Information Infrastructure: Public Spaces for the 21st Century
 Let's Start With: Internet Wall-Plugs Everywhere
 Say It Often, Say It Loud: I Want My Internet!
 **
 


 --


  Conform and be dull..J. Frank Dobie

 [EMAIL PROTECTED] www.ssz.com
 [EMAIL PROTECTED]  www.open-forge.org

Re: A faster way to factor prime numbers found?

[Tim May]

On Tuesday, August 13, 2002, at 03:07  PM, Gary Jeffers wrote:

 A faster way to factor prime numbers found?


Faster even than the usual algorithm?:

The factors of a prime number are 1 and the number itself.


--Tim May
That the said Constitution shall never be construed to authorize 
Congress to infringe the just liberty of the press or the rights of 
conscience; or to prevent the people of the United States who are 
peaceable citizens from keeping their own arms. --Samuel Adams

Re: Signing as one member of a set of keys

[Ben Laurie]

Anonymous User wrote:
 This program can be used by anonymous contributors to release partial
 information about their identity - they can show that they are someone
 from a list of PGP key holders, without revealing which member of the
 list they are.  Maybe it can help in the recent controvery over the
 identity of anonymous posters.  It's a fairly low-level program that
 should be wrapped in a nicer UI.  I'll send a couple of perl scripts
 later that make it easier to use.

Hmm. So has anyone managed to get the signature to verify? Doesn't work 
for me! But perhaps things got mangled in the mail? Or I chose the wrong 
subset of the email to verify (I tried all the obvious ones)? Sending 
this stuff as attachments instead of inline would work better, of course.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff

Re: Spam blocklists?

[Marcel Popescu]

From: Sunder [EMAIL PROTECTED]

 None of those things work.  Most spammers don't give a shit if you don't
 receive email.  I can attest to this by the slew of spam going to
 hostmaster, webmaster, and the like on many networks.  What they're really
 selling is ten million addresses and spam software.  Even if 9 million
 of those are bullshit, they couldn't care less.  The more things with @
 signs in'em the more money they make off clueless businesses.

We talk about different things then :) I don't care that they make money off
clueless businesses... I care that they don't send ME spam. If I can solve
the second problem, the first one will take care of itself.

Mark

TCPA hack delay appeal

[AARG! Anonymous]

It seems that there is (a rather brilliant) way to bypass TCPA (as spec-ed.) I learned 
about it from two separate sources, looks like two independent slightly different 
hacks based on the same protocol flaw.

Undoubtedly, more people will figure this out.

It seems wise to suppress the urge and craving for fame and NOT to publish the 
findings at this time. Let them build the thing into zillion chips first. If you must, 
post the encrypted time-stamped solution identifying you as the author but do not 
release the key before TCPA is in many, many PCs.

Re: status of various projects?

[Myers W. Carpenter]

On Wed, 2002-08-14 at 10:58, Miles Fidelman wrote:
 It seems like a lot of interesting projects haven't been active for a
 while - notably Free Haven and Eternity Usenet.  Where is the most active
 work, these days,  on distributed publishing systems?

Try Mnet (http://mnet.sf.net/).  It's the continuation of the Mojo
Nation code base.  We are close to a stable release (0.5.1), but there
are a lot of known bugs that we are leaving in the system (because we
are rewriting the code that the bugs are found in).

Our main goal for the next release is to make it easier for new coders
to understand what's going on under the hood.  That and replacing the
single point of failure metatracker system with a distributed hash
table. 

The old mojo token based system is no longer in use, but we hope to
replace it with an OpenDBS based system, or a stamp based system.

myers

TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)

[Adam Back]

Phew... the document is certainly tortuous, and has a large number of
similarly and confusingly named credentials, certificates and keys,
however from what I can tell this is what is going on:

Summary: I think the endorsement key and it's hardware manufacturers
certificate is generated at manufacture and is not allowed to be
changed.  Changing ownership only means (typically) deleting old
identities and creating new ones.

The longer version...

- endorsement key generation and certification - There is one
endorsement key per TPM which is created and certified during
manufacture.  The creation and certification process is 1) create
endorsement key pair, 2) export public key endorsement key, 3)
hardware manufacturer signs endorsement public key to create an
endorsement certificate (to certify that that endorsement public key
belongs to this TPM), 4) the certificate is stored in the TPM (for
later use in communications with the privacy CA.)

- ownership - Then there is the concept of ownership.  The spec says
the TPM MUST ship with no Owner installed.  The owner when he wishes
to claim ownership choose a authentication token which is sent into
the TPM encrypted with the endorsement key.  (They give the example of
the authentication token being the hash of a password).  Physical
presence tests apply to claiming ownership (eg think BIOS POST with no
networking enabled, or physical pin on motherboard like BIOS flash
enable).  The authentication token and ownership can be changed.  The
TPM can be reset back to a state with no current owner.  BUT _at no
point_ does the TPM endorsement private key leave the TPM.  The
TPM_CreateEndorsementKeyPair function is allowed to be called once
(during manufacture) and is thereafter disabled.

- identity keys - Then there is the concept of identity keys.  The
current owner can create and delete identities, which can be anonymous
or pseudonymous.  Presumably the owner would delete all identity keys
before giving the TPM to a new owner.  The identity public key is
certified by the privacy CA.

- privacy ca - The privacy CA accepts identity key certification
requests which contain a) identity public key b) a proof of possession
(PoP) of identity private key (signature on challenge), c) the
hardware manufacturers endorsement certificate containing the TPM's
endorsement public key.  The privacy CA checks whether the endorsement
certificate is signed by a hardware manufacturer it trusts.  The
privacy CA sends in response an identity certificate encrypted with
the TPM's endorsement public key.  The TPM decrypts the encrypted
identity certifate with the endorsement private key.

- remote attestation - The owner uses the identity keys in the remote
attestation functions.  Note that the identity private keys are also
generated on the TPM, the private key also never leaves the TPM.  The
identity private key is certified by the privacy CA as having been
requested by a certified endorsement key.


The last two paragraphs imply something else interesting: the privacy
CA can collude with anyone to create a virtualized environment.  (This
is because the TPM endorsement key is never directly used in remote
attestation for privacy reasons.)  All that is required to virtualize
a TPM is an attestation from the privacy CA in creating an identity
certificate.

So there are in fact three avenues for FBI et al to go about obtaining
covert access to the closed space formed by TCPA applications: 

(A) get one of the hardware manufacturers to sign an endorsement key
generated outside a TPM (or get the endorsement CA's private key), or

(B) get a widely used and accepted privacy CA to overlook it's policy
of demanding a hardware manufacturer CA endorsed endorsement public
key and sign an identity public key created outside of a TPM (or get
the privacy CA's private key).

(C) create their own privacy CA and persuade an internet server they
wish to investigate the users of to accept it.  Create themselves a
virtualized client using their own privacy CA, look inside.


I think to combat problem C) as a user of a service you'd want the
remote attestation of software state to auditably include it's
accepted privacy CA database to see if there are any strange Privacy
CAs on there.

I think you could set up and use your own privacy CA, but you can be
sure the RIAA/MPAA will never trust your CA.  A bit like self-signing
SSL site keys.  If you and your friends add your CA to their trusted
root CA database it'll work.  In this case however people have to
trust your home-brew privacy CA not to issue identity certificates
without having seen a valid hardware-endorsement key if they care
about preventing virtualization for the privacy or security of some
network application.

Also, they seem to take explicit steps to prevent you getting multiple
privacy CA certificates on the same identity key.  (I'm not sure why.)
It seems like a bad thing as it forces you to trust just one CA, it
prevents web of trust which 

Re: Overcoming the potential downside of TCPA

[Anonymous]

[Repost]

Joe Ashwood writes:

 Actually that does nothing to stop it. Because of the construction of TCPA,
 the private keys are registered _after_ the owner receives the computer,
 this is the window of opportunity against that as well.

Actually, this is not true for the endoresement key, PUBEK/PRIVEK, which
is the main TPM key, the one which gets certified by the TPM Entity.
That key is generated only once on a TPM, before ownership, and must
exist before anyone can take ownership.  For reference, see section 9.2,
The first call to TPM_CreateEndorsementKeyPair generates the endorsement
key pair. After a successful completion of TPM_CreateEndorsementKeyPair
all subsequent calls return TCPA_FAIL.  Also section 9.2.1 shows that
no ownership proof is necessary for this step, which is because there is
no owner at that time.  Then look at section 5.11.1, on taking ownership:
user must encrypt the values using the PUBEK.  So the PUBEK must exist
before anyone can take ownership.

 The worst case for
 cost of this is to purchase an additional motherboard (IIRC Fry's has them
 as low as $50), giving the ability to present a purchase. The
 virtual-private key is then created, and registered using the credentials
 borrowed from the second motherboard. Since TCPA doesn't allow for direct
 remote queries against the hardware, the virtual system will actually have
 first shot at the incoming data. That's the worst case.

I don't quite follow what you are proposing here, but by the time you
purchase a board with a TPM chip on it, it will have already generated
its PUBEK and had it certified.  So you should not be able to transfer
a credential of this type from one board to another one.

 The expected case;
 you pay a small registration fee claiming that you accidentally wiped your
 TCPA. The best case, you claim you accidentally wiped your TCPA, they
 charge you nothing to remove the record of your old TCPA, and replace it
 with your new (virtualized) TCPA. So at worst this will cost $50. Once
 you've got a virtual setup, that virtual setup (with all its associated
 purchased rights) can be replicated across an unlimited number of computers.
 
 The important part for this, is that TCPA has no key until it has an owner,
 and the owner can wipe the TCPA at any time. From what I can tell this was
 designed for resale of components, but is perfectly suitable as a point of
 attack.

Actually I don't see a function that will let the owner wipe the PUBEK.
He can wipe the rest of the TPM but that field appears to be set once,
retained forever.

For example, section 8.10: Clear is the process of returning the TPM to
factory defaults.  But a couple of paragraphs later: All TPM volatile
and non-volatile data is set to default value except the endorsement
key pair.

So I don't think your fraud will work.  Users will not wipe their
endorsement keys, accidentally or otherwise.  If a chip is badly enough
damaged that the PUBEK is lost, you will need a hardware replacement,
as I read the spec.

Keep in mind that I only started learning this stuff a few weeks ago,
so I am not an expert, but this is how it looks to me.

TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)

[Adam Back]

[resend via different node: [EMAIL PROTECTED] seems to be dead --
primary MX refusing connections]

Phew... the document is certainly tortuous, and has a large number of
similarly and confusingly named credentials, certificates and keys,
however from what I can tell this is what is going on:

Summary: I think the endorsement key and it's hardware manufacturers
certificate is generated at manufacture and is not allowed to be
changed.  Changing ownership only means (typically) deleting old
identities and creating new ones.

The longer version...

- endorsement key generation and certification - There is one
endorsement key per TPM which is created and certified during
manufacture.  The creation and certification process is 1) create
endorsement key pair, 2) export public key endorsement key, 3)
hardware manufacturer signs endorsement public key to create an
endorsement certificate (to certify that that endorsement public key
belongs to this TPM), 4) the certificate is stored in the TPM (for
later use in communications with the privacy CA.)

- ownership - Then there is the concept of ownership.  The spec says
the TPM MUST ship with no Owner installed.  The owner when he wishes
to claim ownership choose a authentication token which is sent into
the TPM encrypted with the endorsement key.  (They give the example of
the authentication token being the hash of a password).  Physical
presence tests apply to claiming ownership (eg think BIOS POST with no
networking enabled, or physical pin on motherboard like BIOS flash
enable).  The authentication token and ownership can be changed.  The
TPM can be reset back to a state with no current owner.  BUT _at no
point_ does the TPM endorsement private key leave the TPM.  The
TPM_CreateEndorsementKeyPair function is allowed to be called once
(during manufacture) and is thereafter disabled.

- identity keys - Then there is the concept of identity keys.  The
current owner can create and delete identities, which can be anonymous
or pseudonymous.  Presumably the owner would delete all identity keys
before giving the TPM to a new owner.  The identity public key is
certified by the privacy CA.

- privacy ca - The privacy CA accepts identity key certification
requests which contain a) identity public key b) a proof of possession
(PoP) of identity private key (signature on challenge), c) the
hardware manufacturers endorsement certificate containing the TPM's
endorsement public key.  The privacy CA checks whether the endorsement
certificate is signed by a hardware manufacturer it trusts.  The
privacy CA sends in response an identity certificate encrypted with
the TPM's endorsement public key.  The TPM decrypts the encrypted
identity certifate with the endorsement private key.

- remote attestation - The owner uses the identity keys in the remote
attestation functions.  Note that the identity private keys are also
generated on the TPM, the private key also never leaves the TPM.  The
identity private key is certified by the privacy CA as having been
requested by a certified endorsement key.


The last two paragraphs imply something else interesting: the privacy
CA can collude with anyone to create a virtualized environment.  (This
is because the TPM endorsement key is never directly used in remote
attestation for privacy reasons.)  All that is required to virtualize
a TPM is an attestation from the privacy CA in creating an identity
certificate.

So there are in fact three avenues for FBI et al to go about obtaining
covert access to the closed space formed by TCPA applications: 

(A) get one of the hardware manufacturers to sign an endorsement key
generated outside a TPM (or get the endorsement CA's private key), or

(B) get a widely used and accepted privacy CA to overlook it's policy
of demanding a hardware manufacturer CA endorsed endorsement public
key and sign an identity public key created outside of a TPM (or get
the privacy CA's private key).

(C) create their own privacy CA and persuade an internet server they
wish to investigate the users of to accept it.  Create themselves a
virtualized client using their own privacy CA, look inside.


I think to combat problem C) as a user of a service you'd want the
remote attestation of software state to auditably include it's
accepted privacy CA database to see if there are any strange Privacy
CAs on there.

I think you could set up and use your own privacy CA, but you can be
sure the RIAA/MPAA will never trust your CA.  A bit like self-signing
SSL site keys.  If you and your friends add your CA to their trusted
root CA database it'll work.  In this case however people have to
trust your home-brew privacy CA not to issue identity certificates
without having seen a valid hardware-endorsement key if they care
about preventing virtualization for the privacy or security of some
network application.

Also, they seem to take explicit steps to prevent you getting multiple
privacy CA certificates on the same identity key.  (I'm not sure why.)

Re: Overcoming the potential downside of TCPA

[AARG! Anonymous]

Joe Ashwood writes:

 Actually that does nothing to stop it. Because of the construction of TCPA,
 the private keys are registered _after_ the owner receives the computer,
 this is the window of opportunity against that as well.

Actually, this is not true for the endoresement key, PUBEK/PRIVEK, which
is the main TPM key, the one which gets certified by the TPM Entity.
That key is generated only once on a TPM, before ownership, and must
exist before anyone can take ownership.  For reference, see section 9.2,
The first call to TPM_CreateEndorsementKeyPair generates the endorsement
key pair. After a successful completion of TPM_CreateEndorsementKeyPair
all subsequent calls return TCPA_FAIL.  Also section 9.2.1 shows that
no ownership proof is necessary for this step, which is because there is
no owner at that time.  Then look at section 5.11.1, on taking ownership:
user must encrypt the values using the PUBEK.  So the PUBEK must exist
before anyone can take ownership.

 The worst case for
 cost of this is to purchase an additional motherboard (IIRC Fry's has them
 as low as $50), giving the ability to present a purchase. The
 virtual-private key is then created, and registered using the credentials
 borrowed from the second motherboard. Since TCPA doesn't allow for direct
 remote queries against the hardware, the virtual system will actually have
 first shot at the incoming data. That's the worst case.

I don't quite follow what you are proposing here, but by the time you
purchase a board with a TPM chip on it, it will have already generated
its PUBEK and had it certified.  So you should not be able to transfer
a credential of this type from one board to another one.

 The expected case;
 you pay a small registration fee claiming that you accidentally wiped your
 TCPA. The best case, you claim you accidentally wiped your TCPA, they
 charge you nothing to remove the record of your old TCPA, and replace it
 with your new (virtualized) TCPA. So at worst this will cost $50. Once
 you've got a virtual setup, that virtual setup (with all its associated
 purchased rights) can be replicated across an unlimited number of computers.
 
 The important part for this, is that TCPA has no key until it has an owner,
 and the owner can wipe the TCPA at any time. From what I can tell this was
 designed for resale of components, but is perfectly suitable as a point of
 attack.

Actually I don't see a function that will let the owner wipe the PUBEK.
He can wipe the rest of the TPM but that field appears to be set once,
retained forever.

For example, section 8.10: Clear is the process of returning the TPM to
factory defaults.  But a couple of paragraphs later: All TPM volatile
and non-volatile data is set to default value except the endorsement
key pair.

So I don't think your fraud will work.  Users will not wipe their
endorsement keys, accidentally or otherwise.  If a chip is badly enough
damaged that the PUBEK is lost, you will need a hardware replacement,
as I read the spec.

Keep in mind that I only started learning this stuff a few weeks ago,
so I am not an expert, but this is how it looks to me.

Re: TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)

[Mike Rosing]

On Thu, 15 Aug 2002, Adam Back wrote:

 Summary: I think the endorsement key and it's hardware manufacturers
 certificate is generated at manufacture and is not allowed to be
 changed.  Changing ownership only means (typically) deleting old
 identities and creating new ones.

Are there 2 certificates?  One from the manufacturer and one from
the privacy CA?

 - endorsement key generation and certification - There is one
 endorsement key per TPM which is created and certified during
 manufacture.  The creation and certification process is 1) create
 endorsement key pair, 2) export public key endorsement key, 3)
 hardware manufacturer signs endorsement public key to create an
 endorsement certificate (to certify that that endorsement public key
 belongs to this TPM), 4) the certificate is stored in the TPM (for
 later use in communications with the privacy CA.)

So finding the manufacturers signature key breaks the whole system
right?  Once you have that key you can create as many fake TPM's
as you want.

 TPM can be reset back to a state with no current owner.  BUT _at no
 point_ does the TPM endorsement private key leave the TPM.  The
 TPM_CreateEndorsementKeyPair function is allowed to be called once
 (during manufacture) and is thereafter disabled.

But it's easier to manufacture it by burning fuse links so it
can't be read back - ala OTP.  so the manufacturer could have a
list of every private key (just because they aren't supposed to
doesn't prevent it.)  It still meets the spec - the key never leaves
the chip.

 - identity keys - Then there is the concept of identity keys.  The
 current owner can create and delete identities, which can be anonymous
 or pseudonymous.  Presumably the owner would delete all identity keys
 before giving the TPM to a new owner.  The identity public key is
 certified by the privacy CA.

 - privacy ca - The privacy CA accepts identity key certification
 requests which contain a) identity public key b) a proof of possession
 (PoP) of identity private key (signature on challenge), c) the
 hardware manufacturers endorsement certificate containing the TPM's
 endorsement public key.  The privacy CA checks whether the endorsement
 certificate is signed by a hardware manufacturer it trusts.  The
 privacy CA sends in response an identity certificate encrypted with
 the TPM's endorsement public key.  The TPM decrypts the encrypted
 identity certifate with the endorsement private key.

How does the CA check the endorsement certificate?  If it's by
checking the signature, then finding the manufacturer's private
key is very worthwhile - the entire TCPA for 100's of millions
of computers gets compromised.  If it's by matching with the
manufacturer's list then anonymity is impossible.

Thanks for the analysis Adam.  It seems like there are a couple of
obvious points to attack this system at.  I would think it's easy
to break for a large enough government.

Patience, persistence, truth,
Dr. mike

Re: trade-offs of secure programming with Palladium (Re: Palladium: technical limits and implications)

[Russell Nelson]

Adam Back writes:
  So there are practical limits stemming from realities to do with code
  complexity being inversely proportional to auditability and security,
  but the extra ring -1, remote attestation, sealing and integrity
  metrics really do offer some security advantages over the current
  situation.

You're wearing your programmer's hat when you say that.  But the
problem isn't programming, but is instead economic.  Switch hats.  The
changes that you list above may or may not offer some security
advantages.  Who cares?  What really matters is whether they increase
the cost of copying.  I say that the answer is no, for a very simple
reason: breaking into your own computer is a victimless crime.

In a crime there are at least two parties: the victim and the
perpetrator.  What makes the so-called victimless crime unique is that
the victim is not present for the perpetration of the crime.  In such
a crime, all of the perpetrators have reason to keep silent about the
comission of the crime.  So it will be with people breaking into their
own TCPA-protected computer and application.  Nobody with evidence of
the crime is interested in reporting the crime, nor in stopping
further crimes.

Yes, the TCPA hardware introduces difficulties.  If there is way
around them in software, then someone need only write it once.  The
whole TCPA house of cards relies on no card ever falling down.  Once
it falls down, people have unrestricted access to content.  And that
means that we go back to today's game, where the contents of CDs are
open and available for modification.  Someone could distribute a pile
of random bits, which, when xored with the encrypted copy, becomes
an unencrypted copy.

-- 
-russ nelson  http://russnelson.com |
Crynwr sells support for free software  | PGPok | businesses persuade
521 Pleasant Valley Rd. | +1 315 268 1925 voice | governments coerce
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   |

Re: status of various projects?

[Gabriel Rocha]

On Wed, Aug 14, at 10:58AM, Miles Fidelman wrote:
| It seems like a lot of interesting projects haven't been active for a
| while - notably Free Haven and Eternity Usenet.  Where is the most active
| work, these days,  on distributed publishing systems?

I forwarded this to Roger Dingledine who heads up the FreeHaven project.
His answer is below.


From [EMAIL PROTECTED] Thu Aug 15 16:46:59 2002
Date: Thu, 15 Aug 2002 16:46:59 -0400
From: Roger Dingledine [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: free haven status

At this point, Free Haven has 3 major flaws, and I'm putting it on the
back burner while I address them:

* The reputation system is tricky and won't work. We need to replace the
gossip/credibility system with a mechanism for verifiable transactions.
See http://freehaven.net/doc/cfp02/cfp02.html for more details.

* Retrieval is currently broadcast, which is insane. I'm letting other
projects work on solutions here (eg Chord), and I'll pick my favorite
when the time comes.

* There is no anonymous communications infrastructure. This is the area
we're focusing on currently. See http://mixminion.net/minion-design.pdf
and http://pdos.lcs.mit.edu/tarzan/

--Roger

Re: TCPA not virtualizable during ownership change

[AARG! Anonymous]

Basically I agree with Adam's analysis.  At this point I think he
understands the spec equally as well as I do.  He has a good point
about the Privacy CA key being another security weakness that could
break the whole system.  It would be good to consider how exactly that
problem could be eliminated using more sophisticated crypto.  Keep in
mind that there is a need to be able to revoke Endorsement Certificates
if it is somehow discovered that a TPM has been cracked or is bogus.
I'm not sure that would be possible with straight Chaum blinding or
Brands credentials.  I would perhaps look at Group Signature schemes;
there is one with efficient revocation being presented at Crypto 02.
These involve a TTP but he can't forge credentials, just link identity
keys to endorsement keys (in TCPA terms).  Any system which allows for
revocation must have such linkability, right?

As for Joe Ashwood's analysis, I think he is getting confused between the
endorsement key, endorsement certificate, and endorsement credentials.
The first is the key pair created on the TPM.  The terms PUBEK and PRIVEK
are used to refer to the public and private parts of the endorsement
key.  The endorsement certificate is an X.509 certificate issued on the
endorsement key by the manufacturer.  The manufacturer is also called
the TPM Entity or TPME.  The endorsement credential is the same as the
endorsement certificate, but considered as an abstract data structure
rather than as a specific embodiment.

The PRIVEK never leaves the chip.  The PUBEK does, but it is considered
sensitive because it is a de facto unique identifier for the system,
like the Intel processor serial number which caused such controversy
a few years ago.  The endorsement certificate holds the PUBEK value
(in the SubjectPublicKeyInfo field) and so is equally a de facto unique
identifier, hence it is also not too widely shown.

Schneier on Arming Airplane Pilots (was Re: CRYPTO-GRAM, August 15, 2002)

[R. A. Hettinga]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

My sister-in-law had a brilliantly simple answer to the problem of
hijacking which was, close, but, um, no spliff, :-), to Vin
Suprynowicz's notorious Ganja and Guns Airline column of a few
years back.

She said, on September 12 or so last year, Why don't you have a
certification on your concealed-carry permit that allows you to carry
on an airplane?

That means, like a hazmat certificate on a commercial driver's
license, you've been trained. You know how to shoot on a plane: what
kinds of frangible bullets to use, who to shoot at :-), and so on.
At check-in time, the firearm owner pulls out her concealed-carry
license with the cabin-carry certificate, shows someone the frangible
ammo she's using, and is checked through to the gate.

I figure if even Tim May thinks armed passengers are a bad idea, :-),
and Bruce thinks even arming the *pilots* is a bad idea, I'm
certainly leaning into the wind a bit here, but, I think it's a
*great* idea, myself.

It doesn't matter if someone smuggles a *machine gun* onto the plane,
they don't know *who* is on the plane, with a gun, and *qualified* to
take them out.

Think of it as statistical process control for the rest of us.

Or evolution in action.

Or geodesic warfare.

Cheers,
RAH

PS: I think we're going to *need* counter-attack scenarios on the
net. Like Whit Diffie said, infowar will be fought between
businesses. Governments are too slow, and not, paradoxically, nearly
ubiquitous enough to do the job. All we need is bearer cash, :-),
and, someday, machines even can handle it themselves...

- -





At 3:53 PM -0500 on 8/15/02, Bruce Schneier wrote:


  Arming Airplane Pilots



 It's a quintessentially American solution: our nation's commercial
 aircraft  are at risk, so let's allow pilots to carry guns.  We
 have visions of these  brave men and women as the last line of
 defense on an aircraft, and  courageously defending the cockpit
 against terrorists at 30,000 feet.  I  can just imagine the
 made-for-TV movie.

 Reality is more complicated than television, though. Sometimes,
 security  systems cause more problems than they solve.  Putting
 guns on aircraft will  make us more vulnerable to attack, not less.

 When people think of potential problems with an weapons in a
 cockpit, they  think of accidental shootings in the air, holes in
 the fuselage, and  possibly even equipment shattered by a stray
 bullet.  This is a problem,  certainly, but not a major one. A
 bullet hole is small, and doesn't let a  whole lot of air out.  And
 airplanes are designed to handle equipment  failures -- even
 serious failures -- and remain in the air.  If I ran an  airline, I
 would worry more about accidents involving passengers, who are
 much less able to survive a bullet wound and much more likely to
 sue.

 The real dangers, though, involve the complex systems that must be
 put in  place before the first gun can ride along in the cockpit.
 There are major  areas of risk.

 One, we need a system for getting the gun on the airplane.  How
 does the  pilot get the gun? Does he carry it through the airport
 and onto the  plane?  Is it issued to him after he's in the cockpit
 but before the plane  takes off?  Is it secured in the cockpit at
 all times, even when there is  no one there?  Any one of these
 solutions has its own set of security  vulnerabilities.  The last
 thing we want is for an attacker to exploit one  of these systems
 in order to get himself a gun.  Or maybe the last thing we  want is
 a shootout in a crowded airport.

 Second, we need a procedure for storing the gun on the airplane.
 Does the  pilot carry it on his hip?  Is it locked in a cabinet?
 If so, who has the  key?  Is there one gun, or do the pilot and
 co-pilot each have
 one?  However the system works, it's ripe for abuse.  If the gun is
 always  at the pilot's hip, an attacker can take it away from him
 when he leaves  the cockpit.  (Don't laugh; policemen get their
 guns taken away from them  all the time, and they're trained to
 prevent that.)  If the guns remain in  the cockpit when it is
 unoccupied, we have a whole new set of problems to  worry about.

 Third, we need a system of training pilots in gun handling and
 marksmanship.  Guns require training to use well; how much training
 can we  expect our pilots to have?  This is different from training
 sky
 marshals.  Security is the primary job of a sky marshal; they're
 expected  to learn how to use a gun.  Flying planes is the primary
 job of a pilot.

 Giving pilots guns is a disaster waiting to happen.  The current
 system  spends a lot of time and effort keeping weapons off
 airplanes and out of  airports; the proposed scheme would inject
 thousands of handguns into that  system.  There are just too many
 pilots and too many flights every day;  mistakes will happen.
 Someone will do an inventory one night and find a gun  missing, or
 ten.  Someone will find one left in a 

Re: TCPA not virtualizable during ownership change (Re: Overcoming the potential downside of TCPA)

[Adam Back]

I think a number of the apparent conflicts go away if you carefully
track endorsement key pair vs endorsement certificate (signature on
endorsement key by hw manufacturer).  For example where it is said
that the endorsement _certificate_ could be inserted after ownership
has been established (not the endorsement key), so that apparent
conflict goes away.  (I originally thought this particular one was a
conflict also, until I noticed that.)  I see anonymous found the same
thing.

But anyway this extract from the CC PP makes clear the intention and
an ST based on this PP is what a given TPM will be evaluated based on:

http://niap.nist.gov/cc-scheme/PPentries/CCEVS-020016-PP-TPM1_9_4.pdf

p 20:
| The TSF shall restrict the ability to initialize or modify the TSF 
| data: Endorsement Key Pair [...] to the TPM manufacturer or designee.

(if only they could have managed to say that in the spec).

Adam
--
http://www.cypherspace.org/adam/

employment market for applied cryptographers?

[Adam Back]

On the employment situation... it seems that a lot of applied
cryptographers are currently unemployed (Tim Dierks, Joseph, a few
ex-colleagues, and friends who asked if I had any leads, the spate of
recent security consultant .sigs, plus I heard that a straw poll of
attenders at the codecon conference earlier this year showed close to
50% out of work).

Are there any more definitive security industry stats?  Are applied
crypto people suffering higher rates of unemployment than general
application programmers?  (From my statistically too small sample of
acquaintances it might appear so.)

If this is so, why is it?

- you might think the physical security push following the world
political instability worries following Sep 11th would be accompanied
by a corresponding information security push -- jittery companies
improving their disaster recovery and to a lesser extent info sec
plans.

- governments are still harping on the info-war hype, national
information infrastructure protection, and the US Information Security
Czar Clarke making grandiose pronouncements about how industry ought
to do various things (that the USG spent the last 10 years doing it's
best to frustrate industry from doing with it's dumb export laws)

- even Microsoft has decided to make a play of cleaning up it's
security act (you'd wonder if this was in fact a cover for Palladium
which I think is likely a big play for them in terms of future control
points and (anti-)competitive strategy -- as well as obviously a play
for the home entertainment system space with DRM)

However these reasons are perhaps more than cancelled by:

- dot-com bubble (though I saw some news reports earlier that though
there is lots of churn in programmers in general, that long term
unemployment rates were not that elevated in general)

- perhaps security infrastructure and software upgrades are the first
things to be canned when cash runs short?  

- software security related contract employees laid off ahead of
full-timers?  Certainly contracting seems to be flat in general, and
especially in crypto software contracts look few and far between.  At
least in the UK some security people are employed in that way (not
familiar with north america).

- PKI seems to have fizzled compared to earlier exaggerated
expectations, presumably lots of applied crypto jobs went at PKI
companies downsizing.  (If you ask me over use of ASN.1 and adoption
of broken over complex and ill-defined ITU standards X.500, X.509
delayed deployment schedules by order of magnitude over what was
strictly necessary and contributed to interoperability problems and I
think significantly to the flop of PKI -- if it's that hard because of
the broken tech, people will just do something else.)

- custom crypto and security related software development is perhaps
weighted towards dot-coms that just crashed.

- big one probably: lack of measurability of security -- developers
with no to limited crypto know-how are probably doing (and bodging)
most of the crypto development that gets done in general, certainly
contributing to the crappy state of crypto in software.  So probably
failure to realise this issue or perhaps just not caring, or lack of
financial incentives to care on the part of software developers.
Microsoft is really good at this one.  The number of times they
re-used RC4 keys in different protocols is amazing!


Other explanations?  Statistics?  Sample-of-one stories?

Adam
--
yes, still employed in sofware security industry; and in addition have
been doing crypto consulting since 97 (http://www.cypherspace.net/) if
you have any interesting applied crypto projects; reference
commissions paid.

Re: TCPA not virtualizable during ownership change

[James A. Donald]

--
On 15 Aug 2002 at 15:26, AARG! Anonymous wrote:
 Basically I agree with Adam's analysis.  At this point I 
 think he understands the spec equally as well as I do.  He 
 has a good point about the Privacy CA key being another 
 security weakness that could break the whole system.  It 
 would be good to consider how exactly that problem could be 
 eliminated using more sophisticated crypto.

Lucky claims to have pointed this out two years ago, proposed 
more sophisticated crypto, and received a hostile reception.

Which leads me to suspect that the capability of the powerful 
to break the system is a designed in feature.  

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 JjoH8U8qZ1eOdT/yGjfV7Xz9andBZPeYWaOLC+NP
 2/OJG2MZSnAqcyuvUsNZTsQAcffGGST6LJ7e9vFbK

Re: Overcoming the potential downside of TCPA

[Jay Sulzberger]

On Thu, 15 Aug 2002, Anonymous wrote:

 [Repost]

 Joe Ashwood writes:

  Actually that does nothing to stop it. Because of the construction of TCPA,
  the private keys are registered _after_ the owner receives the computer,
  this is the window of opportunity against that as well.

 Actually, this is not true for the endoresement key, PUBEK/PRIVEK, which
 is the main TPM key, the one which gets certified by the TPM Entity.
 That key is generated only once on a TPM, before ownership, and must
 exist before anyone can take ownership.  For reference, see section 9.2,
 The first call to TPM_CreateEndorsementKeyPair generates the endorsement
 key pair. After a successful completion of TPM_CreateEndorsementKeyPair
 all subsequent calls return TCPA_FAIL.  Also section 9.2.1 shows that
 no ownership proof is necessary for this step, which is because there is
 no owner at that time.  Then look at section 5.11.1, on taking ownership:
 user must encrypt the values using the PUBEK.  So the PUBEK must exist
 before anyone can take ownership.

  The worst case for
  cost of this is to purchase an additional motherboard (IIRC Fry's has them
  as low as $50), giving the ability to present a purchase. The
  virtual-private key is then created, and registered using the credentials
  borrowed from the second motherboard. Since TCPA doesn't allow for direct
  remote queries against the hardware, the virtual system will actually have
  first shot at the incoming data. That's the worst case.

 I don't quite follow what you are proposing here, but by the time you
 purchase a board with a TPM chip on it, it will have already generated
 its PUBEK and had it certified.  So you should not be able to transfer
 a credential of this type from one board to another one.

 ... /

But I think you claimed No root key..  Is this not a root key?

oo--JS.