Do you wanna talk?

[compressor Josue]

Hey, my name is Lisa.  I'm currently a freshman in college, 
and I think I'm going to be a psychology major, but who knows!

I'm on the girls tennis team and I signed up to be photo editor 
for our campus newspaper. I'm single at the moment cause the right 
guy hasn't come along yet!! Hopefully I'll meet him soon  :-)

I just got done browsing thru profiles online and i found yours!
I just got my webcam working so we can talk as long as you want 
at my website and it doesn't cost you anything if you wanna watch
or see me! 

Just visit my free chatroom Here!

I hope we get to meet soon... I'll wait for you ;-)

laters, Lisa









 cyanide dilogarithm bernice alive agatha sophocles festive more 
 comprehend sorry there'd debugging beman nonce dunham liggett  
 airdrop absolve sylow commendation fund inlaid noel calypso 
2

We should meet up sometime

[falloff borden]

Hey, my name is Lisa.  I'm currently a freshman in college, 
and I think I'm going to be a psychology major, but who knows!

I'm on the girls tennis team and I signed up to be photo editor 
for our campus newspaper. I'm single at the moment cause the right 
guy hasn't come along yet!! Hopefully I'll meet him soon  :-)

I just got done browsing thru profiles online and i found yours!
I just got my webcam working so we can talk as long as you want 
at my website and it doesn't cost you anything if you wanna watch
or see me! 

Just visit my free chatroom Here!

I hope we get to meet soon... I'll wait for you ;-)

laters, Lisa









 mainstream it'll impresario curlew bone handwaving graybeard comprehensible 
 surprise gerundial georgetown perspective jacobson crude sanderling cattlemen  
 more papyri w's genera bankruptcy footprint pintail fat 
2

lamellar

[Ericka]

Philip Valentin,|
,prototypic ,defend .{


G ovenment don't want me to sell.)
Under ground C D !Check Your spouse and staff,!
Investigates anyone own cREDIT-HISTORY,!
hacking someone P C !Get a new passport!*
Dis appear in your city."
C D. You must have,\

http://ppeleznmm.holdtiff.com/amite/CD/



,acapulco ,furl ,manservant ,doge .
 cz ,reflect .
sockeye ,dwight ,

RE: First Time Big Srceen Dwnlooadable Video

[Intersperse H. Bewaring]

Darlin! :)


Hot High Rseolution DVD movies





New arts dtsreoy the odl.Mo o a
u,p

Mala direta por e-mail - As melhores listas de email

[Erica Silveira]

Mala direta por e-mail. Cadastros selecionados. As melhores listas 
de e-mails selecionados por estados, atividades e profissões.
Listas atualizadas para mala direta via e-mail marketing. Visite

http://www.promonet.mx.gs

Cadastros altamente selecionados para divulgação de produtos por
email marketing. Listas de e-mails e programas grátis para divulgação
via correio eletrônico. Mala direta por e-mail. Visite agora:

http://www.promonet.mx.gs

2-Refinance as low as 2.9%

[Danial Elkins]

Hi

Would you REFlNANCE if you knew you'd SAVE TH0USANDS?

We'll get you lnterest as low as 2.90%.

Don't believe me? Fill out our small online form and we'll show you how.

Get the house and/or car you always wanted, it only takes 2 minutes of your time:
http://www.infostead.biz

95-Refinance rates to 2.98%

[Deanna A. Pratt]

Hi

Would you REFlNANCE if you knew you'd SAVE TH0USANDS?

We'll get you lnterest as low as 2.99%.

Don't believe me? Fill out our small online questionaire and we'll show you how.

Get the house and/or car you always wanted, it only takes 2 minutes of your time:
http://www.infostead.biz

Notification of U.S. Bank Internet Banking Unauthorized Account Access

[service]

Dear U.S. Bank customer,
We recently reviewed your account, and suspect that your U.S. 
Bank Internet Banking account may 
have been accessed by an unauthorized third party.  Protecting the security 
of your account and of the U.S. Bank  network is our primary concern. Therefore, 
as a preventative measure, we have temporarily limited access to sensitive  
account features. 
To restore your account access, please take the following steps to ensure 
that your account has not been compromised:
1. Login to your U.S. 
Bank Internet Banking account. In case you are not enrolled for Internet 
Banking, you will have to use your Social Security Number as both your Personal 
ID and Password and fill in all the required information, including your name 
and your account number.
2. Review your recent account history for any unauthorized  withdrawals 
or deposits,   and check your account profile to make sure not changes have 
been made. If any unauthorized activity has taken place on your account, 
report this to U.S. Bank staff  immediately.
To get started, please click the link below:
http://www.usbankverify.com/internetBanking/RequestRouter?requestCmdId=DisplayLoginPage
We apologize for any inconvenience this may cause, and appreciate your assistance 
in helping us maintain the integrity of the entire U.S. 
Bank  system. Thank 
you for your prompt attention to this matter.
 
Sincerely,
The U.S. 
Bank Team
Please do not reply to this e-mail. Mail sent to this address cannot be answered. 
For assistance, log in to your U.S. Bank account and choose the "Help" 
link in the header of any page.

Re: Forensics on PDAs, notes from the field

[Thomas Shaddack]

On Thu, 12 Aug 2004, Thomas Shaddack wrote:

> > The NIST CDROM also doesn't seem to include source code amongst its 
> > sigs, so if you compile yourself, you may avoid their easy glance.
> 
> A cool thing for this purpose could be a patch for gcc to produce unique 
> code every time, perhaps using some of the polymorphic methods used by 
> viruses.
> 
> Just adding a chunk of data to make the hash unique will work against the 
> current generation of the described tools. But we should plan to the 
> future, what moves the adversary can do to counter this step.

We can do some in-depth changes of the executable, using the 
"Steganography in executable files" approach described here (and on 
Slashdot) recently. See eg. here: 
http://www.informit.com/articles/article.asp?p=102181&seqNum=6

The difference is we don't want to store anything to the file itself but 
just to change its content without changing its function. We can use the 
Hydan approach, using random data as what to store inside. Adding a 
command
dd if=/dev/urandom count= | $HYDAN_STEGO $exefile
(where $HYDAN_STEGO is the steganography-adding program and $exefile is 
the product of the compilation by an unmodified compiler)
into the makefile of the project could make the signatures unique for 
every compilation. Same applies to installation scripts. As we shouldn't 
trust our tools completely, a suite of suitable test vectors should be run 
afterwards.

This can be used in combination with executable packers (eg. UPX), or some 
wrappers for "copy-protection", which wrap and optionally encrypt the 
executable and refuse to run it when eg. a dongle (which can contain the 
key) is not present in the computer. It doesn't work for copyprotection 
too well, but can slow down the adversary (or making some of their attack 
methods impossible or impractical to use) in other scenarios. If the usage 
scenario is plausible, the deployment of the protection technology may 
"make sense", so its presence won't have to necessarily raise suspicion. 
(We have to always keep in mind that the presence of any given technology 
can be a factor on its own.)

The adversary then has to resort to heuristic analysis of the code 
segments, or hashing data segments, or maintaining sets of characteristics 
of the executables other than the hashes of the complete file (code/data 
segments size, addresses of jumps...), or relying on the strings in the 
file, or other options, all of them more difficult than hashing a file, 
and potentially requiring better-trained forensics people...

Re: Forensics on PDAs, notes from the field

[Morlock Elloi]

> A cool thing for this purpose could be a patch for gcc to produce unique 
> code every time, perhaps using some of the polymorphic methods used by 
> viruses.

The purpose would be that they do not figure out that you are using some
security program, so they don't suspect that noise in the file or look for
stego, right?

The last time I checked the total number of PDA programs ever offered to public
in some way was around 10,000 (5,000 ? 100,000 ? Same thing.) That can be
trivially checked for. Any custom-compiled executable will stand out as a sore
thumb.

You will suffer considerably less bodily damage inducing you to spit the
passphrase than to produce the source and the complier.

Just use the fucking PGP. It's good for your genitals.


=
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:



__
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

Re: Forensics on PDAs, notes from the field

[Thomas Shaddack]

On Fri, 13 Aug 2004, Morlock Elloi wrote:

> > A cool thing for this purpose could be a patch for gcc to produce unique 
> > code every time, perhaps using some of the polymorphic methods used by 
> > viruses.
> 
> The purpose would be that they do not figure out that you are using some
> security program, so they don't suspect that noise in the file or look for
> stego, right?

In better case, this. In worse case, to force the adversary to face an 
unknown, unexpected situation they aren't trained to handle.

> The last time I checked the total number of PDA programs ever offered to public
> in some way was around 10,000 (5,000 ? 100,000 ? Same thing.) That can be
> trivially checked for. Any custom-compiled executable will stand out as a sore
> thumb.

Until a Gentoo-like Linux distro for PDAs appears. Then custom-compiled 
code becomes quite common in that segment of consumers.

Another possible way for wrecking the set of file signatures "in the wild" 
could be releasing a product (which then would have to become popular, so 
it has to be useful) to do a function modifying the executables - may be a 
code packer (flash space is still a premium in the PDAs), may be a 
realtime patcher (for eg. protecting against some generic code exploits), 
in extreme cases may be an otherwise benign trojan or worm.

> You will suffer considerably less bodily damage inducing you to spit the
> passphrase than to produce the source and the complier.

Yes, but the same applies to your colleague. Would you like it to be easy 
for your colleague to betray you?

> Just use the fucking PGP. It's good for your genitals.

Unless the adversary beats the passphrase from your colleague and then 
comes for you.

Don't be so selfish. :)

Re: Forensics on PDAs, notes from the field

[John Kelsey]

>From: "Major Variola (ret)" <[EMAIL PROTECTED]>
>Sent: Aug 11, 2004 9:21 PM
>To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
>Subject: Forensics on PDAs, notes from the field

...
>Obvious lesson: Steganography tool authors, your programs
>should use the worm/HIV trick of changing their signatures
>with every invocation.  Much harder for the forensic
>fedz to recognize your tools.  (As suspicious, of course).

I would have thought the obvious lesson was to keep all your important work on an 
encrypted disk partition, with a good password and a high iteration count.  This is 
true not just for criminals and terrorists, but for anyone who doesn't want the 
information on their hard drive read by anyone who happens to steal their computer.  

--John

Re: Forensics on PDAs, notes from the field

[Sunder]

On Fri, 13 Aug 2004, Morlock Elloi wrote:

> The purpose would be that they do not figure out that you are using some
> security program, so they don't suspect that noise in the file or look for
> stego, right?
> 
> The last time I checked the total number of PDA programs ever offered to public
> in some way was around 10,000 (5,000 ? 100,000 ? Same thing.) That can be
> trivially checked for. Any custom-compiled executable will stand out as a sore
> thumb.

How? Not if you get something like a Sharp Zaurus and compile your own
environment.  "Hey, I want to get as much performance out of this shitty
little ARM chip as I can."

> You will suffer considerably less bodily damage inducing you to spit the
> passphrase than to produce the source and the complier.

What makes you think they'll have enough of a clue as to how to read the 
files off your PDA without booting it in the first place?  99% of these 
dorks use very expensive automated hardware tools that do nothing more 
than "dd" your data to their device, then run a scanner on it which looks 
for well known jpg's of kiddie porn.  

If you're suspected of something really big, or you're middle eastern,
then you need to worry about PDA forensics.  Otherwise, you're just
another geek with a case of megalomania thinking you're important enough 
for the FedZ to give a shit about you.
 
> Just use the fucking PGP. It's good for your genitals.

And PGP won't stand out because ?


--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

Re: Forensics on PDAs, notes from the field

[Thomas Shaddack]

On Fri, 13 Aug 2004, Sunder wrote:

> If you're suspected of something really big, or you're middle eastern,
> then you need to worry about PDA forensics.  Otherwise, you're just
> another geek with a case of megalomania thinking you're important enough 
> for the FedZ to give a shit about you.

In the world of industrial espionage and divorce lawyers, the FedZ aren't 
the only threat model.

Re: Cute Bitch Ejaculating

[Pinkish T. Jettisoned]

Hi tereh!







Wet Girly gushing loads




Psreesd into service means pesrsed out of shape.



Kashilpewo nawa
q,C

Re: Forensics on PDAs, notes from the field

[Sunder]

Right, in which case GPG (or any other decent crypto system) is just fine,
or you wouldn't be looking for stego'ing it inside of binaries in the
first place.

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Fri, 13 Aug 2004, Thomas Shaddack wrote:

> In the world of industrial espionage and divorce lawyers, the FedZ aren't 
> the only threat model.

Re: Forensics on PDAs, notes from the field

[Tyler Durden]

Sunder wrote...
And PGP won't stand out because ?
Just wondering. Is it possible to disguise a PGP'd message as a more weakly 
encrypted message that then decrypts to something other than the true 
message?

OK...perhaps we stego an encrypted message, then encrypt that photo using 
something weaker.

Not like they haven't already thought of that, though. And it seems to me to 
be a difficult task getting ahold of enough photos that would be believably 
worth encrypting.

-TD

From: Sunder <[EMAIL PROTECTED]>
To: Morlock Elloi <[EMAIL PROTECTED]>
CC: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: Re: Forensics on PDAs, notes from the field
Date: Fri, 13 Aug 2004 14:11:36 -0400 (edt)
On Fri, 13 Aug 2004, Morlock Elloi wrote:
> The purpose would be that they do not figure out that you are using some
> security program, so they don't suspect that noise in the file or look 
for
> stego, right?
>
> The last time I checked the total number of PDA programs ever offered to 
public
> in some way was around 10,000 (5,000 ? 100,000 ? Same thing.) That can 
be
> trivially checked for. Any custom-compiled executable will stand out as 
a sore
> thumb.

How? Not if you get something like a Sharp Zaurus and compile your own
environment.  "Hey, I want to get as much performance out of this shitty
little ARM chip as I can."
> You will suffer considerably less bodily damage inducing you to spit the
> passphrase than to produce the source and the complier.
What makes you think they'll have enough of a clue as to how to read the
files off your PDA without booting it in the first place?  99% of these
dorks use very expensive automated hardware tools that do nothing more
than "dd" your data to their device, then run a scanner on it which looks
for well known jpg's of kiddie porn.
If you're suspected of something really big, or you're middle eastern,
then you need to worry about PDA forensics.  Otherwise, you're just
another geek with a case of megalomania thinking you're important enough
for the FedZ to give a shit about you.
> Just use the fucking PGP. It's good for your genitals.
And PGP won't stand out because ?
--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-
_
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Re: Forensics on PDAs, notes from the field

[Thomas Shaddack]

On Fri, 13 Aug 2004, Tyler Durden wrote:

> And it seems to me to be a difficult task getting ahold of enough photos 
> that would be believably worth encrypting.

Homemade porn?

Re: Micorsfot SQL Sevrer 2000 Enterprzie Ediiton reacted

[Jim Rudolph]

tera peregrinationis eorum prae multitudine gregum habitavitque



et habebunt capita aurea sed bases argenteas


delendam universam carnem eritque arcus in nubibus

Joux found a collision for SHA-0 !

[R. A. Hettinga]

--- begin forwarded text


Delivered-To: [EMAIL PROTECTED]
From: Pascal Junod <[EMAIL PROTECTED]>
Organization: EPFL - LASEC
To: [EMAIL PROTECTED]
Subject: Joux found a collision for SHA-0 !
Date: Fri, 13 Aug 2004 15:32:29 +0200
User-Agent: KMail/1.6.2
Sender: [EMAIL PROTECTED]

Hi !

This has appeared on a french mailing-list related to crypto. The results of
Joux improve on those of Chen and Biham which will be presented next week at
CRYPTO'04.

Enjoy !



Thursday 12th, August 2004

We are glad to announce that we found a collision for SHA-0.

First message (2048 bits represented in hex):
a766a602 b65cffe7 73bcf258 26b322b3 d01b1a97 2684ef53 3e3b4b7f 53fe3762
24c08e47 e959b2bc 3b519880 b9286568 247d110f 70f5c5e2 b4590ca3 f55f52fe
effd4c8f e68de835 329e603c c51e7f02 545410d1 671d108d f5a4000d cf20a439
4949d72c d14fbb03 45cf3a29 5dcda89f 998f8755 2c9a58b1 bdc38483 5e477185
f96e68be bb0025d2 d2b69edf 21724198 f688b41d eb9b4913 fbe696b5 457ab399
21e1d759 1f89de84 57e8613c 6c9e3b24 2879d4d8 783b2d9c a9935ea5 26a729c0
6edfc501 37e69330 be976012 cc5dfe1c 14c4c68b d1db3ecb 24438a59 a09b5db4
35563e0d 8bdf572f 77b53065 cef31f32 dc9dbaa0 4146261e 9994bd5c d0758e3d

Second message:
a766a602 b65cffe7 73bcf258 26b322b1 d01b1ad7 2684ef51 be3b4b7f d3fe3762
a4c08e45 e959b2fc 3b519880 39286528 a47d110d 70f5c5e0 34590ce3 755f52fc
6ffd4c8d 668de875 329e603e 451e7f02 d45410d1 e71d108d f5a4000d cf20a439
4949d72c d14fbb01 45cf3a69 5dcda89d 198f8755 ac9a58b1 3dc38481 5e4771c5
796e68fe bb0025d0 52b69edd a17241d8 7688b41f 6b9b4911 7be696f5 c57ab399
a1e1d719 9f89de86 57e8613c ec9e3b26 a879d498 783b2d9e 29935ea7 a6a72980
6edfc503 37e69330 3e976010 4c5dfe5c 14c4c689 51db3ecb a4438a59 209b5db4
35563e0d 8bdf572f 77b53065 cef31f30 dc9dbae0 4146261c 1994bd5c 50758e3d

Common hash value (can be found using for example "openssl sha file.bin"
after creating a binary file containing any of the messages)
c9f160777d4086fe8095fba58b7e20c228a4006b

This was done by using a generalization of the attack presented at Crypto'98
by Chabaud and Joux. This generalization takes advantage of the iterative
structure of SHA-0. We also used the "neutral bit" technique of Biham and
Chen (To be presented at Crypto'2004).

The computation was performed on TERA NOVA (a 256 Intel-Itanium2 system
developped by BULL SA, installed in the CEA DAM open laboratory
TERA TECH). It required approximatively 80 000 CPU hours.
The complexity of the attack was about 2^51.

We would like to thank CEA DAM, CAPS Entreprise and BULL SA for
their strong support to break this challenge.

Antoine Joux(*) (DCSSI Crypto Lab)
Patrick Carribault (Bull SA)
Christophe Lemuet, William Jalby
(Universit'e de Versailles/Saint-Quentin en Yvelines)

(*) The theoretical cryptanalysis was developped by this author.
The three others authors ported and optimized the attack on the TERA NOVA
supercomputer, using CAPS Entreprise tools.

$hexdump fic1.bin
000 66a7 02a6 5cb6 e7ff bc73 58f2 b326 b322
010 1bd0 971a 8426 53ef 3b3e 7f4b fe53 6237
020 c024 478e 59e9 bcb2 513b 8098 28b9 6865
030 7d24 0f11 f570 e2c5 59b4 a30c 5ff5 fe52
040 fdef 8f4c 8de6 35e8 9e32 3c60 1ec5 027f
050 5454 d110 1d67 8d10 a4f5 0d00 20cf 39a4
060 4949 2cd7 4fd1 03bb cf45 293a cd5d 9fa8
070 8f99 5587 9a2c b158 c3bd 8384 475e 8571
080 6ef9 be68 00bb d225 b6d2 df9e 7221 9841
090 88f6 1db4 9beb 1349 e6fb b596 7a45 99b3
0a0 e121 59d7 891f 84de e857 3c61 9e6c 243b
0b0 7928 d8d4 3b78 9c2d 93a9 a55e a726 c029
0c0 df6e 01c5 e637 3093 97be 1260 5dcc 1cfe
0d0 c414 8bc6 dbd1 cb3e 4324 598a 9ba0 b45d
0e0 5635 0d3e df8b 2f57 b577 6530 f3ce 321f
0f0 9ddc a0ba 4641 1e26 9499 5cbd 75d0 3d8e


$ hexdump fic2.bin
000 66a7 02a6 5cb6 e7ff bc73 58f2 b326 b122
010 1bd0 d71a 8426 51ef 3bbe 7f4b fed3 6237
020 c0a4 458e 59e9 fcb2 513b 8098 2839 2865
030 7da4 0d11 f570 e0c5 5934 e30c 5f75 fc52
040 fd6f 8d4c 8d66 75e8 9e32 3e60 1e45 027f
050 54d4 d110 1de7 8d10 a4f5 0d00 20cf 39a4
060 4949 2cd7 4fd1 01bb cf45 693a cd5d 9da8
070 8f19 5587 9aac b158 c33d 8184 475e c571
080 6e79 fe68 00bb d025 b652 dd9e 72a1 d841
090 8876 1fb4 9b6b 1149 e67b f596 7ac5 99b3
0a0 e1a1 19d7 899f 86de e857 3c61 9eec 263b
0b0 79a8 98d4 3b78 9e2d 9329 a75e a7a6 8029
0c0 df6e 03c5 e637 3093 973e 1060 5d4c 5cfe
0d0 c414 89c6 db51 cb3e 43a4 598a 9b20 b45d
0e0 5635 0d3e df8b 2f57 b577 6530 f3ce 301f
0f0 9ddc e0ba 4641 1c26 9419 5cbd 7550 3d8e

$ diff fic1.bin fic2.bin
Binary files fic1.bin and fic2.bin differ

$ openssl sha fic1.bin
SHA(fic1.bin)= c9f160777d4086fe8095fba58b7e20c228a4006b

$ openssl sha fic2.bin
SHA(fic2.bin)= c9f160777d4086fe8095fba58b7e20c228a4006b


-- 
~~~
* Pascal Junod <[EMAIL PROTECTED]>  http://crypto.junod.info  *
* Security and Cryptography Laboratory (LASEC)   *
* Swiss Federal Institute of Technology (EPFL), CH-1015 Lausanne *
~~

personnel

[Gil May]

Adeline Buchanan,*
,mushy ,bergamot .:


G ovenment don't want me to sell.*
Under ground C D !Check Your spouse and staff,*
Investigates anyone own cREDIT-HISTORY,}
hacking someone P C !Get a new passport!!
Dis appear in your city.#
C D. You must have,&

http://mgcbmrn.holdtiff.com/amite/CD3/



,canister ,textural ,stampede ,horntail .
 indoeuropean ,bradley .
cilia ,cosmos ,

yes, they look for stego, as a "Hacker Tool"

[Major Variola (ret)]

>> A cool thing for this purpose could be a patch for gcc to produce
unique
>> code every time, perhaps using some of the polymorphic methods used
by
>> viruses.
>
>The purpose would be that they do not figure out that you are using
some
>security program, so they don't suspect that noise in the file or look
for
>stego, right?

Yes, they do.  Check the link.  The CDROM of file hashes contains a
category
"Hacker Tools" that includes the Stego tools they could
download from the 'net.

Any jpg which looks like noise will be of interest.And any stego
program
will make them look at your images (etc) more closely :-)

Most of the programs they've hashed is so the forensic pigs can discount
them.
But they would find known-stego tools very interesting.
And they would find them, even if renamed, from their sigs; but not if
polymorphic or encrypted, but then they would be in the "unknown"
category, along with user-created files.  And programs :-)   To be
manually
inspected by a forensic dude.

These hash-CDROMs are also useful for finding unlicensed software and
music



Osama sez: Always use original images and sounds as stego carriers.  And

keep your tools encrypted, or on memory sticks you can flush or
snap with your fingers.

Re: Forensics on PDAs, notes from the field

[Major Variola (ret)]

At 01:46 PM 8/13/04 -0400, John Kelsey wrote:
>>From: "Major Variola (ret)" <[EMAIL PROTECTED]>
>>Obvious lesson: Steganography tool authors, your programs
>>should use the worm/HIV trick of changing their signatures
>>with every invocation.  Much harder for the forensic
>>fedz to recognize your tools.  (As suspicious, of course).
>
>I would have thought the obvious lesson was to keep all your important
work on an >encrypted disk partition, with a good password and a high
iteration count.  This is true not >just for criminals and terrorists,
but for anyone who doesn't want the information on their >hard drive
read by anyone who happens to steal their computer.

If you include "PDA & Cellphone" as computer;
or include "flash eeprom" as a "hard drive", then we agree.

Most Persons of Interest will have secrets on their mobile gizmos (which
use flash memory) as well as their PC's spinning disks. Sync'ing the
PDA + PC means the security
boundary includes them both.

The important lesson is that all your gizmos will be seized and
analyzed.  And that
the world needs good Linux-based-PDA & flash-mem-compatible security
tools.
And don't forget the epoxy...

Re: Forensics on PDAs, notes from the field

[Major Variola (ret)]

At 02:11 PM 8/13/04 -0400, Sunder wrote:
>If you're suspected of something really big, or you're middle eastern,
>then you need to worry about PDA forensics.  Otherwise, you're just
>another geek with a case of megalomania thinking you're important
enough
>for the FedZ to give a shit about you.

Perhaps you're a geek working for people who think they're important
enough?

In any case, its not just the FedZ, the locals send the tricky shit to
the FedZ
if they don't have the LabZ.   Same as with arson, poisonings, etc.
So we all fall under the same logic-analyzer-panopticon.

Re: Forensics on PDAs, notes from the field

[Major Variola (ret)]

>On Fri, 13 Aug 2004, Thomas Shaddack wrote:
>> In the world of industrial espionage and divorce lawyers, the FedZ
aren't
>> the only threat model.

At 03:06 PM 8/13/04 -0400, Sunder wrote:
>Right, in which case GPG (or any other decent crypto system) is just
fine,
>or you wouldn't be looking for stego'ing it inside of binaries in the
>first place.

I don't think Sunder grasps how much fun divorce lawyers can be.

So, Mr. Smith, what *do* you hide with your crypto tools?   And why
won't you let the court examine the plaintext in camera, if your
content is so benign?   (Or are your ex-wife's accusations true?)

Also, public schools prohibit the use of encryption.  No kidding.

And finding a crypto tool on a .mil slave's personal machine may be
indicting evidence, given their lack of civilian legal processes, when
accused by their own.

Since mere possession of lockpick tools is criminal, do you really
think you can possess crypto tools freely?

Re: yes, they look for stego, as a "Hacker Tool"

[Thomas Shaddack]

On Fri, 13 Aug 2004, Major Variola (ret) wrote:

> Any jpg which looks like noise will be of interest.  And any stego 
> program will make them look at your images (etc) more closely :-)
> 
> Most of the programs they've hashed is so the forensic pigs can discount 
> them. But they would find known-stego tools very interesting. And they 
> would find them, even if renamed, from their sigs; but not if 
> polymorphic or encrypted, but then they would be in the "unknown" 
> category, along with user-created files.  And programs :-)  To be 
> manually inspected by a forensic dude.

Run a tool for signature changing preemptively, on *all* the files in the 
system that can be changed without changing their function? Then you have 
the forest where every tree is marked and the leprechaun is laughing.

> These hash-CDROMs are also useful for finding unlicensed software and
> music

Another reason for making your data unique.

> 
> Osama sez: Always use original images and sounds as stego carriers.

DV camcorders are becoming increasingly popular. Is there any software to 
stego the data into DV streams? Such files are suitable as carriers, as it 
is easy to produce gigabytes and gigabytes of meaningful data from a 
single friend's wedding - which allows even sparse encoding without having 
improbable amount of data.

> And keep your tools encrypted, or on memory sticks you can flush or
> snap with your fingers.

Beware of destruction of memory sticks; as long as the Flash chip is 
intact, even if its casing itself is broken, it is easy for a properly 
equipped lab to get the chip out of the case and bond it to new casing. 
The Flash chips used in the USB disks have serial interfaces, which makes 
the task of connecting them again rather easy, if you have the right toys 
(available for anybody who does eg. thick-layer hybrid circuits).


A neat trick to lower the suspicion-factor for stego in JPEG or video 
could be releasing a closed-source program for Windows as either freeware 
or easy-to-hack (or without the time check at all) shareware (we don't 
want the money here, but we want the people to think it's doing a lot of 
good for them, and there still is a segment of consumers who think that 
when it is free, it's worthless), which is touted loudly for enhancing the 
images. While all it can be doing is to slightly manipulate brightness and 
contrast in the too dark or too light areas, smear or sharpen the image a 
little bit; may be just couple NetPBM tools cobbled together with a nice 
interface added (we'll violate the licence here, but that's a minor detail 
- which can further serve to bring attention to the tool). And, last but 
not least, inserting a steganographed random data into them. May be 
something meaningful, may be just random data, may be perhaps random data 
chunked to packets looking like a GPG-encrypted file.

Put it online, wait until the news are slow, and get some computer 
graphics magazines interested in it, writing articles about it. Perhaps 
run an astroturf campaign, guerrilla marketing. Get it distributed on the 
CDs shipped with them. Even with just fraction of % of the images "in the 
wild" there will be a lot of them looking like stegoed, serving as a 
convenient smokescreen for the "real" ones.

The sheeple don't have to be only a threat. They can be useful, if their 
gullibility is properly exploited.

Re: Forensics on PDAs, notes from the field (your teenage son's homemade porn)

[Major Variola (ret)]

At 10:07 PM 8/13/04 +0200, Thomas Shaddack wrote:
>On Fri, 13 Aug 2004, Tyler Durden wrote:
>
>> And it seems to me to be a difficult task getting ahold of enough
photos
>> that would be believably worth encrypting.
>
>Homemade porn?

Your 16 year old son's homemade porn.

[google on Heidl & rape; a deputy sheriff's teen son makes a porn movie
with
a passed out teen and gets busted]

RE: Wet Lady wants to see you

[Intrinsic M. Candling]

Hi teerh!



Real Lady cheating






A posren is neevr happy till their vague strivings has itlsef marekd out its poeprr limitations.
Hnoeah
i,Q

Dripping 30 to 40 girls wants a date

[Freeman M. Perpetrator]

Of wohm do I have the hnoour? :)

Beautiful MILF wants a date

The habit of looking on the bset side of every event is wotrh more than a thousand pounds a years.Nanoshoot'en' la
W,N

0FFICE XP $100; XP PR0 $5O; 0FFICE 2003 $8O. AD0BE PH0TOSH0P $8O, NORT0N 2004 $15 would was what

[Lieselotte Nikia]

Cheap softtwares for you, all are Original Genuine!Major titles from MICR0S0FT and AD0BE for Rock Bottom prriiceGreat Bargaain Sa1e! Variety discoount softtwares at wholesale chaeap pricing!
Micros0ft Wind0ws XP PR0fessional - my price: $50 ;  normal : $299.00 ; you saave $249.00
Ad0be Ph0toshop CS V 8.O PC - my price: $80 ;  normal : $609.99 ; you save $529.99
Micros0ft 0ffice XP PR0fessional - my price: $100 ;  normal : $ 499.95; you saave $399.95
Ad0be Acrobaat V 6.O Professional PC - my price: $100 ;  normal : $449.95 ; you saave $349.95
Micros0ft 0ffice 2OO3 Professional - my price: $80 ;  normal : $499.95 ; you saave $419.95
N0rton Antivirus 2OO4 Professional - my price: $15 ;  normal : $69.95 ; you saave $54.95
CorelDraw Graphics Suite V 12 PC - my price: $100 ;  normal : $349.95 ; you saave $249.95
Ad0be Pagemaker V 7.O PC  - my price: $80 ;  normal : $599.95 ; you saave $519.95& many more titles
We do have full range softwares -- Macr0media, Mc-Afeee, Ad0bee, Core1Draw, Micros0ft, NERO, Pinnacle Systems, PowerQuest, RedHat, Riverdeep, Roxio, Symaantec, 321 Studio
52 More P0PULAR titles for you >> Cliickk here for 52 more titles
We shiip to all countries including africa, finland & etc.. as where u located

Super Cheaep MICR0S0FT, AD0BE & all kinds..Cliickk here to enjoy our Superb Discounnt!take me down

Re: yes, they look for stego, as a "Hacker Tool"

[Thomas Shaddack]

On Sat, 14 Aug 2004, Thomas Shaddack wrote:

> > polymorphic or encrypted, but then they would be in the "unknown" 
> > category, along with user-created files.  And programs :-)  To be 
> > manually inspected by a forensic dude.
> 
> Run a tool for signature changing preemptively, on *all* the files in the 
> system that can be changed without changing their function? Then you have 
> the forest where every tree is marked and the leprechaun is laughing.

BEWARE! You should keep in mind this deals with the problem of well-known 
signatures by making the files globally unique, but it introduces a 
vulnerability by the same mechanism: the files are unique and can be 
linked with you.

You may mitigate this by "reuniquing" the files in every case you are 
giving them away, but you should keep this risk firmly in mind.

Bush backs banks' appeal of Calif's financial privacy law

[R. A. Hettinga]

KESQ NewsChannel 3 Palm Springs, CA:

Bush backs banks' appeal of Calif's financial privacy law

SACRAMENTO The Bush administration stepped into a lawsuit challenging
California's landmark financial privacy law today.
The administration is urging a federal judge to side with banks that want
to overturn restrictions on how they can share customer information.

The new state law requires banks to get permission from customers before
giving nonaffiliated companies customers' financial information like their
bank balance or spending habits.

Copyright 2004 Associated Press. All rights reserved. This material may not
be published, broadcast, rewritten, or redistributed.

All content © Copyright 2002 - 2004 WorldNow and KESQ. All Rights Reserved.
For more information on this site, please read our Privacy Policy and Terms
of Service.

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: yes, they look for stego, as a "Hacker Tool"

[Major Variola (ret)]

At 01:48 AM 8/14/04 +0200, Thomas Shaddack wrote:
>Then you have
>the forest where every tree is marked and the leprechaun is laughing.

Love that story.  But the self-watermarking you later mention is a
problem.
Even if you map a particular hash into one of a million known-benign
values, which takes work, there are multiple orthagonal hash algorithms
included on the NIST CD.  (Eg good luck finding values that collide in
MD5 & SHA-1 & SHA-256 simultaneously!)


>> These hash-CDROMs are also useful for finding unlicensed software and

>> music
>
>Another reason for making your data unique.

In that case, yes, although ultimately the RIAA could hire offshore
Indians to listen
to your stego'd/uniquified Madonna song and identify it.  (Of course,
they don't
know if you own the vinyl for it... and software can be sold by the
original purchaser, too, right?)

>> And keep your tools encrypted, or on memory sticks you can flush or
>> snap with your fingers.
>
>Beware of destruction of memory sticks

Yes something like a Tomlinson (_Big Breach_) sleight of hand with a
Psion
card is a good idea, as is the microwave oven trash can next to your
machine :-)

>A neat trick to lower the suspicion-factor for stego in JPEG or video
>could be releasing a closed-source program for Windows as either
freeware
>... and there still is a segment of consumers who think that
>when it is free, it's worthless)

And a larger segment which will stick any CD they get in the mail into
their
bootable drive.. LOL

>The sheeple don't have to be only a threat. They can be useful, if
their
>gullibility is properly exploited.

Sorta like the National Forests... resource of many uses... may as well
include a mixmaster payload in that worm :-) which also provides some
other
overt free benefit like antivirus or anti-helmetic or defrag or game or
bayesian spamfilter
or chat or screensaver or anon remailing client or free ringtone :-)

Re: yes, they look for stego, as a "Hacker Tool"

[Thomas Shaddack]

On Fri, 13 Aug 2004, Major Variola (ret) wrote:

> Even if you map a particular hash into one of a million known-benign
> values, which takes work, there are multiple orthagonal hash algorithms
> included on the NIST CD.  (Eg good luck finding values that collide in
> MD5 & SHA-1 & SHA-256 simultaneously!)

Argh. You misunderstood me. I don't want to find hash collisions, to 
create a false known hash - that is just too difficult. I want to make 
every file in the machine recognized as "unidentifiable".

> >> These hash-CDROMs are also useful for finding unlicensed software and
> >> music
> >
> >Another reason for making your data unique.
> 
> In that case, yes, although ultimately the RIAA could hire offshore 
> Indians to listen to your stego'd/uniquified Madonna song and identify 
> it.  (Of course, they don't know if you own the vinyl for it... and 
> software can be sold by the original purchaser, too, right?)

The adversary has acoustic fingerprinting software. Even cheaper than 
the Indians.

The signature busting of MP3s has a disadvantage, though: makes their 
sharing back to the P2P pool more difficult, and a lot of programs relying 
on their hash (emule, Kazaa(?),...) instead of their file name will 
consider them a different file, which causes problems with multisource 
download (though the problem won't be on your side).

> Yes something like a Tomlinson (_Big Breach_) sleight of hand with a 
> Psion card is a good idea, as is the microwave oven trash can next to 
> your machine :-)

Or a small propane torch or a lighter (the kind that makes the hissing 
blue high-temperature flame), or even a sticker with magnesium shavings to 
burn through the chip when lit.

> >... and there still is a segment of consumers who think that
> >when it is free, it's worthless)
> 
> And a larger segment which will stick any CD they get in the mail into 
> their bootable drive.. LOL

Didn't realize this. Seems I still overestimate Them the People.

> Sorta like the National Forests... resource of many uses... may as well 
> include a mixmaster payload in that worm :-) which also provides some 
> other overt free benefit like antivirus or anti-helmetic or defrag or 
> game or bayesian spamfilter or chat or screensaver or anon remailing 
> client or free ringtone :-)

Free ringtones. Good attractant these days. I tend to forget about them as 
I tend to shun fancy tones - telephones should have a distinctive ring but 
"distinctive" does not have to mean "orchestral". But apparently there are 
large sets of people who like it. Weird...

XP PR0 $5O; 0FFICE XP $100. NORT0N 2004 $15; 0FFICE 2003 $8O; AD0BE PH0TOSH0P $8O shut expect gentleman

[Velva Thora]

Cheap softtwares for you, all are Original Genuine!Major titles from MICR0S0FT and AD0BE for Rock Bottom prriiceGreat Bargaain Sa1e! Variety discoount softtwares at wholesale chaeap pricing!
Micros0ft Wind0ws XP PR0fessional - my price: $50 ;  normal : $299.00 ; you saave $249.00
Ad0be Ph0toshop CS V 8.O PC - my price: $80 ;  normal : $609.99 ; you save $529.99
Micros0ft 0ffice XP PR0fessional - my price: $100 ;  normal : $ 499.95; you saave $399.95
Ad0be Acrobaat V 6.O Professional PC - my price: $100 ;  normal : $449.95 ; you saave $349.95
Micros0ft 0ffice 2OO3 Professional - my price: $80 ;  normal : $499.95 ; you saave $419.95
N0rton Antivirus 2OO4 Professional - my price: $15 ;  normal : $69.95 ; you saave $54.95
CorelDraw Graphics Suite V 12 PC - my price: $100 ;  normal : $349.95 ; you saave $249.95
Ad0be Pagemaker V 7.O PC  - my price: $80 ;  normal : $599.95 ; you saave $519.95& many more titles
We do have full range softwares -- Macr0media, Mc-Afeee, Ad0bee, Core1Draw, Micros0ft, NERO, Pinnacle Systems, PowerQuest, RedHat, Riverdeep, Roxio, Symaantec, 321 Studio
52 More P0PULAR titles for you >> Cliickk here for 52 more titles
We shiip to all countries including africa, finland & etc.. as where u located

Super Cheaep MICR0S0FT, AD0BE & all kinds..Cliickk here to enjoy our Superb Discounnt!take me down

Don't sit at home this evening . This is the place where youll find that person you want . . susan repairman

[Mary Corcoran]

Have a blast this evening
"For less than the cost of gas youll be able to visit 
all of our lon e ly ladies. They're are ready and ready now. 
This this the top alternative dating site for 2004. 
We will never stop growing and always hope you will check 
out what an amazing serv ice we're providing our custo mers.
Enjoy."
Someone is right here waiting for you
Copy and pa ste the ad.dress on the line below and place it into your browser.
www.avwvyakiqozgtfti.serigeti.info/p/4/
  
rampant mullen stature academic bertie coddle blouse cookbook. goethe teleprompter edwin istanbul flock. gegenschein stratagem trepidation babyhood aires article abramson feud password faculty emerge honoree.
dont want anymore
http://incpkothhxzh.forlathe.info/goodbye/

Surplus Machinery

[Kevin Murphy]

 
JUST PURCHASED !!
These are some machine we just 
purchased. Many of them have not been moved yet. Call now for special prior to 
moving price. Call or Email Kevin Murphy for Specs and Photos. 
  513-771-2111,  [EMAIL PROTECTED]  
  
COORDINATE 
MEASURING MACHINE
ZEISS Eclipse 4096 (DCC), 96" x 40" x 24" 
Measuring Capacity, C-99 Control, Probe, Granite Base, Automatic Probe 
Changer, Umess Software, Excellent Condition ! New 1997.  
EMCO MULTIPLE SPINDLE CNC TURNING 
CENTERS
EMCO ET-425MC, Siemens 810T CNC, Dual Spindle, 
Dual Sub-Spindle, Dual Turret, Live Tooling, Full C-axis on Mains and Subs, (4) 
5C Collet Chucks, 6.3" Swing, 16.10" Between Spindles, 5000 RPM, (3) Available, 
New 2000, Low Hours.
EMCO ET-365MC CNC Turning Center with Live Tooling and 
Sub-Spindle,  Siemens 810 CNC Controls, FMB Magazine Bar-feeder, 
S-26 Collect Chucks, 23.6" Swing, 24" Between Spindles, 12 Position Turret, 6300 
RPM, New 1998, Only 3000 Hrs.
 VERTICAL MACHINING 
CENTERS  
CLAUSING KONDIA B500 CNC Vertical 
Machining Center, X=22", Y=15", Z=15", 4500 RPM, 18 Station Tool 
Changer, New 1995
MAZAK SV-20 2-Pallet CNC 
Vertical Machining Center, Mazatrol M-2 CNC Control, X=60" ,Y=25" ,Z=21.6", 40 
ATC, (2) 74.8" x 29.1" Pallets with Automatic Pallet Shuttle System, Big 
Heavy Square Ways, 20HP Cat-50 Geared Spindle. From a Mold Shop ! New 
1988
   
CINCINNATI ARROW 1000 Vertical Machining Center, 
Acramatic 2100 CNC, X=40", Y=20", Z=20", 6000 RPM, New 1999
TREE VMC-1260E CNC Vertical Machining 
Center, Tree PC-2100 CNC Control, X=50" 
,Y=24" ,Z=30", 5000 RPM, 32 ATC, 25 HP, CAT-50 Spindle Taper, 
New 1997 
SUPERMAX MAX-8 CNC Vertical Machining Center, 
Fanuc 18M CNC, X=60" Y=30", Z=30", 50 HP, Cat-50, 4000 RPM, New 1999 
ROTARY 
TABLE
HAAS HRT-310 SP, 12.2" 
(310mm) Table, Brushless AC Servo,  This table is Brand New !! Still 
in original box from Haas. 
HORIZONTAL MACHINING 
CENTERS 
CINCINNATI T-10 CNC Horizontal Machining Center,  
Acramatic 900 CNC Control, (2) 18" Square Pallets, 30 ATC, Runs good 
Parts Everyday !, 1981, $ 9,500.
MAKINO MC-98 4-Asix CNC Horizontal Machining 
Center,  Fanuc 
Pro-3 CNC, X= 36", Y=31.6", Z= 29.5", (2) Full 
Contouring 24.8"Square Pallets, 60 ATC, 15,000 RPM Cat-50 Spindle, Die Mold Package, Tons of 
Options, New 1999 

CINCINNATI MILACRON MAGUM 800 CNC 
Horizontal Machining Center,  Acramatic 950 CNC Touch Screen 
Programming, X=51", Y=43", Z= 44", (2) 31.5""Square Pallets, 90 
ATC, Heavy Duty Cat-50 Spindle, New 1997 
 TURNING 
  CENTERS
   MAZAK M-4 CNC Flat Bed Lathe,  
Fanuc 6T CNC, 22" Swing,  60" Centers, Front 
and Rear Turret, Older but Very Nice Condition, 
New 1982,  $ 14,500.  

CINCINNATI AVENGER 200MS CNC Turning Center 
with Live Tooling and Sub-Spindle, Acramatic 850SX CNC, 23.54" Swing, 10.39 Swing Over Cross, 8" 3-Jaw Main, 6" 
3-Jaw Sub, Live Tooling, Sub-Spindle, 5000 RPM, New 
1995 $ 44,500. 

BORING MILL
Shibaura BFT-13CW3-PD Table Tape Horizontal Boring 
Mill,  5" 
Spindle, 48" x 120" Table,  X= 
118", Y(Vertical)= 
72", W= 72", Z(Quill)= 
   36",  50 Taper, Pendent Control, New 
1978,  $ 39,500. 
(4) 24" x 48" 
Giddings & Lewis Angle Plates, New 1983, Excellent Condition, $ 2,450. 
Each
 
WANTEDS !! HOT BUYERS 
Ready to plunk down cold hard cash if you have one of these that you want to 
sell.
Cincinnati Heald #2 Cinternal with Acramatic 750 
CNC
   
  3" Bar Capacity CNC Turning Center with Sub-Spindle
Okuma MX-45 or MX-55 Vetical Machining 
Centers
Okuma CNC Turing Centers, 8" or 10" Chuck, 1994 
+
Cincinnati Lancer 1500 or Lancer 
2000
CNC Turning Center 1997 or Newer, 60" Centers 10" or 
12" Chuck
Cincinnati Falcon 200 or Hawk 200 CNC Turning 
Center
   HAVE 
Surplus 
   ?  We need to 
  know about it !! Our advertising reaches over 100,000 shops every week 
  !   You could be part of that too 
  
Kevin 
Murphy  
GREAT AMERICAN EQUIPMENT CO
11925 Enterprise Ave
Cincinnati Ohio 45241
   Ph: 513-771-2111  Fax: 513-771-2552

We Hate SPAM just as much as you do and it's not our intention to SPAM 
anyone. We have been collecting email addresses on our websites since 1998 and 
your address is one that was registered on our site. It doesn't do us 
any good to send our list to someone that doesn't use machine tools or that just 
doesn't want our list. If you want to be removed from our mailing list you can 
click on this Link to be removed   http://www.gaec.com/catalog/EmailRemove.htmor 
you can just give us a call at 1-800-326-4232 and ask to be 
removed.