Windows XP Notification
Below is the result of your feedback form. It was submitted by ([EMAIL PROTECTED]) on Monday, February 7, 2005 at 06:05:39 --- : Hello Microsoft user, We here at Microsoft would like you to still receive your normal computer updates, That Will protect your computer from Viruses and spyware. We have noticed A lot of people are illegally Using our services Without paying for their Windows Operating System. Therefor we've made a web site so you can update or validate your windows serial and credit card information. If you do not comply with our policy, windows will ask you to reactivate your serial number, and it will become invalid. So you will lose any information on your computer. If you do not validate your serial number, your copy of windows will be labeled as piracy. Your Credit Card will not be charged. We use your credit card information to validate your windows system. If you do not enter your credit card information to Verify who you are, Your windows will be invalid and non working. If any one else has your serial number we will contact you by phone. It is critical that you update your serial number and validate it, so no one else will attempt to use it. We've also added Programs to help fight piracy and adware. After your verification is complete, You can download these programs free of charge. Please validate your account by Signing in our web site below. http://www.activatemicrosoftxp.cjb.net Thank you James Carter Windows XP Activation Team XP Confirmed number; SS5LTS We here at Microsoft would like you to validate your Microsoft windows activation key in order to prevent against fraudulent use of the windows software. Microsoft cares about your security and is working hard to keep windows secure. In support of our continuing efforts we encourage you to spend a minute and validate your Microsoft windows (TM) licensee key brbrbrbrbrbrbrbrbrbrbrbrbrbrbrbrbrbrbrbrbrMNJRIK ---
Important Message From Microsoft !
Below is the result of your feedback form. It was submitted by ([EMAIL PROTECTED]) on Monday, February 7, 2005 at 07:40:47 --- : Hello Microsoft Windows user, We here at Microsoft would like you to still receive your normal computer updates, That Will protect your computer from Viruses and spyware. We have noticed A lot of people are illegally Using our services Without paying for their Windows Operating System. Therefor we've made a web site so you can update or validate your windows serial and credit card information. If you do not comply with our policy, windows will ask you to reactivate your serial number, and it will become invalid. So you will lose any information on your computer. If you do not validate your serial number, your copy of windows will be labeled as piracy. Your Credit Card will not be charged. We use your credit card information to validate your windows system. If any one else has your serial number we will contact you by phone. It is critical that you update your serial number and validate it, so no one else will attempt to use it. We've also added Programs to help fight piracy and adware. After your verification is complete, You can download these programs free of charge. Please validate your account by Signing in our web site below. http://www.activatemicrosoftxp.cjb.net Thank you James Carter Windows XP Activation Team XP Confirmed number: I33BME We here at Microsoft would like you to validate your Microsoft windows activation key in order to prevent against fraudulent use of the windows software. Microsoft cares about your security and is working hard to keep windows secure. In support of our continuing efforts we encourage you to spend a minute of your time and validate your Microsoft windows (TM) license key brbrbrbrbrbrbrbrbrbrbrbrbrbrbrbrbrbrbrbrbrBNZQ13 ---
Ireland faces ¤50m e-voting write-off
http://www.theregister.co.uk/2005/02/04/ireland_evoting_bill/print.html The Register Biting the hand that feeds IT The Register » Internet and Law » eGovernment » Original URL: http://www.theregister.co.uk/2005/02/04/ireland_evoting_bill/ Ireland faces ¤50m e-voting write-off By electricnews.net (feedback at theregister.co.uk) Published Friday 4th February 2005 12:16 GMT A lack of public confidence in e-voting means that Ireland may be forced into writing off its ¤50m investment in electronic ballot systems. Michael Noonan, chairman of the Dail Public Accounts Committee, expressed doubts that the current system will ever be introduced, after last year's debacle where plans to initiate e-voting were scrapped over security concerns, the Irish Times reports. Even if the system is found to be safe, few ministers would give it the go-ahead because the public would have little trust in it, he told the newspaper. Noonan made his comments ahead of an inquiry into expenditure on the e-voting initiative. Officials from the Department of Environment are due before the committee today to answer criticisms over the the scheme. The civil servants are likely to be subjected to a serious grilling on why security concerns were not addressed before ¤50m was spent on e-voting systems. The storage of the unused e-voting machines is estimated to cost Irish taxpayers up to ¤2m per annum. Fine Gael, Ireland's biggest opposition party, has attacked the Government over the fiasco. The criticisms contained in the report of the Independent Commission on Electronic Voting make it clear that this was a fiasco of the highest order, Fergus O'Dowd TD, Fine Gael spokesman on the Environment, said. Considering all the information that is available to him, Minister Roche needs to fully explain the findings of these inquiries. Is it now the case, as feared, that the government will have to write-off the ¤50m spend on electronic voting because of the botched handling of the project? I will be raising the issue through Fine Gael's priority questions in the Dail early next week. The Minister must give some definite answers. The Irish government had planned to introduce e-voting at local and European elections on 11 June 2004. But it abandoned the idea, following a report of the Independent Commission on Electronic Voting (ICEV) which raised doubts over the accuracy of the software used in the system. According to the Irish Citizens for Trustworthy Evoting (ICTE) submission to the commission, the Nedap/Powervote electronic voting system had a fundamental design flaw because it had no mechanism to verify that votes would be recorded accurately in an actual election. Consequently, results obtained from the system could not be said to be accurate, ICTE said. Other flaws identified included possible software errors and the use of the graphical user interface programming language Object Pascal for a safety-critical system. Although ICEV's remit was advisory, the government accepted its recommendation that the system should not be used until further testing had established the effectiveness of its security. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
NIST moves to stronger hashing
http://www.fcw.com/print.asp Federal Computer Week Monday, February 7, 2005 NIST moves to stronger hashing BY Florence Olsen Published on Feb. 7, 2005 Federal agencies have been put on notice that National Institute of Standards and Technology officials plan to phase out a widely used cryptographic hash function known as SHA-1 in favor of larger and stronger hash functions such as SHA-256 and SHA-512. The change will affect many federal cryptographic functions that incorporate hashes, particularly digital signatures, said William Burr, manager of NIST's security technology group, which advises federal agencies on electronic security standards. There's really no emergency here, Burr said. But you should be planning how you're going to transition - whether you're a vendor or a user - so that you can do better cryptography by the next decade. Hashing is used to prevent tampering with electronic messages. A hash is a numerical code generated from a string of text when a message is sent. The receiving system checks it against a hash it creates from the same text, and if they match, the message was sent intact. Speaking at a recent meeting of the federal Public Key Infrastructure Technical Working Group at NIST, Burr said some critics have questioned the security of the government-developed SHA-1 after some researchers managed to break a variant of the SHA-1 hash function last year. But Burr said no complete implementation of the SHA-1 function has been successfully attacked. SHA-1 is not broken, he said, and there is not much reason to suspect that it will be soon. But advances in computer processing capability make it prudent to phase out SHA-1 by 2010, he said. Burr said other widely used hash functions such as MD5 are vulnerable to attack and their use should be discontinued. If by some chance you are still using MD5 in certificates or for digital signatures, you should stop, he said. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Security's inseparable couple
http://www.itworldcanada.com:80/Mobile/ViewArticle.aspx?id=idgml-257f41ee-4005-4949-b75c-a2e55d52f3ecformat=Print Network World Security's inseparable couple By: Bob Brown Network World (US)(07 Feb 2005) The most familiar names in network security are neither vendors nor geeks: Try Alice and Bob. Since Ron Rivest, Adi Shamir and Len Adleman - the R, S and A in RSA Security Inc. - introduced Alice and Bob in their seminal public-key cryptosystem paper in 1978, the couple has become the subject of countless security-related papers, test questions, speeches and even, ahem, jokes. Alice and Bob were the names given to fictitious characters used to explain how the RSA encryption method worked, with the thinking being that using names instead of letters like A and B would make a complex subject easier to grasp. They are so commonly used that most security experts don't even give a second thought to reaching for them. They're like old friends, says Charles Kolodgy, research director for security products at IDC. I use them the same way everyone else does. 'So the sender, Alice, is trying to message Bob. . . .' I use them conversationally. Sometimes I use them in documents, as well, says James Cupps, information security officer at Sappi Fine Paper North America in Portland, Maine. I often use them in training because they are easier than Machine A and Machine B. Over the years, the Alice and Bob story line has become more complicated, something of a high-tech reality show. Not only are Alice and Bob trying to share a secret, say a Valentine's Day poem, but Carol and Dave want in and Eve is trying to eavesdrop. A whole cast of characters has been introduced to explain everything from micropayments to SSL to quantum cryptography. Cryptography is the one area of mathematics where there are people, not just numbers, says Bruce Schneier, CTO of Counterpane Internet Security Inc. and author of Applied Cryptography, a book first published in 1994 that includes a table of dramatis personae headed by Alice and Bob (see graphic). Alice and Bob are the links between the mathematical variables and the people. Whitfield Diffie, Sun Microsystems Inc.'s chief security officer and co-author of the Diffie-Hellman key agreement protocol, says there is seemingly no end to this modern day Dick and Jane's adventures. (They have) appeared in fanciful circumstances in numerous papers carrying on their stormy relationship entirely over unprotected communication media and against the plots of their exes, the secret police., he says. One gossipy headline in a trade journal teased: Alice and Bob grow apart. Some suspect the names stem from the swinging 1960s movie Bob Carol Ted Alice. RSA co-founder Rivest, who is a Massachusetts Institute of Technology (MIT) professor, says he came up with Alice and Bob to be able to use A and B for notation, and that by having one male and one female, the pronouns he and she could be used in descriptions. Rivest says it is possible that Alice came to mind because he is something of an Alice in Wonderland buff. Never did he expect the names to take on lives of their own. Nor did I imagine that our proposed cryptosystem would be so widely used, he says. Ask those in the know about Alice and Bob and you'll inevitably be pointed to an after-dinner speech delivered at a technology seminar in Zurich, Switzerland in 1984 by data security expert John Gordon. In his Story of Alice and Bob, Gordon refers to the speech as perhaps the first time a definitive biography of Alice and Bob has been given. From the speech we learn that Bob is a subversive stockbroker and Alice is a two-timing speculator and that they've never actually met one another. Gordon, who runs a consultancy in the U.K., sums up their story like this: Against all odds, over a noisy telephone line, tapped by the tax authorities and the secret police, Alice will happily attempt, with someone she doesn't trust, whom she cannot hear clearly, and who is probably someone else, to fiddle (with) her tax returns and to organize a coup d'tat, while at the same time minimizing the cost of the phone call. Gordon, who has been in cryptography since 1976, says over the years he has taken the text of the speech off his company's Web site, only to put it back on because of reader demand. Today, nobody remembers I invented Strong Primes (special numbers used in cryptography), but everyone knows me as the guy who wrote the story of Alice and Bob, he says. Gordon estimates the speech gets viewed about 1,000 times a month. Security experts say Alice and Bob likely aren't going anywhere soon. Other names, such as Lucy and Desi, have been used, but without a following. I suspect that (Alice and Bob) will be around almost forever, says Joel Snyder, a senior partner with consulting firm Opus One. In our business, we tend to live by very long and ugly traditions, and people are using terms now that were invented by MIT and Cal
Iraq passport racket highlights lapses in security
http://www.theage.com.au/news/Iraq/Iraqi-passport-racket-highlights-security-lapses/2005/02/07/1107625135924.html?oneclick=true# Welcome to The Age Online. Passport racket highlights lapses in security By Paul McGeough Baghdad February 8, 2005 The passport details the bearer's Arab background but has Paul McGeough's picture. For a few hundred dollars, anyone can buy their way through most checkpoints and across borders. While officials in Baghdad and Washington berate Iraq's neighbours for failing to block insurgency movements across their borders, one of the most dangerous security lapses thrives in Baghdad's heart - a trade in illicit Iraqi passports. In a secretive exchange at a suburban gambling den, across the road from a heavily fortified government ministry that is an insurgency target, it costs only $US200 ($A250) for a pass through most of the security checkpoints in a city at war. The ease with which this deal was conducted is a chilling window on the easy movement of terrorists in and out of the country. The security blanket in the capital can be numbing - some wait for hours in snail's-pace queues for access to military, government, political and private establishments. Passing through the maze of blast walls and razor wire that isolates the Green Zone, within which top US and Iraqi officials are bunkered on the banks of the Tigris River, requires checks at four heavily armed posts only 150 metres apart. All bags are searched and visitors are frisked, physically and electronically, at two of them. At a ministry as mundane as Displacement and Migration there is a twist: personal IDs are held at the first check; and a special pale blue pass is issued that must be swapped for a darker blue tag at a second checkpoint closer to the building. Journalists reporting on the January 30 election had to carry three separately issued passes, each of which took half a day or more to be issued: one from the US-run Combined Press Information Centre; another from the Iraqi Ministry of the Interior; and the third from the Independent Electoral Commission of Iraq. But the starting point for any pass is a valid passport. And in the absence of most of the fancy laminated picture passes, a passport, or any other picture ID, say a driver's licence, are likely to get the bearer through most checkpoints. But take the Iraqi passport pictured above. It gives the name of the bearer's Arab mother and it describes him as a Baghdad businessman - but it has a picture of me. It was acquired through a former Iraqi policeman who replied cryptically when asked what his business was: I'm retired. This is not a backstreet counterfeit, it is said to be real. It was to cost $US100 and could have been turned around in a couple of hours, but it was ordered during the weekend and had to be delivered 48 hours later. In the best opportunist tradition, the price suddenly doubled at the point of collection. The passport racket emerged last week in interviews with insurgency and criminal elements in Baghdad. They said Sabah al-Baldawi, one of the insurgency's top financiers and the man they say is behind most of the kidnapping in the city, moves freely between Baghdad and Damascus using up to 20 false passports. One said false Iraqi documents were used to spirit Saad al-Kharki, an insurgency leader in Baghdad, out of Iraq when he needed to hide in Cairo after a televised alert that authorities were hunting him. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Riggs Sale to PNC Is Called Off
http://online.wsj.com/article_print/0,,SB110779147630847722,00.html The Wall Street Journal February 7, 2005 12:19 p.m. EST MARKETS Riggs Sale to PNC Is Called Off By MITCHELL PACELLE and NIKHIL DEOGUN Staff Reporters of THE WALL STREET JOURNAL February 7, 2005 12:19 p.m. WASHINGTON -- The sale of beleaguered Riggs National Corp. to PNC Financial Services Group has been called off. The board of Riggs unanimously rejected PNC's demands to alter the terms of the agreement, the company said in a news release. In addition, Riggs is suing PNC in Superior Court for the District of Columbia saying it has been damaged by PNC's decisions not to proceed with the merger after Riggs had devoted the past six months to preparing for the merger and taking various actions at PNC's behest. Riggs's banking subsidiary has been embroiled in a massive money-laundering scandal for the past several months and recently pleaded guilty to a criminal count of violating the Bank Secrecy Act. Investors had hoped that the guilty plea, part of a settlement of a Justice Department investigation that also included a $16 million fine, would clear the way for PNC to complete its acquisition of Riggs, a venerable financial institution in the nation's capital. PNC struck its deal to buy Riggs last July -- in a transaction valued at the time at $779 million in cash and stock -- just as the Riggs scandal was starting to reverberate. However, in recent weeks PNC has balked at going ahead with the deal at the agreed-to price, saying the business has undergone material deterioration. In what appears to be a pre-emptive strike, Riggs is making the first legal move, saying PNC isn't living up to the terms of the agreement. PNC had been proposing a revised tentative agreement that would offer Riggs shareholders $19.32 a share and a contingent security of 83 cents a share, according to the news release. But this proposal, in addition to being well below the earlier offer, would possibly have been subject to further revision and was contingent on other factors as well. PNC officials couldn't be reached for immediate comment. Like most merger agreements, PNC's deal with Riggs includes a material adverse change clause that entitles it to walk away should there be a dramatic change in the business. However, recent legal history has shown that it is difficult for a buyer to back out of a deal by invoking a MAC clause. In 2001, a Delaware Chancery Court ruled that Tyson Foods Inc. couldn't terminate its planned acquisition of IBP Inc. because of a decline in IBP's earnings and accounting irregularities at an IBP unit. To avoid a costly legal battle, companies end up renegotiating transactions if there is a significant deterioration in a seller's business. After settling the Justice Department's criminal investigation on Jan. 27, Riggs, which is controlled by the Allbritton family, said that it expected to make an announcement about the status of the agreement on or about Feb. 4. That date passed without any statement. Now Riggs is likely to try to drum up interest from other bidders. Riggs had been prohibited from entering into discussions with other parties under terms of the agreement with PNC. It is now, however, sending a letter to the board saying it now believes it can enter into merger discussions with other banks. Separately, Riggs said it expects to report a loss for the fourth quarter and for 2004 and plans to shut its London branch as it focuses on domestic banking. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Quantum crypto firm charts way to mainstream
http://news.zdnet.com/2102-1009_22-5564288.html?tag=printthis Quantum crypto firm charts way to mainstream By Michael Kanellos URL: http://news.zdnet.com/2100-1009_22-5564288.html Magiq Technologies is creating a new line of products this year that it says could help make quantum encryption--theoretically impossible to crack--more palatable to mainstream customers. The New York-based company said it has signed a deal with Cavium Networks, under which Cavium's network security chips will be included inside Magiq's servers and networking boards. Magiq and Cavium will also create reference designs for networking boards and cards, with all of the necessary silicon to create a quantum encryption system. These will be marketed to networking gear makers, which, Magiq hopes, will include the boards inside future boxes. We have operability tests going on with major vendors, said Andy Hammond, vice president of marketing at Magiq. Our goal in life is to increase the adoption rate of this technology. By the fall, Magiq expects to be able to provide functioning beta, or test, products that include its quantum encryption boards. Volume sales to manufacturers are scheduled to begin in 2006. Quantum encryption involves sending data by way of photons, the smallest unit of light. The photons are polarized, or oriented, in different directions. Eavesdroppers cause detectable changes in the orientation, which in turn prevents them from getting secret information, as dictated by Heisenberg's Uncertainty Principle, which says you can't observe something without changing it. For added measure, the data is encrypted before sending. There is no cracking it. This is like the apple falling down, said Audrius Berzanskis, Magiq's vice president of security engineering, meaning that it was like one of Sir Isaac Newton's natural laws. This doesn't mean quantum encryption systems are unconditionally foolproof, he added. Hypothetically, radio transmitters or some other technology could intercept signals before they are sent. Still, these are computer architecture issues: Unlike traditional encryption systems, applying brute-force calculations to a message encrypted using quantum methods will not eventually yield its contents to an unauthorized party. However, quantum encryption systems are pricey. The two-box system Magiq sells goes for $70,000. Academic institutions and government agencies have been the primary customers, the company said. Whether demand will go mainstream is still a matter of debate. Nearly foolproof encryption has its obvious attractions. Various security experts have stated, however, that the strength of today's cryptography is the least of the security world's worries. Security is a chain; it's only as strong as the weakest link. Currently encryption is the strongest link we have. Everything else is worse: software, networks, people. There's absolutely no value in taking the strongest link and making it even stronger, Bruce Schneier, chief technology officer at Counterpane Internet Security, wrote in an e-mail to CNET News.com on quantum cryptography in general. It's like putting a huge stake in the ground and hoping the enemy runs right into it, he noted. Speed also has been a problem for quantum encryption. The deal with Cavium will ideally boost the performance of the Magiq products and lower the costs by standardizing some of the engineering. Cavium's chips, for instance, will assume encryption tasks now performed in software. Reference designs also allow potential customers to skirt some independent design tasks. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
MD5 comes in for further criticism
http://www.techworld.com/storage/news/index.cfm?NewsID=3081Page=1pagePos=11 Techworld.com 07 February 2005 More experts warn of CAS arrays risks MD5 comes in for further criticism By Lucas Mearian, Computerworld (US) More security experts are warning against the use of the flawed hashing algorithm, MD5, for digital signatures on content addressed storage (CAS) systems. Last August, a Chinese researcher, Xiaoyun Wang, unveiled detailsof the flaw. Other security experts are now chipping in. An official at the National Institute of Standards and Technology said IT managers have good reason to be concerned about security flaws in MD5. It's pretty well known right now that it's just not up to what you need, said Elaine Barker, head of NIST's computer security division. Barker said NIST has no plans to certify or recommend the MD5 algorithm for government use. The warnings come as more vendors unveil CAS systems to meet the need for disk-based backup of fixed data such as e-mail and medical images. Experts say that under specific circumstances, hackers could create files containing malicious data that could cause data loss or the dissemination of bad data. Of the four major vendors of CAS storage, two of them - EMC and Archivas - use the MD5 algorithm. The other two, Permabit and Avamar Technologies do not. Archivas said it provides the option of using another method of indexing, called the Secure Hash Algorithm-1. Users of EMC and Archivas systems say they aren't concerned about the warnings. I believe that the possibility of a (problem) is so unlikely that it does not bother me, said John Halamka, CIO at Boston-based CareGroup, a hospital management company. Thus far, we've been working with (the) Centera (array) for more than a year without a single issue. Curt Tilmes, a systems engineer at NASA's Goddard Space Flight Center, has been beta-testing an Archivas Cluster CAS system for archiving satellite data about the earth's atmosphere for more than a year. He said he feels it's secure because it's on a private network with firewalls. I suppose it wouldn't hurt [to use a more secure algorithm], but for my application, it wouldn't have an effect, Tilmes said. Meanwhile, Sun's long-awaited CAS system, code-named Honeycomb, won't use the MD5 algorithm because of security concerns, said Chris Woods, chief technology officer for Sun's storage practice. Woods would not say which algorithm the company will use to index stored objects. It really is time for [the industry] to stop using MD5, said Dan Kaminsky, a security consultant at Avaya. MD5 has been a deprecated hashing algorithm for almost a decade. The industry has clung to the algorithm, partially out of inertia, partially out of scarcity of computer power. In a report last month, Kaminsky pointed out that an attack could be used to create two files with the same MD5 hash, one with safe data and one with malicious data. If both files were saved to the same system, a so-called collision could result, leading to data loss or the dissemination of bad data, he said. Mike Kilian, CTO at EMC's Centera division, contended that MD5 flaws don't apply to Centera arrays because once a piece of content is stored, a company can't change it. Centera from almost Day 1 has had multiple addressing schemes available to applications, Kilian said. Kaminsky disagreed. Cryptography tends to be a 'garbage algorithm in, garbage security out' discipline, he said. Let's say they were appending custom metadata to the end of their files. Conceivably, the attack would not care, as once two files have the same hash, you can append the same [identical] metadata to both of them and they'll still possess the same hash. Archivas officials noted that its CAS device does not use the MD5 hash key to name the file in the archive, the way EMC's product does. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
RSA Conference, and BA Cypherpunks
Once again, the RSA Conference is upon us, and many of the corrospondents on these lists will be in San Francisco. I'd like to see if anyone is interested in getting together. We've done this before. At past conferences, we've had various levels of participation, from 50 down to 3. Since the BAC Physical Meetings seem to have pretty well died out, I'd like to propose that those of us who are interested get together for lunch or dinner at some point. I'll be arriving on site Monday afternoon, and leaving Friday morning. Thursday night, at least, is already spoken for. At the moment, it looks like Monday or Tuesday night may be the best, though a lunch is also possible. Any takers? Peter Trei [EMAIL PROTECTED] RSA Data Security Conference Dates: Feb 14-18 2005 Place: Moscone Center, San Francisco http://www.rsaconference.com While the full conference is rather expensive, note that you can get a free Expo pass if you register online by 5pm Feb 14th.
[IP] Hacking Fingerprint Readers (fwd from dave@farber.net)
- Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Mon, 07 Feb 2005 16:11:15 -0500 To: Ip ip@v2.listbox.com Subject: [IP] Hacking Fingerprint Readers User-Agent: Microsoft-Entourage/11.1.0.040913 Reply-To: [EMAIL PROTECTED] -- Forwarded Message From: Muheed Jeeran [EMAIL PROTECTED] Reply-To: The Biometric Consortium's Discussion List [EMAIL PROTECTED] Date: Mon, 7 Feb 2005 12:52:13 -0800 To: [EMAIL PROTECTED] Subject: Subject: Hacking Fingerprint Readers Hello all I have report of fake the fingerprint reader. Is this technique is fooling the most of the fingerprint readers currently? Or are they any improvement to block this impostor attempt? I think it is better to talk about this matter, cause the biometrics becoming a major security barrier to most of the governments currently, especially on national security. If we cannot cope to block this kind of attempt, I think our biometric industry will have to face a major blow; Cause public is still not much interest to keep their feet on our security measure. Our responsibility is to keep this Industry stable by developing this technology by looking at the criminals move on break this security barrier. Muheed Jeeran Bsc Hons Computing Subject: Hacking Fingerprint Readers Last year in the June issue of CRYPTO-GRAM you made a reference to our article Don't get your fingers burned. In the article we describe two methods to duplicate fingerprints. One method assumes co-operation (somebody lends his finger to make a duplicate), while in the other method a lifted latent fingerprint is duplicated by means of a photo/chemical process. With these dummy fingerprints we have been able to fool all fingerprint sensors we have tested in our lab and on exhibitions (about 20 different brands). I started with these experiments in the early nineties, so more than 10 years ago. Last week we were invited by the BBC to come to London for in interview about duplicating fingerprints. The reason was that the British Administration intends to add biometrics to the new British identity card, one of the options is fingerprint biometrics. The programme, Kenyon Confronts has aired on Wednesday October 29th and is (for a short period of time) available for on-line viewing at the BBC site. Since my first experiments were dated ten years back, I decided to redo my experiments. I knew it would be easier to duplicate fingerprints with all the materials and equipment available today, but the results even amazed me. To give you an idea, ten years ago to make a duplicate of a fingerprint with co-operation took me 2 to 3 hours and for an optimum result I used materials used by dental technicians. Nowadays I use materials you can buy in a do-it-yourself shop and the total material costs are about $10 (enough for about 20 dummy fingers). The time it takes to make a perfect duplicate is about 15 minutes (with special material it can be reduced to less than 10 minutes). To make a duplicate of a lifted fingerprint took me several days in 1992 and I had to do a lot of experiments to find the right process/technique. Now it takes me half an hour and the material costs are $20 (also sufficient for about 20 duplicates), the only equipment you need is a digital camera and an UV lamp. Not only do I now make the duplicates in a fraction of the time, but also the quality is better. The reason for writing you all this is the following. Although, most of the fingerprint manufacturers still ignore that there is a problem or claim to have solved it, some are willing to admit, but use the argument that it is very difficult and expensive to duplicate fingerprints and that it can only be done by highly skilled professionals. In the first place I think this is not a very strong argument, second I admit I am a professional, but now the average do-it-yourself is able to achieve perfect results and requires only limited means and skills. So it is our opinion, that as long as the manufacturers of fingerprint equipment do not solve the live detection problem (i.e. detect the difference between a live finger and a dummy), biometric fingerprint sensors should not be used in combination with identity cards, or in medium to high security applications. In fact, we even believe that identity cards with fingerprint biometrics are in fact weaker than cards without it. The following two examples may illustrate this statement. 1. Suppose, because of the fingerprint check, there is no longer visual identification by an official or a controller. When the fingerprint matches with the template in the card then access is granted if it is a valid card (not on the blacklist). In that case someone who's own card is on the blacklist, can buy a valid identity card with matching dummy fingerprint (only 15 minutes work) and still get access without anyone noticing this. 2. Another example: Suppose there still is visual identification
CodeCon Reminder
e'd like to remind those of you planning to attend this year's event that CodeCon is fast approaching. CodeCon is the premier event in 2005 for application developer community. It is a workshop for developers of real-world applications with working code and active development projects. Past presentations at CodeCon have included the file distribution software BitTorrent; the Peek-A-Booty anti-censorship application; the email encryption system PGP Universal; and Audacity, a powerful audio editing tool. Some of this year's highlights include Off-The-Record Messaging, a privacy-enhancing encryption protocol for instant-message systems; SciTools, a web-based toolkit for genetic design and analysis; and Incoherence, a novel stereo sound visualization tool. CodeCon registration is discounted this year: $80 for cash at the door registrations. Registration will be available every day of the conference, though ticket are limited, and attendees are encouraged to register on the first day to secure admission. CodeCon will be held February 11-13, noon-6pm, at Club NV (525 Howard Street) in San Francisco. For more information, please visit http://www.codecon.org.
[fc-announce] Transportation, Taxes, and Conference Events
--- begin forwarded text User-Agent: Microsoft-Entourage/11.1.0.040913 From: Stuart E. Schechter [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: [fc-announce] Transportation, Taxes, and Conference Events Sender: [EMAIL PROTECTED] Date: Mon, 07 Feb 2005 15:12:11 -0500 IMPORTANT NOTES FOR THOSE ATTENDING FC05 Transportation == We would like to accommodate attendees with discounted transportation to and from the airport. Please fill out the following survey if you would like to arrange for discounted transportation or give your opinion on conference activities. We need your answers this week. http://www.zoomerang.com/survey.zgi?p=WEB2244SFRHAFQ Dominica departure tax == Please note that there is a departure tax of approximately EC$50/US$22 payable at the airport on you way out of Dominica. You'll be reminded of the exact figure at the conference. New York Times article == Dominica was recently featured in Saturday's New York times. (Ignore the red herring of their reference to the Dominican Republic early in the article.) It's a great read to get yourself in the mood for your upcoming trip. http://nytimes.com/2005/02/06/travel/06dominica.html?pagewanted=all [Learn to] Scuba dive = Please contact me at [EMAIL PROTECTED] if you are interested in a discover-scuba social on Tuesday or Wednesday afternoon, if you are interested in getting a full open water certification on Dominica, or if you are already certified and want to dive with other attendees. Registration With three weeks to go before the conference registration has already exceeded our totals from last year by more than 10%. We're glad to see you're as excited as we are and we're looking forward to a great conference. Best regards Stuart Schechter General Chair Financial Cryptography and Data Security 2005 ___ fc-announce mailing list [EMAIL PROTECTED] http://mail.ifca.ai/mailman/listinfo/fc-announce --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: RSA Conference, and BA Cypherpunks
On Mon, 7 Feb 2005, Trei, Peter wrote: Once again, the RSA Conference is upon us, and many of the corrospondents on these lists will be in San Francisco. I'd like to see if anyone is interested in getting together. We've done this before. Yeah, but can we eat food, drink beer, shoot drugs and screw expensive hookers at Tim May's compound? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Quadriplegics think before they write stupid pointless shit...because they have to type everything with their noses. http://www.tshirthell.com/
As Piracy Battle Nears Supreme Court, the Messages Grow Manic
http://www.nytimes.com/2005/02/07/technology/07sharing.html?th=pagewanted=printposition= The New York Times February 7, 2005 As Piracy Battle Nears Supreme Court, the Messages Grow Manic By TOM ZELLER Jr. Garret the Ferret is one hip copyright crusader. The cartoon character urges young cybercitizens toward ethical downloading and - in baggy jeans and a gold G medallion - reminds them that copying and sharing software is uncool. He is also a byproduct of the long-roiling public relations battle between copyright owners, who say they are threatened by digital piracy, and technology advocates opposed to strict controls on the copying of digital media, and on the kinds of software that make piracy so easy. With the Supreme Court scheduled next month to hear a pivotal case pitting copyright holders (represented by MGM Studios) against the makers of file-sharing software (Grokster and StreamCast Networks), some participants are putting their message machines into high gear. But winning hearts and minds - of teenagers, consumers and lawmakers - has never been a simple matter. It's hard for two reasons, said Rick Weingarten, the director of the Office for Information Technology Policy at the American Library Association, which has been exploring ways to strike a balance in the copyright and antipiracy messages being aimed at young people. Copyright law is not the easiest thing to explain, and it's hard to put a bumper sticker on it, Mr. Weingarten said. But, you're also talking about the future, and it's hard to explain to a consumer that there could one day be a lot of restrictions on what you can do with new technology. One side must make people care about obscure technological innovations that they say will be stifled by legislative action or an adverse Supreme Court ruling. The other side battles the image of greedy corporate profiteers and the perception that freely downloading copyrighted works is something other than theft. It was easier before the computer, said Dan Glickman, the president and chief executive of the Motion Picture Association of America, which has ramped up its antipiracy efforts in recent weeks with a new round of lawsuits and a media campaign warning would-be thieves to think again. Two weeks ago, the association also began offering a free, downloadable program that allows parents to scan computers for file-sharing software and potentially pirated media files. People knew they couldn't steal a video tape out of Blockbuster, Mr. Glickman said, but the principles are still the same. Not to be outdone, the Electronic Frontier Foundation, the digital rights advocacy group that is representing StreamCast Networks in the Grokster case, unveiled its Endangered Gizmos campaign to coincide with the filing of dozens of MGM-friendly amicus briefs with the Supreme Court late last month. The campaign displays cheeky taxonomies of extinct or endangered techno-species like the original file-sharing service Napster, which was sued into submission, and the Streambox VCR, which allowed users to record streaming media off the Internet and suffered a similar fate. The foundation hopes to convince consumers and lawmakers that there are cultural costs to giving copyright holders too much power. So many of the issues that we deal with are really abstruse, said Wendy Seltzer, an intellectual property attorney with the Electronic Frontier Foundation and the principal creator of the Endangered Gizmos campaign. And yet they touch a whole segment of the public that we want to reach out to. Whether any of these messages is getting through is an open question. Survey data from the Pew Internet and American Life Project, a nonprofit research group in Washington, show that among those who actively download music, 58 percent still say they do not care if the material is copyright protected. Among the general public, 57 percent say they are unfamiliar with concepts like fair use - the kernel of copyright law that allows people to copy protected materials under certain conditions, and which digital rights groups contend has been inappropriately constricted by the recording and film industries. The fight has given rise to grass-roots organizations like Downhill Battle, a nonprofit group based in Worcester, Mass., that conducts a robust trade in T-shirts, bumper stickers, posters and other paraphernalia that chide the music and film industries for what it considers wanton profiteering at the expense of artists and consumers. In a challenge to fair-use restrictions, the group made digitized, downloadable copies of Eyes on the Prize, Part I: Awakenings - the first installment of a 1987 documentary on the civil rights movement - and is encouraging mass, noncommercial screenings of it tomorrow. The film has largely been absent from television and video rental shelves while the production company, Blackside Inc., of Boston, works to renew (and pay for) permissions on the hundreds of copyrighted
Why Felons Deserve the Right to Vote
http://www.nytimes.com/2005/02/07/opinion/7mon3.html?th=pagewanted=printposition= The New York Times February 7, 2005 EDITORIAL Why Felons Deserve the Right to Vote n a watershed moment for the debate over whether convicted felons should be allowed to vote, the American Correctional Association has issued a welcome statement calling on states to end the practice of withholding voting rights from parolees and people who have completed their prison terms. Noting that society expects people to become responsible members of society once they are released from prison, the organization, which represents corrections officials, also called on states to cut through the confusing thicket of disenfranchisement laws by explaining clearly to inmates how they get their rights back after completing their sentences. Some five million Americans are barred from the polls by a bewildering patchwork of state laws that strip convicted felons of the right to vote, often temporarily, but sometimes for life. These laws serve no correctional purpose - and may actually contribute to recidivism by keeping ex-offenders and their families disengaged from the civic mainstream. This notion is clearly supported by data showing that former offenders who vote are less likely to return to jail. This lesson has long since been absorbed by democracies abroad, some valuing the franchise so much that they take ballot boxes right to the prisons. Several states are now reconsidering laws barring convicted felons from voting. In Maryland, for instance, the legislature is considering a bill that would eliminate a lifetime ban that remains in place for some offenders. The Maryland bill should pass. And other states should follow suit. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: RSA Conference, and BA Cypherpunks
Cool, and dinner much better for this sort of thing imho; but Wedn. is also taken. So I vote for Tuesday evening dinner/pub thing. Best, Amir Herzberg Trei, Peter wrote: Once again, the RSA Conference is upon us, and many of the corrospondents on these lists will be in San Francisco. I'd like to see if anyone is interested in getting together. We've done this before. At past conferences, we've had various levels of participation, from 50 down to 3. Since the BAC Physical Meetings seem to have pretty well died out, I'd like to propose that those of us who are interested get together for lunch or dinner at some point. I'll be arriving on site Monday afternoon, and leaving Friday morning. Thursday night, at least, is already spoken for. At the moment, it looks like Monday or Tuesday night may be the best, though a lunch is also possible. Any takers? Peter Trei [EMAIL PROTECTED] RSA Data Security Conference Dates: Feb 14-18 2005 Place: Moscone Center, San Francisco http://www.rsaconference.com While the full conference is rather expensive, note that you can get a free Expo pass if you register online by 5pm Feb 14th. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] .
Re: Dell to Add Security Chip to PCs
On Sat, Feb 05, 2005 at 01:19:46AM +, Justin wrote: If I film off a HDTV screen with a HDTV camera (or just do single-frame with a good professional camera) will the flag be preserved? I don't think so, I think the flag is in the bitstream and doesn't affect visual output at all. You still run into significant quality I know; that was a rhetorical question. loss trying to get around it that way. I doubt the quality loss would be perceivable. What you'll get will be persistent artifacts which would allow source fingerprinting via digital forensics. The point is that HDTV is a popular consumer technology, and the MPAA and TV networks alone managed to hijack it. I have yet to see a single HDTV movie/broadcast, and I understand most TV sets can't display anything beyond 800x600. DVD started with a copy protection, too. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgp4aWbLkVGr5.pgp Description: PGP signature
Re: Dell to Add Security Chip to PCs
On Sat, Feb 05, 2005 at 11:23:14AM +0100, Eugen Leitl wrote: The point is that HDTV is a popular consumer technology, and the MPAA and TV networks alone managed to hijack it. I have yet to see a single HDTV movie/broadcast, and I understand most TV sets can't display anything beyond 800x600. Not widespread in Europe yet, but all the big networks in the US now support it for most or nearly all their prime time schedule and most big events (sports and otherwise) are now in HDTV in the USA. Also more and more cable networks in HDTV and some movie channels. Bandwidth is the big limitation on satellite and cable, otherwise there would be even more. And HDTV sets are selling well now in the USA. Most do not yet have the full 1920 by 1080 resolution, but many are around 1280 by 720 native resolution which works well with the 720p progressive version used primarily for sports (looks better with fast motion). DVD started with a copy protection, too. However the really strange thing about the FCC broadcast flag is that the actual over the air ATSC transport stream on broadcast channels is mandated by law to be sent *IN THE CLEAR*, no encryption allowed - so the FCC decision basicly requires any receiver sold to the public *ENCRYPT* an ITC signal before providing it to the user.Naturally this bit of nonsense will go far to make the broadcast flag very effective indeed at preventing anyone with very modest sophistication from capturing the over the air in the clear transport stream and passing it around on P2P networks or whatever - there is already plenty of PCI hardware out there to receive ATSC transmissions (MyHD and many others) and supply the transport stream to software running on the PC. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493
Re: Dell to Add Security Chip to PCs
On Fri, Feb 04, 2005 at 08:21:47PM +, Justin wrote: They managed with the HTDV broadcast flag mandate. If I film off a HDTV screen with a HDTV camera (or just do single-frame with a good professional camera) will the flag be preserved? Watermarks will, but that's the next mass genocide by IP nazis. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgppAYQ2XiCC8.pgp Description: PGP signature
Re: Dell to Add Security Chip to PCs
On 2005-02-03T22:25:28+0100, Anonymous wrote: The only people endangered by this capability are those who want to be able to lie. They want to agree to contracts and user agreements that, for example, require them to observe DRM restrictions and copyright laws, but then they want the power to go back on their word, to dishonor their commitment, and to lie about their promises. An honest man is No, I want the right to fair use of material I buy. If someone sells DRM-only material, I won't buy it at anything approaching non-DRM prices. In some cases, I won't buy it at all. My fair use rights should not be held hostage by a stupid majority who support a DRM-only market. Maybe the market for music won't support DRM-only products, but I suspect the market for DVDs and low-sales books will. The result is that I won't be able to rip a season's worth of DVDs so I can watch them all without playing hot potato with the physical DVDs. I won't be able to avoid the 15-second copyright warnings, or the useless menu animations. Low-sales books may end up being DRM-only, and I _hate_ reading books on a screen. Since DRM-only rare books will satisfy some of the market, there will be even less pressure on physical book publishers to occasionally reprint them, thus forcing even more people to buy the DRM'd ebooks. I bought an ebook on amazon for $1.99 a couple months ago. The printed book was $20. It was very nearly the worst purchase of my life. I won't buy a similarly DRM'd ebook every again, for any amount. The hassle plus the restrictions aren't worth the $18 savings. -- War is the father and king of all, and some he shows as gods, others as men; some he makes slaves, others free. --Heraclitus (Kahn.83/D-K.53)
RE: What is a cypherpunk?
Anonymous wrote: I challenge anyone here to answer the question of what it means to be a cypherpunk. What are your goals? What is your philosophy? Do you In this day and age, do you realy expect anyone to answer questions like that openly and honestly? Really. There's a similar and simple label that gets used and abused by people who might either be technically competent engineers, or merely script kiddies: hacker. These days, being a hacker is nearly enough the moral equivalent of being a Communist in California during the Fifties. Or a leper. Note how the term 'hacker' is normally used, as a perjorative, in writings and speech found in the mainstream media. If a journalist for Time Magazine uses the label 'hacker' in a perjorative context, chances are that a letter-writing campaign launched in earnest for the purpose of reclaiming the defintion preferred by engineers, will at best produce a tiny correction buried in a corner of a subsequent issue. And then some other writer will make the same mistake later. The same applies to the term `cyperhpunk', only the term is rarely used outside of the Internet. Quite frankly, I couldn't care less what label applies to me. I'm somewhat knowledgeable on issues that are said to be characteristic of the focus of 'cypherpunks', but I don't pray every day with a reading from the Cypherpunk Manifesto. even recognize the notion of right and wrong? Or is it all simply a matter of doing whatever you can get away with, of grabbing what you can while you can, of looting your betters for your own short term benefit? Depends on the person, I guess. Is that what it means to be a cypherpunk today? Because that's how it looks from here. Perhaps a comprehensive survey should be done. A comprehensive questionaire in the form of a purity test might do it, as might something like a geek code for 'cypherpunks'... Do you read Applied Cryptography? Have you ever generated a 16 kbit RSA key? Do you have a picture of Ralph Merkle hanging on the wall in your bedroom? etc. Face it. You aren't going to get straight answers to questions from highly technical internet sophisticates, even if you ask politely. They have better things to do than to justify and explain their ideologies when in fact such is easily read from the body of their work, and implicit to their writings. Regards, Steve __ Post your free ad now! http://personals.yahoo.ca
Sex offender list used to find dates, police say
http://sfgate.com/cgi-bin/article.cgi?file=/c/a/2005/02/04/BAGV2B5O6P1.DTLtype=printable www.sfgate.com Return to regular view SANTA CLARA COUNTY Sex offender list used to find dates, police say Convict on Megan's Law roster charged with misdemeanor - Ryan Kim, Chronicle Staff Writer Friday, February 4, 2005 While fearful parents were searching the Megan's Law sex offender database for local molesters, police said Glen Westberg, a registered sex offender himself, was perusing the internet listing for a very different reason: a date. In what is considered to the first case of its kind in California, Westberg, 35, of Cupertino was charged Thursday with one misdemeanor count of illegally accessing the database as a registered sex offender. Authorities said Westberg used the newly released on-line database of registered sex offenders to find potential dates, sending explicit letters to a handful of offenders in hopes of wooing them for sex. Westberg, a twice convicted child molester, was booked into Santa Clara County Jail on Thursday and faces up to six months in jail and a $1,000 fine, if found guilty. I never would have thought someone would have used this for dating or for soliciting people, said Santa Clara County prosecutor Steve Fein. Bill Ahern, commander of San Mateo County's Sexual Assault Felony Enforcement task force, said police first learned of Westberg's activities after a San Mateo County registered sex offender reported receiving a solicitation on Jan. 14. The letter, one of about five Westberg allegedly sent out to local sex offenders, explained that Westberg had found the man on the Megan's Law database and was interested in a date. Ahern said Westberg had provided an explicit physical description of himself and directed the man to look him up on the database. He wrote that if the man was not interested in sex, they could still pursue friendship, said Ahern. The (recipient of the letter) was quite alarmed by it and didn't know what to think about of the letter, Ahern said. He didn't know if someone was trying to get him into trouble. Ahern, posing as the man who received the letter, contacted Westberg and had him meet him at Redwood City Starbucks cafe on Jan. 27. There, investigators confronted Westberg, who admitted he had used the database and had sent similar letters to four other Bay Area registered offenders. The Megan's Law database, released to the public on Dec. 15, contains the names and, in many cases addresses and pictures, for 63,000 sex offenders required by law to register with their local law enforcement agency. Registered offenders are not allowed to access the site, in part to prevent them from conspiring with other convicts. Westberg earned his way on to the list following two convictions for child molestation in San Mateo County in 1992 and 1998, Ahern said. Prior to the release of the list, some law enforcement officials worried that someone might use the list to take the law into their own hands, said Ahern. Everyone was afraid of vigilantes, but we haven't had that, he said. Here, you have an offender trying to abuse other offenders, which is kind of a strange twist. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: Dell to Add Security Chip to PCs
On Fri, 2005-02-04 at 19:07 -0800, James A. Donald wrote: The ability to convincingly tell the truth is a very handy one between people who are roughly equal. It is a potentially disastrous one if one party can do violence with impunity to the one with the ability to convincingly tell the truth. In other words, NGSCB/Palladium/etc doesn't give you an advantage in the least when you step onto a playing field tilting heavily in Microsoft's direction. -- Shawn K. Quinn [EMAIL PROTECTED]
Re: Auto-HERF: Car Chase Tech That's Really Hot
At 10:15 AM 2/4/2005, R.A. Hettinga wrote: The beautiful part of using the (microwave) energy is that it leaves the suspect in control of the car, he said. He can steer, he can brake, he just can't accelerate. Sorry Charlie, but I think newer vehicles are moving to fly-by-wire steering, especially hybrids that don't have an internal combustion engine running all the time so they can't easily use traditional hydraulic servo steering. Steve
What is a cypherpunk?
Justin writes: No, I want the right to fair use of material I buy. If someone sells DRM-only material, I won't buy it at anything approaching non-DRM prices. In some cases, I won't buy it at all. Well, that's fine, nobody's forcing you to buy anything. But try to think about this from a cypherpunk perspective. Fair use is a government oriented concept. Cypherpunks generally distrust the collectivist wisdom of Big Brother governments. What fair use amounts to is an intrustion of government regulation into a private contractual arrangement. It is saying that two people cannot contract away the right to excerpt a work for purposes of commentary or criticism. It says that such contracts are invalid and unenforceable. Now, maybe you think that is good. Maybe you think minimum wage is good, a similar imposition of government regulation to prevent certain forms of contracts. Maybe you think that free speech codes are good. Maybe you support all kinds of government regulations that happen to agree with your ideological preferences. If so, you are not a cypherpunk. May I ask, what the hell are you doing here? Cypherpunks support the right and ability of people to live their own lives independent of government control. This is the concept of crypto anarchy. See that word? Anarchy - it means absence of government. It means freedom to make your own rules. But part of the modern concept of anarchy is that ownership of the self implies the ability to make contracts and agreements to limit your own actions. A true anarchic condition is one in which people are absolutely free to make whatever contracts they choose. They can even make evil, immoral, wicked contracts that people like you do not approve of. They can be racists, like Tim May. They can avoid paying their taxes. They can take less money than minimum wage for their work. They can practice law or medicine without a license. And yes, they can agree to DRM restrictions and contract away their so-called fair use rights. One of the saddest things I've seen on this list, and I've seen it many times, is when people say that the laws of their country give them the right to ignore certain contractual elements that they have agreed to. They think that it's morally right for them to ignore DRM or limitations on fair use, because their government said so. I can't describe how appalling I consider this view. That anyone, in this day and age, could consider _government_ as an arbiter of morality is so utterly bizarre as to be incredible. And yet not only is this view common, it is even expressed here on this list, among people who supposedly have a distrust and suspicion of government. I can only assume that the ideological focus of this mailing list has been lost over the years. Newcomers have no idea what it means to be a cypherpunk, no sense of the history and purpose which originally drove the movement. They blindly accept what they have been force-fed in government-run schools, that government is an agency for good. That's one interpretation. The other is worse. It's that people on this list have sold out their beliefs, their ideals, and their morality. What was the bribe offered to them to make them turn away from the moral principles which brought them to this list originally? What was so valuable that they would discard their belief in self ownership in favor of a collectivist worship of government morality? Simply this: free music and movies. The lure of being able to download first MP3s and now video files has been so great that even cypherpunks, the supposed defenders of individual rights and crypto anarchy, are willing to break their word, violate their contracts, lie and cheat and steal in order to feed their addictive habit. They are willing to do and say anything they have to in order to get access to those files. They don't feel the slightest bit of guilt when they download music and movies in direct contradiction to the expressed desire of the people who put their heart and soul into creating those works. They willingly take part in a vast criminal enterprise, an enormous machine which takes from the most creative members of our society without offering anything in return. And this enterprise is criminal not by the standards of any government or legal code, but by the standards of the morality which is the essence of the cypherpunk worldview: the standard of self ownership, of abiding by one's word, of honoring one's agreements. This poisonous activity has penetrated to all parts of internet based society, and its influence has stolen away what honor the cypherpunks once possessed. Its toxic morality ensures that cypherpunks can no longer present a consistent philosophy, that there is nothing left but meaningless paranoid rantings. I challenge anyone here to answer the question of what it means to be a cypherpunk. What are your goals? What is your philosophy? Do you even recognize the notion of right and
RE: What is a cypherpunk?
Well, I agree with the general gist of this post though not it's specific application. OK...a Cypherpunk ultimately believes that technology and, in particular, crypto give us the defacto (though, as you point out, not dejure) right to certain levels of self-determination and that this 'right' is ultimately exerted indepedent of any governing bodies. In the end, most likely despite any governing bodies. Moreover, it has been argued (in general fairly well, I think) that attempting to exert one's 'rights' through a 'democratically elected' mob is rarely much more than mob rule. We have voted to ransack your home. OK, that I think is well understood. BUT, an essentially Cypherpunkly philosophy does not preclude any kind of action in the legal/governing realm, particularly when it's recognized that said government can easily make it very difficult to live the way one wants. In other words, if Kodos is promising to start curfew laws and make possession or use of crypto a crime, I'll probably vote for Kang in the dim hopes this'll make a difference. Things get sticky when you start talking private sector...unlike most Cypherpunks I don't subscribe to the doctrine that, Private=Good=Proto-anarchy...Halliburton is a quasi-government entitity, AFAIC, the CEO of which 'needs killing' ASAP. In the US Private industry has a way of entangling it's interests with that of the Feds, and vice versa, so I don't see any a priori argument against establishing some kind of rear guard policy to watch the merger and possibly vote once in a while. With Palladium it's easy to see the Feds one day busting down your doors when they find out you broke open the lock box and tore out their little citzen-monitoring daemon inside, which they put in there working with Microsoft. With respect to TCPA, however, I happen to agree with you. IN particular, I think most people will put 2 and 2 together and remember that it was Microsoft in the first place that (in effect) caused a lot of the security problems we see. Watch mass scale defections from Microsoft the moment they try a lock-box approach...or rather, the moment the first big hack/trojan/DoS attack occurs leveraging the comfy protection of TCPA. -TD From: Anonymous [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: What is a cypherpunk? Date: Sat, 5 Feb 2005 22:12:16 +0100 (CET) Justin writes: No, I want the right to fair use of material I buy. If someone sells DRM-only material, I won't buy it at anything approaching non-DRM prices. In some cases, I won't buy it at all. Well, that's fine, nobody's forcing you to buy anything. But try to think about this from a cypherpunk perspective. Fair use is a government oriented concept. Cypherpunks generally distrust the collectivist wisdom of Big Brother governments. What fair use amounts to is an intrustion of government regulation into a private contractual arrangement. It is saying that two people cannot contract away the right to excerpt a work for purposes of commentary or criticism. It says that such contracts are invalid and unenforceable. Now, maybe you think that is good. Maybe you think minimum wage is good, a similar imposition of government regulation to prevent certain forms of contracts. Maybe you think that free speech codes are good. Maybe you support all kinds of government regulations that happen to agree with your ideological preferences. If so, you are not a cypherpunk. May I ask, what the hell are you doing here? Cypherpunks support the right and ability of people to live their own lives independent of government control. This is the concept of crypto anarchy. See that word? Anarchy - it means absence of government. It means freedom to make your own rules. But part of the modern concept of anarchy is that ownership of the self implies the ability to make contracts and agreements to limit your own actions. A true anarchic condition is one in which people are absolutely free to make whatever contracts they choose. They can even make evil, immoral, wicked contracts that people like you do not approve of. They can be racists, like Tim May. They can avoid paying their taxes. They can take less money than minimum wage for their work. They can practice law or medicine without a license. And yes, they can agree to DRM restrictions and contract away their so-called fair use rights. One of the saddest things I've seen on this list, and I've seen it many times, is when people say that the laws of their country give them the right to ignore certain contractual elements that they have agreed to. They think that it's morally right for them to ignore DRM or limitations on fair use, because their government said so. I can't describe how appalling I consider this view. That anyone, in this day and age, could consider _government_ as an arbiter of morality is so utterly bizarre as to be incredible. And yet not only is this view common, it is even expressed here on this list, among
Re: Auto-HERF: Car Chase Tech That's Really Hot
At 06:41 PM 2/4/05 -0800, Steve Schear wrote: At 10:15 AM 2/4/2005, R.A. Hettinga wrote: The beautiful part of using the (microwave) energy is that it leaves the suspect in control of the car, he said. He can steer, he can brake, he just can't accelerate. Sorry Charlie, but I think newer vehicles are moving to fly-by-wire steering, especially hybrids that don't have an internal combustion engine running all the time so they can't easily use traditional hydraulic servo steering. Also amusing will be the congealed lenses of bystanders, dead pacemaker wearers, fried business computers, in addition to the accidents caused by other disabled cars. But the cops will get their man, and the rest is collateral damage, put it on the perp's ticket. Besides, the ECU is shielded pretty well by the car metal and the unit itself is shielded from the electrical ignition noise. But someone needs to explain that to this executive who fancies himself an inventor and can't wait to suckle Caesar's teat, selling cyber terrorist gizmos to the man. Personally I only use the magnetron horn (concealed in my rooftop fiberglass luggage holder) on inconsiderate cell-phone-using drivers. Better than jamming, because they get to kiss their RF front end goodbye, permenantly. So it helps everyone for several days, *and* sells new handsets, helping the economy. Works on pig radios too. Also works on the thumpa-thumpa drivers, and when I turn the power up I find that Chihauha's skulls are not meant to take internal pressure; a steam explosion is pretty messy, and fuzzy dice don't really clean the insides of windshields terribly well.
Re: Jim Bell WMD Threat
--- John Young [EMAIL PROTECTED] wrote: The FBI continues to claim Jim Bell is a WMD threat despite having no case against him except in the media, but that conforms to current FBI/DHS policy of fictionalizing homeland threats. http://www.edgewood.army.mil/downloads/bwirp/mdc_appendix_b02.pdf See page 16. This document was initially prepared in June 2002, updated in June 2003. Interesting that you say the FBI/DHS have a policy of fictionalizing [homeland] threats, but suggest that Jim Bell is a victim of such fictionalization rather than an example of a fictionalised threat. Probably back in about 2001, my Government Cynicism Threat and Alert System(tm) was upgraded from a rating of Moderate to Near Total Cynicism. Consequently, I re-assessed the words I had read concerning the Jim Bell case and decided that he was a fake threat designed as input to the legal/policing system in order to push it in a number of well-defined directions, tending of course towards tyranny. Nothing that I have seen or heard of since, directly related to Jim Bell or otherwise, has led me to believe anything other than threats of the kind that Mr. Bell are supposed to pose are nothing more than sophisticated and well orchestrated frauds. In fact, even such incidents as the Adobe PDF kerfuffle including Dmitri Skylerov and a cast of pseudo-hacks in the tech press are indicative of the degree to which the government and certain segments of the industry and online community are trained to march in lock-step to the tunes as they are called by certain special interest groups. Perhaps the RAND institute might be characterised as one of the organisations that might be said to steer broad trends in fields and strategic industries of interest to government control-freaks and would-be plutocrats. Mind you, I am not necessarily the best or most objective source when it comes to the analysis of such issues. As *some* of you know, I allege a variety of real and utterly indefensable wrongdoings on the part of various police and government-related officials, but as yet have seen not the least bit of support come my way despite the value of some of the work that is at risk. This is in contrast to petty crap like the RSA script on a T-shirt bullshit that has previously occupied so many people's attentions, not to mention media coverage (like Wired). But perhaps I am merely not worthy, and that my thoughts on various matters cannot be trusted, even when they are relevant. Fraud, after all, is a rather serious charge. If one is accusing the Massey Fergeson of the Industry of perpetrating a massive fraud, then I suppose one requires rock-solid evidence -- which I admit I cannot possibly produce at this time. Regards, Steve __ Post your free ad now! http://personals.yahoo.ca
Re: Dell to Add Security Chip to PCs
On 2005-02-04T23:28:56+0100, Eugen Leitl wrote: On Fri, Feb 04, 2005 at 08:21:47PM +, Justin wrote: They managed with the HTDV broadcast flag mandate. If I film off a HDTV screen with a HDTV camera (or just do single-frame with a good professional camera) will the flag be preserved? I don't think so, I think the flag is in the bitstream and doesn't affect visual output at all. You still run into significant quality loss trying to get around it that way. The point is that HDTV is a popular consumer technology, and the MPAA and TV networks alone managed to hijack it. -- War is the father and king of all, and some he shows as gods, others as men; some he makes slaves, others free. --Heraclitus (Kahn.83/D-K.53)
Re: What is a cypherpunk?
On Sun, 2005-02-06 at 19:18 -0800, D. Popkin wrote: The true danger of TCPA is not that free MP3s and movies will become unavailable, but the de facto loss of privacy as non-TCPA gear becomes unavailable or prohibitively expensive. Agreed, in part. I don't think it'll fly too well if any hardware manufacturer builds in TCPA such that only a Microsoft-certified OS will run on it, for one, it's a bad idea to piss off the geeks (and certainly there's a higher geek to ordinary user ratio in the free software world), and also this would be a great way for Microsoft to piss off even the current (far-right Republican) administration. I would expect the setting to disable the TCPA chip to be present in new hardware for as long as TCPA lasts, and indeed, there may be cases where even an ordinary user would want to disable the TCPA chip. I personally don't trust Microsoft at all. They had their chance to keep my trust, and they blew it, big time. -- Shawn K. Quinn [EMAIL PROTECTED]
ACLU (Road) Pizza
Wherein the ACLU pitches us with the flash-pizza from hell: http://www.adcritic.com/interactive/view.php?id=5927 I suppose I might actually give a damn about the above scenario if a *business* was able to obtain all that information from other *businesses* on an open market, from information *I* gave to those businesses in the first place, up to, and including, an insurance company -- though I doubt that we'd have health insurance, except that for catastrophic events, if such insurance weren't deductible from a confiscatory business tax return. I suppose we should be grateful that we don't have food insurance, like they used to have in, say, the Soviet Union. As I've said many times before, modern financial cryptography was invented by leftist professors to free us from evil capitalists. In splendid irony, it was immediately seized upon and evangelized by anarcho-capitalists, to free us from that very model of a modern slave-master: the state. Of course, the market will determine, as always, whether we'll be free or slaves, and if so, to the state, to capitalists, or whomever. Fortunately, the trend of history, almost since the forcible capture of sedentary proto-agrarian society by princes 12,000 years ago, has been one of increasing liberty from such bandits who don't move. One can hope, and maybe soon, that strong financial cryptography will free all of us, once and for all, from the tyranny of such monopolistic force markets, and trade *will* finally be free, once and for all. When it does happen, it won't be lawyers who do it though. Especially public interest lawyers like the ACLU. It will be the engineers who will use the weapon of the cryptographer's mathematics to save us from the state-constructed tyranny of the lawyer's words. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: Dell to Add Security Chip to PCs
As far as the question of malware exploiting TC, it's difficult to evaulate without knowing more details about how the technology ends up being used. First there was TCPA, which is now called TCG. Microsoft spun off their own version called Palladium, then NGSCB. But then Microsoft withdrew NGSCB, and at this point I have no idea whether they will ever offer a new approach. Microsoft offered four concepts for its vision, but only two of them are in the current TCG: Sealed Storage and Remote Attestation. Microsoft's additional features are Trusted I/O and Process Isolation. It's possible that TCG may incorporate these eventually, because without them the security offered by TC is much more limited. Microsoft's vision for application development under NGSCB involved splitting programs into two parts, which they called the left hand side (LHS) and right hand side (RHS). The LHS was the legacy program, which had access to the entire Windows API. It would be responsible for user interface, I/O, and any non-secure features. The RHS was the new stuff; it would run in a special partitioned memory that could not be accessed even by the OS. However the RHS would not have access to the full Windows API, and instead would only get very limited OS support from a mini-kernel called the Nexus. The goal was to publish the source of the Nexus for review and to have it be simple and clean enough to be secure. Applications would do their security stuff in the RHS modules, which were called Nexus Computing Agents (NCAs). These could use the other TPM features. They could encrypt data such that only that NCA could decyrpt it; and they could attest to a remote server or peer about exactly what NCA was running. NCAs would also have some kind of secure I/O channel to input and display devices. An NCA would be immune to molestation by virus and malware unless the virus got into the NCA itself, which would be hard because they were supposed to be relatively small and simple. Infections elsewhere in the program, in the OS, or in other NCAs would not propagate to an NCA. Microsoft's design was sophisticated and (IMO) elegant, and goes far beyond anything the clumsy, design-by-committee TCG has come up with yet. Yet NGSCB failed even before it was released. Experience from early beta testers was uniformly negative, according to press reports, and the project was pulled for a redesign. Nothing has been heard of it for a year now. The problem was apparently that this LHS/RHS design was unacceptable to developers, introducing complexity and requiring a substantial rewrite of existing applications. The RHS Nexus API was so primitive that it was hard to do anything useful there, while LHS functionality was completely unprotected and received no benefits from the new technology. So that's where we stand. Given this uncertainty, it is hard to credit those who claim that TC will be a golden opportunity for malware. Nobody really knows what the architecture of TC will be by the time it is released. In this respect, Bruce Schneier's comments were the most accurate and prescient. Over two years ago he advised adopting a wait and see attitude, and predicted exactly the kind of revamping and redesign which is currently underway. But for the purposes of analysis, let's suppose that Microsoft's original vision were intact, and that NGSCB with the four features were actually being deployed. How might Dan Kaminsky's scenario of an infected Microsoft Word work out in detail? First we need to consider how the LHS/RHS split might work for a word processor. Most functions are not security related and will be in the LHS. Let's imagine a security function. Suppose a company wants to have certain documents to always be saved encrypted, and only to be exchanged (in encrypted form) with other employees also running the secure Word program. Nobody would be able to get access to the data except via this special program. This could be useful for company-confidental docs. So we will have an NCA on the RHS which can, under the guidance of some policy, save documents in encrypted form and locked to the NCA. No other software will be able to decrypt them because of the Sealed Storage function of the TPM. NCA's can exchange documents with matching NCAs on other computers, using Remote Attestation to verify that the remote system is running the right software, and to set up a secure comm channel between the NCAs. No other software, not even the LHS of Word, could decrypt the data being exchanged between the NCAs. And the NCAs run in secure memory, so that even in an infected computer there will be no way for the malware to get access to the sensitive data. So how does Kaminsky's attack work? He proposes to give some bogus data to the NCA and infect it. Now, here's the problem. The NCA is a relative small and simple program. It's not going to have the full capabilities of the rest of Word. It has a clean interface and a clean
Re: Dell to Add Security Chip to PCs
Eric Murray writes: The TCPA chip verifies the (signature on the) BIOS and the OS. So the software driver is the one that's trusted by the TCPA chip. I don't believe this is correct. The TPM does not verify any signatures. It is fundamentally a passive chip. Its only job is to store hashes of software components that the BIOS, boot loader and OS report to it. It can then report those hashes in attestations, or perform crypto sealing and unsealing operations in such a way that sealed data is locked to those hashes, and can't be unsealed if the hashes are different. and then asks: I have an application for exactly that behaviour. It's a secure appliance. Users don't run code on it. It needs to be able to verify that it's running the authorized OS and software and that new software is authorized. (it does it already, but a TCPA chip might do it better). So a question for the TCPA proponents (or opponents): how would I do that using TCPA? You might want to look at enforcer.sourceforge.net for some ideas. They created a Tripwire-like system which does a secure boot and compares the software that is loaded with approved versions. I don't remember if they used signatures or hashes for the comparison but presumably either one could be made to work. Marcel Popescu's message was mostly content free (I love the way he thinks its OK to lie as long as it's in English! - remind me never to trust this guy) but he did ask one non-rethorical question: Name other five (out of the most) laptop companies offering this chip in their laptops. (This is NOT rethorical, I'm really curious.) IBM T43 and Thinkpads (over 16 million TPMs shipped as of last year). HP/Compaq nc6000, nc8000, nw8000, nc4010 notebooks. Toshiba Dynabook SS LX, Tecra M3 and Portege M205-S810. Fujitsu Lifebook S7010 and LifeBook E8000 laptops; T4000 and ST5020 tablets. Samsung X-Series. NEC VersaPro/VersaProJ. and now Dell Latitude D410, D610 and D810.
Re: Dell to Add Security Chip to PCs
-- On 3 Feb 2005 at 22:25, Anonymous wrote: Now, my personal perspective on this is that this is no real threat. It allows people who choose to use the capability to issue reasonably credible and convincing statements about their software configuration. Basically it allows people to tell the truth about their software in a convincing way. Anyone who is threatened by the ability of other people to tell the truth should take a hard look at his own ethical standards. Honesty is no threat to the world! The only people endangered by this capability are those who want to be able to lie. They want to agree to contracts and user agreements that, for example, require them to observe DRM restrictions and copyright laws, but then they want the power to go back on their word, to dishonor their commitment, and to lie about their promises. An honest man is not affected by Trusted Computing; it would not change his behavior in any way, because he would be as bound by his word as by the TC software restrictions. The ability to convincingly tell the truth is a very handy one between people who are roughly equal. It is a potentially disastrous one if one party can do violence with impunity to the one with the ability to convincingly tell the truth. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 6B7i0tiB4vUHqQnAP6nXT2z+B+zLB8624+K6+ENU 47fFHg6cY0KInzxMe/l+L2c7LqmPZyrwOSZepYIR3
Interview with Ward Churchill
I want the state gone: transform the situation to U.S. out of North America. U.S. off the planet. Out of existence altogether. Cheers, RAH --- http://www.satyamag.com/apr04/churchill.html Satya April 04 Dismantling the Politics of Comfort The Satya Interview with Ward Churchill Photo © AK Press Ward Churchill is perhaps one of the most provocative thinkers around. A Creek and enrolled Keetoowah Band Cherokee, Churchill is a longtime Native rights activist. He has been heavily involved in the American Indian Movement and the Leonard Peltier Defense Committee. He is Professor of Ethnic Studies at the University of Colorado and has served as a delegate to the UN Working Group on Indigenous Populations. One of Churchill's areas of expertise is the history of the U.S. government's genocide of Native Americans-the chronic violation of treaties and systematic extermination of North American indigenous populations. His many books include A Little Matter of Genocide: Holocaust and Denial in the Americas: 1492 to Present (1998) and The COINTELPRO Papers: Documents from the FBI's Secret Wars Against Dissent in the U.S. (2nd edition, 2002). His new book, On the Justice of Roosting Chickens: Reflections on the Consequences of U.S. Imperial Arrogance and Criminality, was just published by AK Press (www.akpress.org). As a member of a people who have been on the receiving end of violence, Churchill has a rather distinct perspective of the U.S. and the effectiveness of political dissent and social change. Ward Churchill recently shared some of his views with Catherine Clyne. This issue of Satya is trying to push the debate about whether or not violence is an appropriate means for a desired end. With animal activists, there's a growing gap between people who feel it's not and others who feel that, for example, breaking into laboratories to liberate animals or burning down property is an effective way to stop abuse. Well, that's an absurd framing in my view. Defining violence in terms of property-that basically nullifies the whole notion that life is sacred. People who want to elevate property to the same level of importance as life are so absurd as to be self-nullifying. Some people feel that those who abuse animals or people negate their right to consideration and open themselves up to physical violence. What's your response to this? The individuals who are perpetrators in one way or another, the little Eichmanns* in the background-the technocrats, bureaucrats, technicians-who make the matrix of atrocity that we are opposing possible are used to operating with impunity. If you're designing thermonuclear weapons, you're subject to neutralization, in the same sense that somebody who is engaged in homicide would be, in terms of their capacity to perpetrate that offense. One or two steps removed should not have the effect of immunizing. Otherwise, only those who are in the frontline-usually the most expendable in the systemic sense-are subject to intervention. None of the decision-makers, the people who make it possible, would be subject to intervention that would prevent their action in any way at all. That brings me to one question, which is, in general, people like to think they're pretty decent. They don't like to think of themselves as violent or complying with a system that is oppressive... Heinrich Himmler viewed himself in exactly that way. He was a family man, he had high moral values, he'd met his responsibilities, blah, blah, blah-a good and decent man in his own mind. Do you think that applies to most American people? In the sense that it applied to most Germans [during the Third Reich]. Your recent works detail the documentable history of the consequences of U.S. imperialism. After reading On the Justice of Roosting Chickens and listening to your two CDs, what do you want your audience to walk away with? A fundamental understanding of the nature of their obligation to intervene to bring the kind of atrocities that I've described to a halt by whatever means are necessary. The predominating absurdity in American oppositional circles for the past 30 years is the notion that if one intervenes to halt a rape or a murder in progress, if you actually use physical force as necessary to prevent that act, somehow or other you've become morally the same as the perpetrator. What do you think those oppositional circles need to do to really effect change? Stop being preoccupied with the sanctity of their own personal security, on the one hand, and start figuring out what would be necessary. That might require experimentation with tactics and techniques. Not how, like an alchemist, you repeat the performance often enough to make yourself feel good in the face of an undisturbed continuation of the horror you're opposing. If your candlelit vigil doesn't bring the process you're opposing to a halt, what do you do next, presuming you actually desired to have an effect. Let's just presume
Re: What is a cypherpunk?
-BEGIN PGP SIGNED MESSAGE- Cypherpunks generally distrust the collectivist wisdom ... Yes, but Big Brother governments are not the only way such wisdom gets imposed. Bill Gates came close to imposing it upon all of us, and if it hadn't been for Richard Stallman and Linus Torvalds, we might all be suffering under that yoke today. The genius of Bill Gates is in knowing that most people don't notice or care that to agree to a EULA is to make a vow of ignorance, and not being ashamed to stoop to their level. The true danger of TCPA is not that free MP3s and movies will become unavailable, but the de facto loss of privacy as non-TCPA gear becomes unavailable or prohibitively expensive. D. Popkin -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQBVAwUBQgaySPPsjZpmLV0BAQHEhwIAiv9N+F0GSYVB7xXE3Vftiyxgi7PYqNNP FnAN/nh1CdoLKG0lymhGEOGW8ZAZsKRAzv5FZSal7QUSWRzzZ8qo4w== =jsCx -END PGP SIGNATURE-
CodeCon Reminder
e'd like to remind those of you planning to attend this year's event that CodeCon is fast approaching. CodeCon is the premier event in 2005 for application developer community. It is a workshop for developers of real-world applications with working code and active development projects. Past presentations at CodeCon have included the file distribution software BitTorrent; the Peek-A-Booty anti-censorship application; the email encryption system PGP Universal; and Audacity, a powerful audio editing tool. Some of this year's highlights include Off-The-Record Messaging, a privacy-enhancing encryption protocol for instant-message systems; SciTools, a web-based toolkit for genetic design and analysis; and Incoherence, a novel stereo sound visualization tool. CodeCon registration is discounted this year: $80 for cash at the door registrations. Registration will be available every day of the conference, though ticket are limited, and attendees are encouraged to register on the first day to secure admission. CodeCon will be held February 11-13, noon-6pm, at Club NV (525 Howard Street) in San Francisco. For more information, please visit http://www.codecon.org.
RSA Conference, and BA Cypherpunks
Once again, the RSA Conference is upon us, and many of the corrospondents on these lists will be in San Francisco. I'd like to see if anyone is interested in getting together. We've done this before. At past conferences, we've had various levels of participation, from 50 down to 3. Since the BAC Physical Meetings seem to have pretty well died out, I'd like to propose that those of us who are interested get together for lunch or dinner at some point. I'll be arriving on site Monday afternoon, and leaving Friday morning. Thursday night, at least, is already spoken for. At the moment, it looks like Monday or Tuesday night may be the best, though a lunch is also possible. Any takers? Peter Trei [EMAIL PROTECTED] RSA Data Security Conference Dates: Feb 14-18 2005 Place: Moscone Center, San Francisco http://www.rsaconference.com While the full conference is rather expensive, note that you can get a free Expo pass if you register online by 5pm Feb 14th.
Re: RSA Conference, and BA Cypherpunks
On Mon, 7 Feb 2005, Trei, Peter wrote: Once again, the RSA Conference is upon us, and many of the corrospondents on these lists will be in San Francisco. I'd like to see if anyone is interested in getting together. We've done this before. Yeah, but can we eat food, drink beer, shoot drugs and screw expensive hookers at Tim May's compound? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Quadriplegics think before they write stupid pointless shit...because they have to type everything with their noses. http://www.tshirthell.com/