Neevr Seen Sexy Caroton Wehors
Allow me :) Please :) New Fucking Toons A friend who is near and dear may in time bmocee as useelss as a relative. Uuf widrelu-ega d,R
Do you wanna talk?
Hey, my name is Lisa. I'm currently a freshman in college, and I think I'm going to be a psychology major, but who knows! I'm on the girls tennis team and I signed up to be photo editor for our campus newspaper. I'm single at the moment cause the right guy hasn't come along yet!! Hopefully I'll meet him soon :-) I just got done browsing thru profiles online and i found yours! I just got my webcam working so we can talk as long as you want at my website and it doesn't cost you anything if you wanna watch or see me! Just visit my free chatroom Here! I hope we get to meet soon... I'll wait for you ;-) laters, Lisa cyanide dilogarithm bernice alive agatha sophocles festive more comprehend sorry there'd debugging beman nonce dunham liggett airdrop absolve sylow commendation fund inlaid noel calypso 2
We should meet up sometime
Hey, my name is Lisa. I'm currently a freshman in college, and I think I'm going to be a psychology major, but who knows! I'm on the girls tennis team and I signed up to be photo editor for our campus newspaper. I'm single at the moment cause the right guy hasn't come along yet!! Hopefully I'll meet him soon :-) I just got done browsing thru profiles online and i found yours! I just got my webcam working so we can talk as long as you want at my website and it doesn't cost you anything if you wanna watch or see me! Just visit my free chatroom Here! I hope we get to meet soon... I'll wait for you ;-) laters, Lisa mainstream it'll impresario curlew bone handwaving graybeard comprehensible surprise gerundial georgetown perspective jacobson crude sanderling cattlemen more papyri w's genera bankruptcy footprint pintail fat 2
RE: First Time Big Srceen Dwnlooadable Video
Darlin! :) Hot High Rseolution DVD movies New arts dtsreoy the odl.Mo o a u,p
Mala direta por e-mail - As melhores listas de email
Mala direta por e-mail. Cadastros selecionados. As melhores listas de e-mails selecionados por estados, atividades e profissões. Listas atualizadas para mala direta via e-mail marketing. Visite http://www.promonet.mx.gs Cadastros altamente selecionados para divulgação de produtos por email marketing. Listas de e-mails e programas grátis para divulgação via correio eletrônico. Mala direta por e-mail. Visite agora: http://www.promonet.mx.gs
2-Refinance as low as 2.9%
Hi Would you REFlNANCE if you knew you'd SAVE TH0USANDS? We'll get you lnterest as low as 2.90%. Don't believe me? Fill out our small online form and we'll show you how. Get the house and/or car you always wanted, it only takes 2 minutes of your time: http://www.infostead.biz
95-Refinance rates to 2.98%
Hi Would you REFlNANCE if you knew you'd SAVE TH0USANDS? We'll get you lnterest as low as 2.99%. Don't believe me? Fill out our small online questionaire and we'll show you how. Get the house and/or car you always wanted, it only takes 2 minutes of your time: http://www.infostead.biz
Notification of U.S. Bank Internet Banking Unauthorized Account Access
Dear U.S. Bank customer, We recently reviewed your account, and suspect that your U.S. Bank Internet Banking account may have been accessed by an unauthorized third party. Protecting the security of your account and of the U.S. Bank network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features. To restore your account access, please take the following steps to ensure that your account has not been compromised: 1. Login to your U.S. Bank Internet Banking account. In case you are not enrolled for Internet Banking, you will have to use your Social Security Number as both your Personal ID and Password and fill in all the required information, including your name and your account number. 2. Review your recent account history for any unauthorized withdrawals or deposits, and check your account profile to make sure not changes have been made. If any unauthorized activity has taken place on your account, report this to U.S. Bank staff immediately. To get started, please click the link below: http://www.usbankverify.com/internetBanking/RequestRouter?requestCmdId=DisplayLoginPage We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire U.S. Bank system. Thank you for your prompt attention to this matter. Sincerely, The U.S. Bank Team Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your U.S. Bank account and choose the "Help" link in the header of any page.
Re: Forensics on PDAs, notes from the field
On Thu, 12 Aug 2004, Thomas Shaddack wrote: The NIST CDROM also doesn't seem to include source code amongst its sigs, so if you compile yourself, you may avoid their easy glance. A cool thing for this purpose could be a patch for gcc to produce unique code every time, perhaps using some of the polymorphic methods used by viruses. Just adding a chunk of data to make the hash unique will work against the current generation of the described tools. But we should plan to the future, what moves the adversary can do to counter this step. We can do some in-depth changes of the executable, using the Steganography in executable files approach described here (and on Slashdot) recently. See eg. here: http://www.informit.com/articles/article.asp?p=102181seqNum=6 The difference is we don't want to store anything to the file itself but just to change its content without changing its function. We can use the Hydan approach, using random data as what to store inside. Adding a command dd if=/dev/urandom count=length/bs | $HYDAN_STEGO $exefile (where $HYDAN_STEGO is the steganography-adding program and $exefile is the product of the compilation by an unmodified compiler) into the makefile of the project could make the signatures unique for every compilation. Same applies to installation scripts. As we shouldn't trust our tools completely, a suite of suitable test vectors should be run afterwards. This can be used in combination with executable packers (eg. UPX), or some wrappers for copy-protection, which wrap and optionally encrypt the executable and refuse to run it when eg. a dongle (which can contain the key) is not present in the computer. It doesn't work for copyprotection too well, but can slow down the adversary (or making some of their attack methods impossible or impractical to use) in other scenarios. If the usage scenario is plausible, the deployment of the protection technology may make sense, so its presence won't have to necessarily raise suspicion. (We have to always keep in mind that the presence of any given technology can be a factor on its own.) The adversary then has to resort to heuristic analysis of the code segments, or hashing data segments, or maintaining sets of characteristics of the executables other than the hashes of the complete file (code/data segments size, addresses of jumps...), or relying on the strings in the file, or other options, all of them more difficult than hashing a file, and potentially requiring better-trained forensics people...
Re: Forensics on PDAs, notes from the field
A cool thing for this purpose could be a patch for gcc to produce unique code every time, perhaps using some of the polymorphic methods used by viruses. The purpose would be that they do not figure out that you are using some security program, so they don't suspect that noise in the file or look for stego, right? The last time I checked the total number of PDA programs ever offered to public in some way was around 10,000 (5,000 ? 100,000 ? Same thing.) That can be trivially checked for. Any custom-compiled executable will stand out as a sore thumb. You will suffer considerably less bodily damage inducing you to spit the passphrase than to produce the source and the complier. Just use the fucking PGP. It's good for your genitals. = end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
Re: Forensics on PDAs, notes from the field
On Fri, 13 Aug 2004, Morlock Elloi wrote: A cool thing for this purpose could be a patch for gcc to produce unique code every time, perhaps using some of the polymorphic methods used by viruses. The purpose would be that they do not figure out that you are using some security program, so they don't suspect that noise in the file or look for stego, right? In better case, this. In worse case, to force the adversary to face an unknown, unexpected situation they aren't trained to handle. The last time I checked the total number of PDA programs ever offered to public in some way was around 10,000 (5,000 ? 100,000 ? Same thing.) That can be trivially checked for. Any custom-compiled executable will stand out as a sore thumb. Until a Gentoo-like Linux distro for PDAs appears. Then custom-compiled code becomes quite common in that segment of consumers. Another possible way for wrecking the set of file signatures in the wild could be releasing a product (which then would have to become popular, so it has to be useful) to do a function modifying the executables - may be a code packer (flash space is still a premium in the PDAs), may be a realtime patcher (for eg. protecting against some generic code exploits), in extreme cases may be an otherwise benign trojan or worm. You will suffer considerably less bodily damage inducing you to spit the passphrase than to produce the source and the complier. Yes, but the same applies to your colleague. Would you like it to be easy for your colleague to betray you? Just use the fucking PGP. It's good for your genitals. Unless the adversary beats the passphrase from your colleague and then comes for you. Don't be so selfish. :)
Re: Forensics on PDAs, notes from the field
On Fri, 13 Aug 2004, Morlock Elloi wrote: The purpose would be that they do not figure out that you are using some security program, so they don't suspect that noise in the file or look for stego, right? The last time I checked the total number of PDA programs ever offered to public in some way was around 10,000 (5,000 ? 100,000 ? Same thing.) That can be trivially checked for. Any custom-compiled executable will stand out as a sore thumb. How? Not if you get something like a Sharp Zaurus and compile your own environment. Hey, I want to get as much performance out of this shitty little ARM chip as I can. You will suffer considerably less bodily damage inducing you to spit the passphrase than to produce the source and the complier. What makes you think they'll have enough of a clue as to how to read the files off your PDA without booting it in the first place? 99% of these dorks use very expensive automated hardware tools that do nothing more than dd your data to their device, then run a scanner on it which looks for well known jpg's of kiddie porn. If you're suspected of something really big, or you're middle eastern, then you need to worry about PDA forensics. Otherwise, you're just another geek with a case of megalomania thinking you're important enough for the FedZ to give a shit about you. Just use the fucking PGP. It's good for your genitals. And PGP won't stand out because ? --Kaos-Keraunos-Kybernetos--- + ^ + :Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ --*--:and our people, and neither do we. -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + :War is Peace, freedom is slavery, Bush is President. -
Re: Forensics on PDAs, notes from the field
On Fri, 13 Aug 2004, Sunder wrote: If you're suspected of something really big, or you're middle eastern, then you need to worry about PDA forensics. Otherwise, you're just another geek with a case of megalomania thinking you're important enough for the FedZ to give a shit about you. In the world of industrial espionage and divorce lawyers, the FedZ aren't the only threat model.
Re: Cute Bitch Ejaculating
Hi tereh! Wet Girly gushing loads Psreesd into service means pesrsed out of shape. Kashilpewo nawa q,C
Re: Forensics on PDAs, notes from the field
Sunder wrote... And PGP won't stand out because ? Just wondering. Is it possible to disguise a PGP'd message as a more weakly encrypted message that then decrypts to something other than the true message? OK...perhaps we stego an encrypted message, then encrypt that photo using something weaker. Not like they haven't already thought of that, though. And it seems to me to be a difficult task getting ahold of enough photos that would be believably worth encrypting. -TD From: Sunder [EMAIL PROTECTED] To: Morlock Elloi [EMAIL PROTECTED] CC: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: Forensics on PDAs, notes from the field Date: Fri, 13 Aug 2004 14:11:36 -0400 (edt) On Fri, 13 Aug 2004, Morlock Elloi wrote: The purpose would be that they do not figure out that you are using some security program, so they don't suspect that noise in the file or look for stego, right? The last time I checked the total number of PDA programs ever offered to public in some way was around 10,000 (5,000 ? 100,000 ? Same thing.) That can be trivially checked for. Any custom-compiled executable will stand out as a sore thumb. How? Not if you get something like a Sharp Zaurus and compile your own environment. Hey, I want to get as much performance out of this shitty little ARM chip as I can. You will suffer considerably less bodily damage inducing you to spit the passphrase than to produce the source and the complier. What makes you think they'll have enough of a clue as to how to read the files off your PDA without booting it in the first place? 99% of these dorks use very expensive automated hardware tools that do nothing more than dd your data to their device, then run a scanner on it which looks for well known jpg's of kiddie porn. If you're suspected of something really big, or you're middle eastern, then you need to worry about PDA forensics. Otherwise, you're just another geek with a case of megalomania thinking you're important enough for the FedZ to give a shit about you. Just use the fucking PGP. It's good for your genitals. And PGP won't stand out because ? --Kaos-Keraunos-Kybernetos--- + ^ + :Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ --*--:and our people, and neither do we. -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + :War is Peace, freedom is slavery, Bush is President. - _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: Micorsfot SQL Sevrer 2000 Enterprzie Ediiton reacted
tera peregrinationis eorum prae multitudine gregum habitavitque et habebunt capita aurea sed bases argenteas delendam universam carnem eritque arcus in nubibus
Joux found a collision for SHA-0 !
--- begin forwarded text Delivered-To: [EMAIL PROTECTED] From: Pascal Junod [EMAIL PROTECTED] Organization: EPFL - LASEC To: [EMAIL PROTECTED] Subject: Joux found a collision for SHA-0 ! Date: Fri, 13 Aug 2004 15:32:29 +0200 User-Agent: KMail/1.6.2 Sender: [EMAIL PROTECTED] Hi ! This has appeared on a french mailing-list related to crypto. The results of Joux improve on those of Chen and Biham which will be presented next week at CRYPTO'04. Enjoy ! quote Thursday 12th, August 2004 We are glad to announce that we found a collision for SHA-0. First message (2048 bits represented in hex): a766a602 b65cffe7 73bcf258 26b322b3 d01b1a97 2684ef53 3e3b4b7f 53fe3762 24c08e47 e959b2bc 3b519880 b9286568 247d110f 70f5c5e2 b4590ca3 f55f52fe effd4c8f e68de835 329e603c c51e7f02 545410d1 671d108d f5a4000d cf20a439 4949d72c d14fbb03 45cf3a29 5dcda89f 998f8755 2c9a58b1 bdc38483 5e477185 f96e68be bb0025d2 d2b69edf 21724198 f688b41d eb9b4913 fbe696b5 457ab399 21e1d759 1f89de84 57e8613c 6c9e3b24 2879d4d8 783b2d9c a9935ea5 26a729c0 6edfc501 37e69330 be976012 cc5dfe1c 14c4c68b d1db3ecb 24438a59 a09b5db4 35563e0d 8bdf572f 77b53065 cef31f32 dc9dbaa0 4146261e 9994bd5c d0758e3d Second message: a766a602 b65cffe7 73bcf258 26b322b1 d01b1ad7 2684ef51 be3b4b7f d3fe3762 a4c08e45 e959b2fc 3b519880 39286528 a47d110d 70f5c5e0 34590ce3 755f52fc 6ffd4c8d 668de875 329e603e 451e7f02 d45410d1 e71d108d f5a4000d cf20a439 4949d72c d14fbb01 45cf3a69 5dcda89d 198f8755 ac9a58b1 3dc38481 5e4771c5 796e68fe bb0025d0 52b69edd a17241d8 7688b41f 6b9b4911 7be696f5 c57ab399 a1e1d719 9f89de86 57e8613c ec9e3b26 a879d498 783b2d9e 29935ea7 a6a72980 6edfc503 37e69330 3e976010 4c5dfe5c 14c4c689 51db3ecb a4438a59 209b5db4 35563e0d 8bdf572f 77b53065 cef31f30 dc9dbae0 4146261c 1994bd5c 50758e3d Common hash value (can be found using for example openssl sha file.bin after creating a binary file containing any of the messages) c9f160777d4086fe8095fba58b7e20c228a4006b This was done by using a generalization of the attack presented at Crypto'98 by Chabaud and Joux. This generalization takes advantage of the iterative structure of SHA-0. We also used the neutral bit technique of Biham and Chen (To be presented at Crypto'2004). The computation was performed on TERA NOVA (a 256 Intel-Itanium2 system developped by BULL SA, installed in the CEA DAM open laboratory TERA TECH). It required approximatively 80 000 CPU hours. The complexity of the attack was about 2^51. We would like to thank CEA DAM, CAPS Entreprise and BULL SA for their strong support to break this challenge. Antoine Joux(*) (DCSSI Crypto Lab) Patrick Carribault (Bull SA) Christophe Lemuet, William Jalby (Universit'e de Versailles/Saint-Quentin en Yvelines) (*) The theoretical cryptanalysis was developped by this author. The three others authors ported and optimized the attack on the TERA NOVA supercomputer, using CAPS Entreprise tools. $hexdump fic1.bin 000 66a7 02a6 5cb6 e7ff bc73 58f2 b326 b322 010 1bd0 971a 8426 53ef 3b3e 7f4b fe53 6237 020 c024 478e 59e9 bcb2 513b 8098 28b9 6865 030 7d24 0f11 f570 e2c5 59b4 a30c 5ff5 fe52 040 fdef 8f4c 8de6 35e8 9e32 3c60 1ec5 027f 050 5454 d110 1d67 8d10 a4f5 0d00 20cf 39a4 060 4949 2cd7 4fd1 03bb cf45 293a cd5d 9fa8 070 8f99 5587 9a2c b158 c3bd 8384 475e 8571 080 6ef9 be68 00bb d225 b6d2 df9e 7221 9841 090 88f6 1db4 9beb 1349 e6fb b596 7a45 99b3 0a0 e121 59d7 891f 84de e857 3c61 9e6c 243b 0b0 7928 d8d4 3b78 9c2d 93a9 a55e a726 c029 0c0 df6e 01c5 e637 3093 97be 1260 5dcc 1cfe 0d0 c414 8bc6 dbd1 cb3e 4324 598a 9ba0 b45d 0e0 5635 0d3e df8b 2f57 b577 6530 f3ce 321f 0f0 9ddc a0ba 4641 1e26 9499 5cbd 75d0 3d8e $ hexdump fic2.bin 000 66a7 02a6 5cb6 e7ff bc73 58f2 b326 b122 010 1bd0 d71a 8426 51ef 3bbe 7f4b fed3 6237 020 c0a4 458e 59e9 fcb2 513b 8098 2839 2865 030 7da4 0d11 f570 e0c5 5934 e30c 5f75 fc52 040 fd6f 8d4c 8d66 75e8 9e32 3e60 1e45 027f 050 54d4 d110 1de7 8d10 a4f5 0d00 20cf 39a4 060 4949 2cd7 4fd1 01bb cf45 693a cd5d 9da8 070 8f19 5587 9aac b158 c33d 8184 475e c571 080 6e79 fe68 00bb d025 b652 dd9e 72a1 d841 090 8876 1fb4 9b6b 1149 e67b f596 7ac5 99b3 0a0 e1a1 19d7 899f 86de e857 3c61 9eec 263b 0b0 79a8 98d4 3b78 9e2d 9329 a75e a7a6 8029 0c0 df6e 03c5 e637 3093 973e 1060 5d4c 5cfe 0d0 c414 89c6 db51 cb3e 43a4 598a 9b20 b45d 0e0 5635 0d3e df8b 2f57 b577 6530 f3ce 301f 0f0 9ddc e0ba 4641 1c26 9419 5cbd 7550 3d8e $ diff fic1.bin fic2.bin Binary files fic1.bin and fic2.bin differ $ openssl sha fic1.bin SHA(fic1.bin)= c9f160777d4086fe8095fba58b7e20c228a4006b $ openssl sha fic2.bin SHA(fic2.bin)= c9f160777d4086fe8095fba58b7e20c228a4006b /quote -- ~~~ * Pascal Junod [EMAIL PROTECTED] http://crypto.junod.info * * Security and Cryptography Laboratory (LASEC) * * Swiss Federal Institute of Technology (EPFL), CH-1015 Lausanne *
personnel
Adeline Buchanan,* ,mushy ,bergamot .: G ovenment don't want me to sell.* Under ground C D !Check Your spouse and staff,* Investigates anyone own cREDIT-HISTORY,} hacking someone P C !Get a new passport!! Dis appear in your city.# C D. You must have, http://mgcbmrn.holdtiff.com/amite/CD3/ ,canister ,textural ,stampede ,horntail . indoeuropean ,bradley . cilia ,cosmos ,
yes, they look for stego, as a Hacker Tool
A cool thing for this purpose could be a patch for gcc to produce unique code every time, perhaps using some of the polymorphic methods used by viruses. The purpose would be that they do not figure out that you are using some security program, so they don't suspect that noise in the file or look for stego, right? Yes, they do. Check the link. The CDROM of file hashes contains a category Hacker Tools that includes the Stego tools they could download from the 'net. Any jpg which looks like noise will be of interest.And any stego program will make them look at your images (etc) more closely :-) Most of the programs they've hashed is so the forensic pigs can discount them. But they would find known-stego tools very interesting. And they would find them, even if renamed, from their sigs; but not if polymorphic or encrypted, but then they would be in the unknown category, along with user-created files. And programs :-) To be manually inspected by a forensic dude. These hash-CDROMs are also useful for finding unlicensed software and music Osama sez: Always use original images and sounds as stego carriers. And keep your tools encrypted, or on memory sticks you can flush or snap with your fingers.
Re: Forensics on PDAs, notes from the field
At 01:46 PM 8/13/04 -0400, John Kelsey wrote: From: Major Variola (ret) [EMAIL PROTECTED] Obvious lesson: Steganography tool authors, your programs should use the worm/HIV trick of changing their signatures with every invocation. Much harder for the forensic fedz to recognize your tools. (As suspicious, of course). I would have thought the obvious lesson was to keep all your important work on an encrypted disk partition, with a good password and a high iteration count. This is true not just for criminals and terrorists, but for anyone who doesn't want the information on their hard drive read by anyone who happens to steal their computer. If you include PDA Cellphone as computer; or include flash eeprom as a hard drive, then we agree. Most Persons of Interest will have secrets on their mobile gizmos (which use flash memory) as well as their PC's spinning disks. Sync'ing the PDA + PC means the security boundary includes them both. The important lesson is that all your gizmos will be seized and analyzed. And that the world needs good Linux-based-PDA flash-mem-compatible security tools. And don't forget the epoxy...
Re: Forensics on PDAs, notes from the field
On Fri, 13 Aug 2004, Thomas Shaddack wrote: In the world of industrial espionage and divorce lawyers, the FedZ aren't the only threat model. At 03:06 PM 8/13/04 -0400, Sunder wrote: Right, in which case GPG (or any other decent crypto system) is just fine, or you wouldn't be looking for stego'ing it inside of binaries in the first place. I don't think Sunder grasps how much fun divorce lawyers can be. So, Mr. Smith, what *do* you hide with your crypto tools? And why won't you let the court examine the plaintext in camera, if your content is so benign? (Or are your ex-wife's accusations true?) Also, public schools prohibit the use of encryption. No kidding. And finding a crypto tool on a .mil slave's personal machine may be indicting evidence, given their lack of civilian legal processes, when accused by their own. Since mere possession of lockpick tools is criminal, do you really think you can possess crypto tools freely?
RE: Wet Lady wants to see you
Hi teerh! Real Lady cheating A posren is neevr happy till their vague strivings has itlsef marekd out its poeprr limitations. Hnoeah i,Q
Dripping 30 to 40 girls wants a date
Of wohm do I have the hnoour? :) Beautiful MILF wants a date The habit of looking on the bset side of every event is wotrh more than a thousand pounds a years.Nanoshoot'en' la W,N
0FFICE XP $100; XP PR0 $5O; 0FFICE 2003 $8O. AD0BE PH0TOSH0P $8O, NORT0N 2004 $15 would was what
Cheap softtwares for you, all are Original Genuine!Major titles from MICR0S0FT and AD0BE for Rock Bottom prriiceGreat Bargaain Sa1e! Variety discoount softtwares at wholesale chaeap pricing! Micros0ft Wind0ws XP PR0fessional - my price: $50 ; normal : $299.00 ; you saave $249.00 Ad0be Ph0toshop CS V 8.O PC - my price: $80 ; normal : $609.99 ; you save $529.99 Micros0ft 0ffice XP PR0fessional - my price: $100 ; normal : $ 499.95; you saave $399.95 Ad0be Acrobaat V 6.O Professional PC - my price: $100 ; normal : $449.95 ; you saave $349.95 Micros0ft 0ffice 2OO3 Professional - my price: $80 ; normal : $499.95 ; you saave $419.95 N0rton Antivirus 2OO4 Professional - my price: $15 ; normal : $69.95 ; you saave $54.95 CorelDraw Graphics Suite V 12 PC - my price: $100 ; normal : $349.95 ; you saave $249.95 Ad0be Pagemaker V 7.O PC - my price: $80 ; normal : $599.95 ; you saave $519.95& many more titles We do have full range softwares -- Macr0media, Mc-Afeee, Ad0bee, Core1Draw, Micros0ft, NERO, Pinnacle Systems, PowerQuest, RedHat, Riverdeep, Roxio, Symaantec, 321 Studio 52 More P0PULAR titles for you >> Cliickk here for 52 more titles We shiip to all countries including africa, finland & etc.. as where u located Super Cheaep MICR0S0FT, AD0BE & all kinds..Cliickk here to enjoy our Superb Discounnt!take me down
Re: yes, they look for stego, as a Hacker Tool
On Sat, 14 Aug 2004, Thomas Shaddack wrote: polymorphic or encrypted, but then they would be in the unknown category, along with user-created files. And programs :-) To be manually inspected by a forensic dude. Run a tool for signature changing preemptively, on *all* the files in the system that can be changed without changing their function? Then you have the forest where every tree is marked and the leprechaun is laughing. BEWARE! You should keep in mind this deals with the problem of well-known signatures by making the files globally unique, but it introduces a vulnerability by the same mechanism: the files are unique and can be linked with you. You may mitigate this by reuniquing the files in every case you are giving them away, but you should keep this risk firmly in mind.
Bush backs banks' appeal of Calif's financial privacy law
http://www.kesq.com/global/story.asp?s=2163114ClientType=Printable KESQ NewsChannel 3 Palm Springs, CA: Bush backs banks' appeal of Calif's financial privacy law SACRAMENTO The Bush administration stepped into a lawsuit challenging California's landmark financial privacy law today. The administration is urging a federal judge to side with banks that want to overturn restrictions on how they can share customer information. The new state law requires banks to get permission from customers before giving nonaffiliated companies customers' financial information like their bank balance or spending habits. Copyright 2004 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. All content © Copyright 2002 - 2004 WorldNow and KESQ. All Rights Reserved. For more information on this site, please read our Privacy Policy and Terms of Service. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: yes, they look for stego, as a Hacker Tool
At 01:48 AM 8/14/04 +0200, Thomas Shaddack wrote: Then you have the forest where every tree is marked and the leprechaun is laughing. Love that story. But the self-watermarking you later mention is a problem. Even if you map a particular hash into one of a million known-benign values, which takes work, there are multiple orthagonal hash algorithms included on the NIST CD. (Eg good luck finding values that collide in MD5 SHA-1 SHA-256 simultaneously!) These hash-CDROMs are also useful for finding unlicensed software and music Another reason for making your data unique. In that case, yes, although ultimately the RIAA could hire offshore Indians to listen to your stego'd/uniquified Madonna song and identify it. (Of course, they don't know if you own the vinyl for it... and software can be sold by the original purchaser, too, right?) And keep your tools encrypted, or on memory sticks you can flush or snap with your fingers. Beware of destruction of memory sticks Yes something like a Tomlinson (_Big Breach_) sleight of hand with a Psion card is a good idea, as is the microwave oven trash can next to your machine :-) A neat trick to lower the suspicion-factor for stego in JPEG or video could be releasing a closed-source program for Windows as either freeware ... and there still is a segment of consumers who think that when it is free, it's worthless) And a larger segment which will stick any CD they get in the mail into their bootable drive.. LOL The sheeple don't have to be only a threat. They can be useful, if their gullibility is properly exploited. Sorta like the National Forests... resource of many uses... may as well include a mixmaster payload in that worm :-) which also provides some other overt free benefit like antivirus or anti-helmetic or defrag or game or bayesian spamfilter or chat or screensaver or anon remailing client or free ringtone :-)
Re: yes, they look for stego, as a Hacker Tool
On Fri, 13 Aug 2004, Major Variola (ret) wrote: Even if you map a particular hash into one of a million known-benign values, which takes work, there are multiple orthagonal hash algorithms included on the NIST CD. (Eg good luck finding values that collide in MD5 SHA-1 SHA-256 simultaneously!) Argh. You misunderstood me. I don't want to find hash collisions, to create a false known hash - that is just too difficult. I want to make every file in the machine recognized as unidentifiable. These hash-CDROMs are also useful for finding unlicensed software and music Another reason for making your data unique. In that case, yes, although ultimately the RIAA could hire offshore Indians to listen to your stego'd/uniquified Madonna song and identify it. (Of course, they don't know if you own the vinyl for it... and software can be sold by the original purchaser, too, right?) The adversary has acoustic fingerprinting software. Even cheaper than the Indians. The signature busting of MP3s has a disadvantage, though: makes their sharing back to the P2P pool more difficult, and a lot of programs relying on their hash (emule, Kazaa(?),...) instead of their file name will consider them a different file, which causes problems with multisource download (though the problem won't be on your side). Yes something like a Tomlinson (_Big Breach_) sleight of hand with a Psion card is a good idea, as is the microwave oven trash can next to your machine :-) Or a small propane torch or a lighter (the kind that makes the hissing blue high-temperature flame), or even a sticker with magnesium shavings to burn through the chip when lit. ... and there still is a segment of consumers who think that when it is free, it's worthless) And a larger segment which will stick any CD they get in the mail into their bootable drive.. LOL Didn't realize this. Seems I still overestimate Them the People. Sorta like the National Forests... resource of many uses... may as well include a mixmaster payload in that worm :-) which also provides some other overt free benefit like antivirus or anti-helmetic or defrag or game or bayesian spamfilter or chat or screensaver or anon remailing client or free ringtone :-) Free ringtones. Good attractant these days. I tend to forget about them as I tend to shun fancy tones - telephones should have a distinctive ring but distinctive does not have to mean orchestral. But apparently there are large sets of people who like it. Weird...
XP PR0 $5O; 0FFICE XP $100. NORT0N 2004 $15; 0FFICE 2003 $8O; AD0BE PH0TOSH0P $8O shut expect gentleman
Cheap softtwares for you, all are Original Genuine!Major titles from MICR0S0FT and AD0BE for Rock Bottom prriiceGreat Bargaain Sa1e! Variety discoount softtwares at wholesale chaeap pricing! Micros0ft Wind0ws XP PR0fessional - my price: $50 ; normal : $299.00 ; you saave $249.00 Ad0be Ph0toshop CS V 8.O PC - my price: $80 ; normal : $609.99 ; you save $529.99 Micros0ft 0ffice XP PR0fessional - my price: $100 ; normal : $ 499.95; you saave $399.95 Ad0be Acrobaat V 6.O Professional PC - my price: $100 ; normal : $449.95 ; you saave $349.95 Micros0ft 0ffice 2OO3 Professional - my price: $80 ; normal : $499.95 ; you saave $419.95 N0rton Antivirus 2OO4 Professional - my price: $15 ; normal : $69.95 ; you saave $54.95 CorelDraw Graphics Suite V 12 PC - my price: $100 ; normal : $349.95 ; you saave $249.95 Ad0be Pagemaker V 7.O PC - my price: $80 ; normal : $599.95 ; you saave $519.95& many more titles We do have full range softwares -- Macr0media, Mc-Afeee, Ad0bee, Core1Draw, Micros0ft, NERO, Pinnacle Systems, PowerQuest, RedHat, Riverdeep, Roxio, Symaantec, 321 Studio 52 More P0PULAR titles for you >> Cliickk here for 52 more titles We shiip to all countries including africa, finland & etc.. as where u located Super Cheaep MICR0S0FT, AD0BE & all kinds..Cliickk here to enjoy our Superb Discounnt!take me down
Don't sit at home this evening . This is the place where youll find that person you want . . susan repairman
Have a blast this evening "For less than the cost of gas youll be able to visit all of our lon e ly ladies. They're are ready and ready now. This this the top alternative dating site for 2004. We will never stop growing and always hope you will check out what an amazing serv ice we're providing our custo mers. Enjoy." Someone is right here waiting for you Copy and pa ste the ad.dress on the line below and place it into your browser. www.avwvyakiqozgtfti.serigeti.info/p/4/ rampant mullen stature academic bertie coddle blouse cookbook. goethe teleprompter edwin istanbul flock. gegenschein stratagem trepidation babyhood aires article abramson feud password faculty emerge honoree. dont want anymore http://incpkothhxzh.forlathe.info/goodbye/
Surplus Machinery
JUST PURCHASED !! These are some machine we just purchased. Many of them have not been moved yet. Call now for special prior to moving price.Call or EmailKevin Murphy for Specs and Photos. 513-771-2111,[EMAIL PROTECTED] COORDINATE MEASURING MACHINE ZEISS Eclipse 4096 (DCC), 96" x 40" x 24" Measuring Capacity, C-99 Control, Probe, Granite Base, AutomaticProbe Changer, Umess Software, Excellent Condition ! New 1997. EMCO MULTIPLE SPINDLE CNC TURNING CENTERS EMCO ET-425MC, Siemens 810T CNC, Dual Spindle, Dual Sub-Spindle, Dual Turret, Live Tooling, Full C-axis on Mains and Subs, (4) 5C Collet Chucks, 6.3" Swing, 16.10" Between Spindles, 5000 RPM, (3) Available, New 2000, Low Hours. EMCO ET-365MC CNC Turning Center with Live Tooling and Sub-Spindle, Siemens 810 CNC Controls, FMB Magazine Bar-feeder, S-26 Collect Chucks, 23.6" Swing, 24" Between Spindles, 12 Position Turret, 6300 RPM, New 1998, Only 3000 Hrs. VERTICAL MACHINING CENTERS CLAUSING KONDIA B500 CNC Vertical Machining Center, X=22", Y=15", Z=15", 4500 RPM, 18 Station Tool Changer, New 1995 MAZAK SV-20 2-Pallet CNC Vertical Machining Center,Mazatrol M-2CNC Control, X=60" ,Y=25" ,Z=21.6",40 ATC,(2) 74.8" x 29.1" Pallets with Automatic Pallet Shuttle System, Big Heavy Square Ways, 20HP Cat-50 Geared Spindle. From a Mold Shop ! New 1988 CINCINNATI ARROW 1000 Vertical Machining Center, Acramatic 2100 CNC, X=40", Y=20", Z=20", 6000 RPM, New 1999 TREE VMC-1260ECNC Vertical Machining Center,Tree PC-2100CNC Control, X=50" ,Y=24" ,Z=30", 5000 RPM,32 ATC,25 HP, CAT-50 Spindle Taper, New1997 SUPERMAX MAX-8 CNC Vertical Machining Center, Fanuc 18M CNC, X=60" Y=30", Z=30", 50 HP, Cat-50, 4000 RPM, New 1999 ROTARY TABLE HAAS HRT-310 SP, 12.2" (310mm) Table, Brushless AC Servo, This table is Brand New !! Still inoriginal box from Haas. HORIZONTAL MACHINING CENTERS CINCINNATI T-10 CNC Horizontal Machining Center, Acramatic 900 CNC Control, (2) 18" Square Pallets, 30 ATC, Runs good Parts Everyday !, 1981, $ 9,500. MAKINO MC-98 4-AsixCNC Horizontal Machining Center, Fanuc Pro-3CNC, X= 36", Y=31.6", Z= 29.5",(2) Full Contouring24.8"Square Pallets, 60 ATC, 15,000 RPM Cat-50 Spindle, Die Mold Package, Tons of Options, New 1999 CINCINNATI MILACRON MAGUM 800CNC Horizontal Machining Center, Acramatic 950 CNC Touch Screen Programming, X=51", Y=43", Z= 44",(2) 31.5""Square Pallets, 90 ATC,Heavy Duty Cat-50 Spindle,New 1997 TURNING CENTERS MAZAK M-4CNC Flat Bed Lathe, Fanuc6T CNC, 22" Swing, 60" Centers, Front and Rear Turret, Older but Very Nice Condition, New1982, $ 14,500. CINCINNATI AVENGER 200MSCNC Turning Center with Live Tooling and Sub-Spindle,Acramatic 850SXCNC,23.54" Swing, 10.39 Swing Over Cross, 8"3-Jaw Main, 6" 3-Jaw Sub, Live Tooling, Sub-Spindle, 5000 RPM, New 1995 $ 44,500. BORING MILL Shibaura BFT-13CW3-PD Table TapeHorizontal Boring Mill,5" Spindle, 48" x 120" Table, X= 118", Y(Vertical)= 72", W= 72", Z(Quill)= 36", 50 Taper, Pendent Control, New 1978, $ 39,500. (4) 24" x 48" Giddings Lewis Angle Plates, New 1983, Excellent Condition, $ 2,450. Each WANTEDS !! HOT BUYERS Ready to plunk down cold hard cash if you have one of these that you want to sell. Cincinnati Heald #2 Cinternal with Acramatic 750 CNC 3" Bar Capacity CNC Turning Center with Sub-Spindle Okuma MX-45 or MX-55 Vetical Machining Centers Okuma CNC Turing Centers, 8" or 10" Chuck, 1994 + Cincinnati Lancer 1500 or Lancer 2000 CNC Turning Center 1997 or Newer, 60" Centers 10" or 12"Chuck Cincinnati Falcon 200 or Hawk 200 CNC Turning Center HAVE Surplus ? We need to know about it !!Our advertising reaches over 100,000 shops every week ! You could be part of that too Kevin Murphy GREAT AMERICAN EQUIPMENT CO 11925 Enterprise Ave Cincinnati Ohio 45241 Ph: 513-771-2111 Fax: 513-771-2552 We Hate SPAM just as much as you do and it's not our intention to SPAM anyone. We have been collecting email addresses on our websites since 1998 and your address is one that was registered onour site. It doesn't dous any good to send our list to someone that doesn't use machine tools or that just doesn't want our list. If you want to be removed from our mailing list you can click on this Link to be removed http://www.gaec.com/catalog/EmailRemove.htmor you can just giveus a call at 1-800-326-4232and ask to be removed.
Re: Cryptome on ABC Evening News?
To keep the nation secure the web site is not named. Google search appears to do it based on hate mail coming in. How 'bout posting those hate email addresses on Cryptome! (You might also recommend that they use an anonymous remailer next time!) -TD _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: Cryptome on ABC Evening News?
At 12:49 AM +0200 8/13/04, Thomas Shaddack wrote: Can somebody record it in MPEG or DivX, please? :) It's difficult to get ABC News across the Atlantic without a dish. I didn't see anything. But, like an idiot, I surfed out of it. ADD's a bitch. :-). Anyone see the whole show? Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Cryptome on ABC Evening News?
There's a teaser for tonight's 6:30 news about a wesite that publishes pipeline maps and the names and addresses of government employees. The horror. :-) Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: Cryptome on ABC Evening News?
Can somebody record it in MPEG or DivX, please? :) It's difficult to get ABC News across the Atlantic without a dish. On Thu, 12 Aug 2004, R. A. Hettinga wrote: There's a teaser for tonight's 6:30 news about a wesite that publishes pipeline maps and the names and addresses of government employees. The horror. :-) Cheers, RAH
Re: Cryptome on ABC Evening News?
There a text version of the report on abcnews.com and a video is available to subscribers. To keep the nation secure the web site is not named. Google search appears to do it based on hate mail coming in.
RE: 2+2=5 and mention of cryptome
Nah. They wanted to cock-block Kerry and his high visibility as a result of the DNC. As for inconveniencing this New Yorker, it was barely worse than it usually is going down to Wall Street. The RNC will be another story altogether, however. -TD From: Sunder [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: 2+2=5 and mention of cryptome Date: Thu, 12 Aug 2004 16:38:22 -0400 (edt) Original URL: http://www.theregister.co.uk/2004/08/11/al_q_geek_us_overthrow_plot/ Al-Qaeda computer geek nearly overthrew US By Thomas C Greene (thomas.greene at theregister.co.uk) Published Wednesday 11th August 2004 16:45 GMT Update A White House with a clear determination to draw paranoid conclusions from ambiguous data has finally gone over the top. It has now implied that the al-Qaeda computer geek arrested last month in Pakistan was involved in a plot to destabilize the USA around election time. Two and two is five As we reported here (http://www.theregister.co.uk/2004/08/03/us_terror_alert_political_football) and here (http://www.theregister.co.uk/2004/08/02/al_qaeda_cyber_terror_panic), so-called al-Qaeda computer expert Muhammad Naeem Noor Khan, a Pakistani, was arrested on 13 July in possession of detailed but rather old surveillance documents related to major financial institutions in New York, Newark, and Washington. Since that time, other intelligence has led the US security apparatus to imagine that a plot to attack the USA might be in the works. (No doubt there are scores of plots in the works, but we digress.) Therefore, last week, the ever-paranoid Bush Administration decided that Khan's building surveillance documents, and the hints of imminent danger, had to be connected. Indeed, if al Qaeda is to strike at all, it is most likely to strike the targets mentioned in Khan's documents, as opposed to thousands of others, the Bushies reasoned. New York, Newark and Washington were immediately put on high alert, at great expense, and to the inconvenience of millions of residents. SNIP --Kaos-Keraunos-Kybernetos--- + ^ + :Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ --*--:and our people, and neither do we. -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + :War is Peace, freedom is slavery, Bush is President. - _ Get ready for school! Find articles, homework help and more in the Back to School Guide! http://special.msn.com/network/04backtoschool.armx
Re: Forensics on PDAs, notes from the field
Quoth Thomas Shaddack [EMAIL PROTECTED] Obvious lesson: Steganography tool authors, your programs should use the worm/HIV trick of changing their signatures with every invocation. Much harder for the forensic fedz to recognize your tools. (As suspicious, of course). It should be enough to do that at the installation time. The adversary in this model gets to analyze the file only once, and we want to make sure that nobody tampered with the file as a protection against other, more active threat models. What we want is to have a file and its hash, so we can make sure the file content is unchanged, but the hash has to be as globally-unique as possible. The NIST CDROM also doesn't seem to include source code amongst its sigs, so if you compile yourself, you may avoid their easy glance. A cool thing for this purpose could be a patch for gcc to produce unique code every time, perhaps using some of the polymorphic methods used by viruses. Just adding a chunk of data to make the hash unique will work against the current generation of the described tools. But we should plan to the future, what moves the adversary can do to counter this step. Dear TS: you have very good ideas.
Too Much Information?
http://abcnews.go.com/sections/WNT/US/internet_sensitive_info_040812.html Too Much Information? Web Site Raises Questions About Public Access to Sensitive Government Info By JakeTapper ABCNEWS.com Aug. 12, 2004- John Young, a 69-year-old architect, was contacted a few weeks ago by Department of Homeland Security officials, who expressed concern about what he was posting on his Web site. Officials questioned Young about information he had posted about the 2004 Democratic National Convention, including satellite photos of the convention site and the location of specific police barricades referred to on the site as a complete joke. In response to a complaint, two special agents from the FBI's counterterrorism office in New York City interviewed Young in November 2003. They said, 'Why didn't you call us about this? Why are you telling the public?' And we said, 'Because it's out there and you can see it. You folks weren't doing anything,' Young told ABC News. The agents, according to Young, stressed they knew that nothing on the site was illegal. Young added: They said, 'What we'd like you to do, if you're approached by anyone that you think intends to harm the United States, we're asking you to let us know that.' I know there are a lot of people in the government who find him troublesome, said former White House terrorism adviser Richard Clarke, now an ABC News consultant. There is a real tension here between the public's right to know and civil liberties, on the one hand, and security on the other. But Young argues his actions enhance national security, since he points out to the public vulnerabilities the government does not want to acknowledge. Like others who run similar Web sites, Young does so by using information from the public domain, such as: * Photographs of preparations for the upcoming Republican National Convention at New York City's Madison Square Garden * Detailed maps of bridges and tunnels leading in and out of Manhattan * Maps of New York City's single natural gas pipeline * The location of an underground nuclear weapons storage complex in New Mexico Enabling the Enemy? I think it's very, very bad for the country to have anyone putting together information that makes it easier for anyone that wants to injure Americans to do so, said Rep. Chris Cox, R-Calif., chair of the House Homeland Security Committee. Law enforcement officials were particularly upset that Young posted the satellite photos and addresses for the homes of top Bush administration officials. We think public officials should be totally transparent. There should be no secrecy, said Young. We are opposed to government secrecy in all of its forms. Officials call that argument outrageous and argue some secrecy is necessary. The Department of Homeland Security has taken aggressive measures to protect critical infrastructure across the country, said a Department of Homeland Security spokeswoman. We discourage Web posting of detailed information about critical infrastructure. This information is not helpful to our ongoing efforts to protect the American people and our nation's infrastructure. When asked how he would respond to those who consider his Web site unpatriotic since it could provide useful information for those who seek to harm the United States, Young said, If this is not done, more Americans are going to die. More harm is going to come to the United States. It is more patriotic to get information out than to withhold it. Officials acknowledge there is not much they can do; Young has not broken any laws. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: Forensics on PDAs, notes from the field
On Fri, 13 Aug 2004, Morlock Elloi wrote: The purpose would be that they do not figure out that you are using some security program, so they don't suspect that noise in the file or look for stego, right? The last time I checked the total number of PDA programs ever offered to public in some way was around 10,000 (5,000 ? 100,000 ? Same thing.) That can be trivially checked for. Any custom-compiled executable will stand out as a sore thumb. How? Not if you get something like a Sharp Zaurus and compile your own environment. Hey, I want to get as much performance out of this shitty little ARM chip as I can. You will suffer considerably less bodily damage inducing you to spit the passphrase than to produce the source and the complier. What makes you think they'll have enough of a clue as to how to read the files off your PDA without booting it in the first place? 99% of these dorks use very expensive automated hardware tools that do nothing more than dd your data to their device, then run a scanner on it which looks for well known jpg's of kiddie porn. If you're suspected of something really big, or you're middle eastern, then you need to worry about PDA forensics. Otherwise, you're just another geek with a case of megalomania thinking you're important enough for the FedZ to give a shit about you. Just use the fucking PGP. It's good for your genitals. And PGP won't stand out because ? --Kaos-Keraunos-Kybernetos--- + ^ + :Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ --*--:and our people, and neither do we. -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + :War is Peace, freedom is slavery, Bush is President. -
Re: Forensics on PDAs, notes from the field
Right, in which case GPG (or any other decent crypto system) is just fine, or you wouldn't be looking for stego'ing it inside of binaries in the first place. --Kaos-Keraunos-Kybernetos--- + ^ + :Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ --*--:and our people, and neither do we. -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + :War is Peace, freedom is slavery, Bush is President. - On Fri, 13 Aug 2004, Thomas Shaddack wrote: In the world of industrial espionage and divorce lawyers, the FedZ aren't the only threat model.
Re: Forensics on PDAs, notes from the field
A cool thing for this purpose could be a patch for gcc to produce unique code every time, perhaps using some of the polymorphic methods used by viruses. The purpose would be that they do not figure out that you are using some security program, so they don't suspect that noise in the file or look for stego, right? The last time I checked the total number of PDA programs ever offered to public in some way was around 10,000 (5,000 ? 100,000 ? Same thing.) That can be trivially checked for. Any custom-compiled executable will stand out as a sore thumb. You will suffer considerably less bodily damage inducing you to spit the passphrase than to produce the source and the complier. Just use the fucking PGP. It's good for your genitals. = end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
Re: Forensics on PDAs, notes from the field
On Fri, 13 Aug 2004, Sunder wrote: If you're suspected of something really big, or you're middle eastern, then you need to worry about PDA forensics. Otherwise, you're just another geek with a case of megalomania thinking you're important enough for the FedZ to give a shit about you. In the world of industrial espionage and divorce lawyers, the FedZ aren't the only threat model.
Re: Forensics on PDAs, notes from the field
On Fri, 13 Aug 2004, Tyler Durden wrote: And it seems to me to be a difficult task getting ahold of enough photos that would be believably worth encrypting. Homemade porn?
Re: Forensics on PDAs, notes from the field
Sunder wrote... And PGP won't stand out because ? Just wondering. Is it possible to disguise a PGP'd message as a more weakly encrypted message that then decrypts to something other than the true message? OK...perhaps we stego an encrypted message, then encrypt that photo using something weaker. Not like they haven't already thought of that, though. And it seems to me to be a difficult task getting ahold of enough photos that would be believably worth encrypting. -TD From: Sunder [EMAIL PROTECTED] To: Morlock Elloi [EMAIL PROTECTED] CC: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: Forensics on PDAs, notes from the field Date: Fri, 13 Aug 2004 14:11:36 -0400 (edt) On Fri, 13 Aug 2004, Morlock Elloi wrote: The purpose would be that they do not figure out that you are using some security program, so they don't suspect that noise in the file or look for stego, right? The last time I checked the total number of PDA programs ever offered to public in some way was around 10,000 (5,000 ? 100,000 ? Same thing.) That can be trivially checked for. Any custom-compiled executable will stand out as a sore thumb. How? Not if you get something like a Sharp Zaurus and compile your own environment. Hey, I want to get as much performance out of this shitty little ARM chip as I can. You will suffer considerably less bodily damage inducing you to spit the passphrase than to produce the source and the complier. What makes you think they'll have enough of a clue as to how to read the files off your PDA without booting it in the first place? 99% of these dorks use very expensive automated hardware tools that do nothing more than dd your data to their device, then run a scanner on it which looks for well known jpg's of kiddie porn. If you're suspected of something really big, or you're middle eastern, then you need to worry about PDA forensics. Otherwise, you're just another geek with a case of megalomania thinking you're important enough for the FedZ to give a shit about you. Just use the fucking PGP. It's good for your genitals. And PGP won't stand out because ? --Kaos-Keraunos-Kybernetos--- + ^ + :Our enemies are innovative and resourceful, and so are we. /|\ \|/ :They never stop thinking about new ways to harm our country /\|/\ --*--:and our people, and neither do we. -G. W. Bush, 2004.08.05 \/|\/ /|\ : \|/ + v + :War is Peace, freedom is slavery, Bush is President. - _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: Forensics on PDAs, notes from the field (your teenage son's homemade porn)
At 10:07 PM 8/13/04 +0200, Thomas Shaddack wrote: On Fri, 13 Aug 2004, Tyler Durden wrote: And it seems to me to be a difficult task getting ahold of enough photos that would be believably worth encrypting. Homemade porn? Your 16 year old son's homemade porn. [google on Heidl rape; a deputy sheriff's teen son makes a porn movie with a passed out teen and gets busted]
Re: Forensics on PDAs, notes from the field
At 01:46 PM 8/13/04 -0400, John Kelsey wrote: From: Major Variola (ret) [EMAIL PROTECTED] Obvious lesson: Steganography tool authors, your programs should use the worm/HIV trick of changing their signatures with every invocation. Much harder for the forensic fedz to recognize your tools. (As suspicious, of course). I would have thought the obvious lesson was to keep all your important work on an encrypted disk partition, with a good password and a high iteration count. This is true not just for criminals and terrorists, but for anyone who doesn't want the information on their hard drive read by anyone who happens to steal their computer. If you include PDA Cellphone as computer; or include flash eeprom as a hard drive, then we agree. Most Persons of Interest will have secrets on their mobile gizmos (which use flash memory) as well as their PC's spinning disks. Sync'ing the PDA + PC means the security boundary includes them both. The important lesson is that all your gizmos will be seized and analyzed. And that the world needs good Linux-based-PDA flash-mem-compatible security tools. And don't forget the epoxy...
Re: Forensics on PDAs, notes from the field
On Fri, 13 Aug 2004, Thomas Shaddack wrote: In the world of industrial espionage and divorce lawyers, the FedZ aren't the only threat model. At 03:06 PM 8/13/04 -0400, Sunder wrote: Right, in which case GPG (or any other decent crypto system) is just fine, or you wouldn't be looking for stego'ing it inside of binaries in the first place. I don't think Sunder grasps how much fun divorce lawyers can be. So, Mr. Smith, what *do* you hide with your crypto tools? And why won't you let the court examine the plaintext in camera, if your content is so benign? (Or are your ex-wife's accusations true?) Also, public schools prohibit the use of encryption. No kidding. And finding a crypto tool on a .mil slave's personal machine may be indicting evidence, given their lack of civilian legal processes, when accused by their own. Since mere possession of lockpick tools is criminal, do you really think you can possess crypto tools freely?
Re: Forensics on PDAs, notes from the field
At 02:11 PM 8/13/04 -0400, Sunder wrote: If you're suspected of something really big, or you're middle eastern, then you need to worry about PDA forensics. Otherwise, you're just another geek with a case of megalomania thinking you're important enough for the FedZ to give a shit about you. Perhaps you're a geek working for people who think they're important enough? In any case, its not just the FedZ, the locals send the tricky shit to the FedZ if they don't have the LabZ. Same as with arson, poisonings, etc. So we all fall under the same logic-analyzer-panopticon.
Joux found a collision for SHA-0 !
--- begin forwarded text Delivered-To: [EMAIL PROTECTED] From: Pascal Junod [EMAIL PROTECTED] Organization: EPFL - LASEC To: [EMAIL PROTECTED] Subject: Joux found a collision for SHA-0 ! Date: Fri, 13 Aug 2004 15:32:29 +0200 User-Agent: KMail/1.6.2 Sender: [EMAIL PROTECTED] Hi ! This has appeared on a french mailing-list related to crypto. The results of Joux improve on those of Chen and Biham which will be presented next week at CRYPTO'04. Enjoy ! quote Thursday 12th, August 2004 We are glad to announce that we found a collision for SHA-0. First message (2048 bits represented in hex): a766a602 b65cffe7 73bcf258 26b322b3 d01b1a97 2684ef53 3e3b4b7f 53fe3762 24c08e47 e959b2bc 3b519880 b9286568 247d110f 70f5c5e2 b4590ca3 f55f52fe effd4c8f e68de835 329e603c c51e7f02 545410d1 671d108d f5a4000d cf20a439 4949d72c d14fbb03 45cf3a29 5dcda89f 998f8755 2c9a58b1 bdc38483 5e477185 f96e68be bb0025d2 d2b69edf 21724198 f688b41d eb9b4913 fbe696b5 457ab399 21e1d759 1f89de84 57e8613c 6c9e3b24 2879d4d8 783b2d9c a9935ea5 26a729c0 6edfc501 37e69330 be976012 cc5dfe1c 14c4c68b d1db3ecb 24438a59 a09b5db4 35563e0d 8bdf572f 77b53065 cef31f32 dc9dbaa0 4146261e 9994bd5c d0758e3d Second message: a766a602 b65cffe7 73bcf258 26b322b1 d01b1ad7 2684ef51 be3b4b7f d3fe3762 a4c08e45 e959b2fc 3b519880 39286528 a47d110d 70f5c5e0 34590ce3 755f52fc 6ffd4c8d 668de875 329e603e 451e7f02 d45410d1 e71d108d f5a4000d cf20a439 4949d72c d14fbb01 45cf3a69 5dcda89d 198f8755 ac9a58b1 3dc38481 5e4771c5 796e68fe bb0025d0 52b69edd a17241d8 7688b41f 6b9b4911 7be696f5 c57ab399 a1e1d719 9f89de86 57e8613c ec9e3b26 a879d498 783b2d9e 29935ea7 a6a72980 6edfc503 37e69330 3e976010 4c5dfe5c 14c4c689 51db3ecb a4438a59 209b5db4 35563e0d 8bdf572f 77b53065 cef31f30 dc9dbae0 4146261c 1994bd5c 50758e3d Common hash value (can be found using for example openssl sha file.bin after creating a binary file containing any of the messages) c9f160777d4086fe8095fba58b7e20c228a4006b This was done by using a generalization of the attack presented at Crypto'98 by Chabaud and Joux. This generalization takes advantage of the iterative structure of SHA-0. We also used the neutral bit technique of Biham and Chen (To be presented at Crypto'2004). The computation was performed on TERA NOVA (a 256 Intel-Itanium2 system developped by BULL SA, installed in the CEA DAM open laboratory TERA TECH). It required approximatively 80 000 CPU hours. The complexity of the attack was about 2^51. We would like to thank CEA DAM, CAPS Entreprise and BULL SA for their strong support to break this challenge. Antoine Joux(*) (DCSSI Crypto Lab) Patrick Carribault (Bull SA) Christophe Lemuet, William Jalby (Universit'e de Versailles/Saint-Quentin en Yvelines) (*) The theoretical cryptanalysis was developped by this author. The three others authors ported and optimized the attack on the TERA NOVA supercomputer, using CAPS Entreprise tools. $hexdump fic1.bin 000 66a7 02a6 5cb6 e7ff bc73 58f2 b326 b322 010 1bd0 971a 8426 53ef 3b3e 7f4b fe53 6237 020 c024 478e 59e9 bcb2 513b 8098 28b9 6865 030 7d24 0f11 f570 e2c5 59b4 a30c 5ff5 fe52 040 fdef 8f4c 8de6 35e8 9e32 3c60 1ec5 027f 050 5454 d110 1d67 8d10 a4f5 0d00 20cf 39a4 060 4949 2cd7 4fd1 03bb cf45 293a cd5d 9fa8 070 8f99 5587 9a2c b158 c3bd 8384 475e 8571 080 6ef9 be68 00bb d225 b6d2 df9e 7221 9841 090 88f6 1db4 9beb 1349 e6fb b596 7a45 99b3 0a0 e121 59d7 891f 84de e857 3c61 9e6c 243b 0b0 7928 d8d4 3b78 9c2d 93a9 a55e a726 c029 0c0 df6e 01c5 e637 3093 97be 1260 5dcc 1cfe 0d0 c414 8bc6 dbd1 cb3e 4324 598a 9ba0 b45d 0e0 5635 0d3e df8b 2f57 b577 6530 f3ce 321f 0f0 9ddc a0ba 4641 1e26 9499 5cbd 75d0 3d8e $ hexdump fic2.bin 000 66a7 02a6 5cb6 e7ff bc73 58f2 b326 b122 010 1bd0 d71a 8426 51ef 3bbe 7f4b fed3 6237 020 c0a4 458e 59e9 fcb2 513b 8098 2839 2865 030 7da4 0d11 f570 e0c5 5934 e30c 5f75 fc52 040 fd6f 8d4c 8d66 75e8 9e32 3e60 1e45 027f 050 54d4 d110 1de7 8d10 a4f5 0d00 20cf 39a4 060 4949 2cd7 4fd1 01bb cf45 693a cd5d 9da8 070 8f19 5587 9aac b158 c33d 8184 475e c571 080 6e79 fe68 00bb d025 b652 dd9e 72a1 d841 090 8876 1fb4 9b6b 1149 e67b f596 7ac5 99b3 0a0 e1a1 19d7 899f 86de e857 3c61 9eec 263b 0b0 79a8 98d4 3b78 9e2d 9329 a75e a7a6 8029 0c0 df6e 03c5 e637 3093 973e 1060 5d4c 5cfe 0d0 c414 89c6 db51 cb3e 43a4 598a 9b20 b45d 0e0 5635 0d3e df8b 2f57 b577 6530 f3ce 301f 0f0 9ddc e0ba 4641 1c26 9419 5cbd 7550 3d8e $ diff fic1.bin fic2.bin Binary files fic1.bin and fic2.bin differ $ openssl sha fic1.bin SHA(fic1.bin)= c9f160777d4086fe8095fba58b7e20c228a4006b $ openssl sha fic2.bin SHA(fic2.bin)= c9f160777d4086fe8095fba58b7e20c228a4006b /quote -- * Pascal Junod [EMAIL PROTECTED] http://crypto.junod.info * * Security and Cryptography Laboratory (LASEC) * * Swiss Federal Institute of Technology (EPFL), CH-1015 Lausanne *
Re: yes, they look for stego, as a Hacker Tool
On Fri, 13 Aug 2004, Major Variola (ret) wrote: Any jpg which looks like noise will be of interest. And any stego program will make them look at your images (etc) more closely :-) Most of the programs they've hashed is so the forensic pigs can discount them. But they would find known-stego tools very interesting. And they would find them, even if renamed, from their sigs; but not if polymorphic or encrypted, but then they would be in the unknown category, along with user-created files. And programs :-) To be manually inspected by a forensic dude. Run a tool for signature changing preemptively, on *all* the files in the system that can be changed without changing their function? Then you have the forest where every tree is marked and the leprechaun is laughing. These hash-CDROMs are also useful for finding unlicensed software and music Another reason for making your data unique. Osama sez: Always use original images and sounds as stego carriers. DV camcorders are becoming increasingly popular. Is there any software to stego the data into DV streams? Such files are suitable as carriers, as it is easy to produce gigabytes and gigabytes of meaningful data from a single friend's wedding - which allows even sparse encoding without having improbable amount of data. And keep your tools encrypted, or on memory sticks you can flush or snap with your fingers. Beware of destruction of memory sticks; as long as the Flash chip is intact, even if its casing itself is broken, it is easy for a properly equipped lab to get the chip out of the case and bond it to new casing. The Flash chips used in the USB disks have serial interfaces, which makes the task of connecting them again rather easy, if you have the right toys (available for anybody who does eg. thick-layer hybrid circuits). A neat trick to lower the suspicion-factor for stego in JPEG or video could be releasing a closed-source program for Windows as either freeware or easy-to-hack (or without the time check at all) shareware (we don't want the money here, but we want the people to think it's doing a lot of good for them, and there still is a segment of consumers who think that when it is free, it's worthless), which is touted loudly for enhancing the images. While all it can be doing is to slightly manipulate brightness and contrast in the too dark or too light areas, smear or sharpen the image a little bit; may be just couple NetPBM tools cobbled together with a nice interface added (we'll violate the licence here, but that's a minor detail - which can further serve to bring attention to the tool). And, last but not least, inserting a steganographed random data into them. May be something meaningful, may be just random data, may be perhaps random data chunked to packets looking like a GPG-encrypted file. Put it online, wait until the news are slow, and get some computer graphics magazines interested in it, writing articles about it. Perhaps run an astroturf campaign, guerrilla marketing. Get it distributed on the CDs shipped with them. Even with just fraction of % of the images in the wild there will be a lot of them looking like stegoed, serving as a convenient smokescreen for the real ones. The sheeple don't have to be only a threat. They can be useful, if their gullibility is properly exploited.
yes, they look for stego, as a Hacker Tool
A cool thing for this purpose could be a patch for gcc to produce unique code every time, perhaps using some of the polymorphic methods used by viruses. The purpose would be that they do not figure out that you are using some security program, so they don't suspect that noise in the file or look for stego, right? Yes, they do. Check the link. The CDROM of file hashes contains a category Hacker Tools that includes the Stego tools they could download from the 'net. Any jpg which looks like noise will be of interest.And any stego program will make them look at your images (etc) more closely :-) Most of the programs they've hashed is so the forensic pigs can discount them. But they would find known-stego tools very interesting. And they would find them, even if renamed, from their sigs; but not if polymorphic or encrypted, but then they would be in the unknown category, along with user-created files. And programs :-) To be manually inspected by a forensic dude. These hash-CDROMs are also useful for finding unlicensed software and music Osama sez: Always use original images and sounds as stego carriers. And keep your tools encrypted, or on memory sticks you can flush or snap with your fingers.
