Re: How to Stop Junk E-Mail: Charge for the Stamp
On Wed, Feb 16, 2005 at 03:29:21PM +, Ian G wrote: Peter Gutmann wrote: Barry Shein [EMAIL PROTECTED] writes: Eventually email will just collapse (as it's doing) and the RBOCs et al will inherit it and we'll all be paying 15c per message like their SMS services. And the spammers will be using everyone else's PC's to send out their spam, so the spam problem will still be as bad as ever but now Joe Sixpack will be paying to send it. Hmmm, and maybe *that* will finally motivate software companies, end users, ISPs, etc etc, to fix up software, systems, and usage habits to prevent this. My view - as controversial as ever - is that the problem is unfixable, and mail will eventually fade away. That which will take its place is p2p / IM / chat / SMS based. In that world, it is still reasonable to build ones own IM system for the needs of ones own community, and not to have to worry about standards. Which means one can build in the defences that are needed, when they are needed. Better start on those defenses now then- there is already significant amounts of IM and SMS spam. I would be suprised if the people designing IM and SMS systems have learned much from the failures of SMTP et al. Eric
Re: [p2p-hackers] SHA1 broken?
On Wed, Feb 16, 2005 at 07:55:15AM -0500, R.A. Hettinga wrote: From: Serguei Osokine [EMAIL PROTECTED] To: Peer-to-peer development. [EMAIL PROTECTED] Subject: RE: [p2p-hackers] SHA1 broken? Date: Wed, 16 Feb 2005 00:11:07 -0800 Okay, so the effective SHA-1 length is 138 bits instead of full 160 - so what's the big deal? It is still way more than, say, MD5 In applications where collisions are important, SHA1 is now effectively 69 bits as opposed to 80. That's not very much, and odds are there will be an improvement on this attack in the near future. Eric
Re: [p2p-hackers] SHA1 broken?
On Wed, Feb 16, 2005 at 07:55:15AM -0500, R.A. Hettinga wrote: From: Serguei Osokine [EMAIL PROTECTED] To: Peer-to-peer development. [EMAIL PROTECTED] Subject: RE: [p2p-hackers] SHA1 broken? Date: Wed, 16 Feb 2005 00:11:07 -0800 Okay, so the effective SHA-1 length is 138 bits instead of full 160 - so what's the big deal? It is still way more than, say, MD5 In applications where collisions are important, SHA1 is now effectively 69 bits as opposed to 80. That's not very much, and odds are there will be an improvement on this attack in the near future. Eric
Re: How to Stop Junk E-Mail: Charge for the Stamp
On Wed, Feb 16, 2005 at 03:29:21PM +, Ian G wrote: Peter Gutmann wrote: Barry Shein [EMAIL PROTECTED] writes: Eventually email will just collapse (as it's doing) and the RBOCs et al will inherit it and we'll all be paying 15c per message like their SMS services. And the spammers will be using everyone else's PC's to send out their spam, so the spam problem will still be as bad as ever but now Joe Sixpack will be paying to send it. Hmmm, and maybe *that* will finally motivate software companies, end users, ISPs, etc etc, to fix up software, systems, and usage habits to prevent this. My view - as controversial as ever - is that the problem is unfixable, and mail will eventually fade away. That which will take its place is p2p / IM / chat / SMS based. In that world, it is still reasonable to build ones own IM system for the needs of ones own community, and not to have to worry about standards. Which means one can build in the defences that are needed, when they are needed. Better start on those defenses now then- there is already significant amounts of IM and SMS spam. I would be suprised if the people designing IM and SMS systems have learned much from the failures of SMTP et al. Eric
Re: Dell to Add Security Chip to PCs
On Thu, Feb 03, 2005 at 11:45:01PM -0600, Shawn K. Quinn wrote: Isn't it possible to emulate the TCPA chip in software, using one's own RSA key, and thus signing whatever you damn well please with it instead of whatever the chip wants to sign? So in reality, as far as remote attestation goes, it's only as secure as the software driver used to talk to the TCPA chip, right? The TCPA chip verifies the (signature on the) BIOS and the OS. So the software driver is the one that's trusted by the TCPA chip. Plus the private key is kept in the chip, so it can't be read by your emulator. If your emulator picks its own key pair then its attesations will be detected as invalid by a relying party that's using the real TCPA public keys. Eric
Using TCPA
On Thu, Feb 03, 2005 at 11:51:57AM -0500, Trei, Peter wrote: It could easily be leveraged to make motherboards which will only run 'authorized' OSs, and OSs which will run only 'authorized' software. [..] If you 'take ownership' as you put it, the internal keys and certs change, and all of a sudden you might not have a bootable computer anymore. I have an application for exactly that behaviour. It's a secure appliance. Users don't run code on it. It needs to be able to verify that it's running the authorized OS and software and that new software is authorized. (it does it already, but a TCPA chip might do it better). So a question for the TCPA proponents (or opponents): how would I do that using TCPA? Eric
Re: An interesting thread...Hacking Bluetooth
On Wed, Dec 22, 2004 at 09:48:01PM -0500, Tyler Durden wrote: Oh no, it gets really interesting. He claims to be an ex-German TLA-type (how many Ls do German TLAs normally have?), and had advanced knowledge of 9/11. That's not super-implausible. [..] Me? I suspect he just pulled all this shit from David Emory's shows and then added some nice google tech searches. [..] I was hoping someone knew about this and had already hacked this hoax, If he sounds like Dave Emory, then there isn't much debunking that's required. Food for thought and grounds for further research, Eric
Re: An interesting thread...Hacking Bluetooth
On Wed, Dec 22, 2004 at 09:48:01PM -0500, Tyler Durden wrote: Oh no, it gets really interesting. He claims to be an ex-German TLA-type (how many Ls do German TLAs normally have?), and had advanced knowledge of 9/11. That's not super-implausible. [..] Me? I suspect he just pulled all this shit from David Emory's shows and then added some nice google tech searches. [..] I was hoping someone knew about this and had already hacked this hoax, If he sounds like Dave Emory, then there isn't much debunking that's required. Food for thought and grounds for further research, Eric
Re: nyms being attacked by malware
On Thu, Nov 11, 2004 at 10:16:11AM +0100, privacy.at Anonymous Remailer wrote: I've noticed a very high increase of incoming virii and malicious code of various sorts to one of my nyms. Since the nym is not used anywhere publically I really wonder if these are deliberate attacks to try to compromise the machines of people using nyms to protect their identity. Is this something that's a known strategy somehow? Obviously it could also be that the nym was previously used by someone else online and that's partly why it would be interesting to hear other's comments on this. Spammers probe SMTP servers for valid names using dictionary attacks. It's difficult to set up an SMTP server that will accept mail for an address and not also give up the information that the address is valid.
Re: nyms being attacked by malware
On Thu, Nov 11, 2004 at 10:16:11AM +0100, privacy.at Anonymous Remailer wrote: I've noticed a very high increase of incoming virii and malicious code of various sorts to one of my nyms. Since the nym is not used anywhere publically I really wonder if these are deliberate attacks to try to compromise the machines of people using nyms to protect their identity. Is this something that's a known strategy somehow? Obviously it could also be that the nym was previously used by someone else online and that's partly why it would be interesting to hear other's comments on this. Spammers probe SMTP servers for valid names using dictionary attacks. It's difficult to set up an SMTP server that will accept mail for an address and not also give up the information that the address is valid.
Re: bin Laden gets a Promotion
On Sat, Oct 30, 2004 at 02:29:51PM -0400, Tyler Durden wrote: GodDAMN George W is a dumb fuck. If the guy's IQ had broken the 3-digit barrier he might have figured out that by nearly directly replying to the new bin Laden video he's basically elevating bin Laden to a hostile head-of-state. Bush needs bin Laden to be as scary as possible. I'm amused by the timing. Its almost as if they're both following Karl Rove's playbook. Eric
Re: bin Laden gets a Promotion
On Sat, Oct 30, 2004 at 02:29:51PM -0400, Tyler Durden wrote: GodDAMN George W is a dumb fuck. If the guy's IQ had broken the 3-digit barrier he might have figured out that by nearly directly replying to the new bin Laden video he's basically elevating bin Laden to a hostile head-of-state. Bush needs bin Laden to be as scary as possible. I'm amused by the timing. Its almost as if they're both following Karl Rove's playbook. Eric
Re: Backdoor found in Diebold Voting Tabulators
On Tue, Aug 31, 2004 at 11:30:35AM -0400, Sunder wrote: Oops! Is that a cat exiting the bag? http://www.blackboxvoting.org/?q=node/view/78 Apparently so. Going to www.blackboxvoting.org now just gives: This Account Has Been Suspended Please contact the billing/support department as soon as possible. Interestingly, while the whois info is gone, the DNS records are still around: % dig blackboxvoting.org any ; DiG 8.3 blackboxvoting.org any ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 3 ;; QUERY SECTION: ;; blackboxvoting.org, type = ANY, class = IN ;; ANSWER SECTION: blackboxvoting.org. 4H IN A 69.73.175.26 blackboxvoting.org. 4H IN NSns4.nocdirect.com. blackboxvoting.org. 4H IN NSns2.nocdirect.com. blackboxvoting.org. 4H IN NSns3.nocdirect.com. blackboxvoting.org. 4H IN SOA ns3.nocdirect.com. admin.nocdirect.com. ( 2004081101 ; serial 4H ; refresh 2H ; retry 5w6d16h ; expiry 1D ); minimum blackboxvoting.org. 4H IN MX0 blackboxvoting.org.
Re: Backdoor found in Diebold Voting Tabulators
On Tue, Aug 31, 2004 at 11:30:35AM -0400, Sunder wrote: Oops! Is that a cat exiting the bag? http://www.blackboxvoting.org/?q=node/view/78 Apparently so. Going to www.blackboxvoting.org now just gives: This Account Has Been Suspended Please contact the billing/support department as soon as possible. Interestingly, while the whois info is gone, the DNS records are still around: % dig blackboxvoting.org any ; DiG 8.3 blackboxvoting.org any ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 3 ;; QUERY SECTION: ;; blackboxvoting.org, type = ANY, class = IN ;; ANSWER SECTION: blackboxvoting.org. 4H IN A 69.73.175.26 blackboxvoting.org. 4H IN NSns4.nocdirect.com. blackboxvoting.org. 4H IN NSns2.nocdirect.com. blackboxvoting.org. 4H IN NSns3.nocdirect.com. blackboxvoting.org. 4H IN SOA ns3.nocdirect.com. admin.nocdirect.com. ( 2004081101 ; serial 4H ; refresh 2H ; retry 5w6d16h ; expiry 1D ); minimum blackboxvoting.org. 4H IN MX0 blackboxvoting.org.
Olympics snooping
http://sports.yahoo.com/oly/news?slug=ap-securitytechprov=aptype=lgns Unprecedented electronic net over the Olympics By MIRON VAROUHAKIS, Associated Press Writer August 9, 2004 ATHENS, Greece (AP) -- If you're going to the Olympics, you'd better be careful what you say and do in public. Software will be watching and listening. Recent leaps in technology have paired highly sophisticated software with street surveillance cameras to create digital security guards with intelligence-gathering skills. `It is a very vast network and it is the first time it is being done on such a scale at an international level,'' Greek police spokesman Col. Lefteris Ikonomou told The Associated Press. The system -- developed by a consortium led by San Diego-based Science Applications International Corp., or SAIC -- cost about $312 million and took up a sizable chunk of Athens' record security budget of more than $1.5 billion. It gathers images and audio from an electronic web of over 1,000 high-resolution and infrared cameras, 12 patrol boats, 4,000 vehicles, nine helicopters, a sensor-laden blimp and four mobile command centers. Spoken words collected by the cameras with speech-recognition software are transcribed into text that is then searched for patterns along with other electronic communications entering and leaving the area -- including e-mail and image files. The system, which includes components already used by U.S. and British government intelligence agencies, covers all of greater Athens, nine ports, airports and all other Olympic cities. Ikonomou said it ``allows the users to manage a critical incident in the best way possible and in the shortest time possible because they have all the information in front of them.'' The software used for surveillance camera recordings is designed to spot and rank possible risks, said Dionysios Dendrinos, general manager of One Siemens in Greece, one of the companies in the consortium. ``They can distinguish the sound of a flat tire from an explosion or a gunshot and inform the user at the command center of the incident,'' he said. ``This is also the case with any anomaly in the picture, such as a traffic jam.'' Technology also allows the users of the system at the main command center to save and analyze data from the surveillance network and beyond. And the material from the closed circuit cameras is kept for seven days, Ikonomou said, so specific incidents can be analyzed in depth. Much of that analysis is enabled by software from London-based Autonomy Corp., whose clients include the U.S. National Security Agency, that parses words and phrases collected by surveillance cameras and in communications traffic. In June, the Greek government expanded surveillance powers to screen mobile and fixed-line telephone calls during the Olympics. ``It listens, reads and watches,'' Dominic Johnson, Autonomy's chief marketing officer, said of his company's software. Then it synthesizes. Beyond Greek and English the software understands Arabic, Farsi and all major European languages, Johnson said. Other companies in the SAIC consortium include Germany's Siemens AG; General Dynamics Corp. and Honeywell International Inc. of the United States; and the Israeli company Elbit Systems. Several Greek companies also are participating. According to the contract, the system was to be delivered by May 28, but due to construction delays at some Olympic venues -- such as the main Olympic stadium -- it was delivered just weeks before the opening ceremony. Nevertheless, Public Order Minister Giorgos Voulgarakis declared last week that all the security systems were in full deployment and working smoothly. There'll be other sniffing going on, of course. A network of sensors designed to detect chemical agents has also been deployed near Olympic venues and around the capital, including on the security blimp. Advanced technology is also used in the creation of the Olympic credentials, which use such security features as holograms. All cardholder information, such as a person's photo and passport number, are printed on a very thin film designed to make the cards impossible to forge. The digitally enhanced surveillance net may provide comfort to Olympics attendees, but not everyone is happy at authorities' computer-aided eyes and ears. Several groups have held protests in recent months against what they say is an invasion of their privacy, and some demonstrators have spray-painted street cameras, seeking to blind them. ``The Olympic Games are accompanied with extended security measures that are unprecedented for Greece,'' six human rights groups said in a protest letter to Greek Parliament in July. ``Although the state's right to take all necessary measures that it deems necessary is recognized, there is fear that these measures will have a negative impact on basic human rights.''
Olympics snooping
http://sports.yahoo.com/oly/news?slug=ap-securitytechprov=aptype=lgns Unprecedented electronic net over the Olympics By MIRON VAROUHAKIS, Associated Press Writer August 9, 2004 ATHENS, Greece (AP) -- If you're going to the Olympics, you'd better be careful what you say and do in public. Software will be watching and listening. Recent leaps in technology have paired highly sophisticated software with street surveillance cameras to create digital security guards with intelligence-gathering skills. `It is a very vast network and it is the first time it is being done on such a scale at an international level,'' Greek police spokesman Col. Lefteris Ikonomou told The Associated Press. The system -- developed by a consortium led by San Diego-based Science Applications International Corp., or SAIC -- cost about $312 million and took up a sizable chunk of Athens' record security budget of more than $1.5 billion. It gathers images and audio from an electronic web of over 1,000 high-resolution and infrared cameras, 12 patrol boats, 4,000 vehicles, nine helicopters, a sensor-laden blimp and four mobile command centers. Spoken words collected by the cameras with speech-recognition software are transcribed into text that is then searched for patterns along with other electronic communications entering and leaving the area -- including e-mail and image files. The system, which includes components already used by U.S. and British government intelligence agencies, covers all of greater Athens, nine ports, airports and all other Olympic cities. Ikonomou said it ``allows the users to manage a critical incident in the best way possible and in the shortest time possible because they have all the information in front of them.'' The software used for surveillance camera recordings is designed to spot and rank possible risks, said Dionysios Dendrinos, general manager of One Siemens in Greece, one of the companies in the consortium. ``They can distinguish the sound of a flat tire from an explosion or a gunshot and inform the user at the command center of the incident,'' he said. ``This is also the case with any anomaly in the picture, such as a traffic jam.'' Technology also allows the users of the system at the main command center to save and analyze data from the surveillance network and beyond. And the material from the closed circuit cameras is kept for seven days, Ikonomou said, so specific incidents can be analyzed in depth. Much of that analysis is enabled by software from London-based Autonomy Corp., whose clients include the U.S. National Security Agency, that parses words and phrases collected by surveillance cameras and in communications traffic. In June, the Greek government expanded surveillance powers to screen mobile and fixed-line telephone calls during the Olympics. ``It listens, reads and watches,'' Dominic Johnson, Autonomy's chief marketing officer, said of his company's software. Then it synthesizes. Beyond Greek and English the software understands Arabic, Farsi and all major European languages, Johnson said. Other companies in the SAIC consortium include Germany's Siemens AG; General Dynamics Corp. and Honeywell International Inc. of the United States; and the Israeli company Elbit Systems. Several Greek companies also are participating. According to the contract, the system was to be delivered by May 28, but due to construction delays at some Olympic venues -- such as the main Olympic stadium -- it was delivered just weeks before the opening ceremony. Nevertheless, Public Order Minister Giorgos Voulgarakis declared last week that all the security systems were in full deployment and working smoothly. There'll be other sniffing going on, of course. A network of sensors designed to detect chemical agents has also been deployed near Olympic venues and around the capital, including on the security blimp. Advanced technology is also used in the creation of the Olympic credentials, which use such security features as holograms. All cardholder information, such as a person's photo and passport number, are printed on a very thin film designed to make the cards impossible to forge. The digitally enhanced surveillance net may provide comfort to Olympics attendees, but not everyone is happy at authorities' computer-aided eyes and ears. Several groups have held protests in recent months against what they say is an invasion of their privacy, and some demonstrators have spray-painted street cameras, seeking to blind them. ``The Olympic Games are accompanied with extended security measures that are unprecedented for Greece,'' six human rights groups said in a protest letter to Greek Parliament in July. ``Although the state's right to take all necessary measures that it deems necessary is recognized, there is fear that these measures will have a negative impact on basic human rights.''
Re: On how the NSA can be generations ahead
On Sun, Aug 01, 2004 at 10:20:38AM -0500, J.A. Terranson wrote: On Sat, 31 Jul 2004, Major Variola (ret) wrote: Tyler D asked about how the NSA could be so far ahead. Besides their ability to make 2 sq. chips at 10% yield (not something a commercial entity could get away with) What, exactly, would be the point of doing this? More gates == more processing. they can also *thin and glue* those chips into say stacks of 5 thinned die. As easily as you could do this to high efficiency chips. It's possible, using technologies like flip-chip. But its not as good as having everything on one die. The interconnects are limited in number and large in size, so they take up a lot of room. Stacked die are also more difficult to keep cool. 2 sq = 4 x performance How do you figure 4x performance on a 2 chip? Most of the chip performance is tied to the total distance that signals must traverse across the chip surface. 4x the gates (roughly) means 4x performance. Chip performance, especially for highly parellizable things like key cracking, is determined by the number of gates. Eric
Re: On how the NSA can be generations ahead
On Sun, Aug 01, 2004 at 10:20:38AM -0500, J.A. Terranson wrote: On Sat, 31 Jul 2004, Major Variola (ret) wrote: Tyler D asked about how the NSA could be so far ahead. Besides their ability to make 2 sq. chips at 10% yield (not something a commercial entity could get away with) What, exactly, would be the point of doing this? More gates == more processing. they can also *thin and glue* those chips into say stacks of 5 thinned die. As easily as you could do this to high efficiency chips. It's possible, using technologies like flip-chip. But its not as good as having everything on one die. The interconnects are limited in number and large in size, so they take up a lot of room. Stacked die are also more difficult to keep cool. 2 sq = 4 x performance How do you figure 4x performance on a 2 chip? Most of the chip performance is tied to the total distance that signals must traverse across the chip surface. 4x the gates (roughly) means 4x performance. Chip performance, especially for highly parellizable things like key cracking, is determined by the number of gates. Eric
FIPS chassis/linux security engineer?
Does anyone know of a manufacturer of FIPS 140 certified or certifiable 1u/2u rack mount chassis? For a seperate project, does anyone know of a small linux-ready/able box with ethernet? Gumstix looks cool but I need hardwire networking. Last, I'm looking for a Linux expert security engineer in the SF bay area. (I'm managing a security group at a startup that has been shipping products to paying customers for a few years. No its not lne.com, this just address I use to post). This person will need to know linux/unix OS security/hardening _in depth_ and also have an understanding of crypto APIs (writing them not using them) plus significant industry experience. Sorry, no relocation assistance. Eric
FIPS chassis/linux security engineer?
Does anyone know of a manufacturer of FIPS 140 certified or certifiable 1u/2u rack mount chassis? For a seperate project, does anyone know of a small linux-ready/able box with ethernet? Gumstix looks cool but I need hardwire networking. Last, I'm looking for a Linux expert security engineer in the SF bay area. (I'm managing a security group at a startup that has been shipping products to paying customers for a few years. No its not lne.com, this just address I use to post). This person will need to know linux/unix OS security/hardening _in depth_ and also have an understanding of crypto APIs (writing them not using them) plus significant industry experience. Sorry, no relocation assistance. Eric
recent brute-force work factor calculations
Does anyone know of a recent brute-force work factor calculation for the various common symmetric ciphers? I.e. it'll take X 3.2gh Xeons Y years to brute cipher Z. I know there's a table of these in Schneier and there's the Seven Cryptographers paper but they're both pretty old at this point. I'm just looking for an approximation. Thanks. Eric
recent brute-force work factor calculations
Does anyone know of a recent brute-force work factor calculation for the various common symmetric ciphers? I.e. it'll take X 3.2gh Xeons Y years to brute cipher Z. I know there's a table of these in Schneier and there's the Seven Cryptographers paper but they're both pretty old at this point. I'm just looking for an approximation. Thanks. Eric
Re: Windows source leaked?
On Fri, Feb 13, 2004 at 03:25:11PM -0800, Major Variola (ret) wrote: I wonder if frags of OSS code can be found in proprietary binaries. Of course. Here's an example of MS using BSD code: http://www.kuro5hin.org/?op=displaystory;sid=2001/6/19/05641/7357 and another: http://austinlug.org/archives/alg/2002-05/msg00606.html
Re: Windows source leaked?
On Fri, Feb 13, 2004 at 11:45:34AM -0800, Major Variola (ret) wrote: (in reply to someone else) Lots has been said about OSS developers not wanting to look at this for fear that they will be tainted. While it is true that simply the act of looking at the code is unauthorized and illegal, If you didn't steal it, its not your problem if you read it. I disagree. I don't have time to look up the cases now but there have been a number of cases of companies being sued for (effectively) their programmers having SEEN some other code. The theory being that they are somehow contaminated with the valuable ideas embodied within and are helpless to resist implementing them. This has resulted in many companies having chinese walls between some programming groups who are working on a version of a competitors product that the company has the code for. This may not be right, but it was extremely common in the early 90s. It's very expensive so I would be quite suprised if there was not strong case law on this. I wonder if there is any truth to the claim that a developer who looked at Windows source would endanger future projects (assuming, of course, that simple copying---which is clearly illegal---doesn't happen). How would M$ show that you had in fact read the code? They'd just alledge that you had, and then have discovery all through your files. Essentially any program could look like an infriging work to some judge somewhere. If I were a conspiracy theorist I'd say tha MS released the code themselves just for this reason. Eric
Re: Windows source leaked?
On Fri, Feb 13, 2004 at 11:45:34AM -0800, Major Variola (ret) wrote: (in reply to someone else) Lots has been said about OSS developers not wanting to look at this for fear that they will be tainted. While it is true that simply the act of looking at the code is unauthorized and illegal, If you didn't steal it, its not your problem if you read it. I disagree. I don't have time to look up the cases now but there have been a number of cases of companies being sued for (effectively) their programmers having SEEN some other code. The theory being that they are somehow contaminated with the valuable ideas embodied within and are helpless to resist implementing them. This has resulted in many companies having chinese walls between some programming groups who are working on a version of a competitors product that the company has the code for. This may not be right, but it was extremely common in the early 90s. It's very expensive so I would be quite suprised if there was not strong case law on this. I wonder if there is any truth to the claim that a developer who looked at Windows source would endanger future projects (assuming, of course, that simple copying---which is clearly illegal---doesn't happen). How would M$ show that you had in fact read the code? They'd just alledge that you had, and then have discovery all through your files. Essentially any program could look like an infriging work to some judge somewhere. If I were a conspiracy theorist I'd say tha MS released the code themselves just for this reason. Eric
Re: Windows source leaked?
On Fri, Feb 13, 2004 at 03:25:11PM -0800, Major Variola (ret) wrote: I wonder if frags of OSS code can be found in proprietary binaries. Of course. Here's an example of MS using BSD code: http://www.kuro5hin.org/?op=displaystory;sid=2001/6/19/05641/7357 and another: http://austinlug.org/archives/alg/2002-05/msg00606.html
Re: unsub from lne
On Mon, Dec 29, 2003 at 11:42:56AM -0600, Harmon Seaver wrote: Hmm, maybe Eric needs to undo his spam filter so people can unsub from lne.com. I just tried to, but it was rejected as undeliverable spam. Tried I'm experimenting with a new sendmail milter. (the SMTP HELO arg needs to be reasonably valid in order to pass). I've now set it to not reject mail to majordomo at lne.com. The blocklist thing is still in effect, but if you're bounced by that you get a URL in the bounce message that you can use to get it fixed. Eric
Re: unsub from lne
On Mon, Dec 29, 2003 at 07:58:03PM +0100, Thomas Shaddack wrote: Another alternative could be a couple lines of PHP or perl, unsubscribing via a web form. On related note, what's a good node to migrate to? pro-ns.net is running a CDR similar to lne. A number of other people have gotten my scripts but I havent' seen any up and running yet. PS: Thanks, Eric. It was a good node. Thanks. Eric
Re: unsub from lne
On Mon, Dec 29, 2003 at 11:42:56AM -0600, Harmon Seaver wrote: Hmm, maybe Eric needs to undo his spam filter so people can unsub from lne.com. I just tried to, but it was rejected as undeliverable spam. Tried I'm experimenting with a new sendmail milter. (the SMTP HELO arg needs to be reasonably valid in order to pass). I've now set it to not reject mail to majordomo at lne.com. The blocklist thing is still in effect, but if you're bounced by that you get a URL in the bounce message that you can use to get it fixed. Eric
Re: unsub from lne
On Mon, Dec 29, 2003 at 07:58:03PM +0100, Thomas Shaddack wrote: Another alternative could be a couple lines of PHP or perl, unsubscribing via a web form. On related note, what's a good node to migrate to? pro-ns.net is running a CDR similar to lne. A number of other people have gotten my scripts but I havent' seen any up and running yet. PS: Thanks, Eric. It was a good node. Thanks. Eric
lne.com CDR to close
The lne.com CDR node will stop accepting new subscriptions on Jan 1 2004, and will stop forwarding cypherpunks mail on Jan 15. There are other nodes currently and hopefully more will announce themselves. I've learned a lot on the cpunks list over the last 10 years and I'd like to thank some of the people whose writing I've enjoyed: Lucky Green, Black Unicorn, Declan McCullagh, Tim May, John Gilmore. Eric
lne.com CDR to close
The lne.com CDR node will stop accepting new subscriptions on Jan 1 2004, and will stop forwarding cypherpunks mail on Jan 15. There are other nodes currently and hopefully more will announce themselves. I've learned a lot on the cpunks list over the last 10 years and I'd like to thank some of the people whose writing I've enjoyed: Lucky Green, Black Unicorn, Declan McCullagh, Tim May, John Gilmore. Eric
Re: Speaking of Reason
On Tue, Dec 09, 2003 at 03:05:29PM -0800, Tim May wrote: Since Eric Murray has expressed distaste with my views I pretty much agree with your views, minus the racism and misogny. On days that the brilliant thoughtful Tim posts, I'm in awe. When Tim the asshole posts, I'm disgusted. Unfortunately these days the latter Tim isn't letting the former Tim near the keyboard very often. Fuck you dead. Fuck all of you Bolshies dead. Ok, bye! plonk Eric (just to make it crystal clear, Tim's going in my _personal_ killfile)
Re: Speaking of Reason
On Tue, Dec 09, 2003 at 03:05:29PM -0800, Tim May wrote: Since Eric Murray has expressed distaste with my views I pretty much agree with your views, minus the racism and misogny. On days that the brilliant thoughtful Tim posts, I'm in awe. When Tim the asshole posts, I'm disgusted. Unfortunately these days the latter Tim isn't letting the former Tim near the keyboard very often. Fuck you dead. Fuck all of you Bolshies dead. Ok, bye! plonk Eric (just to make it crystal clear, Tim's going in my _personal_ killfile)
Re: cypherpunks discussions
On Mon, Dec 08, 2003 at 12:21:21AM -0800, Sarad AV wrote: I prefer not getting flamed like every one else and that too in quick succesion :-). so my guess is that as far as newbies are concerned all the discussions are taken private. This is why the cpunks list has very little new subscribers... most newbies who post questions get flamed. Usually by Tim who sears them for not having read some post from 1992 or for bringing up a topic that was discussed in 1996. Perhaps if the archives were complete, well organized and easy to find it would be appropriate to politely tell newbies to read the FAQ. But they're not. It's also not a complete waste of time to discuss topics that have been discussed previously... some new information may come from the discussion. Someone who is not interested can just skip those posts. If the list is restricted to discusing topics that are only of interest to Tim (or any long-time member, Tim's not the only one) then only a few people will even be able to follow the discusssion, let alone participate. Tim, before you reply, I suggest that you look back through the last year or so's worth of your cpunks posts to see how many are the thoughtful incisive kind vs a barage of insults or complaints that the poster you are replying to is an idiot. A related problem is the tendency for a number of posters to turn every thread into an intellectual dicksizewar. It's gotten to the point where I don't post much, and I've been _working_ in security for the 8 years (and on Usenet, where the dicksizewar was invented, for 15). I can only imagine what it's like for new people. Only the most stubborn will stay. The list is selecting for obstinance. On a related note, I do see the addresses of people who unsubscribe, and they are often addresses that recently subscribed. Other people have made the point that mailing lists are old tech and I agree. I don't like the new replacements (blogs, web boards) as much as lists, but perhaps that's because of what I used first. Kids these days don't know how to use shell shortcuts either. BTW, there's about 415 list members. LNE doesn't censor, we do block networks that we've gotten spam from. Currently we block about 12,000 spams a week and receive another 1500 or so. We're still on dial-up (Verizon rural phone service sucks). Allowing those 12,000 spams through to process them would make our 43k line unuseable. Hence the blocking. I explained this to John in private email, and also explained how to get unblocked by following a link in the bounce message. He's refused to do this, prefering to claim that I'm censoring him. Whatever. The CIA agent reading over my shoulder says that John's way too paranoid. I realize that my spam solution is non-optimal but its the best I can come up with at the moment. I'm getting tired of running the list. As it is now it doesn't provide much value and I could use my time for something else. Could someone please set up another node? I'll send you all my scripts etc. But I won't maintain it on a machine you provide, you'll have to do it. Maybe some of our list members from the government would like to step forward with some homeland security $$. :-) Eric
Re: cypherpunks discussions
On Mon, Dec 08, 2003 at 08:31:07AM -0800, Major Variola (ret) wrote: The advantage of eg Yahoo groups (and presumably blogs) is their moderation; the lack thereof enabled spammers to bulldoze the commons of usenet. Inevitable. I've been hearing about blog-spamming lately, and I've seen spammers attack web boards as well. Spammers are also using worms to get control of victim's machines and sending their spam from there. Kids these days don't know how to use shell shortcuts either. Not sure what you mean by that. Shortcut is a M$ term for lame-ass sym link. Sorry, I was in a hurry. History substition is what I meant... i.e. % ericm mkdir /home/cpun % ericm ^pun^punk % ericm cd !$ etc. or any of the hundreds of other history substitution commands. No one I work with knows any of them; they all either laboriously re-type or use the command-line editor even when it requires many more keystrokes. I try to restrain myself from barking out bang dollar! bang dollar dammit! but sometimes I can't help it. Eric
Re: cypherpunks discussions
On Mon, Dec 08, 2003 at 12:21:21AM -0800, Sarad AV wrote: I prefer not getting flamed like every one else and that too in quick succesion :-). so my guess is that as far as newbies are concerned all the discussions are taken private. This is why the cpunks list has very little new subscribers... most newbies who post questions get flamed. Usually by Tim who sears them for not having read some post from 1992 or for bringing up a topic that was discussed in 1996. Perhaps if the archives were complete, well organized and easy to find it would be appropriate to politely tell newbies to read the FAQ. But they're not. It's also not a complete waste of time to discuss topics that have been discussed previously... some new information may come from the discussion. Someone who is not interested can just skip those posts. If the list is restricted to discusing topics that are only of interest to Tim (or any long-time member, Tim's not the only one) then only a few people will even be able to follow the discusssion, let alone participate. Tim, before you reply, I suggest that you look back through the last year or so's worth of your cpunks posts to see how many are the thoughtful incisive kind vs a barage of insults or complaints that the poster you are replying to is an idiot. A related problem is the tendency for a number of posters to turn every thread into an intellectual dicksizewar. It's gotten to the point where I don't post much, and I've been _working_ in security for the 8 years (and on Usenet, where the dicksizewar was invented, for 15). I can only imagine what it's like for new people. Only the most stubborn will stay. The list is selecting for obstinance. On a related note, I do see the addresses of people who unsubscribe, and they are often addresses that recently subscribed. Other people have made the point that mailing lists are old tech and I agree. I don't like the new replacements (blogs, web boards) as much as lists, but perhaps that's because of what I used first. Kids these days don't know how to use shell shortcuts either. BTW, there's about 415 list members. LNE doesn't censor, we do block networks that we've gotten spam from. Currently we block about 12,000 spams a week and receive another 1500 or so. We're still on dial-up (Verizon rural phone service sucks). Allowing those 12,000 spams through to process them would make our 43k line unuseable. Hence the blocking. I explained this to John in private email, and also explained how to get unblocked by following a link in the bounce message. He's refused to do this, prefering to claim that I'm censoring him. Whatever. The CIA agent reading over my shoulder says that John's way too paranoid. I realize that my spam solution is non-optimal but its the best I can come up with at the moment. I'm getting tired of running the list. As it is now it doesn't provide much value and I could use my time for something else. Could someone please set up another node? I'll send you all my scripts etc. But I won't maintain it on a machine you provide, you'll have to do it. Maybe some of our list members from the government would like to step forward with some homeland security $$. :-) Eric
Re: cypherpunks discussions
On Mon, Dec 08, 2003 at 08:31:07AM -0800, Major Variola (ret) wrote: The advantage of eg Yahoo groups (and presumably blogs) is their moderation; the lack thereof enabled spammers to bulldoze the commons of usenet. Inevitable. I've been hearing about blog-spamming lately, and I've seen spammers attack web boards as well. Spammers are also using worms to get control of victim's machines and sending their spam from there. Kids these days don't know how to use shell shortcuts either. Not sure what you mean by that. Shortcut is a M$ term for lame-ass sym link. Sorry, I was in a hurry. History substition is what I meant... i.e. % ericm mkdir /home/cpun % ericm ^pun^punk % ericm cd !$ etc. or any of the hundreds of other history substitution commands. No one I work with knows any of them; they all either laboriously re-type or use the command-line editor even when it requires many more keystrokes. I try to restrain myself from barking out bang dollar! bang dollar dammit! but sometimes I can't help it. Eric
Re: Lucrative update mail flood
Sorry about the mail storm. Someone at monash.edu.au has apparently set up a mail loop that was resubmitting cpunks mails. Eric
Re: Lucrative update
Somoneone at monash.edu.au was resending old mails.
Re: Lucrative update mail flood
Sorry about the mail storm. Someone at monash.edu.au has apparently set up a mail loop that was resubmitting cpunks mails. Eric
[declan@well.com: [Politech] FBI visits John Young, asks about anti-government activity [fs]]
- Forwarded message from Declan McCullagh [EMAIL PROTECTED] - Date: Wed, 05 Nov 2003 17:01:52 -0500 To: [EMAIL PROTECTED] From: Declan McCullagh [EMAIL PROTECTED] Subject: [Politech] FBI visits John Young, asks about anti-government activity [fs] John Young is a longtime supporter of open government and public access to government information. See: http://www.mccullagh.org/cgi-bin/photosearch.cgi?name=john+young -Declan --- http://cryptome.org/fbi-cryptome.htm 4 November 2003 Cryptome received a visit today from FBI Special Agents Todd Renner and Christopher Kelly from the FBI Counterterrorism Office in New York, 26 Federal Plaza, telephone (212) 384-1000. Both agents presented official ID and business cards. SA Renner said that a person had reported Cryptome as a source of information that could be used to harm the United States. He said Cryptome website had been examined and nothing on the site was illegal but information there might be used for harmful purposes. He noted that information in the Cryptome CDs might wind up in the wrong hands. SA Renner said there is no investigation of Cryptome, that the purpose of the visit was to ask Cryptome to report to the FBI any information which Cryptome had a gut feeling could be a threat to the nation. There was a discussion of the purpose of Cryptome, freedom of information, the need for more public information on threats to the nation and what citizens can do to protect themselves, the need for more public information about how the FBI functions in the field and the intention of visits like the one today. SA Kelly said such visits are increasingly common as the FBI works to improve the reporting of information about threats to the US. Asked what will happen as a result of the visit. SA Renner said he will write a report of the visit. Cryptome said it will publish a report of the visit, including naming the agents. Both agents expressed concern about their names being published for that might lead to a threat against them and/or their families -- one saying that due to copious personal databases any name can be traced. Cryptome said the reason for publishing names of agents is so that anyone can verify that a contact has been made, and that more public information is needed on how FBI agents function and who they are. Cryptome noted that on a previous occasion FBI agents had protested publication of their names by Cryptome. Cryptome did not agree to report anything to the FBI that is not available on the website. ___ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) - End forwarded message -
[declan@well.com: [Politech] FBI visits John Young, asks about anti-government activity [fs]]
- Forwarded message from Declan McCullagh [EMAIL PROTECTED] - Date: Wed, 05 Nov 2003 17:01:52 -0500 To: [EMAIL PROTECTED] From: Declan McCullagh [EMAIL PROTECTED] Subject: [Politech] FBI visits John Young, asks about anti-government activity [fs] John Young is a longtime supporter of open government and public access to government information. See: http://www.mccullagh.org/cgi-bin/photosearch.cgi?name=john+young -Declan --- http://cryptome.org/fbi-cryptome.htm 4 November 2003 Cryptome received a visit today from FBI Special Agents Todd Renner and Christopher Kelly from the FBI Counterterrorism Office in New York, 26 Federal Plaza, telephone (212) 384-1000. Both agents presented official ID and business cards. SA Renner said that a person had reported Cryptome as a source of information that could be used to harm the United States. He said Cryptome website had been examined and nothing on the site was illegal but information there might be used for harmful purposes. He noted that information in the Cryptome CDs might wind up in the wrong hands. SA Renner said there is no investigation of Cryptome, that the purpose of the visit was to ask Cryptome to report to the FBI any information which Cryptome had a gut feeling could be a threat to the nation. There was a discussion of the purpose of Cryptome, freedom of information, the need for more public information on threats to the nation and what citizens can do to protect themselves, the need for more public information about how the FBI functions in the field and the intention of visits like the one today. SA Kelly said such visits are increasingly common as the FBI works to improve the reporting of information about threats to the US. Asked what will happen as a result of the visit. SA Renner said he will write a report of the visit. Cryptome said it will publish a report of the visit, including naming the agents. Both agents expressed concern about their names being published for that might lead to a threat against them and/or their families -- one saying that due to copious personal databases any name can be traced. Cryptome said the reason for publishing names of agents is so that anyone can verify that a contact has been made, and that more public information is needed on how FBI agents function and who they are. Cryptome noted that on a previous occasion FBI agents had protested publication of their names by Cryptome. Cryptome did not agree to report anything to the FBI that is not available on the website. ___ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) - End forwarded message -
Re: Palladium/TCPA/NGSCB
On Thu, Oct 23, 2003 at 11:59:47AM -0700, Major Variola (ret) wrote: And virii that infect the immune system can be fun too --imagine a virus infecting your antiviral program. HIV for Windows. Or a virus that modifes your other programs to make them appear to be known virii. You'd have to turn off your AV progams to keep them from destroying your files (or moving them around, going crazy with warnings when you start any program, etc) I'd bet that no AV programs have safeguards against this sort of false positive attack. Eric
Re: Palladium/TCPA/NGSCB
On Thu, Oct 23, 2003 at 11:59:47AM -0700, Major Variola (ret) wrote: And virii that infect the immune system can be fun too --imagine a virus infecting your antiviral program. HIV for Windows. Or a virus that modifes your other programs to make them appear to be known virii. You'd have to turn off your AV progams to keep them from destroying your files (or moving them around, going crazy with warnings when you start any program, etc) I'd bet that no AV programs have safeguards against this sort of false positive attack. Eric
Re: Verisign's Wildcard A-Records and DNSSEC Plans?
ISC is releasing a new BIND to deal with the Verisign land-grab: http://www.bayarea.com/mld/mercurynews/business/6791550.htm
Re: Verisign's Wildcard A-Records and DNSSEC Plans?
ISC is releasing a new BIND to deal with the Verisign land-grab: http://www.bayarea.com/mld/mercurynews/business/6791550.htm
Re: GPG Sig test
On Fri, Sep 12, 2003 at 02:08:00PM -0400, Damian Gerow wrote: Configure your demime to *not* strip attachments of application/pgp-signature. If someone knows how, please tell me. Eric
Re: GPG Sig test
On Fri, Sep 12, 2003 at 02:08:00PM -0400, Damian Gerow wrote: Configure your demime to *not* strip attachments of application/pgp-signature. If someone knows how, please tell me. Eric
SSH MITM (was Re: Getting certificates)
On Thu, Sep 04, 2003 at 10:48:55PM -0700, James A. Donald wrote: On 4 Sep 2003 at 7:56, Eric Murray wrote: ..which means that it [ssh-- ericm] still requires an OOB authentication. (or blinding typing 'yes' and ignoring the consequences). But that's another subject. Not true. Think about what would happen if you tried a man in the middle attack on an SSH server. you'd get the victim's session: http://www.monkey.org/%7Edugsong/dsniff/ Abstract dsniff is a collection of tools for network auditing and penetration [..] sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI. also see http://sysadmin.oreilly.com/news/silverman_1200.html for discussion.
Re: Random musing about words and spam
On Thu, Sep 04, 2003 at 09:02:30PM -0400, Steve Furlong wrote: On Tuesday 02 September 2003 19:00, Thomas Shaddack wrote: Spammers recently adopted tactics of using randomly generated words, eg. wryqf, in both the subject and the body of the message. ... Could the pseudowords be easily detected by their characteristics, ... Presence of pseudowords then could be added as one of spam characteristics. Many of them space the code words away from the rest of the subject text, i.e. Subject: what if it were true? 5258pf2 I think this is to hide the code word since many mail readers only show 40-60 characters of the Subject. I've been id'ing spam by looking for excess whitespace in the Subject line for a couple years (it's one of about 200 checks my program makes). I'm sure other spam-recognition software does this as well. Eric
SSH MITM (was Re: Getting certificates)
On Thu, Sep 04, 2003 at 10:48:55PM -0700, James A. Donald wrote: On 4 Sep 2003 at 7:56, Eric Murray wrote: ..which means that it [ssh-- ericm] still requires an OOB authentication. (or blinding typing 'yes' and ignoring the consequences). But that's another subject. Not true. Think about what would happen if you tried a man in the middle attack on an SSH server. you'd get the victim's session: http://www.monkey.org/%7Edugsong/dsniff/ Abstract dsniff is a collection of tools for network auditing and penetration [..] sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI. also see http://sysadmin.oreilly.com/news/silverman_1200.html for discussion.
[gshively@pivx.com: Blaster / Power Outage Follow up]
- Forwarded message from Geoff Shively [EMAIL PROTECTED] - From: Geoff Shively [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Blaster / Power Outage Follow up Date: Wed, 3 Sep 2003 17:31:34 -0700 As suggested the day of the blackout, SCADA / DCS security was a primary factor in the blackouts. --MSBlast's Effect on the Blackout (29 August 2003) The MSBlast worm apparently slowed some communications lines that connect data centers used to manage the power grid, abetting the cascading effect of the blackout that hit the north-east, mid-west and parts of Canada last month. The worm didn't harm the systems, but did slow down the speed at which networks communicated. A Bush administration advisor said that the worm also hampered efforts to ... restore power in a timely manner. http://www.computerworld.com/printthis/2003/0,4814,84510,00.html Correct after all, this is the second admission of blaster affecting the power systems, one from the Bush administration and one from First Energy. Cheers, Geoff Shively, CHO PivX Solutions, LLC http://www.pivx.com - End forwarded message -
Re: Getting certificates.
On Wed, Sep 03, 2003 at 08:27:18AM -0700, James A. Donald wrote: -- SSH server public/private keys are widely deployed. PKI public keys are not. Reason is that each SSH server just whips up its own keys without asking anyone's permission, or getting any certificates. .which means that it still requires an OOB authentication. (or blinding typing 'yes' and ignoring the consequences). But that's another subject. Now what I want is a certificate that merely asserts that the holder of the certificate can receive email at such and such an address, and that only one such certificate has been issued for that address. Such a certification system has very low costs for issuer and recipient, and because it is a nym certificate, no loss of privacy. Verisign had for a number of years an email-only cert. That is, they verified that the email address had someone or something that answered email. I beleive that they called this a 'Class 1' cert. The certs that IE and outlook express accept oddly do not seem to have any provision for defining what the certificate certifies. This seems a curious and drastic omission from a certificate format. X.509, PKIX et.al. allow a CA to insert a pointer to a certificate practice statement, which can define what the certificate certifies. and application of such certificates. It also, as anyone who tries to get a free certificate from Thawte will discover, makes it difficult, expensive, and inconvenient to get certificates. Thwate's making free certs difficult has nothing to do with the usefulness of certs or X.509 or true names or whatever, and everything to do with maximizing profit. Since each cert carries a fixed risk of legal issues (i.e being sued because they certified X who wasn't X) Verisign/Thwate want to sell a comparatively few expensive certs instead of a lot of cheap certs. Eric
spam blacklists and lne CDR
Hi. The last couple days I've gotten a lot of mail bounces from cpunks subscribers who are blocking lne.com because it's on the osirusoft spam blacklist. There is no way to get off this list; in fact the site appears to be down. Lne.com doesn't send spam; I don't know why we are on this list. My guess is that it's becase we're listed on a couple other extreme blacklists that blacklist entire networks that are owned by ISPs that the list operator does not like. If you or your ISP uses this blacklist, I have no choice but to drop you from the lne cdr lest my mailbox drown in reject messages. I have mixed feelings about blacklists-- I've had to implement one here so we didn't drown in spam and it seems to work reasonably well. But lists that 1) don't let you get off and 2) list sites to pressure them to change ISPs don't get much respect from me, and neither do the ISPs that blindly use them. Eric
[cta@hcsin.net: Re: CNN: 'Explores Possibility that Power Outage is Related to Internet Worm']
Food for thought and grounds for further research: - Forwarded message from Bernie, CTA [EMAIL PROTECTED] - Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk List-Id: bugtraq.list-id.securityfocus.com List-Post: mailto:[EMAIL PROTECTED] List-Help: mailto:[EMAIL PROTECTED] List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] Delivered-To: mailing list [EMAIL PROTECTED] Delivered-To: moderator for [EMAIL PROTECTED] From: Bernie, CTA [EMAIL PROTECTED] Organization: HCSIN To: [EMAIL PROTECTED] Date: Fri, 15 Aug 2003 14:09:12 -0400 Subject: Re: CNN: 'Explores Possibility that Power Outage is Related to Internet Worm' Priority: normal In-reply-to: [EMAIL PROTECTED] X-mailer: Pegasus Mail for Windows (v4.11) It is ridiculous to accept that a lightning strike could knock out the grid, or the transmission system is over stressed. There are many redundant fault, limit and Voltage-Surge Protection safeguards and related instrumentation and switchgear installed at the distribution centers and sub stations along the Power Grid that would have tripped to prevent or otherwise divert such a major outage. I believe that the outage was caused by the MSblaster, or its mutation, which was besieged upon the respective vulnerability in certain control and monitoring systems (SCADA and otherwise) running MS 2000 or XP, located different points along the Grid. Some of these systems are accessible via the Internet, while others are accessible by POTS dialup, or private Frame relay and dedicated connectivity. Being an old PLC automation and control hack let me say that there is a very good plausibility that the recent East Coast power outage was due to an attack by an MBlaster variant on the SCADA system at the power plant master terminal, or more likely at several of the remote terminal units RTU. SCADA runs under Win2000 / XP and the telemetry to the RTU is accessible via the Internet. From what I recall SCADA based monitoring and control systems were installed at many water / sewer processing, gas and oil processing, and hydro-electric plants. I also believe that yesterdays flooding of a generator sub- facility in Philadelphia was also due to an MBlaster variant attack on the SCADA or similarly Win 2000 / XP based system. To make things worst, the Web Interface is MS ActiveX. Now lets see, how can one craft an ActiveX vuln vector into the blaster? Oh, and for the wardrivers, SCADA can be access via wireless connections on the road puts a new perspective on sniffing around sewer plants. It is also reasonable to assume that we could have a similar security threat regarding those system (SCADA and otherwise based on MS 2000 or XP) involved in the control, data acquisition, and maintenance of other critical infrastructure, such as inter/intra state GAS Distribution, Nuclear Plant Monitoring, Water and Sewer Processing, and city Traffic Control. IMO I think we will see a lot of finger pointing by government agencies, Utilities, and politicians for the Grid outage, until someone confess to the security dilemma and vulnerabilities in the systems which are involved in running this critical infrastructure. Regardless of whether the Grid outage can be attributed to the blaster or its variant, this is not entirely a Microsoft problem, as it reeks of poor System Security Engineering practiced by the Utility Companies, and associated equipment and technology suppliers. Nonetheless, the incident will cause lots of money to be earmarked by the US and Canadian Governments, to be spent in an attempt to solve the problem, or more specifically calm the public. This incident should be fully investigated, and regulations passed to ensure that the Utility companies and their suppliers develop and implement proper safeguards that will help prevent or at least significantly mitigate the effects of such a catastrophe. Conversely, I do not want to see our Government directly involved in yet another business, which has such a controlling impact over our individual lives. - On 14 Aug 2003 at 15:18, Geoff Shively wrote: Just flipped on CNN, watching the masses snake through the streets of Manhattan as correspondents state that this could be an affect of the blaster worm. Interesting but I don't see how an worm of this magnitude (smaller than that of Slammer/Sapphire and others) could influence DCS and SCADA systems around the US, particularly just in the North East. Thoughts? Cheers, Geoff Shively, CHO PivX Solutions, LLC - Bernie Chief Technology Architect Chief Security Officer [EMAIL PROTECTED] Euclidean Systems, Inc. *** // There is no expedient to which a man will not go //to avoid the pure labor of honest thinking. // Honest thought, the real business capital. //
Re: MRAM, persistance of memory
On Thu, Jul 10, 2003 at 04:45:58PM +0200, Thomas Shaddack wrote: On Wed, 9 Jul 2003, Eric Murray wrote: I doubt it as well. DRAM also has power-off memory persistence and nearly everyone in security ignores that as well. But not the spooks : The FEI-374i-DRS is a data recovery system that captures and preserved digital data, in its original format, directly from the Dynamic Random Access Memory (DRAM) of Digital Telephone Answering Machines (DTAMs) .. The FEI-374i-DRS is an indispensable tool for forensic investigators required to evaluate residual audio and tag information retained in today's DRAM-based DTAMs. http://www.nomadics.com/374idrs.htm The system doesn't seem to be able to recover data from powered-off DRAM. [..] It's still interesting. It is impossible to get access to the voltage on the DRAM cell capacitors (at least if the chip is in its case and we can access only its pins). We can only see if it is in the range for H or L. And after a power-down (or even a sufficiently long period without a refresh of the given cell) the cell capacitor loses voltage steadily, reaching the level of L (or maybe H?) within at most couple seconds. I would not bet on that for sensitive data. See Peter Gutmans and Ross Anderson's papers on RAM memory remanance. Eric
Re: MRAM, persistance of memory
On Wed, Jul 09, 2003 at 10:23:55AM -0700, Major Variola (ret.) wrote: Wired has an article on magetic RAM http://wired.com/news/technology/0,1282,59559,00.html that fails to mention security implications. Obviously nonvolitile RAM presents a different security risk than RAM that forgets when powered off. Will future OSes have provisions to keep certain data out of MRAM banks, if MRAM doesn't completely displace DRAM? I doubt it. I doubt it as well. DRAM also has power-off memory persistence and nearly everyone in security ignores that as well. But not the spooks : The FEI-374i-DRS is a data recovery system that captures and preserved digital data, in its original format, directly from the Dynamic Random Access Memory (DRAM) of Digital Telephone Answering Machines (DTAMs) ... The FEI-374i-DRS is an indispensable tool for forensic investigators required to evaluate residual audio and tag information retained in today's DRAM-based DTAMs. http://www.nomadics.com/374idrs.htm Eric
Re: idea: brinworld meets the credit card
On Tue, Jul 08, 2003 at 12:16:36PM -0700, Major Variola (ret) wrote: Authentication is Something you have / know / are. [..] A picture glued into the card could be forged, but a smartcard (with more data area than a magstripe) could include a picture of the account holder, so a thief has no idea what to look like. But the vendor can check the encrypted smartcard face to the face on the phone or webcam. For high-value remote transactions, where you pay someone to check faces, this might be viable in a few years. In a few years after that, machines might be able to check faces more cheaply, as reliably. The live face-check with embedded digital photos is already standard practice on high-security building-entry cards (and passports?), with the guard comparing the card-embedded face to the one before him. Ubiquitous cameras will bring that face-check to remote transactions, reducing cost due to lower fraud. Thoughts? How does it allow the merchant to view the picture while preventing the thief from doing so? Saying it's encrypted is, at best, sweeping a very large problem under a small rug. Who holds the key? How does the card or the user authenticate a real merchant vs. a thief posing as a merchant? Those are the hard problems. No one in biometrics has yet been able to solve them in a general way. Eric
[eb@comsec.com: Re: Maybe It's Snake Oil All the Way Down]
- Forwarded message from Eric Blossom [EMAIL PROTECTED] - Date: Tue, 3 Jun 2003 13:25:50 -0700 From: Eric Blossom [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Orig-To: John Kelsey [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], EKR [EMAIL PROTECTED], Scott Guthery [EMAIL PROTECTED], Rich Salz [EMAIL PROTECTED], Bill Stewart [EMAIL PROTECTED], cypherpunks [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Maybe It's Snake Oil All the Way Down In-Reply-To: [EMAIL PROTECTED] User-Agent: Mutt/1.4i On Tue, Jun 03, 2003 at 10:42:01AM -0400, John Kelsey wrote: At 10:09 AM 6/2/03 -0400, Ian Grigg wrote: ... (One doesn't hear much about crypto phones these days. Was this really a need?) Yes, I believe there is a need. In my view, there are two factors in the way of wide spread adoption: cost and ease of use. Having spent many years messing with these things, I've come to the conclusion that what I personally want is a cell phone that implements good end-to-end crypto. This way, I've always got my secure communication device with me, there's no bag on the side, and it can be made almost completely transparent. And for cellphones, I keep thinking we need a way to sell a secure cellphone service that doesn't involve trying to make huge changes to the infrastructure, ... Agreed. Given a suitably powerful enough Java or whatever equipped cell phone / pda and an API that provides access to a data pipe and the speaker and mic, you can do this without any cooperation from the folks in the middle. I think that this platform will be common within a couple of years. The Xscale / StrongARM platform certainly has enough mips to handle both the vocoding and the crypto. Also on the horizon are advances in software radio that will enable the creation of ad hoc self organizing networks with no centralized control. There is a diverse collection of people supporting this revolution in wireless communications. They range from technologists, to economists, lawyers, and policy wonks. For background on spectrum policy issues see http://www.reed.com/openspectrum, http://cyberlaw.stanford.edu/spectrum or http://www.law.nyu.edu/benklery Free software for building software radios can be found at the GNU Radio web site http://www.gnu.org/software/gnuradio Eric - End forwarded message -
[eay@pobox.com: Re: Maybe It's Snake Oil All the Way Down]
- Forwarded message from Eric Young [EMAIL PROTECTED] - Date: Wed, 04 Jun 2003 01:05:24 +1000 From: Eric Young [EMAIL PROTECTED] User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312 X-Accept-Language: en-us, en To: [EMAIL PROTECTED] X-Orig-To: [EMAIL PROTECTED] CC: EKR [EMAIL PROTECTED], Eric Murray [EMAIL PROTECTED], Scott Guthery [EMAIL PROTECTED], Rich Salz [EMAIL PROTECTED], Bill Stewart [EMAIL PROTECTED], cypherpunks [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Maybe It's Snake Oil All the Way Down In-Reply-To: [EMAIL PROTECTED] Ian Grigg wrote: It's like the GSM story, whereby 8 years down the track, Lucky Green cracked the crypto by probing the SIMs to extract the secret algorithm over a period of many months (which algorithm then fell to Ian Goldberg and Dave Wagner in a few hours). In that case, some GSM guy said that, it was good because it worked for 8 years, that shows the design was good, doesn't it? And Lucky said, now you've got to replace hundreds of millions of SIMs, that's got to be a bad design, no? Well the point here is that the data encryption in GSM is not relevant to the people running the network. The authentication is secure, so there is no fraud, so they still get the money from network usage. Privacy was never really there since the traffic is not encrypted once it hit the base station, so the relevant government agencies can be kept happy. The encryption was only relevant to protect the consumers from each other. eric (hopefully remembering things correctly) - End forwarded message -
[eb@comsec.com: Re: Maybe It's Snake Oil All the Way Down]
- Forwarded message from Eric Blossom [EMAIL PROTECTED] - Date: Tue, 3 Jun 2003 15:50:37 -0700 From: Eric Blossom [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Orig-To: John Kelsey [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], EKR [EMAIL PROTECTED], Scott Guthery [EMAIL PROTECTED], Rich Salz [EMAIL PROTECTED], Bill Stewart [EMAIL PROTECTED], cypherpunks [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Maybe It's Snake Oil All the Way Down In-Reply-To: [EMAIL PROTECTED] User-Agent: Mutt/1.4i On Tue, Jun 03, 2003 at 06:17:12PM -0400, John Kelsey wrote: At 01:25 PM 6/3/03 -0700, Eric Blossom wrote: ... I agree end-to-end encryption is worthwhile if it's available, but even when someone's calling my cellphone from a normal landline phone, I'd like it if at least the over-the-air part of the call was encrypted. That's a much bigger vulnerability than someone tapping the call at the base station or at the phone company. GSM and CDMA phones come with the crypto enabled. The crypto's good enough to keep out your neighbor (unless he's one of us) but if you're that paranoid, you should opt for the end-to-end solution. The CDMA stuff (IS-95) is pretty broken: *linear* crypto function, takes 1 second worst case to gather data sufficient to solve 42 equations in 42 unknowns, but again, what's your threat model? Big brother and company are going to get you at the base station... At our house we've pretty much given up on wired phone lines. We use cell phones as our primary means of communication. Turns out that with the bundled roaming and long distance, it works out cheaper than what we used to pay for long distance service. There is that pesky location transponder problem though. ...which will basically never be secured end-to-end if this requires each of those people to buy a special new phone, or do some tinkering with configuring secure phone software for their PDA. Hmmm, which key size do I need? Is 1024 bits long enough? Why do I have to move the mouse around, again, anyway? It doesn't have to be hard. No requirement for PKI. Just start with an unauthenticated 2k-bit Diffie-Hellman and be done with it. Eric - End forwarded message -
[PaulLambert@AirgoNetworks.Com: Re: BIS Disk Full]
- Forwarded message from Paul Lambert [EMAIL PROTECTED] - Subject: Re: BIS Disk Full Date: Mon, 2 Jun 2003 22:50:20 -0700 Thread-Topic: Re: BIS Disk Full Thread-Index: AcMpAGDW0rLn6AHCQFSmRRWCM9LG7QAkdTWg From: Paul Lambert [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Orig-To: Declan McCullagh [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] X-MIME-Autoconverted: from quoted-printable to 8bit by gw.lne.com id h535oULl001507 Is it this? http://snap.bis.doc.gov/ The correct URL is: http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html This site contains the full process to export encryption source code that would be considered publicly available The site has you e-mail to three addresses: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] You can also send a disk to both to 14th Street and Pennsylvania Avenue and Fort Meade I've submitted twice and never gotten an acknowledgement ... can't imagine that they are that busy. Paul -Original Message- From: Declan McCullagh [mailto:[EMAIL PROTECTED] Sent: Sunday, June 01, 2003 8:52 PM To: Anonymous Cc: [EMAIL PROTECTED] Subject: Re: BIS Disk Full URL? Is it this? http://snap.bis.doc.gov/ Email to [EMAIL PROTECTED] does not bounce, at least not immediately. -Declan On Sat, May 31, 2003 at 01:34:00PM -0700, Anonymous wrote: I tried to notify the BIS that I was posting some code and I got this error back: [EMAIL PROTECTED]: 170.110.31.61 failed after I sent the message. Remote host said: Can't create transcript file ./xfh4VJhUa02511: No space left on device [EMAIL PROTECTED]: 170.110.31.61 failed after I sent the message. Remote host said: Can't create transcript file ./xfh4VJhVC02512: No space left on device Are our rights suspended until they get their system fixed? :-) - End forwarded message -
all your base are a terrorist threat
Some kids put up all your base are belong to us flyers in Missouri and the police arrested them for being terrorists. http://sturgisjournal.com/display/inn_news/news1.txt
Re: All your base are terrorists
On Fri, Apr 04, 2003 at 06:57:50PM -0600, Roy M.Silvernail wrote: On Friday 04 April 2003 03:54 pm, Eric spake: Some kids put up all your base are belong to us flyers in Missouri and the police arrested them for being terrorists. http://sturgisjournal.com/display/inn_news/news1.txt That's an ephemeral URL. But a quick search of their archive produced no hits. Got a better link? It's still there for me. Here's the text for the browsing-impaired: Signs land seven in court By CLIFFORD JEFFERY STURGIS JOURNAL What started as an April Fool's joke involving bad grammar landed seven people in jail Tuesday. Sturgis police arrested seven Sturgis men for placing more than 20 threatening letters on various businesses, schools, banks and at the post office. At least 12 signs were posted Monday morning. Another 20 were put up Tuesday evening, according to Sturgis police. The letters all read All your base are belong to us and you have no chance to survive, make your time. Information about the letters was forwarded to the FBI and U.S. postal authorities, said Sturgis police Chief Eugene Alli. This is no joking matter, he said. During a time of war and with the present concern for homeland security, terrorist acts will not be tolerated and will be prosecuted to the fullest extent of the law. The All your base are belong to us are lines said by Cats, a bad guy in a 1989 Japanese video game. The poor translation to English led to its use by many involved in the video game culture. According to the All your base are belong to us Web site, a voiceover of the Zero Wing video game introduction, including the poorly translated line, was put to music and sung by a Wayne Newton impersonator. Stories about the phrase have appeared in Time, USA Today, The Los Angeles Times and Wired. The phrase is printed on T-shirts and bumper stickers. But police were not in on the joke. Officer Damon Knapp witnessed three people placing the signs on a downtown business. By early this morning, police had arrested seven men, charging them with disorderly conduct. Robert McNew, 20, Carl McNew, 19, John Wolf, 20, William Caldwell, 17, Dustin Garn, 19, Kirk Vezeau, 20, and Kyle Woodward, 18, were all released after posting bond.
aljazeera.net blocking
Getting a 503 or any HTTP error means that you are getting through to something that is too busy. An HTTP error jibes with the usual result of a web site hack that takes down the server. But it also could be a result of too many connection attempts. Not being able to resolve the name indicates something different than too many users or a web site hack, since the name information comes from DNS servers which are not on the same network. Simplifying a lot, the ultimate DNS record comes from the registrar who places it on the root servers. If the root servers no longer have the record, then no one will be able to resolve the name (modulo local cache timeouts, usually of a day or so). ALJAZEERA.NET is registered by networksolutions.com (Verisign), who also control most of the root servers as well. Two days ago, ALJAZEERA.NET resolved to an IP address that had a web server on it. Yesterday, it couldn't be resolved. Today it points to 216.34.94.186. 216.34.94.186 appears to belong to a Cable Wireless IP block. A traceroute ends at a CW router that is probably somewhere in America: 9 p0-0-0-1.rar1.sanjose-ca.us.xo.net (65.106.1.65) 4.936 ms 9.793 ms 4.802 ms 10 p0-0.ir1.paloalto-ca.us.xo.net (65.106.5.194) 5.489 ms 5.389 ms 5.461 ms 11 bpr2-so-6-0-0.paloaltopaix.cw.net (206.24.241.213) 5.398 ms 15.071 ms 5.223 ms 12 agr2-loopback.santaclara.cw.net (208.172.146.102) 5.680 ms 5.569 ms 5.802 ms 13 dcr2-so-7-1-0.santaclara.cw.net (208.172.156.185) 7.210 ms 5.810 ms 7.434 ms 14 acr1-loopback.seattle.cw.net (208.172.82.61) 23.783 ms 26.939 ms 23.587 ms 15 bhr1-pos-0-0.tukwilase2.cw.net (208.172.83.130) 24.920 ms 24.461 ms 24.630 ms 16 csr11-ve240.tukwilase2.cw.net (216.34.64.34) 25.067 ms 24.883 ms 24.769 ms 17 * * * 18 * * * They could have picked a bad time to move servers and be doing it incompetently. Hackers could have spoofed Verisign into changing their DNS record, and have broken into router control networks to break their routing. Or the US government could be ordering Verisign and CW to make ALJAZEERA.NET unavailable. Eric
Re: U.S. Drops 'E-Bomb' On Iraqi TV
On Wed, Mar 26, 2003 at 03:24:01AM -0800, Sarad AV wrote: it doesnt matter as long as Al-Jazeera is live and kicking and the camera's are rolling. Yesterday morning I could get to english.aljazeera.net. As of yesterday afternoon, it has become unavailable. Supposedly they are victims of hackers but yesterday a traceroute from california stopped somewhere in Sprints' network in the US. This morning I can't even resolve their name. None of their listed nameservers will respond. Eric
Re: U.S. Drops 'E-Bomb' On Iraqi TV
On Wed, Mar 26, 2003 at 03:24:01AM -0800, Sarad AV wrote: it doesnt matter as long as Al-Jazeera is live and kicking and the camera's are rolling. Yesterday morning I could get to english.aljazeera.net. As of yesterday afternoon, it has become unavailable. Supposedly they are victims of hackers but yesterday a traceroute from california stopped somewhere in Sprints' network in the US. This morning I can't even resolve their name. None of their listed nameservers will respond. Eric
faking WMD evidence
Apparently the CIA and MI6 have been faking WMD evidence for quite a while: http://www.newyorker.com/fact/content/?030331fa_fact1
Re: IDEA
On Sat, Mar 22, 2003 at 09:40:50AM +, [EMAIL PROTECTED] wrote: IDEA is listed on the fourth line, so it seems IDEA was installed with OpenSSL, but MixMaster's install may be improperly detecting that IDEA is absent. It's when I run the Mixmaster install that I get the error: ... Looking for libz.a... Found at /usr/lib/libz.so. Found source directory zlib-1.1.4. Use the source if the pre-installed library causes compilation problems. Use source? [n] Looking for libpcre.a... Found source directory pcre-2.08. Looking for libcrypto.a... Found at /usr/local/ssl/lib/libcrypto.a. ./Install: [: 90701f: integer expression expected I think that line means that mixmaster's install script isn't properly identifying the version of Openssl. If it were me, I'd fix the Mixmaster install script. ./Install: tmptst.c: Permission denied gcc: tmptst.c: No such file or directory Yep, the install script needs help. BTW, if you will be posting Mixmaster messages to the cpunks list, could you fix it so it uses an informative Subject: line instead of Mixmaster Type III Message? Eric
Re: IDEA
On Sat, Mar 22, 2003 at 09:40:50AM +, [EMAIL PROTECTED] wrote: IDEA is listed on the fourth line, so it seems IDEA was installed with OpenSSL, but MixMaster's install may be improperly detecting that IDEA is absent. It's when I run the Mixmaster install that I get the error: ... Looking for libz.a... Found at /usr/lib/libz.so. Found source directory zlib-1.1.4. Use the source if the pre-installed library causes compilation problems. Use source? [n] Looking for libpcre.a... Found source directory pcre-2.08. Looking for libcrypto.a... Found at /usr/local/ssl/lib/libcrypto.a. ./Install: [: 90701f: integer expression expected I think that line means that mixmaster's install script isn't properly identifying the version of Openssl. If it were me, I'd fix the Mixmaster install script. ./Install: tmptst.c: Permission denied gcc: tmptst.c: No such file or directory Yep, the install script needs help. BTW, if you will be posting Mixmaster messages to the cpunks list, could you fix it so it uses an informative Subject: line instead of Mixmaster Type III Message? Eric
Re: surveillance nation
On Tue, Mar 18, 2003 at 01:17:21PM -0500, Sunder wrote: Interesting, lne.com flagged this as spam. We probably rejected the SMTP connection as coming from a source that's sent us spam in the past. Read the bounce message and use the URL to send me the ID code please. There's no content-based spam filtering on the lne cpunks list. Eric
Re: surveillance nation
On Tue, Mar 18, 2003 at 01:17:21PM -0500, Sunder wrote: Interesting, lne.com flagged this as spam. We probably rejected the SMTP connection as coming from a source that's sent us spam in the past. Read the bounce message and use the URL to send me the ID code please. There's no content-based spam filtering on the lne cpunks list. Eric
Re: Press Coverage, Snarky Media Personalities, and War
On Sat, Mar 01, 2003 at 01:43:58PM -0800, Eric Cordian wrote: Tim May wrote: P.S. I plan to make strong efforts to stop my new address from being harvested by spammers, such as using [EMAIL PROTECTED] in Usenet posts. I hope this works. I'm pretty sure, based on my spam volume, that spammers grep Cypherpunks for email addresses. I don't think that spammers bother to subscribe to mailing lists directly. I think they use google to search for email addresses on the web. Cpunks is web archived. /[EMAIL PROTECTED](com|net)/ is probably a great way to find valid addresses. So you're probably already hosed. I probably spend half an hour to an hour a week on spam blocks of various sorts. This week I blocked 3800 spams to lne.com, and foiled another thousand SMTP name searches. lne.com only has a few users. That spam count doesn't count the spam that goes to cpunks, most of which is filtered out before I see it. It's to the point where I'm considering actively fighting back. Eric
Re: To Steve Schear, re Rome, Architects, Shuttles, Congress
On Thu, Feb 20, 2003 at 11:32:43PM -0500, Major Variola (ret) wrote: Carburetor? Didn't that connect to the phonograph through a cat's whisker? Carburetor is French for leave it alone. While only one of my cars is old enough to have a carb, all but one of the 10 or so motorcycles in the garage do. So I work on carbs a lot. They are a marvel of applied physics and they work pretty well. And if you are careful and keep things clean (carbs hate dirt), they are easy to work on. but except for my first auto mechanics class, I didn't mess with brakes - if I mess up an engine, my car might not go anywhere, but that's usually fail-safe, while making mistakes on brakes is fail-dangerous. Bingo. And hacking on production machines is a no-no. It was a bit tough for street cars for a while, but these days there's a lot you can do and be 100% legal. Many aftermarket manufacturers get EPA approval for their bits (not difficult to do). Fuel-injection has made automotive systems both simpler and more readily modified. It's a lot easier to plug a laptop in and diddle the fuel mapping than it is to take the carb(s) off and change jets. I prefer motorcycles to cars as they are much easier to work on and there are fewer regulations and less enforcement, even in California. And many of the bikes I have worked on have been competition bikes, not road bikes. Doncha wish there was a traceroute for hoses under the hood? Cars look like the hoses pipes and tubes in _Brazil_ nowadays. Not nearly as bad as they did in the 80s. I have an early 80s Toyota 4x4 farm truck and it's got probably 40-60 different Little Black Hoses plus assorted Mystery Boxes. New cars just have an FI computer and a throttle body and a few wires. Some vehicles (i.e. Ducati 999 motorcycle) use a digital network instead of dedicated circuits. Making it even more amenable to hacking, at least until the factory figures out DRM... The future is in a few powerful networked computers per vehicle instead of many dumb microprocessors on seperate circuits. This will make vehicles even more hackable. The other place that computer tech is changing things for the home vehicle haxor is in machining. There are a lot of cheap CNC setups available now. Most use PCs. One of the better CNC programs runs on Linux and was developed by/for NIST, who distributes it free. [1] Air Quality Management District, the pollution police in SoCal at least. They make 2-cycle engines and useful BBQ lighter fluid illegal here. Also won't let you register a car if you've modified the pollution controls in any way, since mods are officially bad and you can't register a car without a periodic smog check. You're not supposed to paint your own vehicles in SoCal either, automotive paint being a VOC. But a back room or garage can be made into a dandy hidden paint booth. All you need is a fan and some plastic sheeting and duct tape. The fumes will disperse enough that the neighbors probably won't notice, and if they do they'll just think that you're running a meth lab. Eric
Re: To Steve Schear, re Rome, Architects, Shuttles, Congress
On Thu, Feb 20, 2003 at 11:32:43PM -0500, Major Variola (ret) wrote: Carburetor? Didn't that connect to the phonograph through a cat's whisker? Carburetor is French for leave it alone. While only one of my cars is old enough to have a carb, all but one of the 10 or so motorcycles in the garage do. So I work on carbs a lot. They are a marvel of applied physics and they work pretty well. And if you are careful and keep things clean (carbs hate dirt), they are easy to work on. but except for my first auto mechanics class, I didn't mess with brakes - if I mess up an engine, my car might not go anywhere, but that's usually fail-safe, while making mistakes on brakes is fail-dangerous. Bingo. And hacking on production machines is a no-no. It was a bit tough for street cars for a while, but these days there's a lot you can do and be 100% legal. Many aftermarket manufacturers get EPA approval for their bits (not difficult to do). Fuel-injection has made automotive systems both simpler and more readily modified. It's a lot easier to plug a laptop in and diddle the fuel mapping than it is to take the carb(s) off and change jets. I prefer motorcycles to cars as they are much easier to work on and there are fewer regulations and less enforcement, even in California. And many of the bikes I have worked on have been competition bikes, not road bikes. Doncha wish there was a traceroute for hoses under the hood? Cars look like the hoses pipes and tubes in _Brazil_ nowadays. Not nearly as bad as they did in the 80s. I have an early 80s Toyota 4x4 farm truck and it's got probably 40-60 different Little Black Hoses plus assorted Mystery Boxes. New cars just have an FI computer and a throttle body and a few wires. Some vehicles (i.e. Ducati 999 motorcycle) use a digital network instead of dedicated circuits. Making it even more amenable to hacking, at least until the factory figures out DRM... The future is in a few powerful networked computers per vehicle instead of many dumb microprocessors on seperate circuits. This will make vehicles even more hackable. The other place that computer tech is changing things for the home vehicle haxor is in machining. There are a lot of cheap CNC setups available now. Most use PCs. One of the better CNC programs runs on Linux and was developed by/for NIST, who distributes it free. [1] Air Quality Management District, the pollution police in SoCal at least. They make 2-cycle engines and useful BBQ lighter fluid illegal here. Also won't let you register a car if you've modified the pollution controls in any way, since mods are officially bad and you can't register a car without a periodic smog check. You're not supposed to paint your own vehicles in SoCal either, automotive paint being a VOC. But a back room or garage can be made into a dandy hidden paint booth. All you need is a fan and some plastic sheeting and duct tape. The fumes will disperse enough that the neighbors probably won't notice, and if they do they'll just think that you're running a meth lab. Eric
Re: To Steve Shear, re Rome, Architects, Shuttles, Congress
On Wed, Feb 19, 2003 at 08:27:31PM -0500, Major Variola (ret) wrote: Hackers don't work on their own brakes for a reason: evolution. I do. That way I know they were done right. Specialization is for insects. Eric
Re: Digital Certificates
On Tue, Feb 18, 2003 at 01:22:21PM -0800, Joseph Ashwood wrote: I was just wondering if anyone has a digital certificate issuing system I could get a few certificates issued from. Trust is not an issue since these are development-only certs, and won't be used for anything except testing purposes. Whenever I need some test certs I use openssl to generate them. (Or an ingrian box, but not many people have one of those.) There's instructions in the openssl docs. For test purposes you don't need openca, its only needed if you want to issue a lot of certs automagically. The development is for an open source PKCS #11 test suite. Let me know when its done, I could use it. Eric
Re: The practical reason the U.S. is starting a war
On Fri, Feb 14, 2003 at 09:54:33AM -0800, Tim May wrote: I've been watching the Security Council session this morning. Positions are established. The French diplomat gave a wonderful speech, but its all for show. The real decisions are made in the back rooms. [..] * The reason is clear: the juggernauts of the military buildup are rolling: 5 carrier battle groups now either in the region or arriving within the next 10 days. More than 100,000 U.S. and British troops massing in Kuwait, Qatar, and other staging areas. * The new moon, when moonlight is minimal, is happening around 1 March. This is the standard military time to attack, and fits with the cresting of the military buildup. (Carriers and aircraft and troops should be in place by 25 February, and so the war could start any time after that.) It's been well known for months in the rest of the world that the war is scheduled to start on the 27th. Our media isn't mentioning that, to heighten the suspense and preserve the various fictions of working with the UN and having a debate. All of these issues point to what a clusterfuck this is turning into, exposing the hypocrisy of the U.S. position that it doesn't start wars (a claim that can never be made again with a straight face if this war starts...though some would say this claim has been bogus for the past 40 years). Having its hypocrisy exposed no longer bothers american adminstrations. The Big Lie technique works better now than it ever did. And exposing the hypocrisy of the notion that Congress debates important issues. And of course the U.N. suffers. Not all of these things are bad. Which is why I am hoping for a war. A war that goes badly, a war that results in world opinion turning sharply against the American aggressor state. Our government won't care. They own the world and they know it. France will block a UN resolution because the USG didn't cut them in for enough of the oil fields, and the USG will go ahead anyhow. Any government that opposes too seriously will find itself part of the axis of evil. A war that causes Iran to decide to seize some disputed territory (what we gonna do then, homey?). Invade and set up a puppet government of course. A war that returns the United States to blissful isolationism. Won't happen. Even if the war costs $200B/year they'll just raise taxes on the middle class and run up the deficit and Congress will bleat 'yea' votes when required. A war that, Allah willing, causes Washington, D.C. to be be hit with a suitcase nuke, cleansing it of a million criminal politicians and two million inner city welfare mutants. 'Tis a consummation devoutly to be wished. Not. The rot and corruption runs far too deep in politics for a single hit on DC to change anything fundamental, and the vicious police state that would result would be far worse than any of our current nightmares. Eric
ClearChannel memo Preparing for war
Appropriate to the recent media thread, a leaked ClearChannel memo on some station's war preperations: http://www.internalmemos.com/memos/memodetails.php?memo_id=1329 They're clearly salivating at the prospect. Eric
Re: Shuttle Humor, Risk Estimation
On Mon, Feb 03, 2003 at 05:01:41PM -0600, Harmon Seaver wrote: The biggest question there is why didn't they inspect it? Seems very bizarre, since that's what they did in the past. All the KH-71s were busy mapping Iraq's oil fields and photographing Saddam's nose hairs. Eric
Re: Shuttle Humor, Risk Estimation
On Mon, Feb 03, 2003 at 05:01:41PM -0600, Harmon Seaver wrote: The biggest question there is why didn't they inspect it? Seems very bizarre, since that's what they did in the past. All the KH-71s were busy mapping Iraq's oil fields and photographing Saddam's nose hairs. Eric
Re: Touching shuttle debris may cause bad spirits to invade your body!
On Sun, Feb 02, 2003 at 10:19:27AM -0800, Tim May wrote: A real journalist would just roll his eyes and say Look, folks, NASA wants these pieces to be aid in reconstructing the accident. There are no traces of liquid propellants and deadly chemicals on these pieces. And they certainly didn't stay hot for long. NASA is trying to get us to feed you jive so you'll be properly frightened and won't touch them.? No one with the gumption to say the truth is allowed near a mic at any major media outlet. Instead they get marginalized as a conspiracy theorist along with the UFO idiots, and the mass media hire dolts who will read what they're told to read. I'm not sure which is more irritating-- the obvious way in which the govermedia manipulate the issue, or their automatic assumption that americans are too stupid/criminal to turn in all the parts they find if NASA just said we need all the parts, please bring 'em in. Eric
Re: Life Sentence for Medical Marijuana?
On Fri, Jan 31, 2003 at 04:50:00PM -0800, Eric Cordian wrote: http://www.foxnews.com/story/0,2933,77234,00.html The Feebs are crowing over their latest victory, having just obtained a conviction against a medical marijuana grower for the city of Oakland. They went after Ed Rosenthal because he is the author of a popular book on growing dope. There is no such thing as medical marijuana, said Richard Meyer, a DEA spokesman. We're Americans first, Californians second. Interesting how selective the states rights crowd in Washington is. Eric
Re: Cpunks: The Tee-shirt
On Thu, Dec 12, 2002 at 04:11:21PM -0500, Trei, Peter wrote: I was poking around thinkgeek, and it appears that the CDR now has it's own tee-shirt. Suitable for old farts and wannabes alike. Now available in black! Peter Trei http://www.thinkgeek.com/tshirts/coder/57ee/ Not The Fedz declared me an enemy combatant, sent me to Cuba for torture and all I got was this lousy T-shirt? Eric
Re: Cpunks: The Tee-shirt
On Thu, Dec 12, 2002 at 04:11:21PM -0500, Trei, Peter wrote: I was poking around thinkgeek, and it appears that the CDR now has it's own tee-shirt. Suitable for old farts and wannabes alike. Now available in black! Peter Trei http://www.thinkgeek.com/tshirts/coder/57ee/ Not The Fedz declared me an enemy combatant, sent me to Cuba for torture and all I got was this lousy T-shirt? Eric
CDR administrivia
I've just been made aware of a bug in my CDR code that causes MIME-encoded mail that uses the (rare) Content-Type: multipart/mixed to get dropped into the bit bucket. I'll fix it soon, but in the mean time please post in plain ASCII. You should post in plain ascii anyhow since any MIME gets demimed (the demime program being the problem in this case) but I know that some mailers don't make it easy and some people post from environments where MIME encoding is the norm and forget to switch. Eric
CDR administrivia
I've just been made aware of a bug in my CDR code that causes MIME-encoded mail that uses the (rare) Content-Type: multipart/mixed to get dropped into the bit bucket. I'll fix it soon, but in the mean time please post in plain ASCII. You should post in plain ascii anyhow since any MIME gets demimed (the demime program being the problem in this case) but I know that some mailers don't make it easy and some people post from environments where MIME encoding is the norm and forget to switch. Eric
Re: stego building
On Sun, Nov 24, 2002 at 03:54:13PM -0800, Bill Stewart wrote: That, or it's a dot-com that didn't make it, or an office-space construction that someone hoped to sell to a dot-com but missed the boom. There's huge amounts of that in SF. They wouldn't have security if it was empty, and would probably have at least one sign if it was occupied. Also, office space tends to have windows. Perhaps its a phone company CO or other facility. I have seen large windowlwss concrete buildings used by the phone company before. Or maybe that's just what they want us to think... Eric At 05:37 PM 11/24/2002 -0600, Neil Johnson wrote: On Sunday 24 November 2002 04:49 pm, Tarapia Tapioco wrote: There is a huge concrete building, hardly any windows, occupying the whole block-width between Market and Mission streets in san francisco, one side being 11th street. Funny thing is that it has no markings at all. The main entrance seems to be at 14xx Market, with visible security. Any clues appreciated. It's probably just a co-location center for web servers. I vaguely remember an dot-com boom article about some sort secure datacenter for web server bussiness being built in that area. Not quite as secure as the The Bunker though. -Neil
Re: Q: opportunistic email encryption
On Fri, Nov 22, 2002 at 09:23:57PM +0100, Eugen Leitl wrote: Question: if you control the traffic layer you can easily disrupt opportunistic encryption (STARTTLS Co) by killing public key exchange, or even do a MITM. An attacker can prevent opportunistic STARTTLS by modifying the STARTTLS tag in SMTP. Is there any infrastructure in MTAs for public key caching, and admin notification if things look fishy? (Fishy: a host which used to do PKI with you suddenly says it can't, or its key differs from key you cached). ssh does this. Eric
[perry@piermont.com: The FBI Has Bugged Our Public Libraries]
This will come as no suprise to people on this list. - Forwarded message from Perry E. Metzger [EMAIL PROTECTED] - Delivered-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: The FBI Has Bugged Our Public Libraries From: Perry E. Metzger [EMAIL PROTECTED] Date: 05 Nov 2002 18:40:31 -0500 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 Precedence: bulk From Interesting-People Date: Tue, 05 Nov 2002 17:12:52 -0500 Subject: [IP] The FBI Has Bugged Our Public Libraries From: Dave Farber [EMAIL PROTECTED] From: Richard Forno [EMAIL PROTECTED] Subject: The FBI Has Bugged Our Public Libraries To: Dave Farber [EMAIL PROTECTED] Date: Tue, 05 Nov 2002 16:40:41 -0500 The FBI Has Bugged Our Public Libraries November 3, 2002 http://www.ctnow.com/features/lifestyle/hc-privacy1103.artnov03col.story Some reports say the FBI is snooping in the libraries. Is that really happening? Yes. I have uncovered information that persuades me that the Federal Bureau of Investigation has bugged the computers at the Hartford Public Library. And it's probable that other libraries around the state have also been bugged. It's an effort by the FBI to obtain leads that it believes may lead them to terrorists. Many members of the public regularly use computers in libraries to access the Internet for research purposes or to locate information about particular interests. It's also not uncommon for students and others to communicate with friends and relatives through e-mail from there. The FBI system apparently involves the installation of special software on the computers that lets the FBI copy a person's use of the Internet and their e-mail messages. (Don't ask me how I know about this because I can't reveal how I was able to collect the information.) Members of the public who use the library have not been informed that the government is watching their activities. It's not just the computers. Circulation lists that show which books someone borrowed are also accessible to the government. What are the Hartford librarians saying? I can't disclose that we were presented with anything, said Louise Blalock, Hartford's head librarian. I asked Mary W. Billings, the library's technical services manager, if the FBI had given her a subpoena or a court order for library information. Her response: I cannot answer that question. snip http://www.ctnow.com/features/lifestyle/hc-privacy1103.artnov03col.story -- -- Perry E. Metzger[EMAIL PROTECTED] - End forwarded message -
Re: Details on lne.com's blocking of Cypherpunks posts??
On Sun, Oct 27, 2002 at 06:31:40PM -0800, Tim May wrote: On Sunday, October 27, 2002, at 01:04 PM, Bill Stewart wrote: [Hmm. lne.com spam-blocked me on the first attempt. Can you provide details? If lne.com is blocking posts, I will have to find another CP node. Lne has been blocking mail from spam sites for years. The original lne CDR 'charter' posting mentioned that lne blocks spammers. But lately the spam has been getting really bad, close to 50% of the mail we were getting, and then the spammers started doing brute force name searches as well many thousands per day. That really pissed me off. So I have increased the use of the block list, for lack of better technology. The block list isn't intended to keep any mailing list postings out. The program that adds to it checks that there isn't a list subscriber at that site, but it's not perfect. Especially with list subscribers who have shadow domains or forwards, which a lot of cpunks list subscribers have. In Bill's case, a mindspring SMTP server seemed to be a spam haven based on what we received here, but then Bill's mail got routed through it. There's a web form that the SMTP error message points you to in the very rare case that there was legitimate mail rejected (it's happend all of five times so far), and that form can be used to let me know that there is a human whose mail is getting blocked so I can fix it. Eric
Re: Details on lne.com's blocking of Cypherpunks posts??
On Sun, Oct 27, 2002 at 06:31:40PM -0800, Tim May wrote: On Sunday, October 27, 2002, at 01:04 PM, Bill Stewart wrote: [Hmm. lne.com spam-blocked me on the first attempt. Can you provide details? If lne.com is blocking posts, I will have to find another CP node. Lne has been blocking mail from spam sites for years. The original lne CDR 'charter' posting mentioned that lne blocks spammers. But lately the spam has been getting really bad, close to 50% of the mail we were getting, and then the spammers started doing brute force name searches as well many thousands per day. That really pissed me off. So I have increased the use of the block list, for lack of better technology. The block list isn't intended to keep any mailing list postings out. The program that adds to it checks that there isn't a list subscriber at that site, but it's not perfect. Especially with list subscribers who have shadow domains or forwards, which a lot of cpunks list subscribers have. In Bill's case, a mindspring SMTP server seemed to be a spam haven based on what we received here, but then Bill's mail got routed through it. There's a web form that the SMTP error message points you to in the very rare case that there was legitimate mail rejected (it's happend all of five times so far), and that form can be used to let me know that there is a human whose mail is getting blocked so I can fix it. Eric
Re: The Register - UK firm touts alternative to digital certs (fwd)
On Mon, Oct 21, 2002 at 03:37:33PM +0100, David Howe wrote: at Monday, October 21, 2002 3:14 PM, Trei, Peter [EMAIL PROTECTED] was seen to say: I'd be nervous about a availability with centralized servers, even if they are triple redundant with two sites. DDOS attacks, infrastructure (backhoe) attacks, etc, could all wreck havoc. Indeed so, yes. I suspect (if it ever takes off) that they will have to scale their server setup in pace with the demand, but to be honest I think 600/sec is probably quite a high load for actual payments - we aren't talking logins or web queries, but actual real-money-payment requests. Looking at their web site, they seem pretty generic about what it's for, but I did not see any mention of using it for payments. So I assume it's for logins. They do say that their servers are benchmarked at 300 transactions/sec. That's pretty darn slow for single des. There would have to be an authenticated and probably encrypted session between the server accepting the login (or the merchant if it really does payments) and the back end. But even using SSL/TLS, which would be more than is required but an easy component to plug in, they ought to be able to get at least a true 1000 sessions/sec using one of the current SSL accelerators out there. Maybe they have a bunch of slow database lookups? Perhaps there is a long RTT for the check against the CIA blacklist? If it is for logins, how many sites would be willing to let someone else know when their employees log in? That could be useful competitive intelligence. Eric
Re: The Register - UK firm touts alternative to digital certs (fwd)
On Mon, Oct 21, 2002 at 03:37:33PM +0100, David Howe wrote: at Monday, October 21, 2002 3:14 PM, Trei, Peter [EMAIL PROTECTED] was seen to say: I'd be nervous about a availability with centralized servers, even if they are triple redundant with two sites. DDOS attacks, infrastructure (backhoe) attacks, etc, could all wreck havoc. Indeed so, yes. I suspect (if it ever takes off) that they will have to scale their server setup in pace with the demand, but to be honest I think 600/sec is probably quite a high load for actual payments - we aren't talking logins or web queries, but actual real-money-payment requests. Looking at their web site, they seem pretty generic about what it's for, but I did not see any mention of using it for payments. So I assume it's for logins. They do say that their servers are benchmarked at 300 transactions/sec. That's pretty darn slow for single des. There would have to be an authenticated and probably encrypted session between the server accepting the login (or the merchant if it really does payments) and the back end. But even using SSL/TLS, which would be more than is required but an easy component to plug in, they ought to be able to get at least a true 1000 sessions/sec using one of the current SSL accelerators out there. Maybe they have a bunch of slow database lookups? Perhaps there is a long RTT for the check against the CIA blacklist? If it is for logins, how many sites would be willing to let someone else know when their employees log in? That could be useful competitive intelligence. Eric
List administrivia
Please, if your site uses bad word search software (i.e. below) or fascist black hole listings, subscribe to the cpunks list through a different email account. lne.com is listed on a couple of the most extreme black hole lists (because we are incorrectly listed as being in a Verio netblock, and these black hole operators list all of Verio in an attempt to force Verio customers to go elsewhere). Example: From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Fri, 18 Oct 2002 16:44:35 -0500 (CDT) Subject: Re: Intel Security processor + a question MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Length: 1119 Lines: 16 This is an automated response concerning the message: Sender: [EMAIL PROTECTED] Recipient: [EMAIL PROTECTED] Subject: Re: Intel Security processor + a question Sent: Fri, 18 Oct 2002 14:33:15 -0700 Reference: MSWPR2\BP We apologize, but our automated e-mail scanner, which looks for key words in +several categories of dangerous or inappropriate messages, blocked delivery of +the above message. This scanning is an automated process. In our desire to provide a safe +computing environment for our employees, we may have erred on the side of +caution and blocked legitimate business e-mail. If this is the case, we +sincerely apologize for the inconvenience and would like an opportunity to +resolve the problem quickly and to your satisfaction. Please forward this +message to the Enterprise E-Mail Team at [EMAIL PROTECTED] +mailto:postmaster;aegonusa.com for immediate action. If you are not a customer or business partner, we hope you can understand and +respect these necessary security measures, and that our e-mail system is +restricted to business messages only. Thank you.
Re: Echelon-like...
On Thu, Oct 10, 2002 at 02:28:26AM -, anonimo arancio wrote: [..] But I am wondering if Cypherpunks have mentioned the 'obvious'. The government knows exactly what it's doing. It wants to discourage the use of encryption by any means necessary, because of sheer numbers. Basically, the more messages that are encypted, the more hardware (and therefore $$$) will be needed to decrypt them. Therefore, the only way they can stay ahead of the game is to keep the numbers as low as possible, so they can continue to outspend the problem. This is, from their perspective, a perfectly reasonable approach to decrypting large numbers of messages, a small fraction of which may contain interesting information. Is the above statement a) wrong, b) obvious c) mentioned previously on the cypherpunks boards, or d)hey! We never thought of that B and C, extensively. The US Government has pretty much given up on restricting crypto exports. There is just enough of a vestigial restriction there to maintain the illusion that the government has a right to control crypto exports. If there was anything more, it would be challenged in court and most likely get thrown out. The government backed off on previous challenges (Bernstein, Zimmerman) to avoid that. Eric
Re: Trojan-modified Sendmail floating around - 8.12.6 - Since Sept. 28th or earlier.
On Wed, Oct 09, 2002 at 11:01:21PM +0100, Ben Laurie wrote: Bill Stewart wrote: Somebody backdoored the source code for Sendmail on the official server. So if you recompile from scratch, your sendmail is 0wned. Another reason not to run mail systems as root In this case, as I understand it, it bites when you compile. Running 'configure' has always made me nervous. Its a little difficult to read for exploit code. So, its another reason not to build them as root. But you're _supposed to_ run rpm -b as root!-- someone who should know better since I'd just spent an hour explaining what to look for to see if his install of sendmail had gotten him 0wned. Sigh. Eric
Re: Echelon-like...
On Thu, Oct 10, 2002 at 02:28:26AM -, anonimo arancio wrote: [..] But I am wondering if Cypherpunks have mentioned the 'obvious'. The government knows exactly what it's doing. It wants to discourage the use of encryption by any means necessary, because of sheer numbers. Basically, the more messages that are encypted, the more hardware (and therefore $$$) will be needed to decrypt them. Therefore, the only way they can stay ahead of the game is to keep the numbers as low as possible, so they can continue to outspend the problem. This is, from their perspective, a perfectly reasonable approach to decrypting large numbers of messages, a small fraction of which may contain interesting information. Is the above statement a) wrong, b) obvious c) mentioned previously on the cypherpunks boards, or d)hey! We never thought of that B and C, extensively. The US Government has pretty much given up on restricting crypto exports. There is just enough of a vestigial restriction there to maintain the illusion that the government has a right to control crypto exports. If there was anything more, it would be challenged in court and most likely get thrown out. The government backed off on previous challenges (Bernstein, Zimmerman) to avoid that. Eric
Re: Trojan-modified Sendmail floating around - 8.12.6 - Since Sept. 28th or earlier.
On Wed, Oct 09, 2002 at 11:01:21PM +0100, Ben Laurie wrote: Bill Stewart wrote: Somebody backdoored the source code for Sendmail on the official server. So if you recompile from scratch, your sendmail is 0wned. Another reason not to run mail systems as root In this case, as I understand it, it bites when you compile. Running 'configure' has always made me nervous. Its a little difficult to read for exploit code. So, its another reason not to build them as root. But you're _supposed to_ run rpm -b as root!-- someone who should know better since I'd just spent an hour explaining what to look for to see if his install of sendmail had gotten him 0wned. Sigh. Eric