Re: How to Stop Junk E-Mail: Charge for the Stamp

[Eric Murray]

On Wed, Feb 16, 2005 at 03:29:21PM +, Ian G wrote:
 Peter Gutmann wrote:
 
 Barry Shein [EMAIL PROTECTED] writes:
 Eventually email will just collapse (as it's doing) and the RBOCs et al will
 inherit it and we'll all be paying 15c per message like their SMS services.
 
 And the spammers will be using everyone else's PC's to send out their spam, 
 so
 the spam problem will still be as bad as ever but now Joe Sixpack will be
 paying to send it.
 
 Hmmm, and maybe *that* will finally motivate software companies, end users,
 ISPs, etc etc, to fix up software, systems, and usage habits to prevent this.
   
 
 My view - as controversial as ever - is that the problem
 is unfixable, and mail will eventually fade away.  That
 which will take its place is p2p / IM / chat / SMS based.
 In that world, it is still reasonable to build ones own IM
 system for the needs of ones own community, and not
 to have to worry about standards.  Which means one can
 build in the defences that are needed, when they are
 needed.

Better start on those defenses now then-
there is already significant amounts of IM and SMS spam.

I would be suprised if the people designing IM and SMS systems
have learned much from the failures of SMTP et al.  


Eric

Re: [p2p-hackers] SHA1 broken?

[Eric Murray]

On Wed, Feb 16, 2005 at 07:55:15AM -0500, R.A. Hettinga wrote:
 From: Serguei Osokine [EMAIL PROTECTED]
 To: Peer-to-peer development. [EMAIL PROTECTED]
 Subject: RE: [p2p-hackers] SHA1 broken?
 Date: Wed, 16 Feb 2005 00:11:07 -0800
 
 Okay, so the effective SHA-1 length is 138 bits instead of full
 160 - so what's the big deal? It is still way more than, say, MD5

In applications where collisions are important, SHA1 is now
effectively 69 bits as opposed to 80.

That's not very much, and odds are there will be an improvement on
this attack in the near future. 

Eric

Re: [p2p-hackers] SHA1 broken?

[Eric Murray]

On Wed, Feb 16, 2005 at 07:55:15AM -0500, R.A. Hettinga wrote:
 From: Serguei Osokine [EMAIL PROTECTED]
 To: Peer-to-peer development. [EMAIL PROTECTED]
 Subject: RE: [p2p-hackers] SHA1 broken?
 Date: Wed, 16 Feb 2005 00:11:07 -0800
 
 Okay, so the effective SHA-1 length is 138 bits instead of full
 160 - so what's the big deal? It is still way more than, say, MD5

In applications where collisions are important, SHA1 is now
effectively 69 bits as opposed to 80.

That's not very much, and odds are there will be an improvement on
this attack in the near future. 

Eric

Re: How to Stop Junk E-Mail: Charge for the Stamp

[Eric Murray]

On Wed, Feb 16, 2005 at 03:29:21PM +, Ian G wrote:
 Peter Gutmann wrote:
 
 Barry Shein [EMAIL PROTECTED] writes:
 Eventually email will just collapse (as it's doing) and the RBOCs et al will
 inherit it and we'll all be paying 15c per message like their SMS services.
 
 And the spammers will be using everyone else's PC's to send out their spam, 
 so
 the spam problem will still be as bad as ever but now Joe Sixpack will be
 paying to send it.
 
 Hmmm, and maybe *that* will finally motivate software companies, end users,
 ISPs, etc etc, to fix up software, systems, and usage habits to prevent this.
   
 
 My view - as controversial as ever - is that the problem
 is unfixable, and mail will eventually fade away.  That
 which will take its place is p2p / IM / chat / SMS based.
 In that world, it is still reasonable to build ones own IM
 system for the needs of ones own community, and not
 to have to worry about standards.  Which means one can
 build in the defences that are needed, when they are
 needed.

Better start on those defenses now then-
there is already significant amounts of IM and SMS spam.

I would be suprised if the people designing IM and SMS systems
have learned much from the failures of SMTP et al.  


Eric

Re: Dell to Add Security Chip to PCs

[Eric Murray]

On Thu, Feb 03, 2005 at 11:45:01PM -0600, Shawn K. Quinn wrote:
 Isn't it possible to emulate the TCPA chip in software, using one's own
 RSA key, and thus signing whatever you damn well please with it instead
 of whatever the chip wants to sign? So in reality, as far as remote
 attestation goes, it's only as secure as the software driver used to
 talk to the TCPA chip, right?

The TCPA chip verifies the (signature on the) BIOS and the OS.
So the software driver is the one that's trusted by the TCPA chip.

Plus the private key is kept in the chip, so it can't
be read by your emulator.  If your emulator picks its own key pair
then its attesations will be detected as invalid by a
relying party that's using the real TCPA public keys.


Eric

Using TCPA

[Eric Murray]

On Thu, Feb 03, 2005 at 11:51:57AM -0500, Trei, Peter wrote:
 
 It could easily be leveraged to make motherboards
 which will only run 'authorized' OSs, and OSs
 which will run only 'authorized' software.

[..]

 If you 'take ownership' as you put it, the internal
 keys and certs change, and all of a sudden you
 might not have a bootable computer anymore.

I have an application for exactly that behaviour.
It's a secure appliance.  Users don't run
code on it.  It needs to be able
to verify that it's running the authorized OS and software
and that new software is authorized.
(it does it already, but a TCPA chip might do it better).

So a question for the TCPA proponents (or opponents):
how would I do that using TCPA?


Eric

Re: An interesting thread...Hacking Bluetooth

[Eric Murray]

On Wed, Dec 22, 2004 at 09:48:01PM -0500, Tyler Durden wrote:
 Oh no, it gets really interesting. He claims to be an ex-German TLA-type 
 (how many Ls do German TLAs normally have?), and had advanced knowledge of 
 9/11. That's not super-implausible.

[..]

 Me? I suspect he just pulled all this shit from David Emory's shows and then 
 added some nice google tech searches.

[..]

 I was hoping someone knew about this and had already hacked this hoax, 


If he sounds like Dave Emory, then there isn't much debunking that's required.

Food for thought and grounds for further research,

Eric

Re: An interesting thread...Hacking Bluetooth

[Eric Murray]

On Wed, Dec 22, 2004 at 09:48:01PM -0500, Tyler Durden wrote:
 Oh no, it gets really interesting. He claims to be an ex-German TLA-type 
 (how many Ls do German TLAs normally have?), and had advanced knowledge of 
 9/11. That's not super-implausible.

[..]

 Me? I suspect he just pulled all this shit from David Emory's shows and then 
 added some nice google tech searches.

[..]

 I was hoping someone knew about this and had already hacked this hoax, 


If he sounds like Dave Emory, then there isn't much debunking that's required.

Food for thought and grounds for further research,

Eric

Re: nyms being attacked by malware

[Eric Murray]

On Thu, Nov 11, 2004 at 10:16:11AM +0100, privacy.at Anonymous Remailer wrote:
 I've noticed a very high increase of incoming virii and malicious code of
 various sorts to one of my nyms. Since the nym is not used anywhere
 publically I really wonder if these are deliberate attacks to try to
 compromise the machines of people using nyms to protect their identity. Is
 this something that's a known strategy somehow? Obviously it could also be
 that the nym was previously used by someone else online and that's partly
 why it would be interesting to hear other's comments on this.

Spammers probe SMTP servers for valid names using dictionary attacks.

It's difficult to set up an SMTP server that will
accept mail for an address and not also give up
the information that the address is valid.

Re: nyms being attacked by malware

[Eric Murray]

On Thu, Nov 11, 2004 at 10:16:11AM +0100, privacy.at Anonymous Remailer wrote:
 I've noticed a very high increase of incoming virii and malicious code of
 various sorts to one of my nyms. Since the nym is not used anywhere
 publically I really wonder if these are deliberate attacks to try to
 compromise the machines of people using nyms to protect their identity. Is
 this something that's a known strategy somehow? Obviously it could also be
 that the nym was previously used by someone else online and that's partly
 why it would be interesting to hear other's comments on this.

Spammers probe SMTP servers for valid names using dictionary attacks.

It's difficult to set up an SMTP server that will
accept mail for an address and not also give up
the information that the address is valid.

Re: bin Laden gets a Promotion

[Eric Murray]

On Sat, Oct 30, 2004 at 02:29:51PM -0400, Tyler Durden wrote:
 GodDAMN George W is a dumb fuck.
 
 If the guy's IQ had broken the 3-digit barrier he might have figured out 
 that by nearly directly replying to the new bin Laden video he's basically 
 elevating bin Laden to a hostile head-of-state.

Bush needs bin Laden to be as scary as possible.
I'm amused by the timing.  Its almost as if they're both
following Karl Rove's playbook.

Eric

Re: bin Laden gets a Promotion

[Eric Murray]

On Sat, Oct 30, 2004 at 02:29:51PM -0400, Tyler Durden wrote:
 GodDAMN George W is a dumb fuck.
 
 If the guy's IQ had broken the 3-digit barrier he might have figured out 
 that by nearly directly replying to the new bin Laden video he's basically 
 elevating bin Laden to a hostile head-of-state.

Bush needs bin Laden to be as scary as possible.
I'm amused by the timing.  Its almost as if they're both
following Karl Rove's playbook.

Eric

Re: Backdoor found in Diebold Voting Tabulators

[Eric Murray]

On Tue, Aug 31, 2004 at 11:30:35AM -0400, Sunder wrote:
 Oops! Is that a cat exiting the bag?
 
 
 http://www.blackboxvoting.org/?q=node/view/78


Apparently so.  Going to www.blackboxvoting.org now just gives:

This Account Has Been Suspended
Please contact the billing/support department as soon as possible.


Interestingly, while the whois info is gone, the DNS records are 
still around:

% dig blackboxvoting.org any

;  DiG 8.3  blackboxvoting.org any 
;; res options: init recurs defnam dnsrch
;; got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 3
;; QUERY SECTION:
;;  blackboxvoting.org, type = ANY, class = IN

;; ANSWER SECTION:
blackboxvoting.org. 4H IN A 69.73.175.26
blackboxvoting.org. 4H IN NSns4.nocdirect.com.
blackboxvoting.org. 4H IN NSns2.nocdirect.com.
blackboxvoting.org. 4H IN NSns3.nocdirect.com.
blackboxvoting.org. 4H IN SOA   ns3.nocdirect.com. admin.nocdirect.com. (
2004081101  ; serial
4H  ; refresh
2H  ; retry
5w6d16h ; expiry
1D ); minimum

blackboxvoting.org. 4H IN MX0 blackboxvoting.org.

Re: Backdoor found in Diebold Voting Tabulators

[Eric Murray]

On Tue, Aug 31, 2004 at 11:30:35AM -0400, Sunder wrote:
 Oops! Is that a cat exiting the bag?
 
 
 http://www.blackboxvoting.org/?q=node/view/78


Apparently so.  Going to www.blackboxvoting.org now just gives:

This Account Has Been Suspended
Please contact the billing/support department as soon as possible.


Interestingly, while the whois info is gone, the DNS records are 
still around:

% dig blackboxvoting.org any

;  DiG 8.3  blackboxvoting.org any 
;; res options: init recurs defnam dnsrch
;; got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 3
;; QUERY SECTION:
;;  blackboxvoting.org, type = ANY, class = IN

;; ANSWER SECTION:
blackboxvoting.org. 4H IN A 69.73.175.26
blackboxvoting.org. 4H IN NSns4.nocdirect.com.
blackboxvoting.org. 4H IN NSns2.nocdirect.com.
blackboxvoting.org. 4H IN NSns3.nocdirect.com.
blackboxvoting.org. 4H IN SOA   ns3.nocdirect.com. admin.nocdirect.com. (
2004081101  ; serial
4H  ; refresh
2H  ; retry
5w6d16h ; expiry
1D ); minimum

blackboxvoting.org. 4H IN MX0 blackboxvoting.org.

Olympics snooping

[Eric Murray]

http://sports.yahoo.com/oly/news?slug=ap-securitytechprov=aptype=lgns

Unprecedented electronic net over the Olympics

By MIRON VAROUHAKIS, Associated Press Writer

August 9, 2004

ATHENS, Greece (AP) -- If you're going to the Olympics, you'd better be
careful what you say and do in public.

Software will be watching and listening.

Recent leaps in technology have paired highly sophisticated software
with street surveillance cameras to create digital security guards with
intelligence-gathering skills.

`It is a very vast network and it is the first time it is being done
on such a scale at an international level,'' Greek police spokesman
Col. Lefteris Ikonomou told The Associated Press.

The system -- developed by a consortium led by San Diego-based Science
Applications International Corp., or SAIC -- cost about $312 million
and took up a sizable chunk of Athens' record security budget of more
than $1.5 billion.

It gathers images and audio from an electronic web of over 1,000
high-resolution and infrared cameras, 12 patrol boats, 4,000 vehicles,
nine helicopters, a sensor-laden blimp and four mobile command centers.

Spoken words collected by the cameras with speech-recognition software
are transcribed into text that is then searched for patterns along
with other electronic communications entering and leaving the area --
including e-mail and image files.

The system, which includes components already used by U.S. and British
government intelligence agencies, covers all of greater Athens, nine
ports, airports and all other Olympic cities.

Ikonomou said it ``allows the users to manage a critical incident in
the best way possible and in the shortest time possible because they
have all the information in front of them.''

The software used for surveillance camera recordings is designed to spot
and rank possible risks, said Dionysios Dendrinos, general manager of
One Siemens in Greece, one of the companies in the consortium.

``They can distinguish the sound of a flat tire from an explosion or
a gunshot and inform the user at the command center of the incident,''
he said. ``This is also the case with any anomaly in the picture, such
as a traffic jam.''

Technology also allows the users of the system at the main command center
to save and analyze data from the surveillance network and beyond. And
the material from the closed circuit cameras is kept for seven days,
Ikonomou said, so specific incidents can be analyzed in depth.

Much of that analysis is enabled by software from London-based Autonomy
Corp., whose clients include the U.S. National Security Agency, that
parses words and phrases collected by surveillance cameras and in
communications traffic.

In June, the Greek government expanded surveillance powers to screen
mobile and fixed-line telephone calls during the Olympics.

``It listens, reads and watches,'' Dominic Johnson, Autonomy's
chief marketing officer, said of his company's software. Then it
synthesizes. Beyond Greek and English the software understands Arabic,
Farsi and all major European languages, Johnson said.

Other companies in the SAIC consortium include Germany's Siemens AG;
General Dynamics Corp. and Honeywell International Inc. of the United
States; and the Israeli company Elbit Systems. Several Greek companies
also are participating.

According to the contract, the system was to be delivered by May 28,
but due to construction delays at some Olympic venues -- such as the
main Olympic stadium -- it was delivered just weeks before the opening
ceremony.

Nevertheless, Public Order Minister Giorgos Voulgarakis declared last
week that all the security systems were in full deployment and working
smoothly.

There'll be other sniffing going on, of course.

A network of sensors designed to detect chemical agents has also been
deployed near Olympic venues and around the capital, including on the
security blimp.

Advanced technology is also used in the creation of the Olympic
credentials, which use such security features as holograms. All cardholder
information, such as a person's photo and passport number, are printed
on a very thin film designed to make the cards impossible to forge.

The digitally enhanced surveillance net may provide comfort to Olympics
attendees, but not everyone is happy at authorities' computer-aided eyes
and ears.

Several groups have held protests in recent months against what they say
is an invasion of their privacy, and some demonstrators have spray-painted
street cameras, seeking to blind them.

``The Olympic Games are accompanied with extended security measures
that are unprecedented for Greece,'' six human rights groups said in a
protest letter to Greek Parliament in July. ``Although the state's right
to take all necessary measures that it deems necessary is recognized,
there is fear that these measures will have a negative impact on basic
human rights.''

Olympics snooping

[Eric Murray]

http://sports.yahoo.com/oly/news?slug=ap-securitytechprov=aptype=lgns

Unprecedented electronic net over the Olympics

By MIRON VAROUHAKIS, Associated Press Writer

August 9, 2004

ATHENS, Greece (AP) -- If you're going to the Olympics, you'd better be
careful what you say and do in public.

Software will be watching and listening.

Recent leaps in technology have paired highly sophisticated software
with street surveillance cameras to create digital security guards with
intelligence-gathering skills.

`It is a very vast network and it is the first time it is being done
on such a scale at an international level,'' Greek police spokesman
Col. Lefteris Ikonomou told The Associated Press.

The system -- developed by a consortium led by San Diego-based Science
Applications International Corp., or SAIC -- cost about $312 million
and took up a sizable chunk of Athens' record security budget of more
than $1.5 billion.

It gathers images and audio from an electronic web of over 1,000
high-resolution and infrared cameras, 12 patrol boats, 4,000 vehicles,
nine helicopters, a sensor-laden blimp and four mobile command centers.

Spoken words collected by the cameras with speech-recognition software
are transcribed into text that is then searched for patterns along
with other electronic communications entering and leaving the area --
including e-mail and image files.

The system, which includes components already used by U.S. and British
government intelligence agencies, covers all of greater Athens, nine
ports, airports and all other Olympic cities.

Ikonomou said it ``allows the users to manage a critical incident in
the best way possible and in the shortest time possible because they
have all the information in front of them.''

The software used for surveillance camera recordings is designed to spot
and rank possible risks, said Dionysios Dendrinos, general manager of
One Siemens in Greece, one of the companies in the consortium.

``They can distinguish the sound of a flat tire from an explosion or
a gunshot and inform the user at the command center of the incident,''
he said. ``This is also the case with any anomaly in the picture, such
as a traffic jam.''

Technology also allows the users of the system at the main command center
to save and analyze data from the surveillance network and beyond. And
the material from the closed circuit cameras is kept for seven days,
Ikonomou said, so specific incidents can be analyzed in depth.

Much of that analysis is enabled by software from London-based Autonomy
Corp., whose clients include the U.S. National Security Agency, that
parses words and phrases collected by surveillance cameras and in
communications traffic.

In June, the Greek government expanded surveillance powers to screen
mobile and fixed-line telephone calls during the Olympics.

``It listens, reads and watches,'' Dominic Johnson, Autonomy's
chief marketing officer, said of his company's software. Then it
synthesizes. Beyond Greek and English the software understands Arabic,
Farsi and all major European languages, Johnson said.

Other companies in the SAIC consortium include Germany's Siemens AG;
General Dynamics Corp. and Honeywell International Inc. of the United
States; and the Israeli company Elbit Systems. Several Greek companies
also are participating.

According to the contract, the system was to be delivered by May 28,
but due to construction delays at some Olympic venues -- such as the
main Olympic stadium -- it was delivered just weeks before the opening
ceremony.

Nevertheless, Public Order Minister Giorgos Voulgarakis declared last
week that all the security systems were in full deployment and working
smoothly.

There'll be other sniffing going on, of course.

A network of sensors designed to detect chemical agents has also been
deployed near Olympic venues and around the capital, including on the
security blimp.

Advanced technology is also used in the creation of the Olympic
credentials, which use such security features as holograms. All cardholder
information, such as a person's photo and passport number, are printed
on a very thin film designed to make the cards impossible to forge.

The digitally enhanced surveillance net may provide comfort to Olympics
attendees, but not everyone is happy at authorities' computer-aided eyes
and ears.

Several groups have held protests in recent months against what they say
is an invasion of their privacy, and some demonstrators have spray-painted
street cameras, seeking to blind them.

``The Olympic Games are accompanied with extended security measures
that are unprecedented for Greece,'' six human rights groups said in a
protest letter to Greek Parliament in July. ``Although the state's right
to take all necessary measures that it deems necessary is recognized,
there is fear that these measures will have a negative impact on basic
human rights.''

Re: On how the NSA can be generations ahead

[Eric Murray]

On Sun, Aug 01, 2004 at 10:20:38AM -0500, J.A. Terranson wrote:
 On Sat, 31 Jul 2004, Major Variola (ret) wrote:
 
  Tyler D asked about how the NSA could be so far ahead.
  Besides their ability to make 2 sq. chips at 10% yield (not
  something a commercial entity could get away with)
 
 What, exactly, would be the point of doing this?

More gates == more processing.

  they can also *thin and glue* those chips into say stacks
  of 5 thinned die.
 
 As easily as you could do this to high efficiency chips.

It's possible, using technologies like flip-chip.  But its not
as good as having everything on one die.  The interconnects
are limited in number and large in size, so they take up a lot of
room.

Stacked die are also more difficult to keep cool.

  2 sq = 4 x performance
 
 How do you figure 4x performance on a 2 chip?  Most of the chip
 performance is tied to the total distance that signals must traverse
 across the chip surface.

4x the gates (roughly) means 4x performance.
Chip performance, especially for highly parellizable things like
key cracking, is determined by the number of gates.


Eric

Re: On how the NSA can be generations ahead

[Eric Murray]

On Sun, Aug 01, 2004 at 10:20:38AM -0500, J.A. Terranson wrote:
 On Sat, 31 Jul 2004, Major Variola (ret) wrote:
 
  Tyler D asked about how the NSA could be so far ahead.
  Besides their ability to make 2 sq. chips at 10% yield (not
  something a commercial entity could get away with)
 
 What, exactly, would be the point of doing this?

More gates == more processing.

  they can also *thin and glue* those chips into say stacks
  of 5 thinned die.
 
 As easily as you could do this to high efficiency chips.

It's possible, using technologies like flip-chip.  But its not
as good as having everything on one die.  The interconnects
are limited in number and large in size, so they take up a lot of
room.

Stacked die are also more difficult to keep cool.

  2 sq = 4 x performance
 
 How do you figure 4x performance on a 2 chip?  Most of the chip
 performance is tied to the total distance that signals must traverse
 across the chip surface.

4x the gates (roughly) means 4x performance.
Chip performance, especially for highly parellizable things like
key cracking, is determined by the number of gates.


Eric

FIPS chassis/linux security engineer?

[Eric Murray]

Does anyone know of a manufacturer of FIPS 140 certified or
certifiable 1u/2u rack mount chassis?

For a seperate project, does anyone know of a small linux-ready/able
box with ethernet?
Gumstix looks cool but I need hardwire networking.


Last, I'm looking for a Linux expert security engineer in the SF
bay area.  (I'm managing a security group at a startup that has
been shipping products to paying customers for a few years.  No its
not lne.com, this just address I use to post).

This person will need to know linux/unix OS security/hardening _in
depth_ and also have an understanding of crypto APIs (writing them not
using them) plus significant industry experience.  Sorry, no relocation
assistance.


Eric

FIPS chassis/linux security engineer?

[Eric Murray]

Does anyone know of a manufacturer of FIPS 140 certified or
certifiable 1u/2u rack mount chassis?

For a seperate project, does anyone know of a small linux-ready/able
box with ethernet?
Gumstix looks cool but I need hardwire networking.


Last, I'm looking for a Linux expert security engineer in the SF
bay area.  (I'm managing a security group at a startup that has
been shipping products to paying customers for a few years.  No its
not lne.com, this just address I use to post).

This person will need to know linux/unix OS security/hardening _in
depth_ and also have an understanding of crypto APIs (writing them not
using them) plus significant industry experience.  Sorry, no relocation
assistance.


Eric

recent brute-force work factor calculations

[Eric Murray]

Does anyone know of a recent brute-force work
factor calculation for the various common symmetric ciphers?
I.e.   it'll take X 3.2gh Xeons Y years to brute cipher Z.
I know there's a table of these in Schneier and there's the Seven
Cryptographers paper but they're both pretty old at this point.

I'm just looking for an approximation.

Thanks.

Eric

recent brute-force work factor calculations

[Eric Murray]

Does anyone know of a recent brute-force work
factor calculation for the various common symmetric ciphers?
I.e.   it'll take X 3.2gh Xeons Y years to brute cipher Z.
I know there's a table of these in Schneier and there's the Seven
Cryptographers paper but they're both pretty old at this point.

I'm just looking for an approximation.

Thanks.

Eric

Re: Windows source leaked?

[Eric Murray]

On Fri, Feb 13, 2004 at 03:25:11PM -0800, Major Variola (ret) wrote:
 
 I wonder if frags of OSS code can be found in proprietary binaries.

Of course.

Here's an example of MS using BSD code:
http://www.kuro5hin.org/?op=displaystory;sid=2001/6/19/05641/7357
and another:
http://austinlug.org/archives/alg/2002-05/msg00606.html

Re: Windows source leaked?

[Eric Murray]

On Fri, Feb 13, 2004 at 11:45:34AM -0800, Major Variola (ret) wrote:
(in reply to someone else)
 
 Lots has been said about OSS developers not wanting to look at this
 for fear that they will be tainted.  While it is true that simply
 the act of looking at the code is unauthorized and illegal,
 
 If you didn't steal it, its not your problem if you read it.

I disagree.  I don't have time to look up the cases now
but there have been a number of cases of companies being sued for
(effectively) their programmers having SEEN some other code.
The theory being that they are somehow contaminated with
the valuable ideas embodied within and are helpless to resist
implementing them.  This has resulted in
many companies having chinese walls between some programming
groups who are working on a version of a competitors product that
the company has the code for.

This may not be right, but it was extremely common in the early 90s.
It's very expensive so I would be quite suprised if there was not
strong case law on this.

 I wonder
 if there is any truth to the claim that a developer who looked at
 Windows source would endanger future projects (assuming, of course,
 that simple copying---which is clearly illegal---doesn't happen).
 
 How would M$ show that you had in fact read the code?

They'd just alledge that you had, and then have discovery
all through your files.  Essentially any program could look
like an infriging work to some judge somewhere.

If I were a conspiracy theorist I'd say tha MS released the code
themselves just for this reason.

Eric

Re: Windows source leaked?

[Eric Murray]

On Fri, Feb 13, 2004 at 11:45:34AM -0800, Major Variola (ret) wrote:
(in reply to someone else)
 
 Lots has been said about OSS developers not wanting to look at this
 for fear that they will be tainted.  While it is true that simply
 the act of looking at the code is unauthorized and illegal,
 
 If you didn't steal it, its not your problem if you read it.

I disagree.  I don't have time to look up the cases now
but there have been a number of cases of companies being sued for
(effectively) their programmers having SEEN some other code.
The theory being that they are somehow contaminated with
the valuable ideas embodied within and are helpless to resist
implementing them.  This has resulted in
many companies having chinese walls between some programming
groups who are working on a version of a competitors product that
the company has the code for.

This may not be right, but it was extremely common in the early 90s.
It's very expensive so I would be quite suprised if there was not
strong case law on this.

 I wonder
 if there is any truth to the claim that a developer who looked at
 Windows source would endanger future projects (assuming, of course,
 that simple copying---which is clearly illegal---doesn't happen).
 
 How would M$ show that you had in fact read the code?

They'd just alledge that you had, and then have discovery
all through your files.  Essentially any program could look
like an infriging work to some judge somewhere.

If I were a conspiracy theorist I'd say tha MS released the code
themselves just for this reason.

Eric

Re: Windows source leaked?

[Eric Murray]

On Fri, Feb 13, 2004 at 03:25:11PM -0800, Major Variola (ret) wrote:
 
 I wonder if frags of OSS code can be found in proprietary binaries.

Of course.

Here's an example of MS using BSD code:
http://www.kuro5hin.org/?op=displaystory;sid=2001/6/19/05641/7357
and another:
http://austinlug.org/archives/alg/2002-05/msg00606.html

Re: unsub from lne

[Eric Murray]

On Mon, Dec 29, 2003 at 11:42:56AM -0600, Harmon Seaver wrote:
Hmm, maybe Eric needs to undo his spam filter so people can unsub from
 lne.com. I just tried to, but it was rejected as undeliverable spam. Tried

I'm experimenting with a new sendmail milter.
(the SMTP HELO arg needs to be reasonably valid in order to pass).
I've now set it to not reject mail to majordomo at
lne.com.  The blocklist thing is still
in effect, but if you're bounced by that
you get a URL in the bounce message
that you can use to get it fixed.

Eric

Re: unsub from lne

[Eric Murray]

On Mon, Dec 29, 2003 at 07:58:03PM +0100, Thomas Shaddack wrote:
 Another alternative could be a couple lines of PHP or perl, unsubscribing
 via a web form.
 
 On related note, what's a good node to migrate to?

pro-ns.net is running a CDR similar to lne.

A number of other people have gotten my scripts but
I havent' seen any up and running yet.

 PS: Thanks, Eric. It was a good node.

Thanks.  


Eric

Re: unsub from lne

[Eric Murray]

On Mon, Dec 29, 2003 at 11:42:56AM -0600, Harmon Seaver wrote:
Hmm, maybe Eric needs to undo his spam filter so people can unsub from
 lne.com. I just tried to, but it was rejected as undeliverable spam. Tried

I'm experimenting with a new sendmail milter.
(the SMTP HELO arg needs to be reasonably valid in order to pass).
I've now set it to not reject mail to majordomo at
lne.com.  The blocklist thing is still
in effect, but if you're bounced by that
you get a URL in the bounce message
that you can use to get it fixed.

Eric

Re: unsub from lne

[Eric Murray]

On Mon, Dec 29, 2003 at 07:58:03PM +0100, Thomas Shaddack wrote:
 Another alternative could be a couple lines of PHP or perl, unsubscribing
 via a web form.
 
 On related note, what's a good node to migrate to?

pro-ns.net is running a CDR similar to lne.

A number of other people have gotten my scripts but
I havent' seen any up and running yet.

 PS: Thanks, Eric. It was a good node.

Thanks.  


Eric

lne.com CDR to close

[Eric Murray]

The lne.com CDR node will stop accepting new
subscriptions on Jan 1 2004, and will stop forwarding
cypherpunks mail on Jan 15.  There are other nodes
currently and hopefully more will announce themselves.

I've learned a lot on the cpunks list over the last
10 years and I'd like to thank some of the people whose
writing I've enjoyed:  Lucky Green, Black Unicorn, 
Declan McCullagh, Tim May, John Gilmore.


Eric

lne.com CDR to close

[Eric Murray]

The lne.com CDR node will stop accepting new
subscriptions on Jan 1 2004, and will stop forwarding
cypherpunks mail on Jan 15.  There are other nodes
currently and hopefully more will announce themselves.

I've learned a lot on the cpunks list over the last
10 years and I'd like to thank some of the people whose
writing I've enjoyed:  Lucky Green, Black Unicorn, 
Declan McCullagh, Tim May, John Gilmore.


Eric

Re: Speaking of Reason

[Eric Murray]

On Tue, Dec 09, 2003 at 03:05:29PM -0800, Tim May wrote:

 Since Eric Murray has expressed distaste with my views

I pretty much agree with your views, minus the racism and misogny.
On days that the brilliant thoughtful Tim posts, I'm in awe.
When Tim the asshole posts, I'm disgusted.  Unfortunately
these days the latter Tim isn't letting the former Tim
near the keyboard very often.   

 Fuck you dead. Fuck all of you Bolshies dead.

Ok, bye!
plonk

Eric (just to make it crystal clear, Tim's going in my _personal_ killfile)

Re: Speaking of Reason

[Eric Murray]

On Tue, Dec 09, 2003 at 03:05:29PM -0800, Tim May wrote:

 Since Eric Murray has expressed distaste with my views

I pretty much agree with your views, minus the racism and misogny.
On days that the brilliant thoughtful Tim posts, I'm in awe.
When Tim the asshole posts, I'm disgusted.  Unfortunately
these days the latter Tim isn't letting the former Tim
near the keyboard very often.   

 Fuck you dead. Fuck all of you Bolshies dead.

Ok, bye!
plonk

Eric (just to make it crystal clear, Tim's going in my _personal_ killfile)

Re: cypherpunks discussions

[Eric Murray]

On Mon, Dec 08, 2003 at 12:21:21AM -0800, Sarad AV wrote:
 I prefer not getting flamed like every one else and that
 too in quick succesion :-).  so my guess is that as far
 as newbies are concerned all the discussions are taken
 private.

This is why the cpunks list has very little new subscribers...
most newbies who post questions get flamed.  Usually by Tim
who sears them for not having read some post from
1992 or for bringing up a topic that was discussed in 1996.

Perhaps if the archives were complete, well organized and
easy to find it would be appropriate to politely tell newbies to
read the FAQ.  But they're not.   It's also not a complete waste of
time to discuss topics that have been discussed previously...
some new information may come from the discussion.  Someone
who is not interested can just skip those posts.  If the list
is restricted to discusing topics that are only of interest to Tim
(or any long-time member, Tim's not the only one) then
only a few people will even be able to follow the discusssion, let
alone participate.

Tim, before you reply, I suggest that you look back through the
last year or so's worth of your cpunks posts to see how many are
the thoughtful incisive kind vs a barage of insults or complaints
that the poster you are replying to is an idiot.

A related problem is the tendency for a number of posters to turn every
thread into an intellectual dicksizewar.   It's gotten to the point where
I don't post much, and I've been _working_ in security for the 8 years
(and on Usenet, where the dicksizewar was invented, for 15).  I can only
imagine what it's like for new people.  Only the most stubborn
will stay.   The list is selecting for obstinance.

On a related note, I do see the addresses of people who unsubscribe,
and they are often addresses that recently subscribed.  


Other people have made the point that mailing lists are old tech
and I agree.   I don't like the new replacements (blogs, web boards)
as much as lists, but perhaps that's because of what I used first.
Kids these days don't know how to use shell shortcuts either.


BTW, there's about 415 list members.  LNE doesn't censor, we do block
networks that we've gotten spam from.  Currently we block about 12,000
spams a week and receive another 1500 or so.  We're still on dial-up
(Verizon rural phone service sucks).  Allowing those 12,000 spams
through to process them would make our 43k line unuseable.
Hence the blocking.  I explained this to John in private email, and also
explained how to get unblocked by following a link in the bounce message.
He's refused to do this, prefering to claim that I'm censoring him.
Whatever.  The CIA agent reading over my shoulder says that John's way
too paranoid.

I realize that my spam solution is non-optimal but its
the best I can come up with at the moment.

I'm getting tired of running the list.  As it is now it doesn't provide
much value and I could use my time for something else.  Could someone
please set up another node?  I'll send you all my scripts etc.  But I
won't maintain it on a machine you provide, you'll have to do it.
Maybe some of our list members from the government would like
to step forward with some homeland security $$. :-)


Eric

Re: cypherpunks discussions

[Eric Murray]

On Mon, Dec 08, 2003 at 08:31:07AM -0800, Major Variola (ret) wrote:
 
 The advantage of eg Yahoo groups (and presumably blogs)
 is their moderation; the lack thereof enabled spammers to
 bulldoze the commons of usenet.   Inevitable.  

I've been hearing about blog-spamming lately, and I've
seen spammers attack web boards as well.
Spammers are also using worms to get control of victim's
machines and sending their spam from there.

 Kids these days don't know how to use shell shortcuts either.
 
 Not sure what you mean by that.  Shortcut is a M$ term
 for lame-ass sym link.

Sorry, I was in a hurry.
History substition is what I meant...  i.e.

% ericm   mkdir /home/cpun
% ericm  ^pun^punk
% ericm  cd !$
etc.

or any of the hundreds of other history substitution commands.
No one I work with knows any of them; they all either laboriously re-type
or use the command-line editor even when it requires many more keystrokes.
I try to restrain myself from barking out bang dollar!  bang dollar dammit!
but sometimes I can't help it.


Eric

Re: cypherpunks discussions

[Eric Murray]

On Mon, Dec 08, 2003 at 12:21:21AM -0800, Sarad AV wrote:
 I prefer not getting flamed like every one else and that
 too in quick succesion :-).  so my guess is that as far
 as newbies are concerned all the discussions are taken
 private.

This is why the cpunks list has very little new subscribers...
most newbies who post questions get flamed.  Usually by Tim
who sears them for not having read some post from
1992 or for bringing up a topic that was discussed in 1996.

Perhaps if the archives were complete, well organized and
easy to find it would be appropriate to politely tell newbies to
read the FAQ.  But they're not.   It's also not a complete waste of
time to discuss topics that have been discussed previously...
some new information may come from the discussion.  Someone
who is not interested can just skip those posts.  If the list
is restricted to discusing topics that are only of interest to Tim
(or any long-time member, Tim's not the only one) then
only a few people will even be able to follow the discusssion, let
alone participate.

Tim, before you reply, I suggest that you look back through the
last year or so's worth of your cpunks posts to see how many are
the thoughtful incisive kind vs a barage of insults or complaints
that the poster you are replying to is an idiot.

A related problem is the tendency for a number of posters to turn every
thread into an intellectual dicksizewar.   It's gotten to the point where
I don't post much, and I've been _working_ in security for the 8 years
(and on Usenet, where the dicksizewar was invented, for 15).  I can only
imagine what it's like for new people.  Only the most stubborn
will stay.   The list is selecting for obstinance.

On a related note, I do see the addresses of people who unsubscribe,
and they are often addresses that recently subscribed.  


Other people have made the point that mailing lists are old tech
and I agree.   I don't like the new replacements (blogs, web boards)
as much as lists, but perhaps that's because of what I used first.
Kids these days don't know how to use shell shortcuts either.


BTW, there's about 415 list members.  LNE doesn't censor, we do block
networks that we've gotten spam from.  Currently we block about 12,000
spams a week and receive another 1500 or so.  We're still on dial-up
(Verizon rural phone service sucks).  Allowing those 12,000 spams
through to process them would make our 43k line unuseable.
Hence the blocking.  I explained this to John in private email, and also
explained how to get unblocked by following a link in the bounce message.
He's refused to do this, prefering to claim that I'm censoring him.
Whatever.  The CIA agent reading over my shoulder says that John's way
too paranoid.

I realize that my spam solution is non-optimal but its
the best I can come up with at the moment.

I'm getting tired of running the list.  As it is now it doesn't provide
much value and I could use my time for something else.  Could someone
please set up another node?  I'll send you all my scripts etc.  But I
won't maintain it on a machine you provide, you'll have to do it.
Maybe some of our list members from the government would like
to step forward with some homeland security $$. :-)


Eric

Re: cypherpunks discussions

[Eric Murray]

On Mon, Dec 08, 2003 at 08:31:07AM -0800, Major Variola (ret) wrote:
 
 The advantage of eg Yahoo groups (and presumably blogs)
 is their moderation; the lack thereof enabled spammers to
 bulldoze the commons of usenet.   Inevitable.  

I've been hearing about blog-spamming lately, and I've
seen spammers attack web boards as well.
Spammers are also using worms to get control of victim's
machines and sending their spam from there.

 Kids these days don't know how to use shell shortcuts either.
 
 Not sure what you mean by that.  Shortcut is a M$ term
 for lame-ass sym link.

Sorry, I was in a hurry.
History substition is what I meant...  i.e.

% ericm   mkdir /home/cpun
% ericm  ^pun^punk
% ericm  cd !$
etc.

or any of the hundreds of other history substitution commands.
No one I work with knows any of them; they all either laboriously re-type
or use the command-line editor even when it requires many more keystrokes.
I try to restrain myself from barking out bang dollar!  bang dollar dammit!
but sometimes I can't help it.


Eric

Re: Lucrative update mail flood

[Eric Murray]

Sorry about the mail storm.  Someone at monash.edu.au has
apparently set up a mail loop that was resubmitting cpunks mails.

Eric

Re: Lucrative update

[Eric Murray]

Somoneone at monash.edu.au was resending old mails.

Re: Lucrative update mail flood

[Eric Murray]

Sorry about the mail storm.  Someone at monash.edu.au has
apparently set up a mail loop that was resubmitting cpunks mails.

Eric

[declan@well.com: [Politech] FBI visits John Young, asks about anti-government activity [fs]]

[Eric Murray]

- Forwarded message from Declan McCullagh [EMAIL PROTECTED] -

Date: Wed, 05 Nov 2003 17:01:52 -0500
To: [EMAIL PROTECTED]
From: Declan McCullagh [EMAIL PROTECTED]
Subject: [Politech] FBI visits John Young, asks about anti-government activity [fs]


John Young is a longtime supporter of open government and public access to 
government information. See:
http://www.mccullagh.org/cgi-bin/photosearch.cgi?name=john+young

-Declan

---

http://cryptome.org/fbi-cryptome.htm

4 November 2003

Cryptome received a visit today from FBI Special Agents Todd Renner and 
Christopher Kelly from the FBI Counterterrorism Office in New York, 26 
Federal Plaza, telephone (212) 384-1000. Both agents presented official ID 
and business cards.

SA Renner said that a person had reported Cryptome as a source of 
information that could be used to harm the United States. He said Cryptome 
website had been examined and nothing on the site was illegal but 
information there might be used for harmful purposes. He noted that 
information in the Cryptome CDs might wind up in the wrong hands.

SA Renner said there is no investigation of Cryptome, that the purpose of 
the visit was to ask Cryptome to report to the FBI any information which 
Cryptome had a gut feeling could be a threat to the nation.

There was a discussion of the purpose of Cryptome, freedom of information, 
the need for more public information on threats to the nation and what 
citizens can do to protect themselves, the need for more public information 
about how the FBI functions in the field and the intention of visits like 
the one today.

SA Kelly said such visits are increasingly common as the FBI works to 
improve the reporting of information about threats to the US.

Asked what will happen as a result of the visit. SA Renner said he will 
write a report of the visit.

Cryptome said it will publish a report of the visit, including naming the 
agents. Both agents expressed concern about their names being published for 
that might lead to a threat against them and/or their families -- one 
saying that due to copious personal databases any name can be traced.

Cryptome said the reason for publishing names of agents is so that anyone 
can verify that a contact has been made, and that more public information 
is needed on how FBI agents function and who they are.

Cryptome noted that on a previous occasion FBI agents had protested 
publication of their names by Cryptome.

Cryptome did not agree to report anything to the FBI that is not available 
on the website.
___
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

- End forwarded message -

[declan@well.com: [Politech] FBI visits John Young, asks about anti-government activity [fs]]

[Eric Murray]

- Forwarded message from Declan McCullagh [EMAIL PROTECTED] -

Date: Wed, 05 Nov 2003 17:01:52 -0500
To: [EMAIL PROTECTED]
From: Declan McCullagh [EMAIL PROTECTED]
Subject: [Politech] FBI visits John Young, asks about anti-government activity [fs]


John Young is a longtime supporter of open government and public access to 
government information. See:
http://www.mccullagh.org/cgi-bin/photosearch.cgi?name=john+young

-Declan

---

http://cryptome.org/fbi-cryptome.htm

4 November 2003

Cryptome received a visit today from FBI Special Agents Todd Renner and 
Christopher Kelly from the FBI Counterterrorism Office in New York, 26 
Federal Plaza, telephone (212) 384-1000. Both agents presented official ID 
and business cards.

SA Renner said that a person had reported Cryptome as a source of 
information that could be used to harm the United States. He said Cryptome 
website had been examined and nothing on the site was illegal but 
information there might be used for harmful purposes. He noted that 
information in the Cryptome CDs might wind up in the wrong hands.

SA Renner said there is no investigation of Cryptome, that the purpose of 
the visit was to ask Cryptome to report to the FBI any information which 
Cryptome had a gut feeling could be a threat to the nation.

There was a discussion of the purpose of Cryptome, freedom of information, 
the need for more public information on threats to the nation and what 
citizens can do to protect themselves, the need for more public information 
about how the FBI functions in the field and the intention of visits like 
the one today.

SA Kelly said such visits are increasingly common as the FBI works to 
improve the reporting of information about threats to the US.

Asked what will happen as a result of the visit. SA Renner said he will 
write a report of the visit.

Cryptome said it will publish a report of the visit, including naming the 
agents. Both agents expressed concern about their names being published for 
that might lead to a threat against them and/or their families -- one 
saying that due to copious personal databases any name can be traced.

Cryptome said the reason for publishing names of agents is so that anyone 
can verify that a contact has been made, and that more public information 
is needed on how FBI agents function and who they are.

Cryptome noted that on a previous occasion FBI agents had protested 
publication of their names by Cryptome.

Cryptome did not agree to report anything to the FBI that is not available 
on the website.
___
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

- End forwarded message -

Re: Palladium/TCPA/NGSCB

[Eric Murray]

On Thu, Oct 23, 2003 at 11:59:47AM -0700, Major Variola (ret) wrote:
 And virii that infect the immune system can be fun too --imagine a virus
 infecting your antiviral program.  HIV for Windows.


Or a virus that modifes your other programs to make them appear to
be known virii.  You'd have to turn off your AV progams
to keep them from destroying your files (or moving them
around, going crazy with warnings when you start any program, etc)

I'd bet that no AV programs have safeguards against this
sort of false positive attack.

Eric

Re: Palladium/TCPA/NGSCB

[Eric Murray]

On Thu, Oct 23, 2003 at 11:59:47AM -0700, Major Variola (ret) wrote:
 And virii that infect the immune system can be fun too --imagine a virus
 infecting your antiviral program.  HIV for Windows.


Or a virus that modifes your other programs to make them appear to
be known virii.  You'd have to turn off your AV progams
to keep them from destroying your files (or moving them
around, going crazy with warnings when you start any program, etc)

I'd bet that no AV programs have safeguards against this
sort of false positive attack.

Eric

Re: Verisign's Wildcard A-Records and DNSSEC Plans?

[Eric Murray]

ISC is releasing a new BIND to deal with the Verisign land-grab:

http://www.bayarea.com/mld/mercurynews/business/6791550.htm

Re: Verisign's Wildcard A-Records and DNSSEC Plans?

[Eric Murray]

ISC is releasing a new BIND to deal with the Verisign land-grab:

http://www.bayarea.com/mld/mercurynews/business/6791550.htm

Re: GPG Sig test

[Eric Murray]

On Fri, Sep 12, 2003 at 02:08:00PM -0400, Damian Gerow wrote:
 Configure your demime to *not* strip attachments of
 application/pgp-signature.

If someone knows how, please tell me.

Eric

Re: GPG Sig test

[Eric Murray]

On Fri, Sep 12, 2003 at 02:08:00PM -0400, Damian Gerow wrote:
 Configure your demime to *not* strip attachments of
 application/pgp-signature.

If someone knows how, please tell me.

Eric

SSH MITM (was Re: Getting certificates)

[Eric Murray]

On Thu, Sep 04, 2003 at 10:48:55PM -0700, James A. Donald wrote:

 
 On 4 Sep 2003 at 7:56, Eric Murray wrote:
  ..which means that it [ssh-- ericm] still requires an OOB authentication. 
  (or blinding typing 'yes' and ignoring the consequences). But
  that's another subject.
 
 Not true.   Think about what would happen if you tried a man in
 the middle attack on an SSH server. 


you'd get the victim's session:


http://www.monkey.org/%7Edugsong/dsniff/

Abstract
dsniff is a collection of tools for network auditing and penetration
[..]
sshmitm and webmitm implement active monkey-in-the-middle
attacks against redirected SSH and HTTPS sessions by exploiting weak
bindings in ad-hoc PKI.


also see http://sysadmin.oreilly.com/news/silverman_1200.html for 
discussion.

Re: Random musing about words and spam

[Eric Murray]

On Thu, Sep 04, 2003 at 09:02:30PM -0400, Steve Furlong wrote:
 On Tuesday 02 September 2003 19:00, Thomas Shaddack wrote:
  Spammers recently adopted tactics of using randomly generated words,
  eg. wryqf, in both the subject and the body of the message.
 ...
  Could the pseudowords be easily detected by their characteristics,
 ...
  Presence of pseudowords then could be added as one of spam
  characteristics.


Many of them space the code words away from the rest of
the subject text, i.e.

Subject: what if it were true?   5258pf2

I think this is to hide the code word since many mail readers
only show 40-60 characters of the Subject.

I've been id'ing spam by looking for excess whitespace
in the Subject line for a couple years (it's one of
about 200 checks my program makes).  I'm sure
other spam-recognition software does this as well.


Eric

SSH MITM (was Re: Getting certificates)

[Eric Murray]

On Thu, Sep 04, 2003 at 10:48:55PM -0700, James A. Donald wrote:

 
 On 4 Sep 2003 at 7:56, Eric Murray wrote:
  ..which means that it [ssh-- ericm] still requires an OOB authentication. 
  (or blinding typing 'yes' and ignoring the consequences). But
  that's another subject.
 
 Not true.   Think about what would happen if you tried a man in
 the middle attack on an SSH server. 


you'd get the victim's session:


http://www.monkey.org/%7Edugsong/dsniff/

Abstract
dsniff is a collection of tools for network auditing and penetration
[..]
sshmitm and webmitm implement active monkey-in-the-middle
attacks against redirected SSH and HTTPS sessions by exploiting weak
bindings in ad-hoc PKI.


also see http://sysadmin.oreilly.com/news/silverman_1200.html for 
discussion.

[gshively@pivx.com: Blaster / Power Outage Follow up]

[Eric Murray]

- Forwarded message from Geoff Shively [EMAIL PROTECTED] -

From: Geoff Shively [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Blaster / Power Outage Follow up
Date: Wed, 3 Sep 2003 17:31:34 -0700

As suggested the day of the blackout, SCADA / DCS security was
a primary factor in the blackouts.

 --MSBlast's Effect on the Blackout
(29 August 2003)
The MSBlast worm apparently slowed some communications lines that
connect data centers used to manage the power grid, abetting the
cascading effect of the blackout that hit the north-east, mid-west
and parts of Canada last month.  The worm didn't harm the systems, but
did slow down the speed at which networks communicated.  A Bush
administration advisor said that the worm also hampered efforts to ...
restore power in a timely manner.
http://www.computerworld.com/printthis/2003/0,4814,84510,00.html

Correct after all, this is the second admission of blaster
affecting the power systems, one from the Bush administration and one
from First Energy.

Cheers,

Geoff Shively, CHO
PivX Solutions, LLC

http://www.pivx.com


- End forwarded message -

Re: Getting certificates.

[Eric Murray]

On Wed, Sep 03, 2003 at 08:27:18AM -0700, James A. Donald wrote:
 --
 SSH server public/private keys are widely deployed.  PKI public 
 keys are not.  Reason is that each SSH server just whips up its 
 own keys without asking anyone's permission, or getting any 
 certificates.

.which means that it still requires an OOB authentication.
(or blinding typing 'yes' and ignoring the consequences).
But that's another subject.


 Now what I want is a certificate that merely asserts that the  
 holder of the certificate can receive email at such and such an 
 address, and that only one such certificate has been issued for 
 that address.  Such a certification system has very low costs  
 for issuer and recipient, and because it is a nym certificate, 
 no loss of privacy.

Verisign had for a number of years an email-only cert.
That is, they verified that the email address had someone
or something that answered email.  I beleive that they
called this a 'Class 1' cert.
 
 The certs that IE and outlook express accept oddly do not seem 
 to have any provision for defining what the certificate  
 certifies.
 
 This seems a curious and drastic omission from a certificate  
 format.

X.509, PKIX et.al. allow a CA to insert a pointer
to a certificate practice statement, which can define
what the certificate certifies.

 and application of such certificates.  It also, as anyone who  
 tries to get a free certificate from Thawte will discover,  
 makes it difficult, expensive, and inconvenient to get  
 certificates.  

Thwate's making free certs difficult has nothing to do
with the usefulness of certs or X.509 or true names or
whatever, and everything to do with maximizing profit.

Since each cert carries a fixed risk of legal issues
(i.e being sued because they certified X who wasn't X)
Verisign/Thwate want to sell a comparatively few expensive
certs instead of a lot of cheap certs.

Eric

spam blacklists and lne CDR

[Eric Murray]

Hi.  The last couple days I've gotten a lot of mail bounces from cpunks
subscribers who are blocking lne.com because it's on the osirusoft spam
blacklist.  There is no way to get off this list; in fact the site
appears to be down.  Lne.com doesn't send spam; I don't know why we are on
this list.  My guess is that it's becase we're listed on a couple other
extreme blacklists that blacklist entire networks that are owned by
ISPs that the list operator does not like.

If you or your ISP uses this blacklist, I have no choice but to drop
you from the lne cdr lest my mailbox drown in reject messages.

I have mixed feelings about blacklists-- I've had to implement one
here so we didn't drown in spam and it seems to work reasonably well.
But lists that 1) don't let you get off and 2) list sites to pressure
them to change ISPs don't get much respect from me, and neither do the
ISPs that blindly use them.

Eric

[cta@hcsin.net: Re: CNN: 'Explores Possibility that Power Outage is Related to Internet Worm']

[Eric Murray]

Food for thought and grounds for further research:


- Forwarded message from Bernie, CTA [EMAIL PROTECTED] -

Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
List-Id: bugtraq.list-id.securityfocus.com
List-Post: mailto:[EMAIL PROTECTED]
List-Help: mailto:[EMAIL PROTECTED]
List-Unsubscribe: mailto:[EMAIL PROTECTED]
List-Subscribe: mailto:[EMAIL PROTECTED]
Delivered-To: mailing list [EMAIL PROTECTED]
Delivered-To: moderator for [EMAIL PROTECTED]
From: Bernie, CTA [EMAIL PROTECTED]
Organization: HCSIN
To: [EMAIL PROTECTED]
Date: Fri, 15 Aug 2003 14:09:12 -0400
Subject: Re: CNN: 'Explores Possibility that Power Outage is Related to Internet Worm'
Priority: normal
In-reply-to: [EMAIL PROTECTED]
X-mailer: Pegasus Mail for Windows (v4.11)

It is ridiculous to accept that a lightning strike could knock 
out the grid, or the transmission system is over stressed. There 
are many redundant fault, limit and Voltage-Surge Protection 
safeguards and related instrumentation and switchgear installed 
at the distribution centers and sub stations along the Power 
Grid that would have tripped to prevent or otherwise divert such 
a major outage. 

I believe that the outage was caused by the MSblaster, or its 
mutation, which was besieged upon the respective vulnerability 
in certain control and monitoring systems (SCADA and otherwise) 
running MS 2000 or XP, located different points along the Grid. 
Some of these systems are accessible via the Internet, while 
others are accessible by POTS dialup, or private Frame relay and 
dedicated connectivity.

Being an old PLC automation and control hack let me say that 
there is a very good plausibility that the recent East Coast 
power outage was due to an attack by an MBlaster variant on the 
SCADA system at the power plant master terminal, or more likely 
at several of the remote terminal units RTU.  SCADA runs under 
Win2000 / XP and the telemetry to the RTU is accessible via the 
Internet.

From what I recall SCADA based monitoring and control systems 
were installed at many water / sewer processing, gas and oil 
processing, and hydro-electric plants. 

I also believe that yesterdays flooding of a generator sub-
facility in Philadelphia was also due to an MBlaster variant 
attack on the SCADA or similarly Win 2000 / XP based system.  

To make things worst, the Web Interface is MS ActiveX. Now lets 
see, how can one craft an ActiveX vuln vector into the blaster?

Oh, and for the wardrivers, SCADA can be access via wireless 
connections on the road puts a new perspective on sniffing 
around sewer plants.

It is also reasonable to assume that we could have a similar 
security threat regarding those system (SCADA and otherwise 
based on MS 2000 or XP) involved in the control, data 
acquisition, and maintenance of other critical infrastructure, 
such as inter/intra state GAS Distribution, Nuclear Plant 
Monitoring, Water and Sewer Processing, and city Traffic 
Control. IMO

I think we will see a lot of finger pointing by government 
agencies, Utilities, and politicians for the Grid outage, until 
someone confess to the security dilemma and vulnerabilities in 
the systems which are involved in running this critical 
infrastructure.

Regardless of whether the Grid outage can be attributed to the 
blaster or its variant, this is not entirely a Microsoft 
problem, as it reeks of poor System Security Engineering 
practiced by the Utility Companies, and associated equipment and 
technology suppliers.

Nonetheless, the incident will cause lots of money to be 
earmarked by the US and Canadian Governments, to be spent in an 
attempt to solve the problem, or more specifically calm the 
public. 

This incident should be fully investigated, and regulations 
passed to ensure that the Utility companies and their suppliers 
develop and implement proper safeguards that will help prevent 
or at least significantly mitigate the effects of such a 
catastrophe. 

Conversely, I do not want to see our Government directly 
involved in yet another business, which has such a controlling 
impact over our individual lives. 

-




On 14 Aug 2003 at 15:18, Geoff Shively wrote:

 Just flipped on CNN, watching the masses snake through the
 streets of Manhattan as correspondents state that this could be
 an affect of the blaster worm.
 
 Interesting but I don't see how an worm of this magnitude
 (smaller than that of Slammer/Sapphire and others) could
 influence DCS and SCADA systems around the US, particularly just
 in the North East.
 
 Thoughts?
 
 
 Cheers,
 
 Geoff Shively, CHO
 PivX Solutions, LLC
 
-

Bernie 
Chief Technology Architect
Chief Security Officer
[EMAIL PROTECTED]
Euclidean Systems, Inc.
***
// There is no expedient to which a man will not go 
//to avoid the pure labor of honest thinking.   
// Honest thought, the real business capital.
//  

Re: MRAM, persistance of memory

[Eric Murray]

On Thu, Jul 10, 2003 at 04:45:58PM +0200, Thomas Shaddack wrote:
 On Wed, 9 Jul 2003, Eric Murray wrote:
  I doubt it as well.  DRAM also has power-off memory persistence
  and nearly everyone in security ignores that as well.
 
  But not the spooks :
 
  The FEI-374i-DRS is a data recovery system that captures and preserved
  digital data, in its original format, directly from the Dynamic Random
  Access Memory (DRAM) of Digital Telephone Answering Machines (DTAMs)
  ..
  The FEI-374i-DRS is an indispensable tool for forensic investigators
  required to evaluate residual audio and tag information retained in
  today's DRAM-based DTAMs.
 
  http://www.nomadics.com/374idrs.htm
 
 The system doesn't seem to be able to recover data from powered-off DRAM.

[..]

It's still interesting. 


 It is impossible to get access to the voltage on the DRAM cell capacitors
 (at least if the chip is in its case and we can access only its pins). We
 can only see if it is in the range for H or L. And after a power-down (or
 even a sufficiently long period without a refresh of the given cell) the
 cell capacitor loses voltage steadily, reaching the level of L (or maybe
 H?) within at most couple seconds.

I would not bet on that for sensitive data.
See Peter Gutmans and Ross Anderson's papers on RAM memory remanance.


Eric

Re: MRAM, persistance of memory

[Eric Murray]

On Wed, Jul 09, 2003 at 10:23:55AM -0700, Major Variola (ret.) wrote:
 
 Wired has an article on magetic RAM
 http://wired.com/news/technology/0,1282,59559,00.html
 that fails to mention security implications.  Obviously
 nonvolitile RAM presents a different security risk than
 RAM that forgets when powered off.  Will future OSes
 have provisions to keep certain data out of MRAM banks,
 if MRAM doesn't completely displace DRAM?
 I doubt it.

I doubt it as well.  DRAM also has power-off memory persistence 
and nearly everyone in security ignores that as well.

But not the spooks :

The FEI-374i-DRS is a data recovery system that captures and preserved
digital data, in its original format, directly from the Dynamic Random
Access Memory (DRAM) of Digital Telephone Answering Machines (DTAMs)
...
The FEI-374i-DRS is an indispensable tool for forensic investigators
required to evaluate residual audio and tag information retained in
today's DRAM-based DTAMs.

http://www.nomadics.com/374idrs.htm


Eric

Re: idea: brinworld meets the credit card

[Eric Murray]

On Tue, Jul 08, 2003 at 12:16:36PM -0700, Major Variola (ret) wrote:
 Authentication is Something you have / know / are.

[..]

 A picture glued into the card could be forged, but a
 smartcard (with more data area than a magstripe)
 could include a picture of the account holder,
 so a thief has no idea what to look like.  But the vendor can
 check the encrypted smartcard face to the face on the phone
 or webcam.  For high-value remote transactions, where you
 pay someone to check faces, this might be viable in a few years.
 In a few years after that, machines might be able to check faces
 more cheaply, as reliably.
 
 The live face-check with embedded digital photos is already standard
 practice
 on high-security building-entry cards (and passports?),
 with the guard comparing the card-embedded face to the one before him.
 Ubiquitous cameras will bring that face-check to remote transactions,
 reducing cost due to lower fraud.
 
 Thoughts?

How does it allow the merchant to view the picture
while preventing the thief from doing so?

Saying it's encrypted is, at best, sweeping a very large
problem under a small rug.  Who holds the key?  How
does the card or the user authenticate a real merchant vs.
a thief posing as a merchant?

Those are the hard problems.  No one in biometrics
has yet been able to solve them in a general way.

Eric

[eb@comsec.com: Re: Maybe It's Snake Oil All the Way Down]

[Eric Murray]

- Forwarded message from Eric Blossom [EMAIL PROTECTED] -

Date: Tue, 3 Jun 2003 13:25:50 -0700
From: Eric Blossom [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
X-Orig-To: John Kelsey [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], EKR [EMAIL PROTECTED],
   Scott Guthery
  [EMAIL PROTECTED], Rich Salz [EMAIL PROTECTED],
   Bill
  Stewart [EMAIL PROTECTED], cypherpunks [EMAIL PROTECTED],
   [EMAIL PROTECTED]
Subject: Re: Maybe It's Snake Oil All the Way Down
In-Reply-To: [EMAIL PROTECTED]
User-Agent: Mutt/1.4i

On Tue, Jun 03, 2003 at 10:42:01AM -0400, John Kelsey wrote:
 At 10:09 AM 6/2/03 -0400, Ian Grigg wrote:
 ...
  (One doesn't hear much about
 crypto phones these days.  Was this really a need?)

Yes, I believe there is a need.

In my view, there are two factors in the way of wide spread adoption:
cost and ease of use.

Having spent many years messing with these things, I've come to the
conclusion that what I personally want is a cell phone that implements
good end-to-end crypto.  This way, I've always got my secure
communication device with me, there's no bag on the side, and it can
be made almost completely transparent.

 And for cellphones, I keep thinking we need a way to sell a secure 
 cellphone service that doesn't involve trying to make huge changes to the 
 infrastructure, ...

Agreed.  Given a suitably powerful enough Java or whatever equipped
cell phone / pda and an API that provides access to a data pipe and
the speaker and mic, you can do this without any cooperation from the
folks in the middle.  I think that this platform will be common within
a couple of years.  The Xscale / StrongARM platform certainly has
enough mips to handle both the vocoding and the crypto.

Also on the horizon are advances in software radio that will enable
the creation of ad hoc self organizing networks with no centralized
control.  There is a diverse collection of people supporting this
revolution in wireless communications.  They range from technologists,
to economists, lawyers, and policy wonks.  For background on spectrum
policy issues see http://www.reed.com/openspectrum,
http://cyberlaw.stanford.edu/spectrum or http://www.law.nyu.edu/benklery

Free software for building software radios can be found at the 
GNU Radio web site http://www.gnu.org/software/gnuradio

Eric

- End forwarded message -

[eay@pobox.com: Re: Maybe It's Snake Oil All the Way Down]

[Eric Murray]

- Forwarded message from Eric Young [EMAIL PROTECTED] -

Date: Wed, 04 Jun 2003 01:05:24 +1000
From: Eric Young [EMAIL PROTECTED]
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3)
  Gecko/20030312
X-Accept-Language: en-us, en
To: [EMAIL PROTECTED]
X-Orig-To: [EMAIL PROTECTED]
CC: EKR [EMAIL PROTECTED], Eric Murray [EMAIL PROTECTED],
   Scott Guthery
  [EMAIL PROTECTED], Rich Salz [EMAIL PROTECTED],
   Bill
  Stewart [EMAIL PROTECTED], cypherpunks [EMAIL PROTECTED],
   [EMAIL PROTECTED]
Subject: Re: Maybe It's Snake Oil All the Way Down
In-Reply-To: [EMAIL PROTECTED]

Ian Grigg wrote:

It's like the GSM story, whereby 8 years
down the track, Lucky Green cracked the
crypto by probing the SIMs to extract
the secret algorithm over a period of
many months (which algorithm then fell to
Ian Goldberg and Dave Wagner in a few hours).

In that case, some GSM guy said that, it
was good because it worked for 8 years,
that shows the design was good, doesn't
it?

And Lucky said, now you've got to replace
hundreds of millions of SIMs, that's got
to be a bad design, no?
  

Well the point here is that the data encryption in GSM is not relevant to
the people running the network.  The authentication is secure,
so there is no fraud, so they still get the money from network
usage.  Privacy was never really there since
the traffic is not encrypted once it hit the base station, so the
relevant government agencies can be kept happy.
The encryption was only relevant to protect the consumers
from each other.

eric (hopefully remembering things correctly)

- End forwarded message -

[eb@comsec.com: Re: Maybe It's Snake Oil All the Way Down]

[Eric Murray]

- Forwarded message from Eric Blossom [EMAIL PROTECTED] -

Date: Tue, 3 Jun 2003 15:50:37 -0700
From: Eric Blossom [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
X-Orig-To: John Kelsey [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], EKR [EMAIL PROTECTED],
   Scott Guthery
  [EMAIL PROTECTED], Rich Salz [EMAIL PROTECTED],
   Bill
  Stewart [EMAIL PROTECTED], cypherpunks [EMAIL PROTECTED],
   [EMAIL PROTECTED]
Subject: Re: Maybe It's Snake Oil All the Way Down
In-Reply-To: [EMAIL PROTECTED]
User-Agent: Mutt/1.4i

On Tue, Jun 03, 2003 at 06:17:12PM -0400, John Kelsey wrote:
 At 01:25 PM 6/3/03 -0700, Eric Blossom wrote:
 ...

 I agree end-to-end encryption is worthwhile if it's available, but even 
 when someone's calling my cellphone from a normal landline phone, I'd like 
 it if at least the over-the-air part of the call was encrypted.  That's a 
 much bigger vulnerability than someone tapping the call at the base station 
 or at the phone company.

GSM and CDMA phones come with the crypto enabled.  The crypto's good
enough to keep out your neighbor (unless he's one of us) but if you're
that paranoid, you should opt for the end-to-end solution.  The CDMA
stuff (IS-95) is pretty broken: *linear* crypto function, takes 1
second worst case to gather data sufficient to solve 42 equations in
42 unknowns, but again, what's your threat model?  Big brother and
company are going to get you at the base station...

At our house we've pretty much given up on wired phone lines.  We use
cell phones as our primary means of communication.  Turns out that
with the bundled roaming and long distance, it works out cheaper than
what we used to pay for long distance service.  There is that pesky
location transponder problem though.

 ...which will basically never be secured end-to-end if 
 this requires each of those people to buy a special new phone, or do some 
 tinkering with configuring secure phone software for their PDA.  Hmmm, 
 which key size do I need?  Is 1024 bits long enough?  Why do I have to move 
 the mouse around, again, anyway?

It doesn't have to be hard.  No requirement for PKI.  Just start with
an unauthenticated 2k-bit Diffie-Hellman and be done with it.

Eric

- End forwarded message -

[PaulLambert@AirgoNetworks.Com: Re: BIS Disk Full]

[Eric Murray]

- Forwarded message from Paul Lambert [EMAIL PROTECTED] -

Subject: Re: BIS Disk Full
Date: Mon, 2 Jun 2003 22:50:20 -0700
Thread-Topic: Re: BIS Disk Full
Thread-Index: AcMpAGDW0rLn6AHCQFSmRRWCM9LG7QAkdTWg
From: Paul Lambert [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
X-Orig-To: Declan McCullagh [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
   [EMAIL PROTECTED]
X-MIME-Autoconverted: from quoted-printable to 8bit by gw.lne.com id
  h535oULl001507

Is it this?
http://snap.bis.doc.gov/

The correct URL is:

http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html
This site contains the full process to export encryption source code
that would be considered publicly available

The site has you e-mail to three addresses:
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
You can also send a disk to both to 14th Street and Pennsylvania Avenue
and Fort Meade

I've submitted twice and never gotten an acknowledgement ... can't
imagine that they are that busy.

Paul



-Original Message-
From: Declan McCullagh [mailto:[EMAIL PROTECTED] 
Sent: Sunday, June 01, 2003 8:52 PM
To: Anonymous
Cc: [EMAIL PROTECTED]
Subject: Re: BIS Disk Full


URL?

Is it this?
http://snap.bis.doc.gov/

Email to [EMAIL PROTECTED] does not bounce, at least not immediately.

-Declan

On Sat, May 31, 2003 at 01:34:00PM -0700, Anonymous wrote:
 I tried to notify the BIS that I was posting some code and I 
got this 
 error back:
  [EMAIL PROTECTED]:
  170.110.31.61 failed after I sent the message.
  Remote host said: Can't create transcript file 
./xfh4VJhUa02511: No 
  space left on device
 
  [EMAIL PROTECTED]:
  170.110.31.61 failed after I sent the message.
  Remote host said: Can't create transcript file 
./xfh4VJhVC02512: No 
  space left on device
 Are our rights suspended until they get their system fixed? :-)

- End forwarded message -

all your base are a terrorist threat

[Eric Murray]

Some kids put up all your base are belong to us flyers in
Missouri and the police arrested them for being terrorists.

http://sturgisjournal.com/display/inn_news/news1.txt

Re: All your base are terrorists

[Eric Murray]

On Fri, Apr 04, 2003 at 06:57:50PM -0600, Roy M.Silvernail wrote:
 On Friday 04 April 2003 03:54 pm, Eric spake:
  Some kids put up all your base are belong to us flyers in
  Missouri and the police arrested them for being terrorists.
 
  http://sturgisjournal.com/display/inn_news/news1.txt
 
 That's an ephemeral URL.  But a quick search of their archive produced no 
 hits.  Got a better link?

It's still there for me.

Here's the text for the browsing-impaired:


Signs land seven in court

By CLIFFORD JEFFERY STURGIS JOURNAL

What started as an April Fool's joke involving bad grammar landed seven
people in jail Tuesday.

Sturgis police arrested seven Sturgis men for placing more than 20
threatening letters on various businesses, schools, banks and at the
post office. At least 12 signs were posted Monday morning. Another 20
were put up Tuesday evening, according to Sturgis police.

The letters all read All your base are belong to us and you have no
chance to survive, make your time.

Information about the letters was forwarded to the FBI and U.S. postal
authorities, said Sturgis police Chief Eugene Alli.

This is no joking matter, he said. During a time of war and with
the present concern for homeland security, terrorist acts will not be
tolerated and will be prosecuted to the fullest extent of the law.

The All your base are belong to us are lines said by Cats, a bad guy
in a 1989 Japanese video game. The poor translation to English led to
its use by many involved in the video game culture.

According to the All your base are belong to us Web site, a voiceover
of the Zero Wing video game introduction, including the poorly translated
line, was put to music and sung by a Wayne Newton impersonator. Stories
about the phrase have appeared in Time, USA Today, The Los Angeles Times
and Wired. The phrase is printed on T-shirts and bumper stickers.

But police were not in on the joke.

Officer Damon Knapp witnessed three people placing the signs on a downtown
business. By early this morning, police had arrested seven men, charging
them with disorderly conduct.

Robert McNew, 20, Carl McNew, 19, John Wolf, 20, William Caldwell,
17, Dustin Garn, 19, Kirk Vezeau, 20, and Kyle Woodward, 18, were all
released after posting bond.

aljazeera.net blocking

[Eric Murray]

Getting a 503 or any HTTP error means that you are getting
through to something that is too busy.
An HTTP error jibes with the usual result of a web site hack
that takes down the server.  But it also could be a result of
too many connection attempts.

Not being able to resolve the name indicates something
different than too many users or a web site hack, since the name
information comes from DNS servers which are not on the same network.
Simplifying a lot, the ultimate DNS record comes from the registrar
who places it on the root servers.

If the root servers no longer have the record, then no one
will be able to resolve the name (modulo local cache timeouts, usually of
a day or so).

ALJAZEERA.NET is registered by networksolutions.com (Verisign), who
also control most of the root servers as well.
Two days ago, ALJAZEERA.NET resolved to an IP address that
had a web server on it.  Yesterday, it couldn't be resolved.
Today it points to 216.34.94.186.

216.34.94.186 appears to belong to a Cable  Wireless IP block.
A traceroute ends at a CW router that is probably somewhere
in America:

 9  p0-0-0-1.rar1.sanjose-ca.us.xo.net (65.106.1.65)  4.936 ms  9.793 ms  4.802 ms
10  p0-0.ir1.paloalto-ca.us.xo.net (65.106.5.194)  5.489 ms  5.389 ms  5.461 ms
11  bpr2-so-6-0-0.paloaltopaix.cw.net (206.24.241.213)  5.398 ms  15.071 ms  5.223 ms
12  agr2-loopback.santaclara.cw.net (208.172.146.102)  5.680 ms  5.569 ms  5.802 ms
13  dcr2-so-7-1-0.santaclara.cw.net (208.172.156.185)  7.210 ms  5.810 ms  7.434 ms
14  acr1-loopback.seattle.cw.net (208.172.82.61)  23.783 ms  26.939 ms  23.587 ms
15  bhr1-pos-0-0.tukwilase2.cw.net (208.172.83.130)  24.920 ms  24.461 ms  24.630 ms
16  csr11-ve240.tukwilase2.cw.net (216.34.64.34)  25.067 ms  24.883 ms  24.769 ms
17  * * *
18  * * *


They could have picked a bad time to move servers and be doing it
incompetently.  Hackers could have spoofed Verisign into changing
their DNS record, and have broken into router control networks
to break their routing.  Or the US government could be ordering
Verisign and CW to make ALJAZEERA.NET unavailable.

Eric

Re: U.S. Drops 'E-Bomb' On Iraqi TV

[Eric Murray]

On Wed, Mar 26, 2003 at 03:24:01AM -0800, Sarad AV wrote:

 it doesnt matter as long as Al-Jazeera is live and
 kicking and the camera's are rolling.


Yesterday morning I could get to english.aljazeera.net.
As of yesterday afternoon, it has become unavailable.

Supposedly they are victims of hackers but yesterday a traceroute
from california stopped somewhere in Sprints' network in the US.

This morning I can't even resolve their name.
None of their listed nameservers will respond.


Eric

Re: U.S. Drops 'E-Bomb' On Iraqi TV

[Eric Murray]

On Wed, Mar 26, 2003 at 03:24:01AM -0800, Sarad AV wrote:

 it doesnt matter as long as Al-Jazeera is live and
 kicking and the camera's are rolling.


Yesterday morning I could get to english.aljazeera.net.
As of yesterday afternoon, it has become unavailable.

Supposedly they are victims of hackers but yesterday a traceroute
from california stopped somewhere in Sprints' network in the US.

This morning I can't even resolve their name.
None of their listed nameservers will respond.


Eric

faking WMD evidence

[Eric Murray]

Apparently the CIA and MI6 have been faking WMD evidence for quite a while:

http://www.newyorker.com/fact/content/?030331fa_fact1

Re: IDEA

[Eric Murray]

On Sat, Mar 22, 2003 at 09:40:50AM +, [EMAIL PROTECTED] wrote:

 
 IDEA is listed on the fourth line, so it seems IDEA was installed with
 OpenSSL, but MixMaster's install may be improperly detecting that IDEA
 is absent.  It's when I run the Mixmaster install that I get the
 error:
 
...
Looking for libz.a...
Found at /usr/lib/libz.so.
Found source directory zlib-1.1.4.
Use the source if the pre-installed library causes compilation problems.
Use source? [n]
Looking for libpcre.a...
Found source directory pcre-2.08.
Looking for libcrypto.a...
Found at /usr/local/ssl/lib/libcrypto.a.
./Install: [: 90701f: integer expression expected

I think that line means that mixmaster's install script isn't
properly identifying the version of Openssl.  If it were
me, I'd fix the Mixmaster install script.


./Install: tmptst.c: Permission denied
gcc: tmptst.c: No such file or directory

Yep, the install script needs help.


BTW, if you will be posting Mixmaster messages to the cpunks
list, could you fix it so it uses an informative Subject: line
instead of Mixmaster Type III Message?  

Eric

Re: IDEA

[Eric Murray]

On Sat, Mar 22, 2003 at 09:40:50AM +, [EMAIL PROTECTED] wrote:

 
 IDEA is listed on the fourth line, so it seems IDEA was installed with
 OpenSSL, but MixMaster's install may be improperly detecting that IDEA
 is absent.  It's when I run the Mixmaster install that I get the
 error:
 
...
Looking for libz.a...
Found at /usr/lib/libz.so.
Found source directory zlib-1.1.4.
Use the source if the pre-installed library causes compilation problems.
Use source? [n]
Looking for libpcre.a...
Found source directory pcre-2.08.
Looking for libcrypto.a...
Found at /usr/local/ssl/lib/libcrypto.a.
./Install: [: 90701f: integer expression expected

I think that line means that mixmaster's install script isn't
properly identifying the version of Openssl.  If it were
me, I'd fix the Mixmaster install script.


./Install: tmptst.c: Permission denied
gcc: tmptst.c: No such file or directory

Yep, the install script needs help.


BTW, if you will be posting Mixmaster messages to the cpunks
list, could you fix it so it uses an informative Subject: line
instead of Mixmaster Type III Message?  

Eric

Re: surveillance nation

[Eric Murray]

On Tue, Mar 18, 2003 at 01:17:21PM -0500, Sunder wrote:
 Interesting, lne.com flagged this as spam.

We probably rejected the SMTP connection as coming from
a source that's sent us spam in the past.  Read the
bounce message and use the URL to send me the ID code please.

There's no content-based spam filtering on the lne cpunks list.


Eric

Re: surveillance nation

[Eric Murray]

On Tue, Mar 18, 2003 at 01:17:21PM -0500, Sunder wrote:
 Interesting, lne.com flagged this as spam.

We probably rejected the SMTP connection as coming from
a source that's sent us spam in the past.  Read the
bounce message and use the URL to send me the ID code please.

There's no content-based spam filtering on the lne cpunks list.


Eric

Re: Press Coverage, Snarky Media Personalities, and War

[Eric Murray]

On Sat, Mar 01, 2003 at 01:43:58PM -0800, Eric Cordian wrote:
 Tim May wrote:
 
  P.S. I plan to make strong efforts to stop my new address from being 
  harvested by spammers, such as using [EMAIL PROTECTED] in 
  Usenet posts. I hope this works.
 
 I'm pretty sure, based on my spam volume, that spammers grep Cypherpunks
 for email addresses.

I don't think that spammers bother to subscribe to mailing lists
directly.
I think they use google to search for email addresses
on the web.  Cpunks is web archived.
/[EMAIL PROTECTED](com|net)/ is probably a great way to find
valid addresses.

 So you're probably already hosed.

I probably spend half an hour to an hour a week on
spam blocks of various sorts.  This week I blocked
3800 spams to lne.com, and foiled another thousand
SMTP name searches.  lne.com only has a few users.
That spam count doesn't count the spam that goes to cpunks, most
of which is filtered out before I see it.

It's to the point where I'm considering actively fighting back.

Eric

Re: To Steve Schear, re Rome, Architects, Shuttles, Congress

[Eric Murray]

On Thu, Feb 20, 2003 at 11:32:43PM -0500, Major Variola (ret) wrote:
 
 Carburetor?  Didn't that connect to the phonograph through a cat's whisker? 

Carburetor is French for leave it alone.

While only one of my cars is old enough to have a carb, all but one of
the 10 or so motorcycles in the garage do.  So I work on carbs a lot.
They are a marvel of applied physics and they work pretty well.  And if
you are careful and keep things clean
(carbs hate dirt), they are easy to work on.

  but except for my first auto mechanics class, I didn't mess with brakes -
  if I mess up an engine, my car might not go anywhere, but that's
  usually fail-safe, while making mistakes on brakes is fail-dangerous.
 
 Bingo.   And hacking on production machines is a no-no.

It was a bit tough for street cars for a while, but these days
there's a lot you can do and be 100% legal.  Many aftermarket
manufacturers get EPA approval for their bits (not difficult to do).
Fuel-injection has made automotive systems both simpler and
more readily modified.  It's a lot easier to plug a laptop in and
diddle the fuel mapping than it is to take the carb(s) off
and change jets.


I prefer motorcycles to cars as they are much easier to work
on and there are fewer regulations and less enforcement, even
in California.  And many of the bikes I have worked on have
been competition bikes, not road bikes.

 Doncha wish there was a traceroute for hoses under the hood? 
 
 Cars look like the hoses pipes and tubes in _Brazil_ nowadays.

Not nearly as bad as they did in the 80s.  I have an early 80s
Toyota 4x4 farm truck and it's got probably 40-60 different
Little Black Hoses plus assorted Mystery Boxes.  New cars just have an FI
computer and a throttle body and a few wires.

Some vehicles (i.e. Ducati 999 motorcycle) use a digital network
instead of dedicated circuits.  Making it even more amenable to hacking, at
least until the factory figures out DRM...
The future is in a few powerful networked computers per vehicle
instead of many dumb microprocessors on seperate circuits.  This will make
vehicles even more hackable.

The other place that computer tech is changing things for the
home vehicle haxor is in machining.  There are a lot of
cheap CNC setups available now.  Most use PCs.  One of the better
CNC programs runs on Linux and was developed by/for NIST, who
distributes it free.
 
 [1] Air Quality Management District, the pollution police in SoCal at 
 least.  They make 2-cycle engines and useful BBQ lighter fluid illegal here.
 Also won't let you register a car if you've modified the pollution controls
 in any way, since mods are officially bad and you can't register a car
 without a periodic smog check.

You're not supposed to paint your own vehicles in SoCal either, automotive
paint being a VOC.  But a back room or garage can be made into
a dandy hidden paint booth.  All you need is a fan and some plastic
sheeting and duct tape.  The fumes will disperse enough
that the neighbors probably won't notice, and if they do they'll
just think that you're running a meth lab.

Eric

Re: To Steve Schear, re Rome, Architects, Shuttles, Congress

[Eric Murray]

On Thu, Feb 20, 2003 at 11:32:43PM -0500, Major Variola (ret) wrote:
 
 Carburetor?  Didn't that connect to the phonograph through a cat's whisker? 

Carburetor is French for leave it alone.

While only one of my cars is old enough to have a carb, all but one of
the 10 or so motorcycles in the garage do.  So I work on carbs a lot.
They are a marvel of applied physics and they work pretty well.  And if
you are careful and keep things clean
(carbs hate dirt), they are easy to work on.

  but except for my first auto mechanics class, I didn't mess with brakes -
  if I mess up an engine, my car might not go anywhere, but that's
  usually fail-safe, while making mistakes on brakes is fail-dangerous.
 
 Bingo.   And hacking on production machines is a no-no.

It was a bit tough for street cars for a while, but these days
there's a lot you can do and be 100% legal.  Many aftermarket
manufacturers get EPA approval for their bits (not difficult to do).
Fuel-injection has made automotive systems both simpler and
more readily modified.  It's a lot easier to plug a laptop in and
diddle the fuel mapping than it is to take the carb(s) off
and change jets.


I prefer motorcycles to cars as they are much easier to work
on and there are fewer regulations and less enforcement, even
in California.  And many of the bikes I have worked on have
been competition bikes, not road bikes.

 Doncha wish there was a traceroute for hoses under the hood? 
 
 Cars look like the hoses pipes and tubes in _Brazil_ nowadays.

Not nearly as bad as they did in the 80s.  I have an early 80s
Toyota 4x4 farm truck and it's got probably 40-60 different
Little Black Hoses plus assorted Mystery Boxes.  New cars just have an FI
computer and a throttle body and a few wires.

Some vehicles (i.e. Ducati 999 motorcycle) use a digital network
instead of dedicated circuits.  Making it even more amenable to hacking, at
least until the factory figures out DRM...
The future is in a few powerful networked computers per vehicle
instead of many dumb microprocessors on seperate circuits.  This will make
vehicles even more hackable.

The other place that computer tech is changing things for the
home vehicle haxor is in machining.  There are a lot of
cheap CNC setups available now.  Most use PCs.  One of the better
CNC programs runs on Linux and was developed by/for NIST, who
distributes it free.
 
 [1] Air Quality Management District, the pollution police in SoCal at 
 least.  They make 2-cycle engines and useful BBQ lighter fluid illegal here.
 Also won't let you register a car if you've modified the pollution controls
 in any way, since mods are officially bad and you can't register a car
 without a periodic smog check.

You're not supposed to paint your own vehicles in SoCal either, automotive
paint being a VOC.  But a back room or garage can be made into
a dandy hidden paint booth.  All you need is a fan and some plastic
sheeting and duct tape.  The fumes will disperse enough
that the neighbors probably won't notice, and if they do they'll
just think that you're running a meth lab.

Eric

Re: To Steve Shear, re Rome, Architects, Shuttles, Congress

[Eric Murray]

On Wed, Feb 19, 2003 at 08:27:31PM -0500, Major Variola (ret) wrote:

 Hackers don't work on their own brakes for a reason: evolution.

I do.  That way I know they were done right.
Specialization is for insects.

Eric

Re: Digital Certificates

[Eric Murray]

On Tue, Feb 18, 2003 at 01:22:21PM -0800, Joseph Ashwood wrote:
 I was just wondering if anyone has a digital certificate issuing system I
 could get a few certificates issued from. Trust is not an issue since these
 are development-only certs, and won't be used for anything except testing
 purposes.

Whenever I need some test certs I use openssl to generate them.
(Or an ingrian box, but not many people have one of those.)
There's instructions in the openssl docs.  For test purposes
you don't need openca, its only needed if you want to
issue a lot of certs automagically.

 The development is for an open source PKCS #11 test suite.

Let me know when its done, I could use it.


Eric

Re: The practical reason the U.S. is starting a war

[Eric Murray]

On Fri, Feb 14, 2003 at 09:54:33AM -0800, Tim May wrote:
 I've been watching the Security Council session this morning. Positions 
 are established.


The French diplomat gave a wonderful speech, but its all for show.
The real decisions are made in the back rooms.

[..]

 * The reason is clear: the juggernauts of the military buildup are 
 rolling: 5 carrier battle groups now either in the region or arriving 
 within the next 10 days. More than 100,000 U.S. and British troops 
 massing in Kuwait, Qatar, and other staging areas.
 
 * The new moon, when moonlight is minimal, is happening around 1 March. 
 This is the standard military time to attack, and fits with the 
 cresting of the military buildup. (Carriers and aircraft and troops 
 should be in place by 25 February, and so the war could start any time 
 after that.)

It's been well known for months in the rest of the world that the war is
scheduled to start on the 27th.  Our media isn't mentioning that, to
heighten the suspense and preserve the various fictions of
working with the UN and having a debate.


 All of these issues point to what a clusterfuck this is turning into, 
 exposing the hypocrisy of the U.S. position that it doesn't start wars 
 (a claim that can never be made again with a straight face if this war 
 starts...though some would say this claim has been bogus for the past 
 40 years). 

Having its hypocrisy exposed no longer bothers american
adminstrations.  The Big Lie technique works better now than it ever did.

 And exposing the hypocrisy of the notion that Congress 
 debates important issues. And of course the U.N. suffers.
 
 Not all of these things are bad. Which is why I am hoping for a war. A 
 war that goes badly, a war that results in world opinion turning 
 sharply against the American aggressor state. 

Our government won't care.  They own the world and they know it.
France will block a UN resolution because the USG didn't cut them
in for enough of the oil fields, and the USG will go ahead anyhow.
Any government that opposes too seriously will find itself part
of the axis of evil.

 A war that causes Iran to 
 decide to seize some disputed territory (what we gonna do then, homey?).

Invade and set up a puppet government of course.
 
 A war that returns the United States to blissful isolationism.

Won't happen.  Even if the war costs $200B/year they'll just raise
taxes on the middle class and run up the deficit and Congress will
bleat 'yea' votes when required.

 A war that, Allah willing, causes Washington, D.C. to be be hit with a 
 suitcase nuke, cleansing it of a million criminal politicians and two 
 million inner city welfare mutants. 'Tis a consummation devoutly to be 
 wished.
 

Not.
The rot and corruption runs far too deep in politics for a single hit
on DC to change anything fundamental, and the vicious police state that would
result would be far worse than any of our current nightmares.


Eric

ClearChannel memo Preparing for war

[Eric Murray]

Appropriate to the recent media thread, a leaked ClearChannel memo
on some station's war preperations:

http://www.internalmemos.com/memos/memodetails.php?memo_id=1329

They're clearly salivating at the prospect.

Eric

Re: Shuttle Humor, Risk Estimation

[Eric Murray]

On Mon, Feb 03, 2003 at 05:01:41PM -0600, Harmon Seaver wrote:
 
 The biggest question there is why didn't they inspect it? Seems very
 bizarre, since that's what they did in the past. 

All the KH-71s were busy mapping Iraq's oil fields
and photographing Saddam's nose hairs.

Eric

Re: Shuttle Humor, Risk Estimation

[Eric Murray]

On Mon, Feb 03, 2003 at 05:01:41PM -0600, Harmon Seaver wrote:
 
 The biggest question there is why didn't they inspect it? Seems very
 bizarre, since that's what they did in the past. 

All the KH-71s were busy mapping Iraq's oil fields
and photographing Saddam's nose hairs.

Eric

Re: Touching shuttle debris may cause bad spirits to invade your body!

[Eric Murray]

On Sun, Feb 02, 2003 at 10:19:27AM -0800, Tim May wrote:
 
 A real journalist would just roll his eyes and say Look, folks, NASA 
 wants these pieces to be aid in reconstructing the accident. There are 
 no traces of liquid propellants and deadly chemicals on these pieces. 
 And they certainly didn't stay hot for long. NASA is trying to get us 
 to feed you jive so you'll be properly frightened and won't touch 
 them.?

No one with the gumption to say the truth is allowed near a mic
at any major media outlet.  Instead they get marginalized as a
conspiracy theorist along with the UFO idiots, and the mass media
hire dolts who will read what they're told to read.

I'm not sure which is more irritating-- the obvious way in which
the govermedia manipulate the issue, or their automatic assumption that
americans are too stupid/criminal to turn in all the parts they
find if NASA just said we need all the parts, please bring 'em in.


Eric

Re: Life Sentence for Medical Marijuana?

[Eric Murray]

On Fri, Jan 31, 2003 at 04:50:00PM -0800, Eric Cordian wrote:
 http://www.foxnews.com/story/0,2933,77234,00.html
 
 The Feebs are crowing over their latest victory, having just obtained a
 conviction against a medical marijuana grower for the city of Oakland.

They went after Ed Rosenthal because he is the author of
a popular book on growing dope.


There is no such thing as medical marijuana, said 
 Richard Meyer, a DEA spokesman. We're Americans 
 first, Californians second.

Interesting how selective the states rights crowd in Washington is.

Eric

Re: Cpunks: The Tee-shirt

[Eric Murray]

On Thu, Dec 12, 2002 at 04:11:21PM -0500, Trei, Peter wrote:
 I was poking around thinkgeek, and it appears that
 the CDR now has it's own tee-shirt.
 Suitable for old farts and wannabes alike.
 Now available in black!
 
 Peter Trei
 http://www.thinkgeek.com/tshirts/coder/57ee/

Not The Fedz declared me an enemy combatant, sent
me to Cuba for torture and all I got was this lousy T-shirt?


Eric

Re: Cpunks: The Tee-shirt

[Eric Murray]

On Thu, Dec 12, 2002 at 04:11:21PM -0500, Trei, Peter wrote:
 I was poking around thinkgeek, and it appears that
 the CDR now has it's own tee-shirt.
 Suitable for old farts and wannabes alike.
 Now available in black!
 
 Peter Trei
 http://www.thinkgeek.com/tshirts/coder/57ee/

Not The Fedz declared me an enemy combatant, sent
me to Cuba for torture and all I got was this lousy T-shirt?


Eric

CDR administrivia

[Eric Murray]

I've just been made aware of a bug in my CDR code
that causes MIME-encoded mail that uses the (rare)
Content-Type: multipart/mixed to get dropped into the bit bucket.

I'll fix it soon, but in the mean time please post in plain ASCII.
You should post in plain ascii anyhow since any MIME gets demimed
(the demime program being the problem in this case) but I know that
some mailers don't make it easy and some people post from environments
where MIME encoding is the norm and forget to switch.

Eric

CDR administrivia

[Eric Murray]

I've just been made aware of a bug in my CDR code
that causes MIME-encoded mail that uses the (rare)
Content-Type: multipart/mixed to get dropped into the bit bucket.

I'll fix it soon, but in the mean time please post in plain ASCII.
You should post in plain ascii anyhow since any MIME gets demimed
(the demime program being the problem in this case) but I know that
some mailers don't make it easy and some people post from environments
where MIME encoding is the norm and forget to switch.

Eric

Re: stego building

[Eric Murray]

On Sun, Nov 24, 2002 at 03:54:13PM -0800, Bill Stewart wrote:
 That, or it's a dot-com that didn't make it,
 or an office-space construction that someone hoped to sell to a dot-com
 but missed the boom.  There's huge amounts of that in SF.

They wouldn't have security if it was empty, and would
probably have at least one sign if it was occupied.

Also, office space tends to have windows.

Perhaps its a phone company CO or other facility.  I have seen large
windowlwss concrete buildings used by the phone company before.  Or maybe
that's just what they want us to think...



Eric

 
 At 05:37 PM 11/24/2002 -0600, Neil Johnson wrote:
 On Sunday 24 November 2002 04:49 pm, Tarapia Tapioco wrote:
   There is a huge concrete building, hardly any windows, occupying the whole
   block-width between Market and Mission streets in san francisco, one side
   being 11th street. Funny thing is that it has no markings at all. The main
   entrance seems to be at 14xx Market, with visible security.
  
   Any clues appreciated.
 
 It's probably just a co-location center for web servers. I vaguely 
 remember an
 dot-com boom article about some sort secure datacenter for web server
 bussiness being built in that area.
 
 Not quite as secure as the The Bunker though.
 
 
 -Neil

Re: Q: opportunistic email encryption

[Eric Murray]

On Fri, Nov 22, 2002 at 09:23:57PM +0100, Eugen Leitl wrote:
 Question: if you control the traffic layer you can easily disrupt
 opportunistic encryption (STARTTLS  Co) by killing public key exchange,
 or even do a MITM.

An attacker can prevent opportunistic STARTTLS by modifying
the STARTTLS tag in SMTP.

 Is there any infrastructure in MTAs for public key caching, and admin
 notification if things look fishy? (Fishy: a host which used to do PKI 
 with you suddenly says it can't, or its key differs from key you cached).

ssh does this.


Eric

[perry@piermont.com: The FBI Has Bugged Our Public Libraries]

[Eric Murray]

This will come as no suprise to people on this list.


- Forwarded message from Perry E. Metzger [EMAIL PROTECTED] -

Delivered-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: The FBI Has Bugged Our Public Libraries
From: Perry E. Metzger [EMAIL PROTECTED]
Date: 05 Nov 2002 18:40:31 -0500
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2
Precedence: bulk


From Interesting-People


Date: Tue, 05 Nov 2002 17:12:52 -0500
Subject: [IP] The FBI Has Bugged Our Public Libraries
From: Dave Farber [EMAIL PROTECTED]


From: Richard Forno [EMAIL PROTECTED]
Subject: The FBI Has Bugged Our Public Libraries
To: Dave Farber [EMAIL PROTECTED]
Date: Tue, 05 Nov 2002 16:40:41 -0500


The FBI Has Bugged Our Public Libraries
November 3, 2002
http://www.ctnow.com/features/lifestyle/hc-privacy1103.artnov03col.story

Some reports say the FBI is snooping in the libraries. Is that really
happening?

Yes. I have uncovered information that persuades me that the Federal Bureau
of Investigation has bugged the computers at the Hartford Public Library.
And it's probable that other libraries around the state have also been
bugged. It's an effort by the FBI to obtain leads that it believes may lead
them to terrorists.

Many members of the public regularly use computers in libraries to access
the Internet for research purposes or to locate information about particular
interests. It's also not uncommon for students and others to communicate
with friends and relatives through e-mail from there.

The FBI system apparently involves the installation of special software on
the computers that lets the FBI copy a person's use of the Internet and
their e-mail messages. (Don't ask me how I know about this because I can't
reveal how I was able to collect the information.) Members of the public who
use the library have not been informed that the government is watching their
activities. It's not just the computers. Circulation lists that show which
books someone borrowed are also accessible to the government.

What are the Hartford librarians saying?

I can't disclose that we were presented with anything, said Louise
Blalock, Hartford's head librarian.

I asked Mary W. Billings, the library's technical services manager, if the
FBI had given her a subpoena or a court order for library information. Her
response: I cannot answer that question.

snip

http://www.ctnow.com/features/lifestyle/hc-privacy1103.artnov03col.story


--





-- 
Perry E. Metzger[EMAIL PROTECTED]


- End forwarded message -

Re: Details on lne.com's blocking of Cypherpunks posts??

[Eric Murray]

On Sun, Oct 27, 2002 at 06:31:40PM -0800, Tim May wrote:
 On Sunday, October 27, 2002, at 01:04  PM, Bill Stewart wrote:
 
  [Hmm.  lne.com spam-blocked me on the first attempt.
 
 Can you provide details?
 
 If lne.com is blocking posts, I will have to find another CP node.


Lne has been blocking mail from spam sites for years.  The original
lne CDR 'charter' posting mentioned that lne blocks spammers.  

But lately the spam has been getting really bad, close to 50% of the
mail we were getting, and then the spammers started doing brute force
name searches as well many thousands per day.  That really
pissed me off.  So I have increased the use of the block list, for
lack of better technology.

The block list isn't intended to keep any mailing list postings out.  The
program that adds to it checks that there isn't a list subscriber at that
site, but it's not perfect.  Especially with list subscribers who have
shadow domains or forwards, which a lot of cpunks list subscribers have.
In Bill's case, a mindspring SMTP server seemed to be a spam haven based
on what we received here, but then Bill's mail got routed through it.

There's a web form that the SMTP error message points you
to in the very rare case that there was legitimate mail rejected (it's
happend all of five times so far), and that form can be used to let me
know that there is a human whose mail is getting blocked so I can fix it.


Eric

Re: Details on lne.com's blocking of Cypherpunks posts??

[Eric Murray]

On Sun, Oct 27, 2002 at 06:31:40PM -0800, Tim May wrote:
 On Sunday, October 27, 2002, at 01:04  PM, Bill Stewart wrote:
 
  [Hmm.  lne.com spam-blocked me on the first attempt.
 
 Can you provide details?
 
 If lne.com is blocking posts, I will have to find another CP node.


Lne has been blocking mail from spam sites for years.  The original
lne CDR 'charter' posting mentioned that lne blocks spammers.  

But lately the spam has been getting really bad, close to 50% of the
mail we were getting, and then the spammers started doing brute force
name searches as well many thousands per day.  That really
pissed me off.  So I have increased the use of the block list, for
lack of better technology.

The block list isn't intended to keep any mailing list postings out.  The
program that adds to it checks that there isn't a list subscriber at that
site, but it's not perfect.  Especially with list subscribers who have
shadow domains or forwards, which a lot of cpunks list subscribers have.
In Bill's case, a mindspring SMTP server seemed to be a spam haven based
on what we received here, but then Bill's mail got routed through it.

There's a web form that the SMTP error message points you
to in the very rare case that there was legitimate mail rejected (it's
happend all of five times so far), and that form can be used to let me
know that there is a human whose mail is getting blocked so I can fix it.


Eric

Re: The Register - UK firm touts alternative to digital certs (fwd)

[Eric Murray]

On Mon, Oct 21, 2002 at 03:37:33PM +0100, David Howe wrote:
 at Monday, October 21, 2002 3:14 PM, Trei, Peter
 [EMAIL PROTECTED] was seen to say:
  I'd be nervous about a availability with centralized servers,
  even if they are triple redundant with two sites. DDOS
  attacks, infrastructure (backhoe) attacks, etc, could all
  wreck havoc.
 Indeed so, yes.
 I suspect (if it ever takes off) that they will have to scale their
 server setup in pace with the demand, but to be honest I think 600/sec
 is probably quite a high load for actual payments - we aren't talking
 logins or web queries, but actual real-money-payment requests.

Looking at their web site, they seem pretty generic about
what it's for, but I did not see any mention of using it for payments.
So I assume it's for logins.

They do say that their servers are benchmarked at 300 transactions/sec.
That's pretty darn slow for single des.  There would have to
be an authenticated and probably encrypted session between the
server accepting the login (or the merchant if it really does payments)
and the back end.  But even using SSL/TLS, which would be more
than is required but an easy component to plug in, they ought
to be able to get at least a true 1000 sessions/sec using one of the
current SSL accelerators out there.

Maybe they have a bunch of slow database lookups?  Perhaps there
is a long RTT for the check against the CIA blacklist?

If it is for logins, how many sites would be willing to let someone
else know when their employees log in?  That could be useful
competitive intelligence.

Eric

Re: The Register - UK firm touts alternative to digital certs (fwd)

[Eric Murray]

On Mon, Oct 21, 2002 at 03:37:33PM +0100, David Howe wrote:
 at Monday, October 21, 2002 3:14 PM, Trei, Peter
 [EMAIL PROTECTED] was seen to say:
  I'd be nervous about a availability with centralized servers,
  even if they are triple redundant with two sites. DDOS
  attacks, infrastructure (backhoe) attacks, etc, could all
  wreck havoc.
 Indeed so, yes.
 I suspect (if it ever takes off) that they will have to scale their
 server setup in pace with the demand, but to be honest I think 600/sec
 is probably quite a high load for actual payments - we aren't talking
 logins or web queries, but actual real-money-payment requests.

Looking at their web site, they seem pretty generic about
what it's for, but I did not see any mention of using it for payments.
So I assume it's for logins.

They do say that their servers are benchmarked at 300 transactions/sec.
That's pretty darn slow for single des.  There would have to
be an authenticated and probably encrypted session between the
server accepting the login (or the merchant if it really does payments)
and the back end.  But even using SSL/TLS, which would be more
than is required but an easy component to plug in, they ought
to be able to get at least a true 1000 sessions/sec using one of the
current SSL accelerators out there.

Maybe they have a bunch of slow database lookups?  Perhaps there
is a long RTT for the check against the CIA blacklist?

If it is for logins, how many sites would be willing to let someone
else know when their employees log in?  That could be useful
competitive intelligence.

Eric

List administrivia

[Eric Murray]

Please, if your site uses bad word search
software (i.e. below) or fascist black hole listings, subscribe
to the cpunks list through a different email account.
lne.com is listed on a couple of the most
extreme black hole lists (because we are incorrectly
listed as being in a Verio netblock, and these black hole operators
list all of Verio in an attempt to force Verio customers to
go elsewhere).



Example:

From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Fri, 18 Oct 2002 16:44:35 -0500 (CDT)   
Subject: Re: Intel Security processor + a question
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Length: 1119
Lines: 16

This is an automated response concerning the message:

Sender: [EMAIL PROTECTED]
Recipient: [EMAIL PROTECTED]

Subject: Re: Intel Security processor + a question
Sent: Fri, 18 Oct 2002 14:33:15 -0700
Reference:  MSWPR2\BP

We apologize, but our automated e-mail scanner, which looks for key words in
+several categories of dangerous or inappropriate messages, blocked delivery of
+the above message.

This scanning is an automated process.  In our desire to provide a safe
+computing environment for our employees, we may have erred on the side of
+caution and blocked legitimate business e-mail.  If this is the case, we
+sincerely apologize for the inconvenience and would like an opportunity to
+resolve the problem quickly and to your satisfaction.  Please  forward this
+message to the Enterprise E-Mail Team at [EMAIL PROTECTED]
+mailto:postmaster;aegonusa.com for immediate action.

If you are not a customer or business partner, we hope you can understand and
+respect these necessary security measures, and that our e-mail system is
+restricted to business messages only.  Thank you.

Re: Echelon-like...

[Eric Murray]

On Thu, Oct 10, 2002 at 02:28:26AM -, anonimo arancio wrote:
[..]

 But I am wondering if Cypherpunks have mentioned the 'obvious'.
 
 The government knows exactly what it's doing. It wants to discourage the use of 
encryption by any means necessary, because of sheer numbers.
 Basically, the more messages that are encypted, the more hardware (and therefore 
$$$) will be needed to decrypt them.
 Therefore, the only way they can stay ahead of the game is to keep the numbers as 
low as possible, so they can continue to outspend the problem.
 This is, from their perspective, a perfectly reasonable approach to decrypting large 
numbers of messages, a small fraction of which may contain interesting information.
 
 Is the above statement a) wrong, b) obvious c) mentioned previously on the 
cypherpunks boards, or d)hey! We never thought of that


B and C, extensively.

The US Government has pretty much given up on restricting crypto
exports.  There is just enough of a vestigial restriction there to
maintain the illusion that the government has a right to control crypto
exports.  If there was anything more, it would be challenged in court
and most likely get thrown out.  The government backed off on
previous challenges (Bernstein, Zimmerman) to avoid that.

Eric

Re: Trojan-modified Sendmail floating around - 8.12.6 - Since Sept. 28th or earlier.

[Eric Murray]

On Wed, Oct 09, 2002 at 11:01:21PM +0100, Ben Laurie wrote:
 Bill Stewart wrote:
  Somebody backdoored the source code for Sendmail on the official server.
  So if you recompile from scratch, your sendmail is 0wned.
  Another reason not to run mail systems as root
 
 In this case, as I understand it, it bites when you compile. 

Running 'configure' has always made me nervous.
Its a little difficult to read for exploit code.

 So, its 
 another reason not to build them as root.

But you're _supposed to_ run rpm -b as root!-- someone
who should know better since I'd just spent an hour
explaining what to look for to see if his install
of sendmail had gotten him 0wned.

Sigh.


Eric

Re: Echelon-like...

[Eric Murray]

On Thu, Oct 10, 2002 at 02:28:26AM -, anonimo arancio wrote:
[..]

 But I am wondering if Cypherpunks have mentioned the 'obvious'.
 
 The government knows exactly what it's doing. It wants to discourage the use of 
encryption by any means necessary, because of sheer numbers.
 Basically, the more messages that are encypted, the more hardware (and therefore 
$$$) will be needed to decrypt them.
 Therefore, the only way they can stay ahead of the game is to keep the numbers as 
low as possible, so they can continue to outspend the problem.
 This is, from their perspective, a perfectly reasonable approach to decrypting large 
numbers of messages, a small fraction of which may contain interesting information.
 
 Is the above statement a) wrong, b) obvious c) mentioned previously on the 
cypherpunks boards, or d)hey! We never thought of that


B and C, extensively.

The US Government has pretty much given up on restricting crypto
exports.  There is just enough of a vestigial restriction there to
maintain the illusion that the government has a right to control crypto
exports.  If there was anything more, it would be challenged in court
and most likely get thrown out.  The government backed off on
previous challenges (Bernstein, Zimmerman) to avoid that.

Eric

Re: Trojan-modified Sendmail floating around - 8.12.6 - Since Sept. 28th or earlier.

[Eric Murray]

On Wed, Oct 09, 2002 at 11:01:21PM +0100, Ben Laurie wrote:
 Bill Stewart wrote:
  Somebody backdoored the source code for Sendmail on the official server.
  So if you recompile from scratch, your sendmail is 0wned.
  Another reason not to run mail systems as root
 
 In this case, as I understand it, it bites when you compile. 

Running 'configure' has always made me nervous.
Its a little difficult to read for exploit code.

 So, its 
 another reason not to build them as root.

But you're _supposed to_ run rpm -b as root!-- someone
who should know better since I'd just spent an hour
explaining what to look for to see if his install
of sendmail had gotten him 0wned.

Sigh.


Eric