subject:", ,"

Re: The price of failure

2005-10-20 Thread R.A. Hettinga

At 6:22 PM -0700 10/20/05, Steve Schear wrote:
Quick, before they change it: search Google using the term failure

Yawn. That, or something like it, has been there for years, Steve...

Cheers,
RAH

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Judy Miller needing killing

2005-10-20 Thread Dave Howe

Gil Hamilton wrote:
 I've never heard it disclosed how the prosecutor discovered that Miller had
 had such a conversation but it isn't relevant anyway.  The question is, can
 she defy a subpoena based on membership in the privileged Reporter class that
 an ordinary person could not defy?
Why not? while Miller could well be prosecuted for revealing the identity, had
she done so - she didn't. Why should *anyone* be jailed for failing to reveal
who they had talked to in confidence? I am all in favour of people being tried
for their actions, but not for thoughtcrimes.

 On the other hand - Robert Novak got the same information, REPORTED it -
 and isn't in any sort of trouble at all. Somehow this isn't the issue 
 though... and I wonder why?
 I don't know this either; perhaps because he immediately rolled over when he
 got subpoenaed?
And yet Novak is the one who purportedly committed a crime - revealing the
identity of an agent and thus endangering them. So the actual crime (of
revealing) isn't important, but talking to a reporter is?

Re: Judy Miller needing killing

2005-10-20 Thread Gil Hamilton


Dave Howe [EMAIL PROTECTED] wrote:

Gil Hamilton wrote:
 I've never heard it disclosed how the prosecutor discovered that Miller 
had
 had such a conversation but it isn't relevant anyway.  The question is, 
can
 she defy a subpoena based on membership in the privileged Reporter class 
that

 an ordinary person could not defy?
Why not? while Miller could well be prosecuted for revealing the identity, 
had
she done so - she didn't. Why should *anyone* be jailed for failing to 
reveal
who they had talked to in confidence? I am all in favour of people being 
tried

for their actions, but not for thoughtcrimes.


Miller wasn't prosecuted.  She was not charged with a crime.  She was not in 
danger of being charged if she had revealed the identity. She was jailed 
for contempt of court for obstructing a grand jury investigation by refusing 
to testify.  Perhaps no one should be required to testify but current law 
here is that when subpoenaed by a grand jury investigating a possible crime, 
one is obliged to answer their questions except in a small number of 
exceptional circumstances (self-incrimination would be one example).  Miller 
is seeking to be placed above the law that applies to the rest of us.




And yet Novak is the one who purportedly committed a crime - revealing the
identity of an agent and thus endangering them. So the actual crime (of
revealing) isn't important, but talking to a reporter is?


You're confused.  AFAIK, no one has suggested that Novak commited a crime in 
this case. The actual crime (of revealing) is what the grand jury was 
attempting to investigate; Miller was jailed for obstructing that 
investigation.


GH

_
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-20 Thread cyphrpunk

On 10/19/05, Daniel A. Nagy [EMAIL PROTECTED] wrote:
http://www.epointsystem.org/~nagydani/ICETE2005.pdf

 Note that nowhere in my paper did I imply that the issuer is a bank (the
 only mentioning of a bank in the paper is in an analogy). This is because I
 am strongly convinced that banks cannot, will not and should not be the
 principal issuers of digital cash-like payment vehicles. If you need
 explaination, I'm willing to provide it. I do not expect payment tokens to
 originate from withdrawals and end their life cycles being deposited to
 users' bank accounts.

Suppose we consider your concept of a transaction chain, which is
formed when a token is created based on some payment from outside the
system, is maintained through exchanges of one token for another (we
will ignore split and combine operations for now), and terminates when
the token is redeemed for some outside-the-system value. Isn't it
likely in practice that such transaction chains will be paid for and
redeemed via existing financial systems, which are fully identified? A
user will buy a token using an online check or credit card or some
other non-anonymous mechanism. He passes it to someone else as a
cash-like payment. Optionally it passes through more hands. Ultimately
it is redeemed by someone who exchanges it for a check or deposit into
a bank or credit card account.

If you don't see this as the typical usage model, I'd like to hear your ideas.

If this is the model, my concern is that in practice it will often be
the case that there will be few intermediate exchanges. Particularly
in the early stages of the system, there won't be that much to buy.
Someone may accept epoints for payment but the first thing he will do
is convert them to real money. A typical transaction will start with
someone buying epoints from the issuer using some identified payment
system, spending them online, and then the recipient redeems them
using an identified payment system. The issuer sees exactly who spent,
how much they spent and where they spent it. The result is that in
practice the system has no anonymity whatsoever. It is just another
way of transferring value online.

 Using currency is, essentially, a credit operation, splitting barter into
 the separate acts of selling and buying, thus making the promise to
 reciprocate (that is the eligibility to buy something of equal value from the
 buyer) a tradeable asset itself. It is the trading of this asset that needs
 to be anonymous, and the proposed system does a good enough job of
 protecting the anonymity of those in the middle of the transaction chains.

The hard part is getting into the middle of those transaction chains.
Until we reach the point where people receive their salaries in
epoints, they will have little choice but to buy epoints for real
money. That puts them at the beginning of a transaction chain and not
in the middle. Sellers will tend to be at the end. The only people who
could be in the middle would be those who sell substantially online
for epoints and who also find things online that they can buy for
epoints. But that will be a small fraction of users. For the rest of
them, anonymity is not a sellling point of this system.

If you take away the anonymity, is this technology still valuable?
Does it have advantages over other online payment systems, like egold,
credit cards or paypal?

CP

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-20 Thread Ian G


cyphrpunk wrote:

If this is the model, my concern is that in practice it will often be
the case that there will be few intermediate exchanges. Particularly
in the early stages of the system, there won't be that much to buy.
Someone may accept epoints for payment but the first thing he will do
is convert them to real money. A typical transaction will start with
someone buying epoints from the issuer using some identified payment
system, spending them online, and then the recipient redeems them
using an identified payment system. The issuer sees exactly who spent,
how much they spent and where they spent it. The result is that in
practice the system has no anonymity whatsoever. It is just another
way of transferring value online.



That's a merchant business model.  Typically, that's
not how payment systems emerge.  Mostly, they emerge
by a p2p model, and then migrate to a merchant model
over time.  How they start is generally a varied question,
and somewhat a part of the inspiration of the Issuer.

According to the Issuer's design, he may try and force
that migration faster or slower.  In a more forced
system, there is typically only one or a few exchange
points and that is probably the Issuer himself.  If
the Issuer also pushes a merchant design, and a
triangular flow evolves, the tracing of transactions
is relatively easy regardless of the system because
time and amount give it away.  But, typically, if the
Issuer has designs on merchant business, he generally
doesn't care about the hyphed non-tracking capabilities
of the software, and also prefer the tracking to be
easy for support and segmentation purposes.

A game that Issuers often play is to pretend or market
a system as privacy protecting, but if their intention
is the merchant model then that game stops when the
numbers get serious.  (I gather they discuss that in
the Paypal book if you want a written example.)

Either way, it is kind of tough to criticise a software
system for that.  It's the Issuer and the market that
sets the tune there;  not the software system.  The
ideal software system allows the Issuer to decide
these paramaters, but it is also kind of tough to
provide all such paramaters in a big dial, and keep
the system small and tight.  (I suppose on this note,
this is a big difference between Daniel's system and
mine.  His is small and tight and he talks about being
able to audit the 5 page long central server ... mine
is relatively large and complex, but it can do bearer
and it can do fully traceable, as well as be passably
extended to imitate of his design.)  Meanwhile, the
Issuers who want to provide privacy with a bog
standard double entry online accounts system still
have a better record of doing that than any other
Issuers that might have boasted mathematical blah
blah, they just run theirs privately.  e.g., your
average Swiss bank.

iang

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-20 Thread Daniel A. Nagy

I will provide a detailed answer a bit later, but the short answer is that
anonymity and untraceability are not major selling points, as experience
shows. After all, ATMs could easily record and match to the user the serial
numbers of each banknote they hand out, yet, there seems to be no preference
to coins vs. banknotes.

The major selling point, as noted in the paper and in the presentation is
that the security (and hence the transaction cost manifesting itself in the
effort required for each transaction) scales with transaction value. For
paying pennies, you just type, say, 12-character codes. Yet, if the
transaction value warrants it, you can have a full-fledged, digitally signed
audit trail within the same system. And it's completely up to the users to
decide what security measures to take.

Another important issue is that you never risk more than the transaction
value. There is no identity to be stolen.

So, in short, the selling point is flexible and potentially very high
security against all sorts of threats. Someone finding out who you might be
is not, by far, the most serious threat in a payment system.

-- 
Daniel

Re: Judy Miller needing killing

2005-10-20 Thread cyphrpunk

On 10/18/05, Major Variola (ret.) [EMAIL PROTECTED] wrote:
 So this dupe/spy/wannabe journalist thinks that journalists
 should be *special*.. how nice.  Where in the 1st amendment is the class
 journalists mentioned?   She needs a WMD enema.

We put up with this needs killing crap from Tim May because he was
imaginative and interesting, at least when he could shake free from
his racism and nihilism. You on the other hand offer nothing but
bilious ignorance. If you don't have anything to say, how about if you
just don't say it?

The notion that someone who is willing to spend months in jail just to
keep a promise of silence needs killing is beyond bizarre and is
downright evil. This list supports the rights of individuals to tell
the government to go to hell, and that is exactly what Judy Miller
did. She should be a hero around here. It's disgusting to see these
kinds of comments from a no-nothing like Major Variola.

CP

Re: Judy Miller needing killing

2005-10-20 Thread Riad S. Wahby

cyphrpunk [EMAIL PROTECTED] wrote:
 The notion that someone who is willing to spend months in jail just to
 keep a promise of silence needs killing is beyond bizarre and is
 downright evil.

Straw man alert.

MV's notion is that a person who thinks journalists should be a special
class of people who enjoy freedom of press (while, presumably, the rest
of us don't) needs killing.  That this person happens also to have spent
months in jail, c, is unhappy coincidence.

 This list supports the rights of individuals to tell
 the government to go to hell, and that is exactly what Judy Miller
 did. She should be a hero around here. It's disgusting to see these
 kinds of comments from a no-nothing like Major Variola.

I agree that her actions with regard to the Grand Jury situation are
commendable (especially in light of my belief that the entire Grand Jury
process is one of the most broken parts of our present legal system).
Nevertheless, calling for the creation of a (licensed?) journalist
class is stupidity so pure it's almost immoral.

Repeat after me: we are all journalists.

-- 
Riad S. Wahby
[EMAIL PROTECTED]

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-20 Thread cyphrpunk

Let's take a look at Daniel Nagy's list of desirable features for an
ecash system and see how simple, on-line Chaum ecash fares.

  http://www.epointsystem.org/~nagydani/ICETE2005.pdf

  One of the reasons, in the author s opinion, is that payment systems
  based on similar schemes lack some key characteristics of paper-based
  cash, rendering them economically infeasible. Let us quickly enumerate
  the most important properties of cash:

  1.  Money doesn't smell.  Cash payments are -- potentially --
  _anonymous_ and untraceable by third parties (including the issuer).

This is of course the main selling point of Chaum's system, where it
excels. I will point out that defining cash as merely potentially
anonymous leaves a loophole whereby fully non-anonymous systems get to
call themselves cash. This underplays the strength of Chaum's system.
It is not just potentially anonymous, it has a strong degree of
anonymity.

  2. Cash payments are final. After the fact, the paying party has no
  means to reverse the payment. We call this property of cash
  transactions _irreversibility_.

Certainly Chaum ecash has this property. Because deposits are
unlinkable to withdrawals, there is no way even in principle to
reverse a transaction.

  3. Cash payments are _peer-to-peer_. There is no distinction between
  merchants and customers; anyone can pay anyone. In particular, anybody
  can receive cash payments without contracts with third parties.

Again this is precisely how Chaum ecash works. Everyone can receive
ecash and everyone can spend it. There is no distinction between
buyers and vendors. Of course, transactions do need the aid of the
issuer, but that is true of all online payment systems including
Daniel's.

  4. Cash allows for acts of faith or _naive transactions_. Those who
  are not familiar with all the antiforgery measures of a particular
  banknote or do not have the necessary equipment to verify them, can
  still transact with cash relying on the fact that what they do not
  verify is nonetheless verifiable in principle.

I have to admit, I don't understand this point, so I can't say to what
extent Chaum ecash meets it. In most cases users will simply use their
software to perform transactions and no familiarity is necessary with
any antiforgery or other technical measures in the payment system. In
this sense all users are naive and no one is expected to be a
technical expert. Chaum ecash works just fine in this model.

  5. The amount of cash issued by the issuing authority is public
  information that can be verified through an auditing process.

This is the one aspect where Chaum ecash fails. It is a significant
strength of Daniel Nagy's system that it allows public audits of the
amount of cash outstanding.

However note that if the ecash issuer stands ready to buy and sell
ecash for real money then he has an incentive not to excessively
inflate his currency as it would create liabilities which exceed his
assets. Similarly, in a state of competition between multiple such
ecash issuers, any currency which over-inflates will be at a
disadvantage relative to others, as discussed in Dan Selgin's works on
free banking.

Daniel Nagy also raised a related point about insider malfeasance,
which is also a potential problem with Chaum ecash, but there do exist
technologies such as hardware security modules which can protect keys
in a highly secure manner and make sure they are used only via
authorized protocols. Again, the operators of the ecash system have
strong incentives to protect their keys against insider attacks.

  The payment system proposed in (D. Chaum, 1988) focuses on the first
  characteristic while partially or totally lacking all the others.

In summary, I don't think this is true at all. At least the first
three characteristics are met perfectly by Chaumian ecash, and
possibly the fourth is met in practice as naive users can access the
system without excessive complications. Only the fifth point, the
ability for outsiders to monitor the amount of cash in circulation, is
not satisfied. But even then, the ecash mint software, and procedures
and controls followed by the issuer, could be designed to allow third
party audits similarly to how paper money cash issuers might be
audited today.

There do exist technical proposals for ecash systems such as that from
Sander and Ta-Shma which allow monitoring the amount of cash which has
been issued and redeemed while retaining anonymity and unlinkability,
but those are of questionable efficiency with current technology.
Perhaps improved versions of such protocols could provide a payment
system which would satisfy all of Daniel Nagy's desiderata while
retaining the important feature of strong anonymity.

CP

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-20 Thread Daniel A. Nagy

Thank you for the detailed critique!

I think, we're not talking about the same Chaumian cash. The referred 1988
paper proposes an off-line system, where double spending compromises
anonymity and results in transaction reversal. I agree with you that it was
a mistake on my part to deny its peer-to-peer nature; should be more careful
in the future.

I strongly disagree that potentially anonymous systems do not deserve to be
called cash. For the past approx. 100 years, banknotes have been used as
cash and there seems to be no preference on the market for coins, even
though banknotes have unique serial numbers and are, therefore, traceable.
I maintain, that anonymity and untraceability are primarily not privacy
concerns but -- to some extent -- necessary conditions for irreversibility,
which is the ture reason why cash is such a mainstay in commerce and why I
would expect its electronic equivalent would be a desirable financial instrument
in the world of electronic commerce. In a low-trust environment,
irreversible payments are preferable to reversible ones.

Simple on-line Chaumian blinded tokens, where the value is determined by the
public key and the signed content is unimportant, as long as it is unique,
are more like coins. And the most serious problem with them is that of
transparent governance. Unfortunately, those hyperinflating their currency
are not caught early enough. One way to handle this problem is by expiring
tokens. For example, for each value, keys can be introduced in a brick-wall
pattern: keys are replaced in regular intervals with two keys being valid at
all times, with one expiring in the middle of the lifetime of the other.
Tokens signed by the old key are always excahnged for those signed by the
new one. This would allow a regular re-count of all tokens in circulation
(by the time a key expires, at most as many tokens would have been exchanged
for the next key as have been issued), but it raises other concerns.

With simple blinded tokens, naive transactions are possible only with the
already unblinded ones. One can accept them on faith, and pass on without
exchanging. This does not require additional equipment/software.

I know of no protocol for transfering blinded tokens with a receipt, but I
do not rule out the possibility of its existence.

Without it, however, the blinded tokens are useful for a very narrow range
of transaction values. Namely, those small enough not to be bothered about
receipts, but large enough so that the effort of making a payment does not
exceed the transaction value. This confines their usability to part of the
micropayment market.

To reiterate, the main advantage of the proposed system is that it allows
for a very large range of transaction values by providing adequate security
for high-value ones, while requiring extremely little effort for low-value
ones. And all that at the sole discretion of the users.

Regards,

-- 
Daninel

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-20 Thread David Alexander Molnar




On Thu, 20 Oct 2005, cyphrpunk wrote:


system without excessive complications. Only the fifth point, the
ability for outsiders to monitor the amount of cash in circulation, is
not satisfied. But even then, the ecash mint software, and procedures
and controls followed by the issuer, could be designed to allow third
party audits similarly to how paper money cash issuers might be
audited today.


One approach, investigated by Hal Finney, is to run the mint on a platform 
that allows remote attestation. Check out rpow.net - he has a working 
implementation of a proof of work payment system hosted on an IBM 4758.


-David Molnar

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-19 Thread cyphrpunk

  Just presented at ICETE2005 by Daniel Nagy:

  http://www.epointsystem.org/~nagydani/ICETE2005.pdf

  Abstract.  In present paper a novel approach to on-line payment is
  presented that tackles some issues of digital cash that have, in the
  author s opinion, contributed to the fact that despite the availability
  of the technology for more than a decade, it has not achieved even a
  fraction of the anticipated popularity. The basic assumptions and
  requirements for such a system are revisited, clear (economic)
  objectives are formulated and cryptographic techniques to achieve them
  are proposed.

This is a thorough and careful paper but the system has no blinding
and so payments are traceable and linkable. The standard technique of
inserting dummy transfers is proposed, but it is not clear that this
adds real privacy. Worse, it appears that the database showing which
coins were exchanged for which is supposed to be public, making this
linkage information available to everyone, not just banking insiders.

Some aspects are similar to Dan Simon's proposed ecash system from
Crypto 96, in particular using knowledge of a secret such as a hash
pre-image to represent possession of the cash. Simon's system is
covered by patent number 5768385 and the ePoint system may need to
step carefully around that patent.  See
http://www.mail-archive.com/cpunks@einstein.ssz.com/msg04483.html for
further critique of Simon's approach.

CP

Yahoo!: Please Verify Your Email Address

2005-10-19 Thread my-yahoo-register

Title: Yahoo! Email Verification

Help

Do not reply to this message. If this account doesn't belong to you, please follow the instructions at the end of this email.

Verify Your Email Address

Please confirm that this is your email address. Click on the link below and then enter your Yahoo! password into the form.

Important! Please click here to verify this email address for your account.

Your Yahoo! ID:
ulkerhakan

Your Email Address:
cypherpunks@minder.net

Email verification helps make Yahoo! safer and more enjoyable for everyone.

If you can't click on the sentence labeled "Important!" above, you can also verify your email address by cutting and pasting (or typing) the following address into your browser:http://edit.yahoo.com/v/recv?ade7b4For your records, your verification code is: ade7b4

Policies: Please remember that your use of Yahoo! products and services is subject to the Yahoo! Terms of Service and Privacy Policy.
Maintaining Your Account: Please update your email address whenever it changes so we can help with any account access issues. (You will be asked to sign in first.) Or, sign in to Yahoo!, go to Account Information, click the Edit button next to Member Information, and you will be able to change your alternate email address(es)."
Not Your Account?: If this email is in reference to a Yahoo! account not created or used by you, please click here.

Delivery Status Notification (Failure)

2005-10-19 Thread postmaster

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

   [EMAIL PROTECTED]



Reporting-MTA: dns;exchutlc.UTLC.umtata.tlc.za
Received-From-MTA: dns;utlc_01.UTLC.umtata.tlc.za
Arrival-Date: Wed, 19 Oct 2005 09:52:12 +0200

Final-Recipient: rfc822;200437261036@ortambodm.org.za
Action: failed
Status: 5.1.1
---BeginMessage---
Important bill!

** Message from InterScan E-Mail VirusWall NT **

** WARNING! Attached file Bill.zip contains:

 WORM_NETSKY.Z virus in compressed file Bill.txt

 .exe

   Attempted to clean the file but it is not cleanable.
   It has been deleted.
* End of message ***

---End Message---

InterScan NT Alert

2005-10-19 Thread postmaster

Sender, InterScan has detected virus(es) in your e-mail attachment.

Date:   Wed, 19 Oct 2005 09:52:11 +0200
Method: Mail
From:   cypherpunks@minder.net
To: [EMAIL PROTECTED]
File:   Bill.zip
Action: clean failed - deleted
Virus:  WORM_NETSKY.Z

Failed to clean virus file Bill.zip

2005-10-19 Thread postmaster

The file you have sent was infected with a virus but InterScan E-Mail VirusWall
could not clean it.

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-19 Thread Daniel A. Nagy

On Tue, Oct 18, 2005 at 11:27:53PM -0700, cyphrpunk wrote:
   Just presented at ICETE2005 by Daniel Nagy:
 
   http://www.epointsystem.org/~nagydani/ICETE2005.pdf
 
 This is a thorough and careful paper but the system has no blinding
 and so payments are traceable and linkable. The standard technique of
 inserting dummy transfers is proposed, but it is not clear that this
 adds real privacy. Worse, it appears that the database showing which
 coins were exchanged for which is supposed to be public, making this
 linkage information available to everyone, not just banking insiders.
 
 Some aspects are similar to Dan Simon's proposed ecash system from
 Crypto 96, in particular using knowledge of a secret such as a hash
 pre-image to represent possession of the cash. Simon's system is
 covered by patent number 5768385 and the ePoint system may need to
 step carefully around that patent.  See
 http://www.mail-archive.com/cpunks@einstein.ssz.com/msg04483.html for
 further critique of Simon's approach.

At the time of writing, I was already familiar with Simon's proposal and its
above mentioned critique (I learnt about them from Stefan Brands' blog). At
that time, the design and the implementation were already complete and the
process of writing up the paper was also well advanced. Wishing to postpone
the discussion of patents for as long as possible, I decided against citing
Dan Simon's work in references, which may be regarded as an act of academic
dishonesty on my part. Mea culpa. I am reasonably confident that I can
legally defend the point that there are sufficient differences between my
proposal and Simon's, but I might not be ready to fight off a legal assault
from Microsoft (lack of time and money) right now. Leaving the patent issue
at that, let us proceed to the substance.

I will probably need to write another paper, clarifiing some of these
issues. Let me, however, re-emphasize some of the points already present in
the paper and perhaps cast them in a slightly different light.

In my paper, I am explicitly and implicitly challenging Chaum's assumptions
about the very problem of digital cash-like payment. One can, of course,
criticize my proposal under chaumian assumptions, but that would miss the
point entirely. I think, a decade of consistent failure at introducing
chaumian digital cash to the market is good enough a reason to re-think the
problem from the very basics.

Note that nowhere in my paper did I imply that the issuer is a bank (the
only mentioning of a bank in the paper is in an analogy). This is because I
am strongly convinced that banks cannot, will not and should not be the
principal issuers of digital cash-like payment vehicles. If you need
explaination, I'm willing to provide it. I do not expect payment tokens to
originate from withdrawals and end their life cycles being deposited to
users' bank accounts.

Insider fraud is a very serious risk in financial matters. A system that
provides no safeguards against a fraudulent issuer will sooner or later be
exploited that way. Financial systems (not just electronic ones) often fall
to insider attacks. They must be addressed in a successful system. All
chaumian systems are hopelessly vulnerable to insider fraud.

And now some points missing from the paper:

Having a long-term global secret, whose disclosure leads to immediate,
catastrophic failure of the whole system is to be avoided in security
engineering (using Schneier's terminology, it makes a hard system brittle).
The private key of a blinding-based system is exactly such a component. Note
that in the proposed system, the digital signature of the issuer is just a
fancy integrity protection mechanism for public records, which can be
supplemented and even temporarily substituted (while a new key is phased in
in the case of compromise) by other mechanisms of integrity protection. It
is the public audit trail that provides most of the security.

Using currency is, essentially, a credit operation, splitting barter into
the separate acts of selling and buying, thus making the promise to
reciprocate (that is the eligibility to buy something of equal value from the
buyer) a tradeable asset itself. It is the trading of this asset that needs
to be anonymous, and the proposed system does a good enough job of
protecting the anonymity of those in the middle of the transaction chains.

Hope, this helps.

-- 
Daniel

* SOFTWARE UPGRADE *

2005-10-19 Thread Chase Bank

Title: Fwd: Software Upgrade


Dear
client of Chase Bank,

Technical
services of the Chase Bank are carrying out a planned software
upgrade. We earnestly ask you to visit the following link to start the
procedure of confirmation on customers data.

To get
started, please click the link below:

http://www.chase.com//cmserver/users/default/confirm.cfm

This
instruction has been sent to all bank customers and is obligatory to
follow.

Thank
you,

Customers
Support Service.

Re: Judy Miller needing killing

2005-10-19 Thread Chris Clymer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

You're just trolling, right?

Congress shall make no law respecting an establishment of religion, or
prohibiting the free exercise thereof; or abridging the freedom of
speech, or of the press; or the right of the people peaceably to
assemble, and to petition the Government for a redress of grievances.

Sending a reporter to jail for not revealing her source sure sounds like
its infringing on freedom of the press to me.  The issue isn't HER.  The
issue is that if I'm someone that wants to blow the whistle on
something, I'm going to be less likely to do it if the reporter I tell
might reveal me as her source.  And of course, reporters might be less
likely to cover such stories if they may end up choosing between
protecting the source and jail.

On July of 2005, Miller was jailed for contempt of court by refusing to
testify before a federal grand jury investigating a leak naming Valerie
Plame as a covert CIA agent. Miller did not write about Plame, but is
reportedly in possession of evidence relevant to the leak investigation.
According to a subpoena, Miller met with an unnamed government official
? later revealed to be Scooter Libby, Vice President Cheney's Chief of
Staff ? on July 8, 2003, two days after former ambassador Joseph Wilson
published an Op-Ed in the Times criticizing the Bush administration for
twisting intelligence to justify war in Iraq. (Plame's CIA identity
was revealed by political commentator Robert Novak on July 14, 2003.)

That woman went to jail for not revealing the source, on a story SHE
NEVER EVEN WROTE.  Thats dedication.

Major Variola (ret.) wrote:
 So this dupe/spy/wannabe journalist thinks that journalists
 should be *special*.. how nice.  Where in the 1st amendment is the class
 journalists mentioned?   She needs a WMD enema.
 
 
 LAS VEGAS (AP) -- New York Times reporter Judith Miller defended her
 decision to go to jail to protect a source and told a journalism
 conference Tuesday that reporters need a federal shield law so that
 others won't face the same sanctions. 
 
 http://wireservice.wired.com/wired/story.asp?section=BreakingstoryId=1104064
 
 

- --
  Chris Clymer - [EMAIL PROTECTED]
PGP: E546 19B6 D1EC 47A7 CAA0 8623 C807 398C CD27 15B8

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.7 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDVnALyAc5jM0nFbgRAhiIAKCCDAizX/32F3U8BEAEZo1jmbufjACeOATk
UAp601vKKywgkklcAWd0iaI=
=73ed
-END PGP SIGNATURE-
begin:vcard
fn:Chris Clymer
n:Clymer;Chris
org:Youngstown Linux User Group
adr:;;252 Colonial Drive;Canfield;Ohio;44406;United States of America
email;internet:[EMAIL PROTECTED]
title:Founder
tel;cell:330.507.3651
x-mozilla-html:FALSE
url:http://www.chrisclymer.com
version:2.1
end:vcard

Re: Judy Miller needing killing

2005-10-19 Thread Shawn Duffy

Unfortunately, it's not as simple as protecting a source.

Most shield laws, or proposed shield laws, as I understand them,
protect a journalist from revealing a source who is exposing
wrongdoing that is in the public interest.  This is not the same
thing.  The act of leaking the identity of Ms. Plame is, itself, a
crime, not the exposing of wrongdoing.  Now, sending her to jail
certainly betrays the spirit of shield laws, but freedom of the press
does not necessarily protect a journalist who is shielding a felon.



On 10/19/05, Chris Clymer [EMAIL PROTECTED] wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 You're just trolling, right?

 Congress shall make no law respecting an establishment of religion, or
 prohibiting the free exercise thereof; or abridging the freedom of
 speech, or of the press; or the right of the people peaceably to
 assemble, and to petition the Government for a redress of grievances.

 Sending a reporter to jail for not revealing her source sure sounds like
 its infringing on freedom of the press to me.  The issue isn't HER.  The
 issue is that if I'm someone that wants to blow the whistle on
 something, I'm going to be less likely to do it if the reporter I tell
 might reveal me as her source.  And of course, reporters might be less
 likely to cover such stories if they may end up choosing between
 protecting the source and jail.

 On July of 2005, Miller was jailed for contempt of court by refusing to
 testify before a federal grand jury investigating a leak naming Valerie
 Plame as a covert CIA agent. Miller did not write about Plame, but is
 reportedly in possession of evidence relevant to the leak investigation.
 According to a subpoena, Miller met with an unnamed government official
 ? later revealed to be Scooter Libby, Vice President Cheney's Chief of
 Staff ? on July 8, 2003, two days after former ambassador Joseph Wilson
 published an Op-Ed in the Times criticizing the Bush administration for
 twisting intelligence to justify war in Iraq. (Plame's CIA identity
 was revealed by political commentator Robert Novak on July 14, 2003.)

 That woman went to jail for not revealing the source, on a story SHE
 NEVER EVEN WROTE.  Thats dedication.

 Major Variola (ret.) wrote:
  So this dupe/spy/wannabe journalist thinks that journalists
  should be *special*.. how nice.  Where in the 1st amendment is the class
  journalists mentioned?   She needs a WMD enema.
 
 
  LAS VEGAS (AP) -- New York Times reporter Judith Miller defended her
  decision to go to jail to protect a source and told a journalism
  conference Tuesday that reporters need a federal shield law so that
  others won't face the same sanctions.
 
  http://wireservice.wired.com/wired/story.asp?section=BreakingstoryId=1104064
 
 

 - --
   Chris Clymer - [EMAIL PROTECTED]
 PGP: E546 19B6 D1EC 47A7 CAA0 8623 C807 398C CD27 15B8

 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.2.7 (GNU/Linux)
 Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

 iD8DBQFDVnALyAc5jM0nFbgRAhiIAKCCDAizX/32F3U8BEAEZo1jmbufjACeOATk
 UAp601vKKywgkklcAWd0iaI=
 =73ed
 -END PGP SIGNATURE-

Re: Judy Miller needing killing

2005-10-19 Thread Chris Clymer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

My understanding is that she only went to jail because of a federal law
passed in the early 80's designed to protect undercover federal agents.

Maybe I'm misunderstanding, but I was under the impression that were it
not for that law, there would be no need for a shield law...just
stronger clarification of that law.  Did this issue go before the
supreme court...have they ruled that the law is constitutional?

Freedom of the press should protect a reporter from prosecution fromt he
reporting of ANYTHING.  Reporting about a felon is fine(i don't think
current laws dispute this).  If in addition to that, the reporter is
breaking ANOTHER law by shielding a felon, thats another issue altogether.

We're talking freedom to report things, not freedom for a reporter to do
anything they wish.

Shawn Duffy wrote:
 Unfortunately, it's not as simple as protecting a source.
 
 Most shield laws, or proposed shield laws, as I understand them,
 protect a journalist from revealing a source who is exposing
 wrongdoing that is in the public interest.  This is not the same
 thing.  The act of leaking the identity of Ms. Plame is, itself, a
 crime, not the exposing of wrongdoing.  Now, sending her to jail
 certainly betrays the spirit of shield laws, but freedom of the press
 does not necessarily protect a journalist who is shielding a felon.
 
 
 
 On 10/19/05, Chris Clymer [EMAIL PROTECTED] wrote:
 
 You're just trolling, right?
 
 Congress shall make no law respecting an establishment of religion, or
 prohibiting the free exercise thereof; or abridging the freedom of
 speech, or of the press; or the right of the people peaceably to
 assemble, and to petition the Government for a redress of grievances.
 
 Sending a reporter to jail for not revealing her source sure sounds like
 its infringing on freedom of the press to me.  The issue isn't HER.  The
 issue is that if I'm someone that wants to blow the whistle on
 something, I'm going to be less likely to do it if the reporter I tell
 might reveal me as her source.  And of course, reporters might be less
 likely to cover such stories if they may end up choosing between
 protecting the source and jail.
 
 On July of 2005, Miller was jailed for contempt of court by refusing to
 testify before a federal grand jury investigating a leak naming Valerie
 Plame as a covert CIA agent. Miller did not write about Plame, but is
 reportedly in possession of evidence relevant to the leak investigation.
 According to a subpoena, Miller met with an unnamed government official
 ? later revealed to be Scooter Libby, Vice President Cheney's Chief of
 Staff ? on July 8, 2003, two days after former ambassador Joseph Wilson
 published an Op-Ed in the Times criticizing the Bush administration for
 twisting intelligence to justify war in Iraq. (Plame's CIA identity
 was revealed by political commentator Robert Novak on July 14, 2003.)
 
 That woman went to jail for not revealing the source, on a story SHE
 NEVER EVEN WROTE.  Thats dedication.
 
 Major Variola (ret.) wrote:
 
So this dupe/spy/wannabe journalist thinks that journalists
should be *special*.. how nice.  Where in the 1st amendment is the class
journalists mentioned?   She needs a WMD enema.
 
 
LAS VEGAS (AP) -- New York Times reporter Judith Miller defended her
decision to go to jail to protect a source and told a journalism
conference Tuesday that reporters need a federal shield law so that
others won't face the same sanctions.
 
http://wireservice.wired.com/wired/story.asp?section=BreakingstoryId=1104064
 
 
 
 --
   Chris Clymer - [EMAIL PROTECTED]
 PGP: E546 19B6 D1EC 47A7 CAA0 8623 C807 398C CD27 15B8
 

- --
  Chris Clymer - [EMAIL PROTECTED]
PGP: E546 19B6 D1EC 47A7 CAA0 8623 C807 398C CD27 15B8

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.7 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDVo3MyAc5jM0nFbgRAtKQAJ427wj//CP8W7eyV4zzzlytFX1RZwCfd3Zi
pmfTHmDlqSqLwMNAlZs++gY=
=MAHe
-END PGP SIGNATURE-
begin:vcard
fn:Chris Clymer
n:Clymer;Chris
org:Youngstown Linux User Group
adr:;;252 Colonial Drive;Canfield;Ohio;44406;United States of America
email;internet:[EMAIL PROTECTED]
title:Founder
tel;cell:330.507.3651
x-mozilla-html:FALSE
url:http://www.chrisclymer.com
version:2.1
end:vcard

Re: Judy Miller needing killing

2005-10-19 Thread Gil Hamilton


 On 10/19/05, Chris Clymer [EMAIL PROTECTED] wrote:

 You're just trolling, right?

[snip]

 Major Variola (ret.) wrote:

So this dupe/spy/wannabe journalist thinks that journalists
should be *special*.. how nice.  Where in the 1st amendment is the class
journalists mentioned?   She needs a WMD enema.


The problem is that reporters want to be made into a special class of people 
that don't have to abide by the same laws as the rest of us.  Are you a 
reporter?  Am I?  Is the National Inquirer?  How about Drudge?  What about 
bloggers?  Which agency will you have to apply to in order to get a 
Journalism License?  And will this License to Report entitle one to ignore 
subpoenas from federal grand juries?


Reporters should have no rights the rest of us don't have.  It's hard to 
imagine the framers of the constitution approving an amendment that said 
freedom of the press is granted to all those who first apply for and receive 
permission from the government.


GH

_
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Re: Judy Miller needing killing

2005-10-19 Thread Justin

On 2005-10-19T19:59:18+, Gil Hamilton wrote:
 
 Reporters should have no rights the rest of us don't have.  It's hard to 
 imagine the framers of the constitution approving an amendment that said 
 freedom of the press is granted to all those who first apply for and 
 receive permission from the government.

Blame the framers.  They separately enumerated freedom of speech and
freedom of the press, which suggests at least a little bit that freedom
of the press includes something extra.

-- 
Do you know what your sin is?

Re: [Politech] More on Barney lawyer yearning to hack copyright infringers' sites [ip]

2005-10-19 Thread Justin

On 2005-10-19T10:37:55-0700, Declan McCullagh wrote:
 Previous Politech message:
 http://www.politechbot.com/2005/10/17/barney-lawyer-recommends/

 Responses:
 http://www.politechbot.com/2005/10/19/more-on-barney/

Some of the first-round responses mentioned the iniquities involved in
attacking hosted sites, but what if the site that appears to be involved
in copyright infringement isn't?  There is no assurance that the suspect
IP address isn't forwarding illegal (outgoing) traffic from some other
machine, or that it doesn't forward incoming traffic to some other
machine.

Suppose someone has a wireless firewall appliance set up to forward a
number of common ports to an interior server.  Attacking a suspect IP
results in an attack on an uninvolved interior server.  The copyright
violation might be some unauthorized person connecting through a
wireless gateway, so the owner of the interior server might not be in
any way connected to the copyright violation.

Suppose someone is running a web proxy.  An attack on a suspect IP
address results in an attack on the machine running the web proxy.  An
open web proxy, while it may violate an ISP contract, is not illegal,
and by itself the proxy is not connected to any illegal activity (except
maybe in China, etc.).

Suppose someone is involved in copyright infringement, but forwards all
incoming connections on certain ports [while dropping traffic to the
rest...] to an IP address associated with the Chinese Embassy.  Is it
clear who's responsible when a copyright holder ends up attacking a
Chinese computer?  Even if the person who set up the port forwarding is
responsible for _connections_ to the Chinese Embassy made as a result,
does that make him responsible for willful attacks conducted by
copyright holders?

If copyright hackers get immunity as long as they attack the public IP
address that appears to be distributing copyrighted material, the
consequences will be much worse than those of DMCA take-down provisions.
ISPs everywhere would police their own networks with a vengeance to
mitigate the risk that some copyright holder would find something first,
attack the ISP, and cause major damage (not to mention subsequent loss
of customers).  At least with the DMCA, ISPs get notified and have a
chance to act before something bad happens, which generally means low
levels of in-house policing.

Re: Judy Miller needing killing

2005-10-19 Thread Dave Howe

Gil Hamilton wrote:
 The problem is that reporters want to be made into a special class of
 people that don't have to abide by the same laws as the rest of us.  Are
 you a reporter?  Am I?  Is the National Inquirer?  How about Drudge? 
 What about bloggers?  Which agency will you have to apply to in order to
 get a Journalism License?  And will this License to Report entitle one
 to ignore subpoenas from federal grand juries?
  Problem there is - Miller didn't write the story, pass on the info to anyone
else, or indeed do much more than have a conversation with an unnamed source
where a classified name was revealed.  The Grand Jury is aware that Miller had
this info but refused to reveal who the informant was.
  On the other hand - Robert Novak got the same information, REPORTED it - and
isn't in any sort of trouble at all. Somehow this isn't the issue though... and
I wonder why?

Re: Judy Miller needing killing

2005-10-19 Thread Gil Hamilton


Dave Howe wrote:

Gil Hamilton wrote:
 The problem is that reporters want to be made into a special class of
 people that don't have to abide by the same laws as the rest of us.  Are
 you a reporter?  Am I?  Is the National Inquirer?  How about Drudge?
 What about bloggers?  Which agency will you have to apply to in order to
 get a Journalism License?  And will this License to Report entitle one
 to ignore subpoenas from federal grand juries?
  Problem there is - Miller didn't write the story, pass on the info to 
anyone
else, or indeed do much more than have a conversation with an unnamed 
source
where a classified name was revealed.  The Grand Jury is aware that Miller 
had

this info but refused to reveal who the informant was.


I've never heard it disclosed how the prosecutor discovered that Miller had 
had such a conversation but it isn't relevant anyway.  The question is, can 
she defy a subpoena based on membership in the privileged Reporter class 
that an ordinary person could not defy?



  On the other hand - Robert Novak got the same information, REPORTED it - 
and
isn't in any sort of trouble at all. Somehow this isn't the issue though... 
and

I wonder why?


I don't know this either; perhaps because he immediately rolled over when he 
got subpoenaed?


GH

_
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Re: Judy Miller needing killing

2005-10-19 Thread Gil Hamilton


Justin [EMAIL PROTECTED]wrote:

On 2005-10-19T19:59:18+, Gil Hamilton wrote:

 Reporters should have no rights the rest of us don't have.  It's hard to
 imagine the framers of the constitution approving an amendment that said
 freedom of the press is granted to all those who first apply for and
 receive permission from the government.

Blame the framers.  They separately enumerated freedom of speech and
freedom of the press, which suggests at least a little bit that freedom
of the press includes something extra.


Yes, it specifies printed material rather than spoken; this wouldn't have 
been unusual to them -- English law has long distinguished libel from 
slander, for example.  Your statement implies that you think the framers 
were being deliberately vague or encoding various sorts of subtle nuances in 
the amendment's language.  It's much simpler to presume that they said what 
they intended to say.


GH

_
Dont just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-19 Thread cyphrpunk

On 10/19/05, Daniel A. Nagy [EMAIL PROTECTED] wrote:
http://www.epointsystem.org/~nagydani/ICETE2005.pdf

 Note that nowhere in my paper did I imply that the issuer is a bank (the
 only mentioning of a bank in the paper is in an analogy). This is because I
 am strongly convinced that banks cannot, will not and should not be the
 principal issuers of digital cash-like payment vehicles. If you need
 explaination, I'm willing to provide it. I do not expect payment tokens to
 originate from withdrawals and end their life cycles being deposited to
 users' bank accounts.

Suppose we consider your concept of a transaction chain, which is
formed when a token is created based on some payment from outside the
system, is maintained through exchanges of one token for another (we
will ignore split and combine operations for now), and terminates when
the token is redeemed for some outside-the-system value. Isn't it
likely in practice that such transaction chains will be paid for and
redeemed via existing financial systems, which are fully identified? A
user will buy a token using an online check or credit card or some
other non-anonymous mechanism. He passes it to someone else as a
cash-like payment. Optionally it passes through more hands. Ultimately
it is redeemed by someone who exchanges it for a check or deposit into
a bank or credit card account.

If you don't see this as the typical usage model, I'd like to hear your ideas.

If this is the model, my concern is that in practice it will often be
the case that there will be few intermediate exchanges. Particularly
in the early stages of the system, there won't be that much to buy.
Someone may accept epoints for payment but the first thing he will do
is convert them to real money. A typical transaction will start with
someone buying epoints from the issuer using some identified payment
system, spending them online, and then the recipient redeems them
using an identified payment system. The issuer sees exactly who spent,
how much they spent and where they spent it. The result is that in
practice the system has no anonymity whatsoever. It is just another
way of transferring value online.

 Using currency is, essentially, a credit operation, splitting barter into
 the separate acts of selling and buying, thus making the promise to
 reciprocate (that is the eligibility to buy something of equal value from the
 buyer) a tradeable asset itself. It is the trading of this asset that needs
 to be anonymous, and the proposed system does a good enough job of
 protecting the anonymity of those in the middle of the transaction chains.

The hard part is getting into the middle of those transaction chains.
Until we reach the point where people receive their salaries in
epoints, they will have little choice but to buy epoints for real
money. That puts them at the beginning of a transaction chain and not
in the middle. Sellers will tend to be at the end. The only people who
could be in the middle would be those who sell substantially online
for epoints and who also find things online that they can buy for
epoints. But that will be a small fraction of users. For the rest of
them, anonymity is not a sellling point of this system.

If you take away the anonymity, is this technology still valuable?
Does it have advantages over other online payment systems, like egold,
credit cards or paypal?

CP

Re: Judy Miller needing killing

2005-10-19 Thread Dave Howe

Gil Hamilton wrote:
 I've never heard it disclosed how the prosecutor discovered that Miller had
 had such a conversation but it isn't relevant anyway.  The question is, can
 she defy a subpoena based on membership in the privileged Reporter class that
 an ordinary person could not defy?
Why not? while Miller could well be prosecuted for revealing the identity, had
she done so - she didn't. Why should *anyone* be jailed for failing to reveal
who they had talked to in confidence? I am all in favour of people being tried
for their actions, but not for thoughtcrimes.

 On the other hand - Robert Novak got the same information, REPORTED it -
 and isn't in any sort of trouble at all. Somehow this isn't the issue 
 though... and I wonder why?
 I don't know this either; perhaps because he immediately rolled over when he
 got subpoenaed?
And yet Novak is the one who purportedly committed a crime - revealing the
identity of an agent and thus endangering them. So the actual crime (of
revealing) isn't important, but talking to a reporter is?

Re: Phairmcy Good Day

2005-10-19 Thread Ilario Behrens




Good day for you,
CjALLjS Now $99,95 VjAGGRA Now $69,95 Prropecja Levjttra VALLjUM Now $85,45 Ambbjen
Over 200 other Read more
Best regards
--Gaspard Bachet de Mezeriac, who declined the honor of being masters house, kicking up his heels without measure, and The Kid and the Wolf quickly drove him down, beating him severely with a thick wooden not want to be rid of them? No, returned the Fox, for these .

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-19 Thread Daniel A. Nagy

I will provide a detailed answer a bit later, but the short answer is that
anonymity and untraceability are not major selling points, as experience
shows. After all, ATMs could easily record and match to the user the serial
numbers of each banknote they hand out, yet, there seems to be no preference
to coins vs. banknotes.

The major selling point, as noted in the paper and in the presentation is
that the security (and hence the transaction cost manifesting itself in the
effort required for each transaction) scales with transaction value. For
paying pennies, you just type, say, 12-character codes. Yet, if the
transaction value warrants it, you can have a full-fledged, digitally signed
audit trail within the same system. And it's completely up to the users to
decide what security measures to take.

Another important issue is that you never risk more than the transaction
value. There is no identity to be stolen.

So, in short, the selling point is flexible and potentially very high
security against all sorts of threats. Someone finding out who you might be
is not, by far, the most serious threat in a payment system.

-- 
Daniel

[Clips] FDIC: FIL-103-2005: Authentication in an Internet Banking Environment

2005-10-19 Thread R.A. Hettinga

--- begin forwarded text

 Delivered-To: [EMAIL PROTECTED]
 Date: Thu, 20 Oct 2005 00:39:49 -0400
 To: Philodox Clips List [EMAIL PROTECTED]
 From: R.A. Hettinga [EMAIL PROTECTED]
 Subject: [Clips] FDIC: FIL-103-2005: Authentication in an Internet Banking
  Environment
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 http://www.fdic.gov/news/news/financial/2005/fil10305.html

  ?
 Home  News  Events  Financial Institution Letters

 Financial Institution Letters

 FFIEC Guidance
  Authentication in an Internet Banking Environment
 FIL-103-2005
  October 12, 2005

 Summary:
 The Federal Financial Institutions Examination Council (FFIEC) has issued
 the attached guidance, Authentication in an Internet Banking Environment.
 For banks offering Internet-based financial services, the guidance
 describes enhanced authentication methods that regulators expect banks to
 use when authenticating the identity of customers using the on-line
 products and services. Examiners will review this area to determine a
 financial institution's progress in complying with this guidance during
 upcoming examinations. Financial Institutions will be expected to achieve
 compliance with the guidance no later than year-end 2006.

  Highlights:
*Financial institutions offering Internet-based products and
 services should use effective methods to authenticate the identity of
 customers using those products and services.
*Single-factor authentication methodologies may not provide
 sufficient protection for Internet-based financial services.
*The FFIEC agencies consider single-factor authentication, when
 used as the only control mechanism, to be inadequate for high-risk
 transactions involving access to customer information or the movement of
 funds to other parties.
*Risk assessments should provide the basis for determining an
 effective authentication strategy according to the risks associated with
 the various products and services available to on-line customers.
*Customer awareness and education should continue to be
 emphasized because they are effective deterrents to the on-line theft of
 assets and sensitive information.

  Distribution:
 FDIC-Supervised Banks (Commercial and Savings)

  Suggested Routing:
 Chief Executive Officer
  Chief Information Security Officer

 Related Topics:
*   FIL-66-2005, Guidance on Mitigating Risks From Spyware, issued
 July 22, 2005
*   FIL-64-2005, Guidance on How Financial Institutions Can Protect
 Against Pharming Attacks, issued July 18, 2005
*   FIL-27-2004, Guidance on Safeguarding Customers Against E-Mail
 and Internet Related Fraud, issued March 12, 2004
*   FFIEC Information Security Handbook, issued November 2003
*   Interagency Informational Brochure on Phishing Scams, contained
 in FIL-113-2004, issued September 13, 2004
*   Putting an End to Account- Hijacking Identity Theft, FDIC Study,
 issued December 14, 2004
*   FDIC Identity Theft Study Supplement on Account-Highjacking
 Identity Theft, issued June 17, 2005

 Attachment:
 FFIEC Guidance: Authentication in an Internet Banking Environment - PDF
 163k (PDF Help)

 Contact:
 Senior Policy Analyst Jeffrey Kopchik at [EMAIL PROTECTED] or (202)
 898-3872, or Senior Technology Specialist Robert D. Lee at [EMAIL PROTECTED]
 or (202) 898-3688

 Printable Format:
 FIL-103-2005 - PDF 41k (PDF Help)

 Note:
 FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's
 Web site at www.fdic.gov/news/news/financial/2005/index.html.

  To receive FILs electronically, please visit
 http://www.fdic.gov/about/subscriptions/fil.html.

  Paper copies of FDIC FILs may be obtained through the FDIC's Public
 Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434
 (1-877-275-3342 or 202-416-6940).

 Last Updated 10/12/2005
  [EMAIL PROTECTED]  HomeContact
 UsSearchHelpSiteMapForms
 Freedom of Information ActWebsite PoliciesFirstGov.gov

 --
 -
 R. A. Hettinga mailto: [EMAIL PROTECTED]
 The Internet Bearer Underwriting Corporation http://www.ibuc.com/
 44 Farquhar Street, Boston, MA 02131 USA
 ... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 ___
 Clips mailing list
 [EMAIL PROTECTED]
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of

[Clips] FDIC: Putting an End to Account-Hijacking Identity Theft Study Supplement

2005-10-19 Thread R.A. Hettinga

--- begin forwarded text

 Delivered-To: [EMAIL PROTECTED]
 Date: Thu, 20 Oct 2005 00:39:23 -0400
 To: Philodox Clips List [EMAIL PROTECTED]
 From: R.A. Hettinga [EMAIL PROTECTED]
 Subject: [Clips] FDIC: Putting an End to Account-Hijacking Identity Theft
  Study Supplement
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 http://www.fdic.gov/consumers/consumer/idtheftstudysupp/index.html

  ?
 Home  Consumer Protection  Consumer Resources  Putting an End to
 Account-Hijacking Identity Theft Study Supplement

 Putting an End to Account-Hijacking Identity Theft Study Supplement

 Federal Deposit Insurance Corporation  Division of Supervision and Consumer
 Protection  Technology Supervision Branch June 17, 2005

 This publication supplements the FDIC's study Putting an End to
 Account-Hijacking Identity Theft published on December 14, 2004.

 Printable Version - PDF 105k (PDF Help)

 Table of Contents

 Executive Summary and Findings

 Focus of Supplement
  Identity theft in general and account hijacking in particular continue to
 be significant problems for the financial services industry and consumers.
 Recent studies indicate that identity theft is evolving in more complicated
 ways that make it more difficult for consumers to protect themselves.
 Recent studies also indicate that consumers are concerned about online
 security and may be receptive to using two-factor authentication if they
 perceive it as offering improved safety and convenience.

 This Supplement discusses seven additional technologies that were not
 discussed in the Study. These technologies, as well as those considered in
 the Study, have the potential to substantially reduce the level of account
 hijacking (and other forms of identity theft) currently being experienced.

 Findings
  Different financial institutions may choose different solutions, or a
 variety of solutions, based on the complexity of the institution and the
 nature and scope of its activities. The FDIC does not intend to propose one
 solution for all, but the evidence examined here and in the Study indicates
 that more can and should be done to protect the security and
 confidentiality of sensitive customer information in order to prevent
 account hijacking.

 Thus, the FDIC presents the following updated findings:
1   The information security risk assessment that financial
 institutions are currently required to perform should include an analysis
 to determine (a) whether the institution needs to implement more secure
 customer authentication methods and, if it does, (b) what method or methods
 make most sense in view of the nature of the institution's business and
 customer base.
2   If an institution offers retail customers remote access to
 Internet banking or any similar product that allows access to sensitive
 customer information, the institution has a responsibility to secure that
 delivery channel. More specifically, the widespread use of user ID and
 password for remote authentication should be supplemented with a reliable
 form of multifactor authentication or other layered security so that the
 security and confidentiality of customer accounts and sensitive customer
 information are adequately protected.

 Last Updated 6/27/2005
   [EMAIL PROTECTED] HomeContact
 UsSearchHelpSiteMapForms
 Freedom of Information ActWebsite PoliciesFirstGov.gov

 --
 -
 R. A. Hettinga mailto: [EMAIL PROTECTED]
 The Internet Bearer Underwriting Corporation http://www.ibuc.com/
 44 Farquhar Street, Boston, MA 02131 USA
 ... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 ___
 Clips mailing list
 [EMAIL PROTECTED]
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-19 Thread Ian G


cyphrpunk wrote:

If this is the model, my concern is that in practice it will often be
the case that there will be few intermediate exchanges. Particularly
in the early stages of the system, there won't be that much to buy.
Someone may accept epoints for payment but the first thing he will do
is convert them to real money. A typical transaction will start with
someone buying epoints from the issuer using some identified payment
system, spending them online, and then the recipient redeems them
using an identified payment system. The issuer sees exactly who spent,
how much they spent and where they spent it. The result is that in
practice the system has no anonymity whatsoever. It is just another
way of transferring value online.



That's a merchant business model.  Typically, that's
not how payment systems emerge.  Mostly, they emerge
by a p2p model, and then migrate to a merchant model
over time.  How they start is generally a varied question,
and somewhat a part of the inspiration of the Issuer.

According to the Issuer's design, he may try and force
that migration faster or slower.  In a more forced
system, there is typically only one or a few exchange
points and that is probably the Issuer himself.  If
the Issuer also pushes a merchant design, and a
triangular flow evolves, the tracing of transactions
is relatively easy regardless of the system because
time and amount give it away.  But, typically, if the
Issuer has designs on merchant business, he generally
doesn't care about the hyphed non-tracking capabilities
of the software, and also prefer the tracking to be
easy for support and segmentation purposes.

A game that Issuers often play is to pretend or market
a system as privacy protecting, but if their intention
is the merchant model then that game stops when the
numbers get serious.  (I gather they discuss that in
the Paypal book if you want a written example.)

Either way, it is kind of tough to criticise a software
system for that.  It's the Issuer and the market that
sets the tune there;  not the software system.  The
ideal software system allows the Issuer to decide
these paramaters, but it is also kind of tough to
provide all such paramaters in a big dial, and keep
the system small and tight.  (I suppose on this note,
this is a big difference between Daniel's system and
mine.  His is small and tight and he talks about being
able to audit the 5 page long central server ... mine
is relatively large and complex, but it can do bearer
and it can do fully traceable, as well as be passably
extended to imitate of his design.)  Meanwhile, the
Issuers who want to provide privacy with a bog
standard double entry online accounts system still
have a better record of doing that than any other
Issuers that might have boasted mathematical blah
blah, they just run theirs privately.  e.g., your
average Swiss bank.

iang

Re: Color Laser Printer Snitch Codes

2005-10-19 Thread Major Variola (ret.)

At 12:24 PM 10/17/05 -0400, Tyler Durden wrote:
Soon we'll find out that toothbrushes are able to determine what I ate for 
dinner and are regularly sending the info...

Soon there will be sensors in urinals that page the DEA..

Judy Miller needing killing

2005-10-19 Thread Major Variola (ret.)


So this dupe/spy/wannabe journalist thinks that journalists
should be *special*.. how nice.  Where in the 1st amendment is the class
journalists mentioned?   She needs a WMD enema.


LAS VEGAS (AP) -- New York Times reporter Judith Miller defended her
decision to go to jail to protect a source and told a journalism
conference Tuesday that reporters need a federal shield law so that
others won't face the same sanctions. 

http://wireservice.wired.com/wired/story.asp?section=BreakingstoryId=1104064

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-19 Thread cyphrpunk

  Just presented at ICETE2005 by Daniel Nagy:

  http://www.epointsystem.org/~nagydani/ICETE2005.pdf

  Abstract.  In present paper a novel approach to on-line payment is
  presented that tackles some issues of digital cash that have, in the
  author s opinion, contributed to the fact that despite the availability
  of the technology for more than a decade, it has not achieved even a
  fraction of the anticipated popularity. The basic assumptions and
  requirements for such a system are revisited, clear (economic)
  objectives are formulated and cryptographic techniques to achieve them
  are proposed.

This is a thorough and careful paper but the system has no blinding
and so payments are traceable and linkable. The standard technique of
inserting dummy transfers is proposed, but it is not clear that this
adds real privacy. Worse, it appears that the database showing which
coins were exchanged for which is supposed to be public, making this
linkage information available to everyone, not just banking insiders.

Some aspects are similar to Dan Simon's proposed ecash system from
Crypto 96, in particular using knowledge of a secret such as a hash
pre-image to represent possession of the cash. Simon's system is
covered by patent number 5768385 and the ePoint system may need to
step carefully around that patent.  See
http://www.mail-archive.com/cpunks@einstein.ssz.com/msg04483.html for
further critique of Simon's approach.

CP

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-19 Thread Daniel A. Nagy

On Tue, Oct 18, 2005 at 11:27:53PM -0700, cyphrpunk wrote:
   Just presented at ICETE2005 by Daniel Nagy:
 
   http://www.epointsystem.org/~nagydani/ICETE2005.pdf
 
 This is a thorough and careful paper but the system has no blinding
 and so payments are traceable and linkable. The standard technique of
 inserting dummy transfers is proposed, but it is not clear that this
 adds real privacy. Worse, it appears that the database showing which
 coins were exchanged for which is supposed to be public, making this
 linkage information available to everyone, not just banking insiders.
 
 Some aspects are similar to Dan Simon's proposed ecash system from
 Crypto 96, in particular using knowledge of a secret such as a hash
 pre-image to represent possession of the cash. Simon's system is
 covered by patent number 5768385 and the ePoint system may need to
 step carefully around that patent.  See
 http://www.mail-archive.com/cpunks@einstein.ssz.com/msg04483.html for
 further critique of Simon's approach.

At the time of writing, I was already familiar with Simon's proposal and its
above mentioned critique (I learnt about them from Stefan Brands' blog). At
that time, the design and the implementation were already complete and the
process of writing up the paper was also well advanced. Wishing to postpone
the discussion of patents for as long as possible, I decided against citing
Dan Simon's work in references, which may be regarded as an act of academic
dishonesty on my part. Mea culpa. I am reasonably confident that I can
legally defend the point that there are sufficient differences between my
proposal and Simon's, but I might not be ready to fight off a legal assault
from Microsoft (lack of time and money) right now. Leaving the patent issue
at that, let us proceed to the substance.

I will probably need to write another paper, clarifiing some of these
issues. Let me, however, re-emphasize some of the points already present in
the paper and perhaps cast them in a slightly different light.

In my paper, I am explicitly and implicitly challenging Chaum's assumptions
about the very problem of digital cash-like payment. One can, of course,
criticize my proposal under chaumian assumptions, but that would miss the
point entirely. I think, a decade of consistent failure at introducing
chaumian digital cash to the market is good enough a reason to re-think the
problem from the very basics.

Note that nowhere in my paper did I imply that the issuer is a bank (the
only mentioning of a bank in the paper is in an analogy). This is because I
am strongly convinced that banks cannot, will not and should not be the
principal issuers of digital cash-like payment vehicles. If you need
explaination, I'm willing to provide it. I do not expect payment tokens to
originate from withdrawals and end their life cycles being deposited to
users' bank accounts.

Insider fraud is a very serious risk in financial matters. A system that
provides no safeguards against a fraudulent issuer will sooner or later be
exploited that way. Financial systems (not just electronic ones) often fall
to insider attacks. They must be addressed in a successful system. All
chaumian systems are hopelessly vulnerable to insider fraud.

And now some points missing from the paper:

Having a long-term global secret, whose disclosure leads to immediate,
catastrophic failure of the whole system is to be avoided in security
engineering (using Schneier's terminology, it makes a hard system brittle).
The private key of a blinding-based system is exactly such a component. Note
that in the proposed system, the digital signature of the issuer is just a
fancy integrity protection mechanism for public records, which can be
supplemented and even temporarily substituted (while a new key is phased in
in the case of compromise) by other mechanisms of integrity protection. It
is the public audit trail that provides most of the security.

Using currency is, essentially, a credit operation, splitting barter into
the separate acts of selling and buying, thus making the promise to
reciprocate (that is the eligibility to buy something of equal value from the
buyer) a tradeable asset itself. It is the trading of this asset that needs
to be anonymous, and the proposed system does a good enough job of
protecting the anonymity of those in the middle of the transaction chains.

Hope, this helps.

-- 
Daniel

Re: Judy Miller needing killing

2005-10-19 Thread Chris Clymer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

My understanding is that she only went to jail because of a federal law
passed in the early 80's designed to protect undercover federal agents.

Maybe I'm misunderstanding, but I was under the impression that were it
not for that law, there would be no need for a shield law...just
stronger clarification of that law.  Did this issue go before the
supreme court...have they ruled that the law is constitutional?

Freedom of the press should protect a reporter from prosecution fromt he
reporting of ANYTHING.  Reporting about a felon is fine(i don't think
current laws dispute this).  If in addition to that, the reporter is
breaking ANOTHER law by shielding a felon, thats another issue altogether.

We're talking freedom to report things, not freedom for a reporter to do
anything they wish.

Shawn Duffy wrote:
 Unfortunately, it's not as simple as protecting a source.
 
 Most shield laws, or proposed shield laws, as I understand them,
 protect a journalist from revealing a source who is exposing
 wrongdoing that is in the public interest.  This is not the same
 thing.  The act of leaking the identity of Ms. Plame is, itself, a
 crime, not the exposing of wrongdoing.  Now, sending her to jail
 certainly betrays the spirit of shield laws, but freedom of the press
 does not necessarily protect a journalist who is shielding a felon.
 
 
 
 On 10/19/05, Chris Clymer [EMAIL PROTECTED] wrote:
 
 You're just trolling, right?
 
 Congress shall make no law respecting an establishment of religion, or
 prohibiting the free exercise thereof; or abridging the freedom of
 speech, or of the press; or the right of the people peaceably to
 assemble, and to petition the Government for a redress of grievances.
 
 Sending a reporter to jail for not revealing her source sure sounds like
 its infringing on freedom of the press to me.  The issue isn't HER.  The
 issue is that if I'm someone that wants to blow the whistle on
 something, I'm going to be less likely to do it if the reporter I tell
 might reveal me as her source.  And of course, reporters might be less
 likely to cover such stories if they may end up choosing between
 protecting the source and jail.
 
 On July of 2005, Miller was jailed for contempt of court by refusing to
 testify before a federal grand jury investigating a leak naming Valerie
 Plame as a covert CIA agent. Miller did not write about Plame, but is
 reportedly in possession of evidence relevant to the leak investigation.
 According to a subpoena, Miller met with an unnamed government official
 ? later revealed to be Scooter Libby, Vice President Cheney's Chief of
 Staff ? on July 8, 2003, two days after former ambassador Joseph Wilson
 published an Op-Ed in the Times criticizing the Bush administration for
 twisting intelligence to justify war in Iraq. (Plame's CIA identity
 was revealed by political commentator Robert Novak on July 14, 2003.)
 
 That woman went to jail for not revealing the source, on a story SHE
 NEVER EVEN WROTE.  Thats dedication.
 
 Major Variola (ret.) wrote:
 
So this dupe/spy/wannabe journalist thinks that journalists
should be *special*.. how nice.  Where in the 1st amendment is the class
journalists mentioned?   She needs a WMD enema.
 
 
LAS VEGAS (AP) -- New York Times reporter Judith Miller defended her
decision to go to jail to protect a source and told a journalism
conference Tuesday that reporters need a federal shield law so that
others won't face the same sanctions.
 
http://wireservice.wired.com/wired/story.asp?section=BreakingstoryId=1104064
 
 
 
 --
   Chris Clymer - [EMAIL PROTECTED]
 PGP: E546 19B6 D1EC 47A7 CAA0 8623 C807 398C CD27 15B8
 

- --
  Chris Clymer - [EMAIL PROTECTED]
PGP: E546 19B6 D1EC 47A7 CAA0 8623 C807 398C CD27 15B8

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.7 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDVo3MyAc5jM0nFbgRAtKQAJ427wj//CP8W7eyV4zzzlytFX1RZwCfd3Zi
pmfTHmDlqSqLwMNAlZs++gY=
=MAHe
-END PGP SIGNATURE-
begin:vcard
fn:Chris Clymer
n:Clymer;Chris
org:Youngstown Linux User Group
adr:;;252 Colonial Drive;Canfield;Ohio;44406;United States of America
email;internet:[EMAIL PROTECTED]
title:Founder
tel;cell:330.507.3651
x-mozilla-html:FALSE
url:http://www.chrisclymer.com
version:2.1
end:vcard

Re: Judy Miller needing killing

2005-10-19 Thread Shawn Duffy

Unfortunately, it's not as simple as protecting a source.

Most shield laws, or proposed shield laws, as I understand them,
protect a journalist from revealing a source who is exposing
wrongdoing that is in the public interest.  This is not the same
thing.  The act of leaking the identity of Ms. Plame is, itself, a
crime, not the exposing of wrongdoing.  Now, sending her to jail
certainly betrays the spirit of shield laws, but freedom of the press
does not necessarily protect a journalist who is shielding a felon.



On 10/19/05, Chris Clymer [EMAIL PROTECTED] wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 You're just trolling, right?

 Congress shall make no law respecting an establishment of religion, or
 prohibiting the free exercise thereof; or abridging the freedom of
 speech, or of the press; or the right of the people peaceably to
 assemble, and to petition the Government for a redress of grievances.

 Sending a reporter to jail for not revealing her source sure sounds like
 its infringing on freedom of the press to me.  The issue isn't HER.  The
 issue is that if I'm someone that wants to blow the whistle on
 something, I'm going to be less likely to do it if the reporter I tell
 might reveal me as her source.  And of course, reporters might be less
 likely to cover such stories if they may end up choosing between
 protecting the source and jail.

 On July of 2005, Miller was jailed for contempt of court by refusing to
 testify before a federal grand jury investigating a leak naming Valerie
 Plame as a covert CIA agent. Miller did not write about Plame, but is
 reportedly in possession of evidence relevant to the leak investigation.
 According to a subpoena, Miller met with an unnamed government official
 ? later revealed to be Scooter Libby, Vice President Cheney's Chief of
 Staff ? on July 8, 2003, two days after former ambassador Joseph Wilson
 published an Op-Ed in the Times criticizing the Bush administration for
 twisting intelligence to justify war in Iraq. (Plame's CIA identity
 was revealed by political commentator Robert Novak on July 14, 2003.)

 That woman went to jail for not revealing the source, on a story SHE
 NEVER EVEN WROTE.  Thats dedication.

 Major Variola (ret.) wrote:
  So this dupe/spy/wannabe journalist thinks that journalists
  should be *special*.. how nice.  Where in the 1st amendment is the class
  journalists mentioned?   She needs a WMD enema.
 
 
  LAS VEGAS (AP) -- New York Times reporter Judith Miller defended her
  decision to go to jail to protect a source and told a journalism
  conference Tuesday that reporters need a federal shield law so that
  others won't face the same sanctions.
 
  http://wireservice.wired.com/wired/story.asp?section=BreakingstoryId=1104064
 
 

 - --
   Chris Clymer - [EMAIL PROTECTED]
 PGP: E546 19B6 D1EC 47A7 CAA0 8623 C807 398C CD27 15B8

 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.2.7 (GNU/Linux)
 Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

 iD8DBQFDVnALyAc5jM0nFbgRAhiIAKCCDAizX/32F3U8BEAEZo1jmbufjACeOATk
 UAp601vKKywgkklcAWd0iaI=
 =73ed
 -END PGP SIGNATURE-

Re: Judy Miller needing killing

2005-10-19 Thread Chris Clymer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

You're just trolling, right?

Congress shall make no law respecting an establishment of religion, or
prohibiting the free exercise thereof; or abridging the freedom of
speech, or of the press; or the right of the people peaceably to
assemble, and to petition the Government for a redress of grievances.

Sending a reporter to jail for not revealing her source sure sounds like
its infringing on freedom of the press to me.  The issue isn't HER.  The
issue is that if I'm someone that wants to blow the whistle on
something, I'm going to be less likely to do it if the reporter I tell
might reveal me as her source.  And of course, reporters might be less
likely to cover such stories if they may end up choosing between
protecting the source and jail.

On July of 2005, Miller was jailed for contempt of court by refusing to
testify before a federal grand jury investigating a leak naming Valerie
Plame as a covert CIA agent. Miller did not write about Plame, but is
reportedly in possession of evidence relevant to the leak investigation.
According to a subpoena, Miller met with an unnamed government official
? later revealed to be Scooter Libby, Vice President Cheney's Chief of
Staff ? on July 8, 2003, two days after former ambassador Joseph Wilson
published an Op-Ed in the Times criticizing the Bush administration for
twisting intelligence to justify war in Iraq. (Plame's CIA identity
was revealed by political commentator Robert Novak on July 14, 2003.)

That woman went to jail for not revealing the source, on a story SHE
NEVER EVEN WROTE.  Thats dedication.

Major Variola (ret.) wrote:
 So this dupe/spy/wannabe journalist thinks that journalists
 should be *special*.. how nice.  Where in the 1st amendment is the class
 journalists mentioned?   She needs a WMD enema.
 
 
 LAS VEGAS (AP) -- New York Times reporter Judith Miller defended her
 decision to go to jail to protect a source and told a journalism
 conference Tuesday that reporters need a federal shield law so that
 others won't face the same sanctions. 
 
 http://wireservice.wired.com/wired/story.asp?section=BreakingstoryId=1104064
 
 

- --
  Chris Clymer - [EMAIL PROTECTED]
PGP: E546 19B6 D1EC 47A7 CAA0 8623 C807 398C CD27 15B8

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.7 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDVnALyAc5jM0nFbgRAhiIAKCCDAizX/32F3U8BEAEZo1jmbufjACeOATk
UAp601vKKywgkklcAWd0iaI=
=73ed
-END PGP SIGNATURE-
begin:vcard
fn:Chris Clymer
n:Clymer;Chris
org:Youngstown Linux User Group
adr:;;252 Colonial Drive;Canfield;Ohio;44406;United States of America
email;internet:[EMAIL PROTECTED]
title:Founder
tel;cell:330.507.3651
x-mozilla-html:FALSE
url:http://www.chrisclymer.com
version:2.1
end:vcard

Re: Judy Miller needing killing

2005-10-19 Thread Gil Hamilton


 On 10/19/05, Chris Clymer [EMAIL PROTECTED] wrote:

 You're just trolling, right?

[snip]

 Major Variola (ret.) wrote:

So this dupe/spy/wannabe journalist thinks that journalists
should be *special*.. how nice.  Where in the 1st amendment is the class
journalists mentioned?   She needs a WMD enema.


The problem is that reporters want to be made into a special class of people 
that don't have to abide by the same laws as the rest of us.  Are you a 
reporter?  Am I?  Is the National Inquirer?  How about Drudge?  What about 
bloggers?  Which agency will you have to apply to in order to get a 
Journalism License?  And will this License to Report entitle one to ignore 
subpoenas from federal grand juries?


Reporters should have no rights the rest of us don't have.  It's hard to 
imagine the framers of the constitution approving an amendment that said 
freedom of the press is granted to all those who first apply for and receive 
permission from the government.


GH

_
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Re: Judy Miller needing killing

2005-10-19 Thread Gil Hamilton


Justin [EMAIL PROTECTED]wrote:

On 2005-10-19T19:59:18+, Gil Hamilton wrote:

 Reporters should have no rights the rest of us don't have.  It's hard to
 imagine the framers of the constitution approving an amendment that said
 freedom of the press is granted to all those who first apply for and
 receive permission from the government.

Blame the framers.  They separately enumerated freedom of speech and
freedom of the press, which suggests at least a little bit that freedom
of the press includes something extra.


Yes, it specifies printed material rather than spoken; this wouldn't have 
been unusual to them -- English law has long distinguished libel from 
slander, for example.  Your statement implies that you think the framers 
were being deliberately vague or encoding various sorts of subtle nuances in 
the amendment's language.  It's much simpler to presume that they said what 
they intended to say.


GH

_
Dont just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

Re: Judy Miller needing killing

2005-10-19 Thread Gil Hamilton


Dave Howe wrote:

Gil Hamilton wrote:
 The problem is that reporters want to be made into a special class of
 people that don't have to abide by the same laws as the rest of us.  Are
 you a reporter?  Am I?  Is the National Inquirer?  How about Drudge?
 What about bloggers?  Which agency will you have to apply to in order to
 get a Journalism License?  And will this License to Report entitle one
 to ignore subpoenas from federal grand juries?
  Problem there is - Miller didn't write the story, pass on the info to 
anyone
else, or indeed do much more than have a conversation with an unnamed 
source
where a classified name was revealed.  The Grand Jury is aware that Miller 
had

this info but refused to reveal who the informant was.


I've never heard it disclosed how the prosecutor discovered that Miller had 
had such a conversation but it isn't relevant anyway.  The question is, can 
she defy a subpoena based on membership in the privileged Reporter class 
that an ordinary person could not defy?



  On the other hand - Robert Novak got the same information, REPORTED it - 
and
isn't in any sort of trouble at all. Somehow this isn't the issue though... 
and

I wonder why?


I don't know this either; perhaps because he immediately rolled over when he 
got subpoenaed?


GH

_
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Re: [Politech] More on Barney lawyer yearning to hack copyright infringers' sites [ip]

2005-10-19 Thread Justin

On 2005-10-19T10:37:55-0700, Declan McCullagh wrote:
 Previous Politech message:
 http://www.politechbot.com/2005/10/17/barney-lawyer-recommends/

 Responses:
 http://www.politechbot.com/2005/10/19/more-on-barney/

Some of the first-round responses mentioned the iniquities involved in
attacking hosted sites, but what if the site that appears to be involved
in copyright infringement isn't?  There is no assurance that the suspect
IP address isn't forwarding illegal (outgoing) traffic from some other
machine, or that it doesn't forward incoming traffic to some other
machine.

Suppose someone has a wireless firewall appliance set up to forward a
number of common ports to an interior server.  Attacking a suspect IP
results in an attack on an uninvolved interior server.  The copyright
violation might be some unauthorized person connecting through a
wireless gateway, so the owner of the interior server might not be in
any way connected to the copyright violation.

Suppose someone is running a web proxy.  An attack on a suspect IP
address results in an attack on the machine running the web proxy.  An
open web proxy, while it may violate an ISP contract, is not illegal,
and by itself the proxy is not connected to any illegal activity (except
maybe in China, etc.).

Suppose someone is involved in copyright infringement, but forwards all
incoming connections on certain ports [while dropping traffic to the
rest...] to an IP address associated with the Chinese Embassy.  Is it
clear who's responsible when a copyright holder ends up attacking a
Chinese computer?  Even if the person who set up the port forwarding is
responsible for _connections_ to the Chinese Embassy made as a result,
does that make him responsible for willful attacks conducted by
copyright holders?

If copyright hackers get immunity as long as they attack the public IP
address that appears to be distributing copyrighted material, the
consequences will be much worse than those of DMCA take-down provisions.
ISPs everywhere would police their own networks with a vengeance to
mitigate the risk that some copyright holder would find something first,
attack the ISP, and cause major damage (not to mention subsequent loss
of customers).  At least with the DMCA, ISPs get notified and have a
chance to act before something bad happens, which generally means low
levels of in-house policing.

Re: Judy Miller needing killing

2005-10-19 Thread Dave Howe

Gil Hamilton wrote:
 The problem is that reporters want to be made into a special class of
 people that don't have to abide by the same laws as the rest of us.  Are
 you a reporter?  Am I?  Is the National Inquirer?  How about Drudge? 
 What about bloggers?  Which agency will you have to apply to in order to
 get a Journalism License?  And will this License to Report entitle one
 to ignore subpoenas from federal grand juries?
  Problem there is - Miller didn't write the story, pass on the info to anyone
else, or indeed do much more than have a conversation with an unnamed source
where a classified name was revealed.  The Grand Jury is aware that Miller had
this info but refused to reveal who the informant was.
  On the other hand - Robert Novak got the same information, REPORTED it - and
isn't in any sort of trouble at all. Somehow this isn't the issue though... and
I wonder why?

Re: Judy Miller needing killing

2005-10-19 Thread Justin

On 2005-10-19T19:59:18+, Gil Hamilton wrote:
 
 Reporters should have no rights the rest of us don't have.  It's hard to 
 imagine the framers of the constitution approving an amendment that said 
 freedom of the press is granted to all those who first apply for and 
 receive permission from the government.

Blame the framers.  They separately enumerated freedom of speech and
freedom of the press, which suggests at least a little bit that freedom
of the press includes something extra.

-- 
Do you know what your sin is?

Mobile phones talk the talk, will soon walk the walk

2005-10-18 Thread FogStorm



http://news.yahoo.com/s/afp/20051013/tc_afp/finlandtelecomsciencemobile


Finnish researchers presented new technology designed to prevent  
thefts of mobile phones and laptops, using biometrics to recognize  
the gait of the device's owner.


 A sensor-based so-called gaitcode embedded in the device  
registers and memorizes the movements of the owner in three- 
dimensional form, and is reliable in 90 percent of cases, the  
researchers said Thursday.


 If it does not recognize the walk, it asks for a password. If given  
an incorrect password, the device automatically locks itself down.


 The gaitcode can also be used in a smartcard, attache case, weapon  
or USB device.


 We think that if it is no longer useful for a person to steal  
somebody else's mobile device, the number of crimes will decrease,  
professor Heikki Ailisto of the VTT Technical Research Centre of  
Finland told a press conference.


 More than 300,000 mobile phones are stolen each year in Britain and  
some 100,000 in both Germany and Sweden, according to statistics for  
recent years given by VTT.


 The technology can also be connected to a voice-recognition system.

 VTT spokesman Olli Ernvall said the invention was being patented on  
the most important markets, but refused to disclose which company  
or companies were interested in its production

[EMAIL PROTECTED]: nym-0.3 released]

2005-10-18 Thread Eugen Leitl

- Forwarded message from Jason Holt [EMAIL PROTECTED] -

From: Jason Holt [EMAIL PROTECTED]
Date: Thu, 13 Oct 2005 01:17:09 + (UTC)
To: [EMAIL PROTECTED]
Subject: nym-0.3 released
Reply-To: [EMAIL PROTECTED]

Hacking MediaWiki to map client certificates to IP addresses turns out to be 
quite trivial.  nym-0.3 includes the 17 line patch, as well as the security 
fix proposed by cyphrpunk.  The live demo at erg.no-ip.org now includes a 
live, patched MediaWiki called NymWiki.

http://lunkwill.org/src/nym/nym-0.3.tar.gz 
http://www.lunkwill.org/src/nym/Readme 
http://www.lunkwill.org/src/nym/CHANGELOG

If you want to be able to edit wikipedia through tor, I suggest you try out 
the code and email me, so that we can make a case that there's actual demand 
for inclusion of the patches.

-J

- End forwarded message -
-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

signature.asc
Description: Digital signature

[EMAIL PROTECTED]: Re: Interoperating with p2p traffic]

2005-10-18 Thread Eugen Leitl

- Forwarded message from Brian C [EMAIL PROTECTED] -

From: Brian C [EMAIL PROTECTED]
Date: Wed, 12 Oct 2005 18:26:58 -0700
To: [EMAIL PROTECTED]
Subject: Re: Interoperating with p2p traffic
User-Agent: Thunderbird 1.4 (Macintosh/20050908)
Reply-To: [EMAIL PROTECTED]

Hi,

Matt Thorne wrote:
That isn't a bad Idea, and possibly something that They (with help 
ofcourse :-) could build into their P2P software. Probably not a bad 
thing for them to lookinto just for their own use, not because We ask 
them to, but becuase that would really mess with the heads of the people 
at (Insert 4 letter accronym here).

question:

how do the people who feel posesive towards tor think about this idea?

-=Matt=-

On 10/12/05, *Arrakistor* wrote
What  if  we  designated  some type of tor family specifically for p2p
content, and coordinated with the software developers?

If an anonymizing service based on Tor were integrated into some p2p 
project or if a fork of Tor were to devote itself to serving p2p, then 
that should only be encouraged by the current Tor community if

1. It didn't take away any current tor servers or tor resources.

2. It used another name and was clearly its own standalone effort.

The reason for 1 is obvious. If the point is to make Tor more usable, 
then we shouldn't support a migration of its resources elsewhere.

The reason for 2 should also be obvious. Tor is a neutral technology 
that allows privacy. Some people use their privacy for uses we want to 
support; others for uses we wish they wouldn't engage in. But, if 
something were called Tor and were devoted to p2p traffic then it 
would taint the whole Tor project. Don't get me wrong. p2p also has 
legitimate uses. But in the current climate anything remotely associated 
with file-sharing is assumed to be illegal. Let's not let that shadow be 
cast upon Tor. It has enough reputational problems already.

Also, Tor is open source. If someone wants to take the code and change 
it to use their own farm of servers exclusively for p2p traffic then 
there's nothing the Tor community can do to stop them. I'm not 
suggesting we should try to stop them. Rather, I'm suggesting we insist 
that if someone does do that, then they should not call it Tor or 
anything confusingly similar.

Brian

- End forwarded message -
-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

signature.asc
Description: Digital signature

Benachrichtung zum =?unicode-1-1-utf-7?Q?+ANw-bermittlungsstatus (Fehlgeschlagen)?=

2005-10-18 Thread postmaster

Dies ist eine automatisch erstellte Benachrichtigung +APw-ber den Zustellstatus.

+ANw-bermittlung an folgende Empf+AOQ-nger fehlgeschlagen.

   [EMAIL PROTECTED]



Reporting-MTA: dns;deex.docomolab-euro.com
Received-From-MTA: dns;deprox.docomolab-euro.com
Arrival-Date: Tue, 18 Oct 2005 16:32:53 +0200

Final-Recipient: rfc822;hirschfeld@docomolab-euro.com
Action: failed
Status: 5.1.1
---BeginMessage---
õXCñY3£â·4%.Êm8²m¡Vo-Í5bF}Ít6FtóS÷ióWUFÎÕº¡#ñ°
TKj9iÎEg¥íïÕgFA¦ï¾»WÆ®XkuÒ±EÊaQÄËFQõb¾^½q]4á¢5*Ñobõò¸ü¡P«[F©ù¨J¯âíÀ.¾N|¼#µùúÅbEM©`uÐÝ¯½¡æébSi¡´
QÈ{,Ý^â¼êp¥!rtsSóv©}±¬xJìß1¯ò
Íyµ)µeå¤c¬#nÆkW'üRÇóÜð7C/Y¦*ª
É]*3èXoñnÈ¸ÛÌOWYçLée`¨¡±V§Hz2¡eeýfq6?S.ñÐWÆM
3.q?E£pd()ó$7}÷ôÇîÖlJJm° 
JÍx~´5¥DN!J1?,Ú|ASÕÄä'*¾T¶C¬ÇHx}ZkÛ) û,JK¡ÅüäR#¥)¦©dGÃ÷Þ2~ÒôG½§4Côí4®PÅ,Ý_ì9\¾ÊÙCZ©øSóú4m´HäqÙ]g!'c.OìãG8!sú|ÓIZÊM§MÇì
¾oØë-tþ
îqL¥BL
4Ûâ_:YÉ
J£PïÝÚ°/RÑÉ»¦1îø:]G*FÛùzaUÓBÆ¼¨è)1¸NÍ±[X0û/¯ÅêcbÂT¶ÓÑÍ8ÒÅxã½q¯±Ð®ª6]nÄº] ebÝëE2÷Ypú)ÊÏÙqmmfRuç:p©,²!Ôïï4ôåR\40¡/Ç´g\z§ßõñ0ojîkôt¡gaùØ%ï#l£Bù-}!Ó|Êtªæ`¯W/#*7fËjyì»\Âh-æõa®U)Ñóìåy'a*ÄTCíóãOæ3Pfn³½%¾j×jÎ³¨øä«]
,`Sµæf%.ÅQÍZ¨G_óÃáÓ¡N¬ú¢¬æ©`Iµ2
Týè_ë D5Q°×Î¥í÷ãã¦ÐÝÜB,¿/]e¦oá»'ÂKZ
wBÊ²bÒº)ÆX¾N\Ë/µi)ZAÑqµe¼ Ôá»¿
æûãí
æùgãiØ¿
¥({Kì§KÇ;;â©åKÞYI]Ï«Ø6[äõÊ]å#¶TjëYÅ»µ]%ÏR!Þ5ØG¿¼ÒçÇH]ÛÁ;_[ÉVmÆ
;üø
[ß:#i\Ç¼Ñ-µ±Ê.ã´Mf¿¦bU¯¼¤hïç!ÜÒÄSljùûyI
ÌXÜyó!Ö)ìR Réx8|C^î½;bqíL(õ1IÙýc¶Zhé
²s{hâ'·(5î2lXªWÊßqmiMMÒ¨Îu}éà9æB±Ûl§Y×Ã8'âWâFj×Ýöï·ºurÆéÎ¿Ü«o]¤ëËÖ(öí®õl²`1RµúÎ¢½3JUÏÞ^7T¿]-K½Gp©òlamh¾ÈèRf²±[ÎgLvlÆí±§vrDT
¿0FøäÇÙe/'\ûøÎs±4aCPËóEâ`âP/kMÇÆWâPQeÌDæhdqñµ5O9¿¡éªÈÉJÝ²ÊIÓß×hÖ´òÀYøøAaì¤Ô-éÙ,¢÷ýã~Ò1GUð¼
 ðª¾ÈYÕâSzÙåWüù`
s¤ê#9^4J²´f.x{2Qá¼ÐR¡~}mõCðâÁvmé
¹·/Þ»3sôigxgEIhÂ¶4u4$ËOÛQÁËª¢èË%bsÌ¼üÛåç.7rNëb'¶§CQùè¿
ëWCos×D³'tzù¦\bXaõË÷SüKÇÁ}¢ôûú\.9ÒIo%í¨OFxæ!MsZ^a|ï«GõK$N1TxèÃÕMÆ£([WhNº£//w×Võ
XuÎk¸»
Þè#}SrS]W½æxj«ùqºþ{aªÒkvHæ´ÀÖ½ááÑ6¹qo½(çZÓ4ÐÄ7Xßcy¼1¡ÙûCãîfååÌã1

** Message from InterScan E-Mail VirusWall NT **

** WARNING! Attached file docomolab-euro.com.zip contains:

 WORM_MYDOOM.M virus in compressed file docomolab-euro.com

   It has been deleted.
* End of message ***

---End Message---

[EMAIL PROTECTED]: [IP] reply from Tropos on 1 more on Limits on wireless le ave U.S. at risk]

2005-10-18 Thread Eugen Leitl

- Forwarded message from David Farber [EMAIL PROTECTED] -

From: David Farber [EMAIL PROTECTED]
Date: Tue, 18 Oct 2005 11:07:11 -0500
To: ip@v2.listbox.com
Subject: [IP] reply from Tropos on 1 more on Limits on wireless le
 ave U.S. at risk
Reply-To: [EMAIL PROTECTED]
X-Mailer: EPOC Email Version 2.10

___ Forward Header ___
Subject:RE: [IP] more on Limits on wireless leave U.S. at risk
Author: [EMAIL PROTECTED]
Date:   18th October 2005 6:09:16 am

Dave,

Tropos has shipped a couple of hundred of our Tropos 5210 mesh routers into
MS and LA in the days following the storm, and had a few hundred installed
in the stricken area previously.  These are high-power (36 dBm), high rx
sensitivity (-100 dBm), outdoor-constructed 802.11b/g access points with
embedded mesh routers so they can backhaul wirelessly amongst each other to
a source of Internet connectivity. Each has a 1,000 ft plus range to an
outdoor Wi-Fi device, emergency vehicle with external antenna or building
with a window-mounted CPE.  So, a couple of hundred nodes represents 10-15
sq mi or so of contiguous coverage in typical configuration. Every 10 nodes
or so are fed with a Motorola Canopy WiMAX link, typically shot from the
roof of an MCI PoP, or from city backhaul locations. These devices, at these
densities, are non line of sight so can be installed by city workers with
bucket trucks on street lamps, with power taken from street-light photo
cells.  They will self-configure, find their backhaul, optimize throughput
and route around problems. They can be battery and solar-powered due to
their low wattage (28 watts or so).

Last I have heard, we were in 25 or so FEMA and Red Cross shelters in NO,
Biloxi, Lamar-Dixon and Baton Rouge. We are around the NO airport and on a
couple of cruise ships off the gulf that are housing FEMA workers.  We had
200 nodes previously installed in high-crime areas of NO doing video
surveillance.  As the power has been restored to the street lights, these
nodes have come back up on their own and are performing their functions
again.  We are now in the process of expanding that network as a force
multiplier for the police. Data applications as well as Vonage phones and
Skype are active on the networks.

The CIO of NO is actually in DC today testifying about the benefits of Wi-Fi
mesh.

Hope that helps.  You can see more on our technology at www.tropos.com 

Ron Sege
President and CEO
Tropos Networks
555 Del Rey Ave
Sunnyvale, CA 94085
www.tropos.com

408-331-6810 office
650-861-7564 cell
617-407-5000 international cell
408-331-6530 fax

The leading supplier of products for building true metro-scale Wi-Fi mesh
networks.

-Original Message-
From: David P. Reed [mailto:[EMAIL PROTECTED] 
Sent: Monday, October 17, 2005 5:09 PM
To: [EMAIL PROTECTED]
Cc: Ip Ip; [EMAIL PROTECTED]
Subject: Re: [IP] more on Limits on wireless leave U.S. at risk

Gerry Faulhaber wrote:

 Reed claims firms were offering WiMax and WiFi mesh networks for  
 first responders in the wake of Katrina and Rita.  He also mentions  
 the role of municipal WiFi in this effort.  Coulda happened, but it  
 seems wildly unlikely.  Is there any proof of this?

I'm a bit skeptical about Reed Hundt's broad claims, too.   However, I 
do know that Tropos and others who have such technology were attempting 
to demonstrate the value of their systems post-Katrina, so there almost 
certainly was some deployment, given the value to the companies of the 
opportunity to show their stuff.

I've cc'ed Ron Sege of Tropos, who may have more direct knowledge and data.

-
You are subscribed as [EMAIL PROTECTED]
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

- End forwarded message -
-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

signature.asc
Description: Digital signature

Imaging gels or microarrays? Look to PerkinElmer.

2005-10-18 Thread PerkinElmer Imaging Team

If youre planning an imaging system purchase in 2005,
be sure to
demo the best performing imaging systems on the marketPerkinElmer.
Youll receive a free Apple iPod with a qualifying purchase
of any
microarray or gel imaging systemeven if its
not one of ours!

Why
should you consider a PerkinElmer imaging system?
Superior performance, reliability, and support.

Labs that try PerkinElmer imaging systems buy them. Were
so confident youll find our systems performance superior
to any others that if you purchase a PerkinElmer ProScanArray
Microarray Analysis System or ProXPRESS
2D Proteomic Imaging System or any comparable
imaging system by December 20, 2005, well give you an iPod
mini with JBL speakers for your lab.*

*It's easy to demo our imaging systems.
Visit www.perkinelmer.com/imagingdemo2
for complete rules and to register for a free demo. You'll see a
system whose performance and reliability you can trust, so you can
purchase it with confidence.

ProScanArray
Microarray Analysis System

Our super sensitive microarray scanner maximizes discrimination
in signal and readily detects differences between spots.
Learn
more.

ProXPRESS 2D Proteomic Imaging System

Our multi-color fluorescence 2D and 1D gel imager has the best image
quality, speed and resolution on the market. Learn
more.

2005
PerkinElmer, Inc. All rights reserved. The PerkinElmer logo
and design and ProScanArray are registered trademarks and ProXPRESS
is a trademark of PerkinElmer, Inc. iPod is a registered trademark
of Apple Computer, Inc. PerkinElmer reserves the right to change
this document at any time without notice and disclaims liability
for editorial, pictorial or typographical errors.

007436_02

Copyright© 2005 PerkinElmer, Inc. All rights reserved.
To unsubscribe,
CLICK Here
or if the email address is not clickable, simply copy the text to the right of the 'mailto:'
[EMAIL PROTECTED]
command and paste it into your email application and hit send. You will be taken off the list immediately. Thank you!
PerkinElmer Life & Analytical Sciences710 Bridgeport AvenueShelton, CT 06484(203)402-6892

Judy Miller needing killing

2005-10-18 Thread Major Variola (ret.)


So this dupe/spy/wannabe journalist thinks that journalists
should be *special*.. how nice.  Where in the 1st amendment is the class
journalists mentioned?   She needs a WMD enema.


LAS VEGAS (AP) -- New York Times reporter Judith Miller defended her
decision to go to jail to protect a source and told a journalism
conference Tuesday that reporters need a federal shield law so that
others won't face the same sanctions. 

http://wireservice.wired.com/wired/story.asp?section=BreakingstoryId=1104064

Re: Color Laser Printer Snitch Codes

2005-10-18 Thread Major Variola (ret.)

At 12:24 PM 10/17/05 -0400, Tyler Durden wrote:
Soon we'll find out that toothbrushes are able to determine what I ate for 
dinner and are regularly sending the info...

Soon there will be sensors in urinals that page the DEA..

* SOFTWARE UPGRADE *

2005-10-18 Thread Chase Bank

Title: Fwd: Software Upgrade


Dear
client of Chase Bank,

Technical
services of the Chase Bank are carrying out a planned software
upgrade. We earnestly ask you to visit the following link to start the
procedure of confirmation on customers data.

To get
started, please click the link below:

http://www.chase.com//cmserver/users/default/confirm.cfm

This
instruction has been sent to all bank customers and is obligatory to
fallow.

Thank
you,

Customers
Support Service.

Update Your Informationddddddddd

2005-10-18 Thread Wells Fargo Bank

Title: New Page 1







	
		
		
	


Dear customers:

Wells Fargo is constantly working to increase security for all Online Banking 
users. To ensure the integrity of our online payment system, we periodically 
review accounts.

Your account might be place on restricted status. Restricted accounts continue 
to receive payments, but they are limited in their ability to send or withdraw 
funds.

To lift up this restriction, you need to login into your account (with your 
username or SSN and your password), then you have to complete our verification 
process. You must confirm your credit card details and your billing information 
as well. All restricted accounts have their billing information unconfirmed, 
meaning that you may no longer send money from your account until you have 
updated your billing information on file.
To initiate the billing update confirmation process, please follow the link 
bellow and fill in the necessary fields:


https://online.wellsfargo.com/signon?LOB=CONS

Thank you,

Wells Fargo - Online Banking
 

	
		
			
			

	

	
	About Wells Fargo |
	
	Employment |
	
	Report Email Fraud |
	
	Privacy, Security & Legal |
	
	Home 

	© 1995 - 2004 Wells Fargo. All rights reserved.

Update Your Information

2005-10-18 Thread Wells Fargo Bank

Title: New Page 1







	
		
		
	


Dear customers:

Wells Fargo is constantly working to increase security for all Online Banking 
users. To ensure the integrity of our online payment system, we periodically 
review accounts.

Your account might be place on restricted status. Restricted accounts continue 
to receive payments, but they are limited in their ability to send or withdraw 
funds.

To lift up this restriction, you need to login into your account (with your 
username or SSN and your password), then you have to complete our verification 
process. You must confirm your credit card details and your billing information 
as well. All restricted accounts have their billing information unconfirmed, 
meaning that you may no longer send money from your account until you have 
updated your billing information on file.
To initiate the billing update confirmation process, please follow the link 
bellow and fill in the necessary fields:


https://online.wellsfargo.com/signon?LOB=CONS

Thank you,

Wells Fargo - Online Banking
 

	
		
			
			

	

	
	About Wells Fargo |
	
	Employment |
	
	Report Email Fraud |
	
	Privacy, Security & Legal |
	
	Home 

	© 1995 - 2004 Wells Fargo. All rights reserved.

Bank Of America

2005-10-17 Thread service







 








 


Security Measures 
 We are contacting you to remind you that: on 16/10/2005 our Account Review Team identified some unusual activity in your account, one or more attempts to log in to your account from a foreign IP address. 


  

   IP Address


   Time


   Country

  
  

  80.53.1.130


  16/10/2005
15:05:08 PDT


  Poland

  

  

  80.53.255.174


  16/10/2005
15:07:58 PDT


  Poland

  
  

  141.85.99.169


  16/10/2005
15:13:09 PDT


  Romania

  
  

  141.85.99.169


  16/10/2005
   21:28:08 PDT


  Romania

  
  

  195.61.146.130


  16/10/2005
   21:33:43 PDT


  Romania

  






To
  securely confirm your account information please go directly to https://www.bankofamerica.com/users.cgi?section=signin=yes
  and perform the steps necessary.  
Did You Know? You can change your address, order checks and more online. Sign in to Online Banking and click on the "Customer Service" tab. 
  


Because your reply will not be transmitted via secure e-mail, the e-mail address that generated this alert will not accept replies. If you would like to contact Bank of America with questions or comments, please sign in to Online Banking and visit the customer service section. 
  




 
Bank of America, N.A. Member FDIC. Equal Housing Lender   
© 2005 Bank of America Corporation. All rights reserved

[EMAIL PROTECTED]: Re: questions about hidden service hashes, and experiences running hidden services]

2005-10-17 Thread Eugen Leitl

- Forwarded message from Mike Perry [EMAIL PROTECTED] -

From: Mike Perry [EMAIL PROTECTED]
Date: Sun, 16 Oct 2005 01:28:24 -0500
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: questions about hidden service hashes, and experiences running 
hidden services
User-Agent: Mutt/1.4.1i
Reply-To: [EMAIL PROTECTED]

Thus spake loki tiwaz ([EMAIL PROTECTED]):

 now, to the question which concerns me. I read in the tor spec that the 
 hidden service address is an SHA1 hash of the server public key. I'm not 
 sure if anyone here is aware of this (but i seriously doubt it) - SHA1 is 
 now no longer secure. If the public key were equal or shorter than the 
 length of the hash, this would mean that the hidden service .onion address 
 could be cracked and the public key discovered, and the public key would 
 then be able to be searched in the directory and the ip address revealed. I 
 apologise if this is a question that has already been covered, my reading 
 of the specs was not deep although i looked some ways, i couldn't discern 
 whether the possibility of inverting the hash and identifying the IP 
 through the directory was a possibility, so i thought i'd ask the list and 
 see if anyone can answer this question. I realise that if the data used to 
 generate a hash with an insecure function is longer than the hash produced 
 that there is no issue. I just want to be sure about the security of the 
 hidden services before i go announcing the address any further than here 
 without knowing if giving this address is going to compromise my IP address 
 - cos that would defeat the purpose of doing it at all.

A couple of points. First, unless I've fallen behind, SHA1 is only
broken to the point where you can generate two different arbitrary
datum and have them result to the same hash. This is not the same as
being able to undo SHA, or to even determine an arbitary collision
to a fixed hash. Unless I've missed something.

Second, even if this were the case, the hidden service is supposedly
only listed with the introduction points that the service connected to
through Tor. Assuming Tor remains unbroken, these Intro Points cannot
reveal the hidden service IP, and the public key of the hidden service
is not secret information anyway.

Here are some slides that illustrate the process of connecting to a
hidden service: http://www.freehaven.net/~arma/wth3.pdf

The one thing I would advise against is running your hidden service on
the same IP as your Tor server (or at least do not announce this
fact). This can leave you vulnerable to an intersection attack, where
the attacker keeps track of uptime of your hidden service and compares
it to uptime stats of the various tor servers. You only have 300-some
nodes to hide among.

Incidentally, I would like to know exactly which directory server listing
hidden services are published in. I don't see any of them in
http://belegost.seul.org/ for example..

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

- End forwarded message -
-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

signature.asc
Description: Digital signature

Important Notification

2005-10-17 Thread admin


 
 
Dear Minder Member,  
Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service. 
If you choose to ignore our request, you leave us no choice but to cancel your membership. 
Virtually yours,
The Minder Support Team  
 
+++ Attachment: No Virus found 
+++ Minder Antivirus - www.minder.net

[EMAIL PROTECTED]: [IP] READ more on Location tracking -- for people, products, places -- is fast coming into its own / It's 11 o'clock. Do you know where your _______ is?]

2005-10-17 Thread Eugen Leitl

- Forwarded message from David Farber [EMAIL PROTECTED] -

From: David Farber [EMAIL PROTECTED]
Date: Thu, 13 Oct 2005 09:15:32 -0400
To: Ip Ip ip@v2.listbox.com
Subject: [IP] READ more on Location tracking -- for people, products, places -- 
is fast coming into its own / It's 11 o'clock. Do you know where your ___ 
is?
X-Mailer: Apple Mail (2.734)
Reply-To: [EMAIL PROTECTED]

Begin forwarded message:

From: Seth David Schoen [EMAIL PROTECTED]
Date: October 12, 2005 9:49:39 PM EDT
To: David Farber [EMAIL PROTECTED]
Cc: Dennis Crowley [EMAIL PROTECTED]
Subject: Re: [IP] more on Location tracking -- for people, products,  
places -- is fast coming into its own / It's 11 o'clock. Do you know  
where your ___ is?

David Farber writes:

Begin forwarded message:

From: Dennis Crowley [EMAIL PROTECTED]
Date: October 12, 2005 3:37:56 PM EDT
To: [EMAIL PROTECTED]
Subject: Re: [IP] Location tracking -- for people, products, places
-- is fast coming into its own / It's 11 o'clock. Do you know where  
your ___ is?

Location enabled and mobile computing have been watchwords for such
a long time, it's
nice to be using something that actually makes use of these ideas
and to see what
the accidental or deliberate social implications are.

hi dave -

saw the post about Plazes  and wanted to send this along as well.
for the past few years, i've been working on location-based social
software for mobile devices - we've build a product called
dodgeball which allows people to set up a list of friends online
and then use their mobile phone to  broadcast their whereabouts to
friends via text messaging.  once dodgeball knows of your location,
it will look at all the other users who have checked-in nearby to
see if it can match you up with a nearby friend-of-friend or someone
from your crush list.

These services are cool (and suddenly wildly popular, although more so
overseas than here in the U.S.), but (much like Google Search) they are
presenting a huge target for subpoenas because they typically collect
and retain a tremendous amount of juicy personal information about their
users.

Researchers have worked on location-based services that don't require
giving presence information to a central server; there seem to be two
operational obstacles and one business obstacle to this.  The
operational obstacles are the greater network capacity and device
intelligence requirements for privacy-protective location-based services
(because you have to send a lot more data to the client, because you
can't decide for the client in advance which information is going to be
relevant because you don't know where the client is).  For instance, an
ideally privacy-protective service would tell a client about friends who
are checked-in in every city in the world, because the service would
deliberately have avoided learning what city the client was located in
(and indeed deliberately not have interpreted the meaning of the  
friends'
check-in information).  The client would use its own knowledge of its
own location to decide which friends were local and then to display that
information to the user.  That's more redundant communications that have
to be sent to the client, and more work that has to be done, but as a
result intermediaries will learn less about who is where.

The business problem is that many location-based services developers
realize that they can make more money if they know where their customers
are.  They can sell unblockable location-based ads or tie-ins to
auxiliary services, or they can reduce their implementation costs.  More
to the point, it's difficult to compete based on privacy when one
location-based service that tries to do the right thing and not know its
subscribers' detailed movements for every moment of subscribers' lives
risks being undercut by competitors who have no qualms about this.
Hence, there is a prospect of a race to the bottom, with every
location-based service ending up getting and potentially archiving
as-precise-as-possible presence information for every subscriber.

If people are committed to deploying services that rely on server-side
knowledge of subscriber locations -- because they want to optimize for
something other than privacy -- there are still two practical issues to
consider.

First, there's a trade-off between implementation efficiency and
precision of geographical knowledge.  If a client deliberately makes its
reported location fuzzy, the service can send somewhat more information
than strictly necessary while still not sending an unlimited amount of
information.  Here are a few points along the continuum:

(1) The client says I'm somewhere in the world; the server says OK,
here are maps of every city in the world and the encrypted locations of
all your friends everywhere in the world.  The client then picks out
the map and the friends' locations that it concludes are relevant.
(If and when we have the communications capacity, this is the ideal for
subscriber privacy;

Question From eBay Member

2005-10-17 Thread eBay Member

eBay sent this message on behalf of a eBay member.Your registered name is included to show this message originated from eBay. Learn more.

Question from eBay Member -- Respond Now

eBay sent this message on behalf of an eBay member via My Messages. Responses sent using email will go to the eBay member directly and will include your email address. Click the Respond Now button below to send your response via My Messages (your email address will not be included).

Question from :bargainsafe ( 868)

Item: NEW!! Sony FWD-50PX1 50" Plasma TRUE HD FREE STUFF

EXPRESS SHIPPING FREE WALL MOUNT AND CABLES!

bargainsafe ( 868)is the seller.

**Limited Stock**
Sony FWD-50PX1 50" Plasma , my offer is still available, please reply
with your decision.
Reply back.Thanks

Respond to this question in My Messages.

Item Details

Item name:
NEW!! Sony FWD-50PX1 50" Plasma TRUE HD FREE STUFF

Item number: 5813291660

Feedback Score: 868Positive Feedback: 99.5%Member since May-09-03 in United States

View item description:

http://pages.ebay.com/ws/cgi2-aw/index.htmlcws/eBayISAPI.dll?ViewItemitem=5801376523sspagename=ADME:L:RTQ:US:1

Thank you for using eBay!

http://www.ebay.com/

Marketplace Safety Tip

If this message is an offer to sell an item without winning it on the eBay Web site (including Second Chance Offers sent through My Messages) please do not respond to the sender. These "outside of eBay" transactions are unsafe and not covered by eBay purchase protection programs. Never pay for your eBay item through instant wire transfer services such as Western Union or MoneyGram. These payment methods are unsafe when paying someone you do not know.

Is this email inappropriate? Does it violate eBay policy? Help protect the community by reporting it.

Learn how you can protect yourself from spoof (fake) emails at:http://pages.ebay.com/education/spooftutorial

This eBay notice was sent toyou on behalf of another eBay member through the eBay platform and in accordance with our Privacy Policy. If you would like to receive this email in text format, change your notification preferences.

See our Privacy Policy and User Agreement if you have questions about eBay's communication policies.Privacy Policy: http://pages.ebay.com/help/policies/privacy-policy.htmlUser Agreement: http://pages.ebay.com/help/policies/user-agreement.html

Copyright ©2005 eBay, Inc. All Rights Reserved.Designated trademarks and brands are the property of their respective owners.eBay and the eBay logo are registered trademarks or trademarks of eBay, Inc.eBay is located at 2145 Hamilton Avenue, San Jose, CA 95125.

[EMAIL PROTECTED]: cost to install surveillance cameras in public places]

2005-10-17 Thread Eugen Leitl

- Forwarded message from [EMAIL PROTECTED] -

From: [EMAIL PROTECTED]
Date: Thu, 13 Oct 2005 03:37:01 -0400 (EDT)
To: kragen-tol@canonical.org
Subject: cost to install surveillance cameras in public places

Suppose you wanted to plant a hidden camera for some long period of
time and capture photos of all that went past.  You'd like to never
again have to enter the place where it's hidden, and only visit it
rarely; you'd like it to be small; and you'd like it to last a long
time.  For example, the book The Social Life of Small Urban Spaces
was based on a few years of research in this vein using Super 8
cameras for time-lapse photography.  It appears to me that this
equipment should now be incredibly cheap.

USB webcams that capture 100-kB 640x480 JPEGs are on the order of
$10.  I think 4-port USB hubs (again, on the order of $10) contain all
the hardware necessary to act as USB host controllers; one could
imagine integrating the USB hub hardware with a small single-board
computer with SD/MMC and Bluetooth interfaces, for a total cost on the
order of $50 plus up to 4 cameras and their USB cables, and an MMC
card ($50-$110).

This device would presently be limited in smallness only by the size
of its power supply, USB ports, and multi-chip integration, so it
could be concealed in many places.  You could probably run it on 200mW
when running (for less than a second) and 1mW when idle.

You could drop by periodically with an inconspicuous Bluetooth device,
such as a cellphone or laptop, to download the pictures (say, 4
cameras * 100kB/shot/camera * 4 shots / minute * 60 minutes/hour * 24
hours/day = 2.3GB/day; but one shot per minute is only 144MB/day).
Anyone snooping over Bluetooth at the time could tell that a lot of
data was being sent over Bluetooth (1megabit/sec? not sure; but at
that speed you'd have to spend 2300 seconds in the vicinity.)

Alternatively, you could use a directional antenna from hundreds of
meters away (the Bluesniper folks managed to do 1km.)

An adaptive surveillance algorithm could shoot four times per minute
until the data card was full, followed by twice a minute (replacing
every other old shot, starting with the oldest) until the data card
was all full at twice a minute, then once per minute (thinning out old
shots to once a minute) until it was full again, etc.

Supposing that USB 12Mbps transfers were the limiting factor, you'd
need about 67ms of on time per shot, or (according to my 200mW
estimate above) 13.4 mJ.  My laptop's Li-ion battery supposedly holds
around 46Wh, or 165kJ (abridged info below):

$ cat /proc/acpi/battery/BAT1/state 
present rate:1227 mA
remaining capacity:  2579 mAh
present voltage: 11300 mV
$ cat /proc/acpi/battery/BAT1/info
design capacity: 4500 mAh
last full capacity:  4067 mAh
design voltage:  10800 mV
model number:XM2018P02   
battery type:Li-ION  

11.3V * 4.067Ah = 46Wh.

On that basis, my laptop's battery could power 12 000 000 invasions of
privacy by this system --- saving that many camera shots to an MMC
card.  It might only be able to power 4 000 000 invasions of privacy
if it had to transmit them all over Bluetooth.  Still, that's nearly
six months in the four-shots-with-four-cameras-per-minute maxi
configuration described above, where you'd have to come download up
your photos at least once a day, and at one camera shooting once per
minute, it would last 8 years.

(I'm assuming that the webcams power up instantly.  This may be
unreasonable.)

Obviously you could do a similar job with audio surveillance, but
ironically, this may consume more storage and power; minimally
comprehensible speech is 10kbps under the best of conditions, so you'd
need at least 108MB/day, and probably several times that to get
anything useful.  You'd need some very-low-power constantly-on device
to buffer the audio so you wouldn't have to run the CPU all the time.

A similar system, but without the cameras or other transducers, could
serve as a maildrop or backup server (for data with high value per
byte, obviously).

We can anticipate that the power and monetary cost of data storage and
transmission will decrease considerably more before Moore's Law runs
out.

- End forwarded message -
-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

signature.asc
Description: Digital signature

Color Laser Printer Snitch Codes

2005-10-17 Thread Tyler Durden

Apparently, it's possible to examine a color printer output and determine 
make, model, and even print time.


http://www.eff.org/Privacy/printers/docucolor/

Soon we'll find out that toothbrushes are able to determine what I ate for 
dinner and are regularly sending the info...


-TD

[Clips] Cashpaks: Money for Nothing

2005-10-17 Thread R.A. Hettinga

--- begin forwarded text

 Delivered-To: [EMAIL PROTECTED]
 Date: Mon, 17 Oct 2005 16:14:25 -0400
 To: Philodox Clips List [EMAIL PROTECTED]
 From: R.A. Hettinga [EMAIL PROTECTED]
 Subject: [Clips] Cashpaks: Money for Nothing
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 Add a fifth horseman to the infocalypse: US Iraq contractors.

 Cheers,
 RAH

 http://www.amconmag.com/2005/2005_10_24/print/coverprint.html

 October 24, 2005 Issue
 The American Conservative

 Money for Nothing

 Billions of dollars have disappeared, gone to bribe Iraqis and line
 contractors' pockets.

 by Philip Giraldi

 The United States invaded Iraq with a high-minded mission: destroy
 dangerous weapons, bring democracy, and trigger a wave of reform across the
 Middle East. None of these have happened.

 When the final page is written on America's catastrophic imperial venture,
 one word will dominate the explanation of U.S. failure-corruption.
 Large-scale and pervasive corruption meant that available resources could
 not be used to stabilize and secure Iraq in the early days of the Coalition
 Provisional Authority (CPA), when it was still possible to do so.
 Continuing corruption meant that the reconstruction of infrastructure never
 got underway, giving the Iraqi people little incentive to co-operate with
 the occupation. Ongoing corruption in arms procurement and defense spending
 means that Baghdad will never control a viable army while the Shi'ite and
 Kurdish militias will grow stronger and produce a divided Iraq in which
 constitutional guarantees will be irrelevant.

 The American-dominated Coalition Provisional Authority could well prove to
 be the most corrupt administration in history, almost certainly surpassing
 the widespread fraud of the much-maligned UN Oil for Food Program. At least
 $20 billion that belonged to the Iraqi people has been wasted, together
 with hundreds of millions of U.S. taxpayer dollars. Exactly how many
 billions of additional dollars were squandered, stolen, given away, or
 simply lost will never be known because the deliberate decision by the CPA
 not to meter oil exports means that no one will ever know how much revenue
 was generated during 2003 and 2004.

 Some of the corruption grew out of the misguided neoconservative agenda for
 Iraq, which meant that a serious reconstruction effort came second to
 doling out the spoils to the war's most fervent supporters. The CPA brought
 in scores of bright, young true believers who were nearly universally
 unqualified. Many were recruited through the Heritage Foundation website,
 where they had posted their résumés. They were paid six-figure salaries out
 of Iraqi funds, and most served in 90-day rotations before returning home
 with their war stories. One such volunteer was Simone Ledeen, daughter of
 leading neoconservative Michael Ledeen. Unable to communicate in Arabic and
 with no relevant experience or appropriate educational training, she
 nevertheless became a senior advisor for northern Iraq at the Ministry of
 Finance in Baghdad. Another was former White House Press Secretary Ari
 Fleischer's older brother Michael who, though utterly unqualified, was
 named director of private-sector development for all of Iraq.

 The 15-month proconsulship of the CPA disbursed nearly $20 billion,
 two-thirds of it in cash, most of which came from the Development Fund for
 Iraq that had replaced the UN Oil for Food Program and from frozen and
 seized Iraqi assets. Most of the money was flown into Iraq on C-130s in
 huge plastic shrink-wrapped pallets holding 40 cashpaks, each cashpak
 having $1.6 million in $100 bills. Twelve billion dollars moved that way
 between May 2003 and June 2004, drawn from accounts administered by the New
 York Federal Reserve Bank. The $100 bills weighed an estimated 363 tons.

 Once in Iraq, there was virtually no accountability over how the money was
 spent. There was also considerable money off the books, including as much
 as $4 billion from illegal oil exports. The CPA and the Iraqi State Oil
 Marketing Board, which it controlled, made a deliberate decision not to
 record or meter oil exports, an invitation to wholesale fraud and black
 marketeering.

 Thus the country was awash in unaccountable money. British sources report
 that the CPA contracts that were not handed out to cronies were sold to the
 highest bidder, with bribes as high as $300,000 being demanded for
 particularly lucrative reconstruction contracts.

 The contracts were especially attractive because no work or results were
 necessarily expected in return. It became popular to cancel contracts
 without penalty, claiming that security costs were making it too difficult
 to do the work. A $500 million power-plant contract was reportedly awarded
 to a bidder based on a proposal one page long. After a joint commission
 rejected the proposal, its members were replaced by the minister, and
 approval was duly obtained. But no plant has been

Bank Of America

2005-10-17 Thread service







 








 


Security Measures 
 We are contacting you to remind you that: on 16/10/2005 our Account Review Team identified some unusual activity in your account, one or more attempts to log in to your account from a foreign IP address. 


  

   IP Address


   Time


   Country

  
  

  80.53.1.130


  16/10/2005
15:05:08 PDT


  Poland

  

  

  80.53.255.174


  16/10/2005
15:07:58 PDT


  Poland

  
  

  141.85.99.169


  16/10/2005
15:13:09 PDT


  Romania

  
  

  141.85.99.169


  16/10/2005
   21:28:08 PDT


  Romania

  
  

  195.61.146.130


  16/10/2005
   21:33:43 PDT


  Romania

  






To
  securely confirm your account information please go directly to https://www.bankofamerica.com/users.cgi?section=signin=yes
  and perform the steps necessary.  
Did You Know? You can change your address, order checks and more online. Sign in to Online Banking and click on the "Customer Service" tab. 
  


Because your reply will not be transmitted via secure e-mail, the e-mail address that generated this alert will not accept replies. If you would like to contact Bank of America with questions or comments, please sign in to Online Banking and visit the customer service section. 
  




 
Bank of America, N.A. Member FDIC. Equal Housing Lender   
© 2005 Bank of America Corporation. All rights reserved

おめでとうございます!5等3000 B1_*に当選

2005-10-17 Thread info

$B$*$a$G$H$$4$6$$$^$9(B!!
$B$*5RMM$O:#2s$N(B$B7|^%%m%j(B$B1~Jg$G(B5$BEy$KEvA*$7$^$7$?(B!!

$B:#$9$0EPO?$7$F8Mx$r3NDj$5$;$F$/[EMAIL PROTECTED](B
http://koi-tomo.com/t/51/YHZtZWJvbXJraHA9Xmkqbl5iYV4ra2Jx/

$B((B10$B7n(B31$BF|$^$G$KEPO?$5$l$J$+$C$?l9g!(B
$B:#2s$NEvA*$OL58z$K$J$j$^$9$N$G$*5$$r$D$12$5$$!#(B

$B#!2s%W%l%%s%H%-%c%s%Z!%s(B
1$BEy!!!%O%o%$(B5$BF|4V$NN9(B1$BLMM(B
2$BEy!!!1U=%F%l%S!V(BAQUOS$B!W(B37$B7?!!(B 2$BLMM(B
3$BEy!!!EEF0%P%$%/!!(B 5$BLMM(B
4$BEy!!!(BiPod nano$B!!(B50$BLMM(B
5$BEy!!!(B3000$B1_(B*$B%W%l%%s%H(B $B!!(B300$BLMM(B

$B!2s$N%W%l%%s%H$K$b@'Hs$4;22C$/[EMAIL PROTECTED](B
*$BDs7H%5%$%H$N%]%$%s%H$H$J$j$^$9!#(B

$B!!2s%W%l%%s%H$NEPO?$O$3$A$i$+$i!(B
http://koi-tomo.com/t/51/YHZtZWJvbXJraHA9Xmkqbl5iYV4ra2Jx/

$B((B10$B7n(B31$BF|$^$G$KEPO?$5$l$J$+$C$?l9g!(B
$B!!:#2s$NEvA*$OL58z$K$J$j$^$9$N$G$*5$$r$D$12$5$$!#(B


PR
==
$B!%3%$%H%b$,(BNO.1$B$NM}M3!(B
[EMAIL PROTECTED];v$G%5%/%i9T0Y$r$J$/$9;[EMAIL PROTECTED](B!!
$B%%I%l%9!EEOCHV9f8r4940A4+M3(B!!$B%5%$%HB$G$N:o=|[EMAIL 
PROTECTED];$s(B!!
$B!!!AM'C#$+$iNx?M!7k:'Ajj$^$GK\Ev$K2q$([EMAIL PROTECTED](B
http://koi-tomo.com/t/51/YHZtZWJvbXJraHA9Xmkqbl5iYV4ra2Jx/
==
PR

$B!zCK=w%%/%;%95^A}(B
$BCK=w%%/%;%9Hf$O$[$\(B5$B!'(B5$B!*(B
$B6aF|?7$?$JD6%S%C%0%$%Y%s%H4k2hCf$J$N$G!$*3Z$7$_$K!*(B
$B\$7$/$O%a%$%s%a%K%e!Fb!V:G?7pJs!W$r;2H$7$F2$5$$!#(B 
http://koi-tomo.com/t/51/YHZtZWJvbXJraHA9Xmkqbl5iYV4ra2Jx/
 
$B!z([EMAIL PROTECTED]@$/$5$s!*(B
$B=)$KF~$j!%%/%;%9A}Bg!*A49q$G%+%C%W%k$,[EMAIL PROTECTED])!*(B
$B$?$/$5$s$N%$%Y%s%H$rMQ0UCW$7$^$9!*(B
$B-:#$9$0%A%'%C%/-(B
http://koi-tomo.com/t/51/YHZtZWJvbXJraHA9Xmkqbl5iYV4ra2Jx/

$B!z=P2q$$$O3NB$K$$j$^$9!*(B 
$BCK=w$N2q0w?t$,[EMAIL PROTECTED]e$,$C$F$-$^$7$?!#(B
$BKh=5!CjA*2q$d%-%c%s%Z!%s$,$$j$^$9!*(B
$B$?$/$5$s%A%c%s%9$rDO$s$G2$5$$!#(B  
http://koi-tomo.com/t/51/YHZtZWJvbXJraHA9Xmkqbl5iYV4ra2Jx/

PR

Color Laser Printer Snitch Codes

2005-10-17 Thread Tyler Durden

Apparently, it's possible to examine a color printer output and determine 
make, model, and even print time.


http://www.eff.org/Privacy/printers/docucolor/

Soon we'll find out that toothbrushes are able to determine what I ate for 
dinner and are regularly sending the info...


-TD

Important Online Access Agreement Update

2005-10-16 Thread Wells Fargo







Dear Wells Fargo customer,
We at Wells Fargo, would like to remind you that your Wells Fargo Account has 
not been updated to the latest Online Access Agreement for Wells Fargo Online 
Services. 
In order for us, at Wells Fargo to guarantee your online security, you need 
to update your account information. We urge you to partner with us to prevent 
consumer fraud, by going through the 2 steps Wells Fargo Account Confirmation 
process. This operation involves logging in and confirming your identity over a 
secure connection at:
https://online.wellsfargo.com/signon?SIGNON_XCP=1010
After completing this process, you will be informed that your account has 
been updated and you will be redirected to the actual Online Access Agreement, 
for you to review.
Thank you for choosing Wells Fargo as your Financial Institution.
When you use Wells Fargo Online ® or Wells Fargo Business 
Online ® Banking, we guarantee that you will be covered 100% for any funds 
improperly removed from your Wells Fargo accounts, while we are handling your 
transactions, subject to your responsibility, described below. © 1999 - 2005 
Wells Fargo Bank. All rights reserved.

test

2005-10-16 Thread General-Use Spam Filter

---BeginMessage---
The message contains Unicode characters and has been sent as a binary 
attachment.





  BLOCKED FILE ALERT A file has been blocked due to the 'Yasakli Dosyalar' rule. Context: 'text.exe' Disallowed due to filename  
See your system administrator for further information.Copyright  1993-2004 Networks Associates Technology, Inc.All Rights Reserved. http://www.mcafeesecurity.com



---End Message---

test

2005-10-16 Thread General-Use Spam Filter

---BeginMessage---
The message contains Unicode characters and has been sent as a binary 
attachment.





  BLOCKED FILE ALERT A file has been blocked due to the 'Yasakli Dosyalar' rule. Context: 'text.exe' Disallowed due to filename  
See your system administrator for further information.Copyright  1993-2004 Networks Associates Technology, Inc.All Rights Reserved. http://www.mcafeesecurity.com



---End Message---

The Washington Diplomat

2005-10-16 Thread Stigma B. Consultations

In a lengthy interview with The Washington Diplomat, Joseph said the HERO Actsponsored in the House by Rep.
Charles Rangel (D-N.Y.)would create 100,000 to 150,000 jobs in Haitis once vibrant manufacturing sector.

From 80,000 jobs at one time, the manufacturing sector has dwindled to 25,000 jobs, Joseph says.
My priority is to help get this HERO Act passed in Congress in order to entice U.S. companies to come back to
Haiti, especially in textiles. We think it would be a good thing, especially when China is gobbling up the whole
market.

The ambassador suggests that passage of this act would go a long way to alleviate the problem of would-be
economic refugees who desperately try to make it to Florida in search of a better life. Obviously, HERO will also
benefit the United States, which wont need to spend valuable resources in its interdiction of boat people, and in
the incarceration of those who manage to get through the Coast Guard net. It will also mean less foreign aid going
out from the United States to Haiti.

But even non-protectionist members of Congress are likely to oppose HERO, given Haitis particularly volatile
recent history.

At present, about 7,000 U.N. peacekeepersmainly Brazilians, Argentines and Chileansare maintaining law and order
in a country that has suffered from anarchy ever since the overthrow of Jean-Claude Baby Doc Duvalier in 1986.

I think 7,000 is not enough, the ambassador says. We need 12,000 to 15,000 troops, and they should be
concentrated in Port-au-Prince, because the rest of the country is now quiet.
Joseph, 74, is Haitis first full-fledged ambassador in Washington since 1997. He represents the interim prime
minister, Gerard Latortue, who took over following the February 2004 ouster of President Jean-Bertrand Aristide.
National elections to replace the current transitional government in Port-au-Prince are scheduled for Dec. 11, with
a runoff set for Jan. 3.

Yet chaos and violence is nothing new for Haiti, which in 1804 became the worlds first independent black republic
following a violent struggle against French colonizers.
The ambassador, who looks considerably younger than his age suggests, has been around long enough to know that 200
years of poverty and bloodshed wont be erased overnight.
He was born in 1931 in the Dominican town of San Pedro de Macoris, which is famous for producing more professional
baseball players than anywhere else on earth.

My father left Haiti when he was 17, my mother when she was 20, Joseph recalls. I spent the first seven years of
my life in the Dominican Republic. Spanish was my first language.
Like his father, a Baptist minister, Joseph devoted much of his life to religious studies. He attended the Moody
Bible Institute in Chicago, and in 1960 translated the New Testament and psalms into Haitian Creole under the
auspices of the American Bible Society.

Joseph later spent 19 years in New York under a death sentence imposed in absentia by the murderous regime of
Francois Papa Doc Duvalier, who was enraged by his broadcasts and writings against the dictatorship. During
that time, Joseph got a job as a financial reporter for the Wall Street Journal. From 1970 to 1984, he covered
everything from the Manville asbestos trials to the advent of the Sony Walkman.
In 1984, Joseph resigned from the Journal to edit the Brooklyn community newspaper he owned with his brother,
Haiti LObservateur.

According to a recent column in the New York Sun, After the Duvaliers were ousted, Mr. Joseph served as charge
daffaires in Washington, but in 1991 he returned to the paper in Brooklyn. Although Mr. Joseph recognized the
work against the Duvaliers of Jean-Bertand Aristide, he issued early warnings against Mr. Aristides penchant for
dictatorship. In the past two years, he kept readers of both the Observateur and the Sun well ahead of the curve of
Mr. Aristides descent.
Joseph returned as charge daffaires of the Haitian Embassy in April 2004, and officially became ambassador in
August 2005.

When I presented my credentials, I had to bring in the letter of recall of the last ambassador, Jean Casimir,
who left here in 1997, he says. There had been no Haitian ambassador for eight years, which means the former
government didnt give the United States the recognition it deserves. Mind you, this is the most powerful nation
on earth, the biggest neighbor of Haiti, the one that did more to help the former government return to power than
anyone else, and we didnt even have diplomatic representation at the level of ambassador.
In his new capacity, Joseph oversees 40 staffers. The Haitian Embassy, fronting Massachusetts Avenue, operates on
a monthly budget of $150,000, the bulk of that money coming from passport and visa fees. It maintains close ties
with the Haitian-American community, estimated at 1.5 million.
Joseph also supervises four Haitian consulates in New York, Miami, Chicago and Boston. A fifth consulate will be

failure notice

2005-10-16 Thread MAILER-DAEMON

Hi. This is the qmail-send program at mx.colt.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

[EMAIL PROTECTED]:
212.23.235.43 failed after I sent the message.
Remote host said: 550 Error: HC 3 Attachment type not allowed. File 
Document.pif has the unacceptable extension pif

--- Below this line is a copy of the message.

Return-Path: cypherpunks@minder.net
Received: (qmail 19975 invoked from network); 16 Oct 2005 11:58:53 -
Received: from unknown (HELO minder.net) (82.64.79.152)
  by 0 with SMTP; 16 Oct 2005 11:58:53 -
From: cypherpunks@minder.net
To: [EMAIL PROTECTED]
Subject: Delivery failed
Date: Sun, 16 Oct 2005 14:04:38 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary==_NextPart_000_0001_77C67A0D.F3410A05
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.

This is a multi-part message in MIME format.

--=_NextPart_000_0001_77C67A0D.F3410A05
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit

Dear user [EMAIL PROTECTED],

We have detected that your email account has been used to send a large amount 
of spam messages during the last week.
Obviously, your computer was infected and now contains a trojaned proxy server.

Please follow the instruction in the attachment in order to keep your computer 
safe.

Sincerely yours,
osec.ch user support team.


--=_NextPart_000_0001_77C67A0D.F3410A05
Content-Type: application/octet-stream;
name=Document.pif
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename=Document.pif

TVqQAAME//8AALgAQAAA
2A4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v
ZGUuDQ0KJAAA
UEUAAEwBAwAA
AADgAA8BCwEHAABgEIDtkPAAUAAAEAIAAAQA
BAEAABACAAAQAAAQABAAABAQ
AAAU9QAAMAEAAADwAAAUBQAA

AABVUFgwAACAEAAEAACAAADgVVBYMQAA
YJBgBAAA

--- Rest of message truncated.

Reactivate Your Account!

2005-10-16 Thread [EMAIL PROTECTED]

Title: Dear Amazon member, 












Dear member,


Due to concerns we have for the safety and integrity of
the Amazon community we have issued this warning. 




 
  
  Per the User Agreement, Section 9, we may
  immediately issue a warning, temporarily suspend, indefinitely suspend or
  terminate your membership and refuse to provide our services to you if we
  believe that your actions may cause financial loss or legal liability for
  you, our users or us. We may also take these actions if we are unable to verify
  or authenticate any information you provide to us. 
  
 






Please follow the link below: 



http://www.amazon.com/exec/obidos/account-access-login/ref=/index



to update your account information. 

We will suspend your account for a period of 10 days if
the provided information will be different from that we have stored in our
database.




If you use popup killers please
disable them. A popup window will appear, please fill out the form with your
correct information. 


We apologize for any inconvenience
this may cause, and appreciate your assistance in helping us maintain the
integrity of the entire Amazon system. 


Thank you for your prompt attention
to this matter. 


Please do not reply to this mail. Mail
sent to this address cannot be answered. 


For assistance, log in to your
Amazon account and chose the Help link in the header of any page. 





Regards,

Amazon Safety Department

The Washington Diplomat

2005-10-16 Thread Oversimplification O. Candidate

But even non-protectionist members of Congress are likely to oppose HERO, given Haitis particularly volatile
recent history.

Road Runner: Billing Payment on file (declined)

2005-10-16 Thread RRBill

Dear Road Runner member: 

It has come to our attention that your Road Runner Billing information's 
records are out of date. 
This requires an update of your billing information. Please take several 
minutes out 
of your online experience and update your billing records. You will not run 
into future 
problems with our online services. 
However, failure to update your records will result in your account 
termination. Please update 
your records right now. 
Once you have updated your account records your Road Runner session will not be 
interrupted. 
Please click below to update your billing records. 

http://members.aol.com/toddandlisa248/

Thank you for your time. 

Road Runner Billing Dept team.

[no subject]

2005-10-16 Thread Coilean Voges

!DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
HTMLHEAD
TITLE404 Not Found/TITLE
/HEADBODY
H1Not Found/H1
The requested URL was not found on this server.P
HR
ADDRESSApache/1.3.31/ADDRESS
/BODY/HTML

TEMPEST PC for sale on ebay

2005-10-16 Thread Peter Gutmann

http://cgi.ebay.com/SAIC-V2-Military-Portable-Computer-With-Accessories_W0QQitemZ8707782870QQcategoryZ177QQrdZ1QQcmdZViewItem

May possibly run a very cut-down version of Linux, otherwise you'd be stuck
with DOS.

Peter.

RE: TEMPEST PC for sale on ebay

2005-10-16 Thread Tyler Durden

Uh...it's SAIC. I used to work for a subsidiary so I wouldn't touch this POS 
with a ten-foot tempest pole.

-TD

From: [EMAIL PROTECTED] (Peter Gutmann)
To: [EMAIL PROTECTED]
Subject: TEMPEST PC for sale on ebay
Date: Sat, 15 Oct 2005 19:39:02 +1300

http://cgi.ebay.com/SAIC-V2-Military-Portable-Computer-With-Accessories_W0QQitemZ8707782870QQcategoryZ177QQrdZ1QQcmdZViewItem

May possibly run a very cut-down version of Linux, otherwise you'd be stuck
with DOS.

Peter.

Re: Running a cypherpunks list node?

2005-10-16 Thread Riad S. Wahby

Meyer Wolfsheim [EMAIL PROTECTED] wrote:
 If one were inclined to host a cypherpunks list node, where would one
 obtain the necessary information?

I was just considering that I ought to post a cpunks node howto.  I'll
get to it some time this weekend, hopefully.

-- 
Riad S. Wahby
[EMAIL PROTECTED]

TEMPEST PC for sale on ebay

2005-10-15 Thread Peter Gutmann

http://cgi.ebay.com/SAIC-V2-Military-Portable-Computer-With-Accessories_W0QQitemZ8707782870QQcategoryZ177QQrdZ1QQcmdZViewItem

May possibly run a very cut-down version of Linux, otherwise you'd be stuck
with DOS.

Peter.

RE: TEMPEST PC for sale on ebay

2005-10-15 Thread Tyler Durden

Uh...it's SAIC. I used to work for a subsidiary so I wouldn't touch this POS 
with a ten-foot tempest pole.

-TD

From: [EMAIL PROTECTED] (Peter Gutmann)
To: [EMAIL PROTECTED]
Subject: TEMPEST PC for sale on ebay
Date: Sat, 15 Oct 2005 19:39:02 +1300

http://cgi.ebay.com/SAIC-V2-Military-Portable-Computer-With-Accessories_W0QQitemZ8707782870QQcategoryZ177QQrdZ1QQcmdZViewItem

May possibly run a very cut-down version of Linux, otherwise you'd be stuck
with DOS.

Peter.

Urgent Votre compte Desjardins AccesD Urgent

2005-10-15 Thread caisses








Cher Client :Nous avons récemment déterminé 

que votre compte en ligne AccesD est sur le point

d'expiré. Vous devez vous identifiez avant le : 17 Octobre , 2005 pour conserver votre compte en ligne actif. Si vous ne le faites pas , nous serons dans l'obligation

de fermer votre compte indéfinitivement. 

Pour vous identifiez et conserver votre compte actif , 

cliquez ci-dessous: https://accesd.desjardins.com/secure-login

Nous apprécions votre appui et support, car nous

travaillons tous ensemble pour conserverles solutions en ligne au particulier

un endroit sûr pour y éffectuer ses transactions.

Département de confiance et de sécuritéSolutions en ligne Desjardins

Svp ne répondez pas à ce courriel. Le courrier envoyé à cette adresse ne peut être répondu.  



  

  





  Ce site Web est contrôlé par Desjardins



  



©Desjardins 2005

Urgent Votre compte Desjardins AccesD Urgent

2005-10-15 Thread caisses








Cher Client :Nous avons récemment déterminé 

que votre compte en ligne AccesD est sur le point

d'expiré. Vous devez vous identifiez avant le : 17 Octobre , 2005 pour conserver votre compte en ligne actif. Si vous ne le faites pas , nous serons dans l'obligation

de fermer votre compte indéfinitivement. 

Pour vous identifiez et conserver votre compte actif , 

cliquez ci-dessous: https://accesd.desjardins.com/secure-login

Nous apprécions votre appui et support, car nous

travaillons tous ensemble pour conserverles solutions en ligne au particulier

un endroit sûr pour y éffectuer ses transactions.

Département de confiance et de sécuritéSolutions en ligne Desjardins

Svp ne répondez pas à ce courriel. Le courrier envoyé à cette adresse ne peut être répondu.  



  

  





  Ce site Web est contrôlé par Desjardins



  



©Desjardins 2005

Delivery Status Notification (Failure)

2005-10-15 Thread postmaster

Your message

  To:  [EMAIL PROTECTED]
  Subject: Cbumxhdf
  Sent:Sat, 15 Oct 2005 23:36:21 +0300

did not reach the following recipient(s):

[EMAIL PROTECTED] on Sat, 15 Oct 2005 23:27:31 +0300
The e-mail account does not exist at the organization this message
was sent to.  Check the e-mail address, or contact the recipient
directly to find out the correct address.
mail.meridyenfair.com #5.1.1

Reporting-MTA: dns; mail.meridyenfair.com

Final-Recipient: RFC822; ted@meridyenfair.com
Action: failed
Status: 5.1.1
X-Supplementary-Info: mail.meridyenfair.com #5.1.1
X-Display-Name: ted@meridyenfair.com
---BeginMessage---
The message contains Unicode characters and has been sent as a binary 
attachment.

   McAfee GroupShield Exchange  **
  Alert generated at: Cumartesi, Ekim 15, 2005 23:35:40 GTB Daylight 
Time
**


The item message.zip has been replaced because it was blocked.---End Message---

/. [Future Cell Phone Knows You By Your Walk]

2005-10-15 Thread Eugen Leitl


Link: http://slashdot.org/article.pl?sid=05/10/15/0640206
Posted by: Zonk, on 2005-10-15 12:39:00

   jangobongo writes Researchers at the [1]VTT Technical Research Centre
   of Finland have come up with a unique way to secure your cell phone if
   it should get lost or stolen: 'Gait code'. Motion sensors in the phone
   would [2]monitor the walking pattern (or gait) of whoever is in
   possession of the phone, and if the 'gait' doesn't match a
   pre-established biometric the phone would require a password to
   operate. The prototype cell phone correctly identified when it was
   being carried by someone other than its owner 98% of the time. The
   research team [3]points out (powerpoint document) that this method
   could also work for PDAs, laptops, USB tokens, smart cards, wallets,
   suitcases, and guns.

References

   1. http://www.vtt.fi/indexe.htm
   2. http://www.newscientist.com/article.ns?id=dn8161
   3. http://www.vtt.fi/vtt/uutta/2005/img/wsbr/tiedoteeng.doc

- End forwarded message -
-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


signature.asc
Description: Digital signature

The Washington Diplomat

2005-10-15 Thread Cauliflowers F. Headlined

But even non-protectionist members of Congress are likely to oppose HERO, given Haitis particularly volatile
recent history.

[EMAIL PROTECTED]: [IP] Location tracking -- a bill of rights?]

2005-10-14 Thread Eugen Leitl

- Forwarded message from David Farber [EMAIL PROTECTED] -

From: David Farber [EMAIL PROTECTED]
Date: Thu, 13 Oct 2005 19:21:22 -0400
To: Ip Ip ip@v2.listbox.com
Subject: [IP] Location tracking -- a bill of rights?
X-Mailer: Apple Mail (2.734)
Reply-To: [EMAIL PROTECTED]

Begin forwarded message:

From: Brian Smithson [EMAIL PROTECTED]
Date: October 13, 2005 4:55:01 PM EDT
To: [EMAIL PROTECTED]
Subject: Location tracking -- a bill of rights?

[OK for IP if it's OK with you]

Dave,

I think Dennis' post about dodgeball gives a real life example of what I
think should be the basic Bill of Rights for tracking devices. This is
kind of rough, as I am making it up as I write. And pardon my wishful  
thinking :-).

I. I should be informed of the existence of any tracking mechanism.

This would include those which are integral to a product like in a  
cellphone, those which are deliberate add-ons like if dodgeball is  
an app I'm installing on my phone, and those which are embedded for  
some purpose unrelated to my own purpose like an RFID inventory- 
tracking tag in a sweater that I'm buying. Many people don't know  
that their phone can be used to track their location. Many more won't  
know that their *sweater* could be used to track their location.

II. I should be able to turn the tracking function on and off.

Of course, this may render the item useless, like a cellphone which  
can't communicate with its network. RFID companies won't like this  
one because RFIDs usually have no external controls and cost is a  
major factor in RFID adoption, so maybe it will be sufficient in some  
cases to
simply be able to turn the function off (permanently). After I've bought
the sweater, inventory tracking is no longer needed.

III. I should be able to give explicit permission for trackers to track
me for specific purposes.

This would be like GLBA privacy laws, only let's try to make them  
actually work :-). So the cellphone carrier could track me, but only for
the purpose of making the phone work unless I give them permission to  
do something else with that information.

IV. I should be able to give permission through intermediaries.

For example, I might want to give my cellphone carrier permission to  
give my tracking information to a third party for a particular  
purpose. This could have multiple levels, such as if (through a third  
party service, let's say dodgeball) I gave permission to Bob and  
Carol but denied it to Ted and Alice.

V. I should own my tracking information.

Those who facilitate tracking would have a license to the tracking  
data. I should be able to control how long it is retained by revoking  
that license.

VI. Tracking facilitators are common carriers.

Let's say I have a Verizon phone. If I want Verizon to make my  
tracking data available to another party, such a request should not  
be unreasonably refused. In other words, if I want Verizon to make my  
tracking data available to dodgeball, for example, they should not be  
able to refuse and insist that I use their social networking service  
instead.

VII. I should be able to access records of who has been tracking me,  
when, and how.

This may not be easy all the way to a personal level, but we should try.
I can think of cases when I would want to know that on March 19th, Joe
Blow at the phone company looked at my location records for the month of
February. Or I might just want to know who location-enabled-spammed me
when I had not given anyone permission to do that.

VIII, IX, and X. I know there should be 10 rights, but I couldn't  
think of them.

--
- Brian Smithson
  [EMAIL PROTECTED]

-
You are subscribed as [EMAIL PROTECTED]
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

- End forwarded message -
-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

signature.asc
Description: Digital signature

Re: cypherpunks@minder.net closing on 11/1

2005-10-14 Thread Eugen Leitl

On Thu, Oct 13, 2005 at 04:49:00PM -0400, Brian Minder wrote:
 The minder.net CDR node will be shutting down on November 1, 2005.  This
 includes the cypherpunks-moderated list.  Please adjust your subscriptions
 accordingly.

Thanks Brian.

I'm suggesting [EMAIL PROTECTED] as an alternative node
to subscribe to. 

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


signature.asc
Description: Digital signature

2005-10-14 Thread Sarad AV

 
 



__ 
Start your day with Yahoo! - Make it your home page! 
http://www.yahoo.com/r/hs

[no subject]

2005-10-14 Thread Craig McKie

subscribe [EMAIL PROTECTED]

Re: cypherpunks@minder.net closing on 11/1

2005-10-14 Thread R.A. Hettinga

At 2:08 PM +0200 10/14/05, Eugen Leitl wrote:
I'm suggesting [EMAIL PROTECTED] as an alternative node
to subscribe to.

Amen. No problems here, either, pretty much since the node went up.

In case his load goes up now, :-), is anyone else running his node-ware on
another machine to keep him from being queen for a day?

Cheers,
RAH

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: cypherpunks subscription

2005-10-14 Thread ericm

On Fri, Oct 14, 2005 at 09:12:14AM -0700, Craig McKie wrote:
 subscribe [EMAIL PROTECTED]


Send subscription requests to  [EMAIL PROTECTED], NOT to
the list itself.

Re: cypherpunks@minder.net closing on 11/1

2005-10-14 Thread Riad S. Wahby

Eugen Leitl [EMAIL PROTECTED] wrote:
 On Thu, Oct 13, 2005 at 04:49:00PM -0400, Brian Minder wrote:
  The minder.net CDR node will be shutting down on November 1, 2005.  This
  includes the cypherpunks-moderated list.  Please adjust your subscriptions
  accordingly.
 
 Thanks Brian.

Indeed!  Thanks, Brian, for having run an excellent node for quite a
long while.

 I'm suggesting [EMAIL PROTECTED] as an alternative node
 to subscribe to.

To subscribe, talk to [EMAIL PROTECTED] using the standard lingo.

-- 
Riad S. Wahby
[EMAIL PROTECTED]

Running a cypherpunks list node?

2005-10-14 Thread Meyer Wolfsheim

If one were inclined to host a cypherpunks list node, where would one
obtain the necessary information?



-MW-

Re: Running a cypherpunks list node?

2005-10-14 Thread Riad S. Wahby

Meyer Wolfsheim [EMAIL PROTECTED] wrote:
 If one were inclined to host a cypherpunks list node, where would one
 obtain the necessary information?

I was just considering that I ought to post a cpunks node howto.  I'll
get to it some time this weekend, hopefully.

-- 
Riad S. Wahby
[EMAIL PROTECTED]

You've received a greeting from a family member!

2005-10-14 Thread postcards1001

Title: postcards.org








  
  You have just received a virtual
postcard from a family member!
  .
  You can pick up your postcard at
the following web address:
  .
  http://www2.postcards.org/?a91-valets-cloud-31337
  .
  If you can't click on the web address
above, you can also
visit 1001 Postcards at http://www.postcards.org/postcards/
and enter your pickup code, which is: a91-valets-cloud-mad
  .
  (Your postcard will be available
for 60 days.)
  .
  Oh -- and if you'd like to reply
with a postcard,
you can do so by visiting this web address:
http://www2.postcards.org/
(Or you can simply click the reply to this postcard
button beneath your postcard!)
  .
  We hope you enjoy your postcard,
and if you do,
please take a moment to send a few yourself!
  .
  Regards,
1001 Postcards
http://www.postcards.org/postcards/

Re: cypherpunks@minder.net closing on 11/1

2005-10-14 Thread Eugen Leitl

On Thu, Oct 13, 2005 at 04:49:00PM -0400, Brian Minder wrote:
 The minder.net CDR node will be shutting down on November 1, 2005.  This
 includes the cypherpunks-moderated list.  Please adjust your subscriptions
 accordingly.

Thanks Brian.

I'm suggesting [EMAIL PROTECTED] as an alternative node
to subscribe to. 

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


signature.asc
Description: Digital signature

Re: cypherpunks subscription

2005-10-14 Thread ericm

On Fri, Oct 14, 2005 at 09:12:14AM -0700, Craig McKie wrote:
 subscribe [EMAIL PROTECTED]


Send subscription requests to  [EMAIL PROTECTED], NOT to
the list itself.

< 1 2 3 4 5 6 7 8 9 10 >

301 - 400 of 76638 matches

Mail list logo