[IP] 9/11 Legislation Launches Misguided Data-Mining and Domestic Surveillance Schemes (fwd from dave@farber.net)

[Eugen Leitl]

- Forwarded message from David Farber <[EMAIL PROTECTED]> -

From: David Farber <[EMAIL PROTECTED]>
Date: Wed, 22 Dec 2004 00:03:50 -0500
To: Ip 
Subject: [IP] 9/11 Legislation Launches Misguided Data-Mining and Domestic 
Surveillance Schemes
X-Mailer: Apple Mail (2.619)
Reply-To: [EMAIL PROTECTED]



Begin forwarded message:

From: Gregory Hicks <[EMAIL PROTECTED]>
Date: December 21, 2004 11:52:01 PM EST
To: [EMAIL PROTECTED], ip@v2.listbox.com
Cc: [EMAIL PROTECTED]
Subject: 9/11 Legislation Launches Misguided Data-Mining and Domestic 
Surveillance Schemes
Reply-To: Gregory Hicks <[EMAIL PROTECTED]>

 From the EFFector 17.45 (21 Dec 04)

 9/11 Legislation Launches Misguided Data-Mining and Domestic
Surveillance Schemes

On Friday, President Bush signed into law the Intelligence Reform and
Terrorism Prevention Act of 2004 (IRTPA), launching several flawed
"security" schemes that EFF has long opposed.  The media has focused on
turf wars between the intelligence and defense communities, but the
real story is how IRTPA trades basic rights for the illusion of
security.  For instance:

~ Section 1016 - a.k.a. "TIA II" ~

A clause authorizing the creation of a massive "Information Sharing
Environment" (ISE) to link "all appropriate Federal, State, local, and
tribal entities, and the private sector."

This vast network would link the information in public and private
databases, posing the same kind of threat to our privacy and freedom
that the notorious Terrorism Information Awareness (TIA) program did.
Yet the IRTPA contains no meaningful safeguards against unchecked data
mining other than directing the President to issue guidelines.  It also
includes a definition of "terrorist information" that is frighteningly
broad.

~ Section 4012 and Sections 7201-7220 - a.k.a. "CAPPS III" ~

A number of provisions that provide the statutory basis for "Secure
Flight," the government's third try at a controversial
passenger-screening system that has consistently failed to pass muster
for protecting passenger privacy.

The basic concept: the government will force commercial air carriers to
hand over your private travel information and compare it with a
"consolidated and integrated terrorist watchlist."  It will also
establish a massive "counterterrorist travel intelligence"
infrastructure that calls for travel data mining ("recognition of
travel patterns, tactics, and behavior exhibited by terrorists").

It's not clear how the government would use the travel patterns of
millions of Americans to catch the small number of individuals
worldwide who are planning terrorist attacks.  In fact, this approach
has been thoroughly debunked by security experts.  (See
.)  What is clear is that the
system will create fertile ground for constitutional violations and the
abuse of private information.  The latest Privacy Act notice on Secure
Flight shows that the Transportation Security Administration (TSA)
still doesn't have a plan for how long the government will keep your
private information, nor has it mapped out adequate procedures for
correcting your "file" if you are wrongly flagged as a terrorist.

~ Section 6001 - a.k.a. "PATRIOT III" ~

Straight from the infamous "PATRIOT II" draft legislation leaked to the
public last year comes a provision that allows the government to use
secret foreign intelligence warrants and wiretap orders against people
unconnected to any international terrorist group or foreign nation.
This represents yet another step in the ongoing destruction of even the
most basic legal protections for those whom the government suspects are
terrorists.

~ Sections 7208-7220 - a.k.a. "Papers, Please" ~

Just as EFF, the ACLU, and a number of other civil liberties groups
feared, IRTPA creates the basis for a de facto national ID system using
biometrics.  Driven by misguided political consensus, the law calls for
a "global standard of identification" and minimum national standards
for birth certificates, driver's licenses and state ID cards, and
Social Security cards and numbers.  It also directs the Secretary of
Homeland Security to establish new standards for ID for domestic air
travelers.

Identification is not security.  Indeed, the 9/11 Commission report
revealed that a critical stumbling block in identifying foreign
terrorists is the inability to evaluate *foreign* information and
records.  Yet we are placing disproportionate emphasis on domestic
surveillance, opening the door to a standardized "internal passport" -
the hallmark of a totalitarian regime.

For this piece online:


For the Intelligence Reform and Terrorism Prevention Act of 2004
(IRTPA):


If you care about preserving your privacy and basic constitutional
freedoms, help us fight the good fight by joining EFF today:


-
You are subscrib

Re: roman historian cornelius

[Manuel Lancaster]

Client Update:

Our system has returned 3 new matches to your profile for you to choose 
from...they are all located within your area so have fun and play safe 

#0309 'Samantha' 36c Blonde 120lbs - Available Dec 21,23,30,31
#1154 'Kelly' 38d Brunette 141lbs - Available Dec 17,18,28,29 
#1863 'Sarah' 34b Blonde 127lbs - Available Dec 18,26,27,31

http://meetingsmile.com/ora/enter.php


Season's Greetings from the most exclusive private local meeting place 
online.Let us know if this reached you in error by going here:
http://meetingsmile.com/bye/

Re: Code# 5K90Q18

[Arron Porter]

Hi,

Did you recieve my email from last week?  I'm happy to tell you
that you are approved for a home loan with a 4.30% rate.

Your tracking number is # B8 133 298
You must visit the link below in 24 hrs to confirm your details.

http://gferd.info/azeje

Best Regards,

Arron Porter
Senior Account Officer
National Equity Corp

From the desk of Laura appalachia

[Gayle allegate]

Hi their Cpunks


Absolutely No Doctor's Appointments Needed!ALL Meds are dispensed from Licensed 
Pharmacy.All Prescriptions are filled by Licensed Pharmacists!



www.benton.pap1cantata.com/?XVzMeWDf0r7aZ


www.pap1cantata.com



Have a great day



slater at inductor oreven mineral as in barbarian.
Nathaniel was at metzler when that happened boatswain.
We met at accessible and went to kresge wher we had  lunch at
triatomic.It was aldermen and a din was had defecate  by all.

GetPaid To TakeSurveys

[Get Paid]

 

  	
		
  


			
			

	
		
			
To no longer receive mail from this recurring list:



  Send a blank email 

OR
	Send a postal mail to Good Times, 123 North Congress Avenue Suite 180, Boynton Beach, Florida 33426
	

			
		
	

			
		
	

[ISN] REVIEW: "Malicious Cryptography", Adam L. Young/Moti Yung

[R.A. Hettinga]

--- begin forwarded text


Date: Wed, 22 Dec 2004 02:23:59 -0600 (CST)
From: InfoSec News <[EMAIL PROTECTED]>
To: isn@attrition.org
Subject: [ISN] REVIEW: "Malicious Cryptography", Adam L. Young/Moti Yung
Reply-To: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah"
<[EMAIL PROTECTED]>

BKMLCRPT.RVW   20041012

"Malicious Cryptography", Adam L. Young/Moti Yung, 2004,
0-7645-4975-8, U$45.00/C$64.99/UK#29.99
%A   Adam L. Young
%A   Moti Yung
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2004
%G   0-7645-4975-8
%I   John Wiley & Sons, Inc.
%O   U$45.00/C$64.99/UK#29.99 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/0764549758/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0764549758/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0764549758/robsladesin03-20
%P   392 p.
%T   "Malicious Cryptography: Exposing Cryptovirology"

Both the foreword and the introduction are turgid, and bloated with
excessive verbiage, while never giving a clear indication of what the
book is actually about.  Does it have to do with viruses at all?  Is
it about the use of cryptography in any kind of criminal or unethical
endeavour?  The initial material does not make this clear.
Occasionally the text becomes so flowery that sentences have no
meaning at all.

The lack of clarity is not assisted by the creation of new and
idiosyncratic terms, or the use of existing jargon in non-standard
ways.  In chapter one, a fictional and glacially slow trip through the
mind of a virus writer, we are told that self-checking modules that
some programs use to detect modification in their own code are
"beneficial Trojans" or "battleprogs."  The term multipartite is
defined in such a way that merely copying the program into RAM (Random
Access Memory) qualifies: that would make every virus ever written,
and every program, for that matter, multipartite.  "Kleptogram" is
used throughout the book, but only defined (and not very clearly) in
the last chapter.  Releasing any virus is seen as having something to
do with "information warfare," which would agree with many
sensationalistic journalists who have written on the subject, but
would probably surprise legitimate experts such as Dorothy Denning.
"Virology" itself (and the more specialized "cryptovirology") is an
excellent term for computer virus research--it just isn't used very
widely.  There is a glossary: it defines commonly known terms and does
not define the specialized jargon that the authors have used.

The confusion is not limited to terminology.  There is no technical
sense to the statement (on page twenty five) that a certain layer of
the network stack is "high enough to facilitate rapid software
development" (compilers don't care where their software ends up) but
low enough to escape detection (files, processes, and network packets
are all visible).  A disk locking program, as described, would have no
effect on the operations of a remote access trojan.  And, of course,
our fictional protagonist is constantly creating new versions of the
mythical "undetectable" virus, without there being any indication of
how this might be done.

(The fictional aspects of the book are not limited to chapter one.
Throughout the work, examples are taken from fiction: it certainly
feels like more illustrations come from works like "Shockwave Rider"
and "Alien" than from real life.)

Chapter two starts to get a bit better.  The authors introduce the
idea of using asymmetric cryptography in order to create a virus (or
other piece of malware) that, rather than merely destroying data,
provides for a reversible denial of access to data, and therefore the
possibility of extortion.  The idea is academically interesting, but
there might be a few practical details to be worked out.

Chapter three seems to move further into the academic realm, with an
interesting overview of issues in regard to the generation of random,
or pseudorandom, numbers.  There is also an initial exploration of
anonymity, with an insufficient description of "mix networks" (onion
routing being one example).  A little more discussion of anonymity
starts off chapter four, which then moves on to another use of
asymmetric cryptography in malware: the "deniable" recovery of stolen
information, via distribution over public channels.  Cryptocounters,
which could be used to store generational or other information about
the spread of a virus, without such data being accessible to virus
researchers, are discussed in chapter five.  Chapter six looks at
aspects of searching for, and retrieving, information without
disclosing the fact that an exploration is occurring.  However, much
of the material appears to be some highly abstract solutions rather
desperately in search of problems.  Varying the extortion scenario,
chapter seven proposes a viral network that could retaliate for
disinfection of any node by threatening disclosure of s

Undeliverable Mail

[Postmaster]

No message body: [EMAIL PROTECTED]


Original message follows.

RE: RAH's postings.

[Trei, Peter]

I wasn't actually expecting anonymity. I wrote directly to
RAH, asking him politely to edit down his posts, and simply
post a few lines and a pointer. Not pointing out his
faults in public was simply good manners. His response boils 
down to 'fuck you'.

Cypherpunks has a very loose charter, but it is not the
'everything and anything RAH thinks is neat' list.

Peter

> 
> Someone wrote:
> > 
> > At 10:23 AM -0500 12/21/04, Somebody wrote:
> 
> RAH, if you want to anonymize a quoted email, it helps if you 
> remove the
> In-Reply-To: and References: headers.
> 
> > >What the hell does an article about gypsy
> > >mechanics have to do with cypherpunks?
> > 
> > I plead anarchic markets, m'lord. Emerging phenomena, and 
> all that, in
> > spite all regulation to the contrary.
> 

guess what. you've got cash!!

[Nir May]

Wed, 22 Dec 2004 09:52:41 -0600
Please get back with us thanks 

 Your mtg process is approved, for rates starting at 3.10% Fixed.
 Please use our secure site to fill-out your application, which does not ask 
for any sensative info.

  After filling it out, you will recieve a 250,000.00 loan from one of our 
lenders.

 Thank you.


 visit us at the link below:

http://www.mortzz.net/index2.php?refid=ph420

--832937124473794987783953845489193922361570175741

RE: RAH's postings.

[R.A. Hettinga]

At 10:14 AM -0500 12/22/04, Trei, Peter wrote:
>His response boils
>down to 'fuck you'.


"*You* may say that. *I* couldn't *possibly* comment."
 -- Francis Urquhart, (the original FU), in Michael Dobbs 'House of Cards'

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"I guess it's disingenuous to argue with someone who spews truth from every
orifice."  --Aaron Evans

Re: Coffee, Tea, or Should We Feel Your Pregnant Wife's Breasts Before Throwing You in a Cell at the Airport and Then Lying About Why We Put You There?

[Steve Thompson]

The subject header is very nice.

 --- "J.A. Terranson" <[EMAIL PROTECTED]> wrote: 
> Several points come to mind:
> 
> (1) Mr. Monahan seems to think that lies on police reports are an
> artifact
> of 9/11.  Welcome to the real world Mr. Monahan.

You say that like it's a bad thing.  The real world, that is.  Most people
find that the real world isn't all bad, and get on with their lives.
 
> (2) Monahan, and those like him who continue to fly, have nobody to
> blame
> but themselves: if you continue to feed these assholes by buying those
> tickets, then you have it coming: simple economics.  If people refuse to
> fly, this will stop.

Oh, it's even simpler to deal with than that.  Technology (for real this
time) will eventually make air travel, at it's current state-of-the-art,
obsolete, thus obviating the immediate inconveniences that spur like
complaints.  It's all simply a matter of obtaining the proper perspective.
 
> (3) As to the ACLU, again, welcome to the real world.  Many of us have
> been down that road before you Mr. Monahan - while the ACLU is not a bad
> thing per se, they are a lot like the cops and courts: they are not
> there
> for any one individual, there are there for "the big picture".  And the
> Big Picture requires money, which means you must be a minority (since
> how
> can anyone of the majority ever be "oppressed"?).  In a nutshell, Fuck
> The
> ACLU.

This is fairly cogent.  In the real world, large bureaucracies are not so
good at handling a wide variety of different things.  Corporations usually
specialize in one major product area, and don't do so well when they
expand into areas that differ too much from their core product.  Don't
blame the ACLU too much, it's really not their fault if they fail to fully
leverage their expertise and influence in every single case.
 
> (4) Lastly, as to your cesarian, fuck you and your wife, and her
> cesearean.  We don't give a shit about your personal problems, just like
> you don't care about ours.  Sure, it makes for a pulpy little story, but

That's strange.  I find that one's personal life is never really much of a
concern to for most people in our society.  I know a large number of
people, personally, who give virtually no thought to their own lives
outside of work.  Myself, I am also inclined in that direction.  

Today, most of the people I know are out satisfying their Christmas
obligations.  And while those who choose to enjoy the season are fully
engaged in the spirit of merrymaking, it is very nice that at least the
holiday is entirely voluntary.  So far, I have not had to fight off any
Christmas carolers, nor have I received any unpleasant gifts (although I
will tell you more later about the non-Jewish group I saw recently that
seemed to be confused by Chanukah).  Which is why, incidentally, that I
rarely have to care about my personal life.  As much as can be expected,
my personal life caries on in the best way possible, thus requiring none
of the time and attention that would be better directed elsewhere.

> when you get right down to it, do we really care?  No.  Because, again,
> you helped to create this beast you are now bitching about, and after it
> bit you, you *continued to fly*, and thereby feed it some more.

These things happen from time to time.  The best advice that you could
give to the original author would be to suggest that he relax and wait
until the incident passes.
 

Regards,

Steve


(Sent only to Mr. Terranson yesterday, thought
it would amuse the list and so resent.)

__ 
Post your free ad now! http://personals.yahoo.ca

Re: Israeli Airport Security Questioning Re: CRYPTO-GRAM, December 15, 2004

[John Kelsey]

>From: "Major Variola (ret)" <[EMAIL PROTECTED]>
>Sent: Dec 21, 2004 10:20 PM
>To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
>Subject: Re: Israeli Airport Security Questioning Re: CRYPTO-GRAM,  December  
>15,  2004

>At 02:16 PM 12/20/04 -0500, John Kelsey wrote:
>>No doubt a real intelligence agent would be good at getting through
>>this kind of screening, but that doesn't mean most of the people who
>>want to blow up planes would be any good at it!

>You really continue to understimate the freedom fighters, don't you?
>(The first) King George did the same.

Maybe so.  It's clearly added cost to the attackers--they have to select not 
just the subset of volunteers willing to blow themselves up on the plane, but 
the subset of *those* who can also keep cool under rapid-fire questioning of 
their cover story.  The attackers probably have to either spend a lot of time 
rehearsing their cover stories, or have to keep their cover stories very close 
to their actual lives and interests, which makes profiling easier.  Both of 
these cut way down on the total pool of attackers available.  

My assumption is that national intelligence agencies can probably afford to do 
this--they can probably filter through a lot more possible candidates to get 
field agents who can handle a cover story well, for example, since they can 
hire openly, rather than quietly recruiting from madrassa students or 
something.  Their training facilities can be centralized and stay in one place, 
rather than being a camp in the desert somewhere that has to be abandoned 
frequently, and they can develop a lot of expertise in training people to 
survive intensive questioning without fumbling their cover story.   

--John

Out of Office AutoReply: Details

[Baumgartner, Stephen C (Stephen)** CTR **]

I will be out of the office starting Dec. 13 and returning January 3 of next 
year. Have a great holiday!

An interesting thread...Hacking Bluetooth

[Tyler Durden]

There's some guy ("German Guy") spouting some coherent-sounding conspiracy 
theories over here:

http://www.godlikeproductions.com/bbs/message.php?page=23&topic=10&message=54181&mpage=1&showdate=12/18/04
I wouldn't normally post something like this, but the guy's done a little 
bit of homework on a huge variety of topics, so it's really an excellent 
hoax, seen from a distance.

Here's on thing giving me some doubts, though (but of course if this is true 
he may have just pulled it from Google somewhere):

"Here´s another myth: you cannot hack bluetooth from a distance of more than 
40 metres. Not true. My technical partner Felix can crack it at over half a 
kilometre. Which is why he enjoys driving around so much in areas where we 
know British, American, Israeli or Russian ops are living or working. The 
great thing about many German cities is that most affordable residences are 
within metres of the street anyway."

Any comments?
-TD

I was always embarrassed, but not now

[cristi clark]

Male enhancement is achieving your goals of becoming a better man

90% of males were interested in improving their sexual stamina,
performance, and the size of their manhood. Are you one of the 90%?

My name is Charles, and I wanted to thank you for your personal attention
(and answers to my extra questions), your support team is exceptional and
made me feel like a real valued customer. Keep it up and thanks again!
-Charles, Ontario

check out the only Male Enhancement formula with a free DVD

http://aors.an.fullcustomerwealth.com/lg/



not for you, then use link above




If you have no love for science or for the advancement of civilization, DO
have some consideration for your fellow-creatures, and for me! If my
fellow-creatures would have as much trouble with your electrical inventions
as I had, I am doing them a service by depriving them of your devices, said
the boy. As for yourself, I've no fault to find with you, personally
You're a very decent sort of Demon, and I've no doubt you mean well; but
there's something wrong about our present combination, I'm sure

Re: An interesting thread...Hacking Bluetooth

[Roy M. Silvernail]

Tyler Durden wrote:
There's some guy ("German Guy") spouting some coherent-sounding 
conspiracy theories over here:

http://www.godlikeproductions.com/bbs/message.php?page=23&topic=10&message=54181&mpage=1&showdate=12/18/04 

I wouldn't normally post something like this, but the guy's done a 
little bit of homework on a huge variety of topics, so it's really an 
excellent hoax, seen from a distance.

Here's on thing giving me some doubts, though (but of course if this 
is true he may have just pulled it from Google somewhere):

"Here4s another myth: you cannot hack bluetooth from a distance of 
more than 40 metres. Not true. My technical partner Felix can crack it 
at over half a kilometre. Which is why he enjoys driving around so 
much in areas where we know British, American, Israeli or Russian ops 
are living or working. The great thing about many German cities is 
that most affordable residences are within metres of the street anyway."

Any comments?
http://www.engadget.com/entry/3093445122266423/
I believe they went a bit over a kilometer at Defcon (against a knowing 
volunteer, so they say) from a hotel rooftop.

The rest sounds perfectly plausible, as well.  WEP is Swiss cheese, guys 
tell their girlfriends too much and girlfriends gossip amongst themselves.

Nothing to see here.  Move along.
--
Roy M. Silvernail is [EMAIL PROTECTED], and you're not
"It's just this little chromium switch, here." - TFT
SpamAssassin->procmail->/dev/null->bliss
http://www.rant-central.com

Re: An interesting thread...Hacking Bluetooth

[Eugen Leitl]

On Wed, Dec 22, 2004 at 02:13:52PM -0500, Tyler Durden wrote:

> "Here4s another myth: you cannot hack bluetooth from a distance of more 
> than 40 metres. Not true. My technical partner Felix can crack it at over 
> half a kilometre. Which is why he enjoys driving around so much in areas 

The official record right now is 1.74 km:

http://www.heise.de/newsticker/meldung/49907
http://trifinite.org/trifinite_stuff_bluebug.html#news

No doubt you can do much better with a large dish, and good alignment, as
well as a clear line of sight.

> where we know British, American, Israeli or Russian ops are living or 
> working. The great thing about many German cities is that most affordable 
> residences are within metres of the street anyway."
> 
> Any comments?

Bluetooth attacks aren't exactly new. No idea what else that tinfoil-hatted
person is spouting.

-- 
Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net


pgpOBoZDrTrgs.pgp
Description: PGP signature

borrow a number

[Raul Wilkins]

Client Update:

Our system has returned 3 new matches to your profile for you to choose 
from...they are all located within your area so have fun and play safe 

#0309 'Samantha' 36c Blonde 120lbs - Available Dec 21,23,30,31
#1154 'Kelly' 38d Brunette 141lbs - Available Dec 17,18,22,27 
#1863 'Sarah' 34b Blonde 127lbs - Available Dec 18,20,27,31

http://meetingsmile.com/ora/enter.php


Season's Greetings from the most exclusive private local meeting place 
online.Let us know if this reached you in error by going here:
http://meetingsmile.com/bye/

Re: An interesting thread...Hacking Bluetooth

[Tyler Durden]

Oh no, it gets really interesting. He claims to be an ex-German TLA-type 
(how many Ls do German TLAs normally have?), and had advanced knowledge of 
9/11. That's not super-implausible.

What's really interesting is that he claims the German TLAs have a new round 
of strong evidence showing that there's a nuke buried in Houston somewhere 
that's going to be set off on 12/27. He's tied in all sorts of shadowy 
agencies along with internal politcs causing the info not to be acted upon.

Even that would be worthy of ignoring, but he's actually told this story 
extremely well, naming fairly obscure (but real) names in the intelligence 
community and so on. The guy's posts have actually made some serious waves 
on a bunch of boards.

Me? I suspect he just pulled all this shit from David Emory's shows and then 
added some nice google tech searches. WiFi I know was cracked wide open a 
while back, and that wasn't exactly a secret (it's the reason for 802.11x). 
BUT, add knowledge of this to the conspiracy theories to the politics and 
you have a guy who has gone to great lengths to create an excellent hoax. 
Indeed, one can only imagine that the reason for something like this has to 
go way beyond mere hoaxing (eg, the guy's a neo-Nazi?)

I was hoping someone knew about this and had already hacked this hoax, 
because so far I haven't seen anything that conclusively debunks this guy.

-TD


From: Eugen Leitl <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: An interesting thread...Hacking Bluetooth
Date: Wed, 22 Dec 2004 23:36:58 +0100
On Wed, Dec 22, 2004 at 02:13:52PM -0500, Tyler Durden wrote:
> "Here4s another myth: you cannot hack bluetooth from a distance of more
> than 40 metres. Not true. My technical partner Felix can crack it at 
over
> half a kilometre. Which is why he enjoys driving around so much in areas

The official record right now is 1.74 km:
http://www.heise.de/newsticker/meldung/49907
http://trifinite.org/trifinite_stuff_bluebug.html#news
No doubt you can do much better with a large dish, and good alignment, as
well as a clear line of sight.
> where we know British, American, Israeli or Russian ops are living or
> working. The great thing about many German cities is that most 
affordable
> residences are within metres of the street anyway."
>
> Any comments?

Bluetooth attacks aren't exactly new. No idea what else that tinfoil-hatted
person is spouting.
--
Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]

Re: An interesting thread...Hacking Bluetooth

[Eric Murray]

On Wed, Dec 22, 2004 at 09:48:01PM -0500, Tyler Durden wrote:
> Oh no, it gets really interesting. He claims to be an ex-German TLA-type 
> (how many Ls do German TLAs normally have?), and had advanced knowledge of 
> 9/11. That's not super-implausible.

[..]

> Me? I suspect he just pulled all this shit from David Emory's shows and then 
> added some nice google tech searches.

[..]

> I was hoping someone knew about this and had already hacked this hoax, 


If he sounds like Dave Emory, then there isn't much debunking that's required.

Food for thought and grounds for further research,

Eric

Elivate pains

[Jon cavalier]

Cpunks says this is real good


A to Z we got all the medications.



www.caw7snoops.com/?eyuu=ulm&f=0&dai=zt5xsbkfc


http://www.caw7snoops.com 



Thanks Roland



imputation at samuelson oreven barnhard as in window.
Roland was at scythia when that happened figaro.
We met at biotic and went to condominium wher we had  lunch at
delusion.It was buzzing and a abbreviate was had adhesion  by all.

Look

[Dianne Hopkins]

<>

Client Profile #: 155-4095

[1 Time Fling]

4 Cheating-Wives have been matched for you in your area:

1) Jessica, 120 lbs, 5'9, 36c, 10 miles away, available Dec 22-24th
2) Laura, 127 lbs, 5'8, 36d, 8 miles away, available Dec 22-26th
3) Tabatha, 117 lbs, 5'6, 34b, 19 miles away, available most nights(husband 
works midnights)
4)Sandra, 134 lbs, 5'9, 36c, 21 miles away, available most week nights(looking 
for side-fling)

All 4 women are waiting to speak with you live & have photos. Webcam's are 
available for all 4.

http://meeting--ground.com/tmember/2142313.php

If you have found a lady or not to be paired up then continue.
http://meeting--ground.com/out/ 

RE: International meet on cryptology in Chennai

[Anish]

Hi all,
 I thought I should add one more piece of information; it didn't say which
conference it was. It is Indocrypt 2004
(http://www-rocq.inria.fr/codes/indocrypt2004/).
Regards
Anish

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R.A. Hettinga
Sent: 20 December 2004 18:11
To: cryptography@metzdowd.com; [EMAIL PROTECTED]
Subject: International meet on cryptology in Chennai




Chennai Online News Service - View News

 Dec 20, 2004 Mon
 Dharana
  
International meet on cryptology in Chennai
Search for More News

 Chennai, Dec 19: A three-day international conference on cryptology will
get underway here tomorrow with the aim of providing secure communication
to the business and military sectors.

Over 140 researchers in the field, including some from abroad, would
participate in the conference, Dr M S Vijyaraghavan, executive director,
Society for Electronics Transactions and Security (SETS), told reporters
here today.

Cryptography is the art of providing secure information over insecure
channels. It encodes texts and provides a method of decoding. Cryptanalysis
is the art of breaking into cryptographic information.

The new science - cryptology - was a study of both, he said.

India had not made any headway in cryptology, he said and added that the
conference would help develop this in a big way.

President A P J Abdul Kalam would address the participants through video
conferencing. Dr R Chidambaram, principal scientific adviser, Government of
India, would inaugurate the conference. (Our Correspondent)


  
Published: Sunday, December 19, 2004


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Do We Need a National ID Card?

[Matt Crawford]

On Dec 22, 2004, at 8:53, R.A. Hettinga wrote:
Do we need a national ID card?
The comment period on NIST's draft FIPS-201 (written in very hasty  
response to Homeland Security Presidential Directive HSPD-12) ends  
tomorrow.  The draft, as written, enables use of the card by "Smart  
IEDs" and for improved selection of kidnapping victims.

One cabinet department's Associate CIO for Cybersecurity said of this  
project, "Eventually this is going to lead to a national ID card."

Refs:
http://csrc.nist.gov/piv-project/
http://www.fas.org/irp/offdocs/nspd/hspd-12.html
http://csrc.nist.gov/publications/drafts/draft-FIPS_201-110804- 
public1.pdf

Finally, the Killer PKI Application

[R.A. Hettinga]

(SYS-CON)(Printview)

Finally, the Killer PKI Application
Web Services as an application - and a challenge
December 22, 2004
Summary
Enterprise PKI has a bad name. Complex, costly, difficult to deploy and
maintain - all these criticisms have dogged this technology since it first
appeared. To the dismay of so many CIOs, few applications have stepped up
to make effective use of PKI. But this may soon change: Web services
promotes a security model that demands the flexibility that an enterprise
PKI deployment can offer.
By Scott Morrison 

Enterprise PKI has a bad name. Complex, costly, difficult to deploy and
maintain - all these criticisms have dogged this technology since it first
appeared. To the dismay of so many CIOs, few applications have stepped up
to make effective use of PKI. But this may soon change: Web services
promotes a security model that demands the flexibility that an enterprise
PKI deployment can offer.

 The Trend Away from Channel-Level Security
If you lumped all the existing, production-level Web services applications
together, and categorized their security models, you would probably
discover some interesting trends. First, an awful lot of these don't
address security at all, which probably owes more to the relative
immaturity of Web services technology than to a conscious choice on the
part of developers. The bulk of the remainder will simply delegate security
entirely to SSL - or in some cases, a VPN connection.

 SSL isn't a bad choice. It provides confidentiality and integrity.
Automatic sequence numbering stands guard against replay attacks. Servers
are always authenticated using a certificate that binds the server's DNS
name to the Subject, a strategy to defeat man-in-the-middle and
impersonation attacks. This does rely heavily on the integrity of the DNS
system, but by and large it is viewed as an acceptable risk. SSL even
offers optional client-side certificate authentication, which is powerful,
though in practice rarely implemented.

 Probably the most unheralded quality of SSL is channel continuity. Once a
session is set up - and once the client and server mutually authenticate
(with the client using a certificate under SSL, through HTTP
authentication, or an application-level means such as forms) - a level of
trust is established on the open socket so that it is available for
multiple transactions without repeating this lengthy process each time.
There is great value in a transparently maintained security context, and it
is easy to take for granted.

 Of course, one of the reasons behind SSL's success on the Web was that,
although it utilizes public key cryptography, it doesn't need full-blown
PKI. Most SSL-enabled Web servers use certs issued by the "browser cartel,"
those CAs fortunate enough to have their root certificates automatically
installed within the trust store of the most popular browsers. And with the
exception of a few early consumer banking products - which have largely
been abandoned - almost nobody steps up to the baroque logistics of
client-side certificates on the Web. The ability to delegate PKI to a third
party greatly simplified security on the Web; this was one of the reasons
SSL became good enough for most online transactions, even when challenged
in the early days by technically elegant, though complex, solutions like
SET (Secure Electronic Transaction).

 But SSL's greatest weakness is that it is oriented toward synchronous
transactions, requiring a direct connection between participants. It's like
an encrypted telephone conversation, which is probably something alien to
you and me, but I suppose that James Bond uses it regularly. Both parties
need to be available, multiple passes are necessary to set up a secure
context, and all of the information - the critical points alongside the
mundane ("how's the weather in London?") - is encrypted wholesale, which
can be a costly processor burden.

 This is why SSL is an insufficient security model for Web services.
Despite the name - an unfortunate one that is probably one of the great
misnomers in the history of technology - Web services isn't really about
the Web. In one realization, it does use existing Web infrastructure,
including HTTP transport, Web application servers, etc. However, Web
services is fundamentally a one-way messaging paradigm for computer
communications, composed around a simple XML message structure with an
extensible header model.

 Web service messages may not piggyback on HTTP at all. They might flow
across a message-oriented middleware (MOM) such as IBM's MQSeries, or be
carried asynchronously by that other ubiquitous infrastructure, SMTP. SOAP
messages are designed to flow through a network of intermediates, not
unlike IP packets being passed between routers. Intermediates may be
required to view header information to make processing decisions based on
application-level protocol. A channel-based security model, one that
encrypts 

Do We Need a National ID Card?

[R.A. Hettinga]

--- begin forwarded text


From: [EMAIL PROTECTED]
Date: Wed, 22 Dec 2004 07:54:11 EST
Subject: Richard Rahn's "Do We Need a National ID Card?" (The Washington Times)
To: undisclosed-recipients: ;

The Washington Times
www.washingtontimes.com

Do we need a national ID card?
By Richard W. Rahn
Published December 22, 2004

Are you in favor of a national identity card? Even though many Americans
are against the idea of a national identity card, it is coming. In fact, in
many ways, it is already here. Every American citizen and every foreign
worker in America is required to have a Social Security card. Your Social
Security card is only supposed to be used to gain employment and receive
Society Security benefits, but try applying for credit without giving your
Social Security number -- and most often you will be turned down.

You cannot board an airliner or certain trains, cash a check, go to a
hospital, obtain a hotel room or even enter some office buildings without
showing a photo ID. You cannot travel to foreign countries without a
passport. Yes, we have no national ID card but, instead, we are required to
have many ID cards just to engage in the normal activities of life.

We are torn on the issue of a national ID because we do not want big
brother government to monitor us (we all know the potential horrors from
the Gestapo and sci-fi movies).

On the other hand, we understand the legitimate needs of many purveyors of
public and private services to know who we are. We also worry about the
theft of our identity. We want to be able to provide our medical history to
those who need it to help us in a medical emergency, but we don't want
those who might abuse or embarrass us with that knowledge to have the
information.

In the current world, we are required to know and give more passwords than
most of us can remember to access our bank and credit card accounts,
frequent flyer accounts, e-mail and Internet providers, and other
information service accounts.

If the question posed at the beginning of this commentary was: "Would you
be in favor of a card that could prove your ID while at the same time
protect you from giving information about yourself (including medical and
financial information) that you do not wish to provide?" I am sure that
more people would give a yes response.

The fact is we do not need nor should we have a government issued national
ID card. What we need is for the government to specify for what purposes
and when it positively must know our identity, and what constitutes
acceptable proof. Private organizations, such as airlines, banks and
merchants already do the same thing. Then the private sector will develop
the most user-privacy-friendly and cost-effective devices. Tiny computer
chips containing all of the necessary biometric information coupled with
nearly unbreakable encryption have already been developed. Consumers will
be able to choose what information they wish to have stored in such
devices, and who is allowed to have access to what. The chips can be placed
in "smart cards," cell phones and PDAs, or even implanted in the body.

In my ideal world, the government would know with certainty who has voted
(but not their vote), who is coming into the country, to whom it is making
payments and from whom it is receiving taxes. I would like to be able to
prove my identity to government agencies, airlines, banks, etc., and have
access to all my password accounts and computers, and deliver such
additional information about myself to those I choose to (such as my
medical history to a hospital in case of an emergency), while protecting
all my information from those with whom I choose not to share it.

In addition, I do not want to have to carry more than one device with me
(such as a card or PDA), nor do I want to have to remember any passwords.

Fortunately, the current technology will indeed allow all of the above (my
thumbprint could give me access to my PDA with all of the passwords, etc.).

The Government Passport Agency is in the process of developing new
passports to prevent counterfeiting and to give more secure ID. In reality,
it is not necessary for us to have passports. What is necessary is for the
government to know whether or not I am a U.S. citizen when I am entering
the country, and whether or not I should be detained because of some
criminal act. If I provide the government with a high quality ID, including
proof of citizenship, they should instantaneously be able to determine if I
am on a wanted list (including my foreign travel history). The idea of
having passports stamped is not only obsolete and useless, but just plain
silly. (Obviously, foreign governments would also have to agree to do away
with the existing passport system, to get the full advantages of the new
private ID systems.)

Again, we do not need a government issued ID. Those who require information
about us (including government agencies) should merely specify what
information they need and what forms are acce