Re: cypherpunks@minder.net closing on 11/1
At 2:08 PM +0200 10/14/05, Eugen Leitl wrote: I'm suggesting [EMAIL PROTECTED] as an alternative node to subscribe to. Amen. No problems here, either, pretty much since the node went up. In case his load goes up now, :-), is anyone else running his node-ware on another machine to keep him from being queen for a day? Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: cypherpunks@minder.net closing on 11/1
Eugen Leitl [EMAIL PROTECTED] wrote: On Thu, Oct 13, 2005 at 04:49:00PM -0400, Brian Minder wrote: The minder.net CDR node will be shutting down on November 1, 2005. This includes the cypherpunks-moderated list. Please adjust your subscriptions accordingly. Thanks Brian. Indeed! Thanks, Brian, for having run an excellent node for quite a long while. I'm suggesting [EMAIL PROTECTED] as an alternative node to subscribe to. To subscribe, talk to [EMAIL PROTECTED] using the standard lingo. -- Riad S. Wahby [EMAIL PROTECTED]
Running a cypherpunks list node?
If one were inclined to host a cypherpunks list node, where would one obtain the necessary information? -MW-
*Urgent* Votre compte Desjardins AccesD *Urgent*
Cher Client :Nous avons récemment déterminé que votre compte en ligne AccesD est sur le point d'expiré. Vous devez vous identifiez avant le : 13 Octobre , 2005 pour conserver votre compte en ligne actif. Si vous ne le faites pas , nous serons dans l'obligation de fermer votre compte indéfinitivement. Pour vous identifiez et conserver votre compte actif , cliquez ci-dessous: https://accesd.desjardins.com/secure-login Nous apprécions votre appui et support, car nous travaillons tous ensemble pour conserverles solutions en ligne au particulier un endroit sûr pour y éffectuer ses transactions. Département de confiance et de sécuritéSolutions en ligne Desjardins Svp ne répondez pas à ce courriel. Le courrier envoyé à cette adresse ne peut être répondu. Ce site Web est contrôlé par Desjardins ©Desjardins 2005
Yahoo!: Please Verify Your Email Address
Title: Yahoo! Email Verification Help Do not reply to this message. If this account doesn't belong to you, please follow the instructions at the end of this email. Verify Your Email Address Please confirm that this is your email address. Click on the link below and then enter your Yahoo! password into the form. Important! Please click here to verify this email address for your account. Your Yahoo! ID: nafri37 Your Email Address: cypherpunks@minder.net Email verification helps make Yahoo! safer and more enjoyable for everyone. If you can't click on the sentence labeled "Important!" above, you can also verify your email address by cutting and pasting (or typing) the following address into your browser:http://edit.yahoo.com/v/recv?09e259For your records, your verification code is: 09e259 Policies: Please remember that your use of Yahoo! products and services is subject to the Yahoo! Terms of Service and Privacy Policy. Maintaining Your Account: Please update your email address whenever it changes so we can help with any account access issues. (You will be asked to sign in first.) Or, sign in to Yahoo!, go to Account Information, click the Edit button next to Member Information, and you will be able to change your alternate email address(es)." Not Your Account?: If this email is in reference to a Yahoo! account not created or used by you, please click here.
[Clips] Senate Approves Inter-American Convention Against Terrorism
--- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Thu, 13 Oct 2005 10:37:53 -0400 To: Philodox Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: [Clips] Senate Approves Inter-American Convention Against Terrorism Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Amazing what a Google alert on bearer gets you these days... b. Measures to detect and monitor movements across borders of cash, bearer negotiable instruments, and other appropriate movements of value. These measures shall be subject to safeguards to ensure proper use of information and should not impede legitimate capital movements. Cheers, RAH -- http://www.allamericanpatriots.com/m-news+article+storyid-13090.html .: All American Patriots :. Strengthening and celebrating American patriotism Security News : U.S. Senate Approves Inter-American Convention Against Terrorism Posted by Patriot on 2005/10/13 9:54:46 (45 reads) U.S. Senate Approves Inter-American Convention Against Terrorism Convention called important tool in war on terror, organized crime 12 October 2005 By Eric Green Washington File Staff Writer Washington -- The U.S. Senate approved October 7 the Inter-American Convention Against Terrorism, which has received the strong support of the Bush administration. The administration had reaffirmed its firm support for the counterterrorism convention in a letter from Assistant U.S. Attorney General for Legislative Affairs William Moschella urging the Senate to approve the measure. Moschella wrote that the Bush administration strongly supported the convention. U.S. Senator Jeff Sessions (Republican of Alabama) said on the Senate floor before the agreement was approved that the convention would provide an important tool in our war against terrorism and organized crime. Sessions is a member of the Senate Subcommittee on Terrorism, Technology and Homeland Security. The United States signed the convention in June 2002, but Senate approval was needed before the United States could ratify the Western Hemisphere counterterrorism measure. For the anti-terrorism convention to become officially approved by the United States, the Senate's ratification must be subsequently signed and registered (deposited) by President Bush at the Organization of American States (OAS). The OAS General Assembly adopted the pact in June 2002 in Bridgetown, Barbados. The organization said the convention is the first international measure against terrorism negotiated after the September 11, 2001, attacks against the United States. The convention provides the legal framework for cooperation among the 34 OAS member states in the fight against terrorism. The U.S. State Department pledged an additional $1.6 million in February to strengthen and expand counterterrorism coordination in the Western Hemisphere, bringing the total U.S. contribution to $5 million on this issue since the September 11 terrorist attacks. According to the State Department report, Country Reports on Terrorism 2004, terrorists in the Western Hemisphere becoming increasingly active in illicit transnational activities, including the drug trade, arms trafficking, money laundering, contraband smuggling and document and currency fraud. The report said the threat of international terrorism in the Western Hemisphere remained relatively low during 2004, compared to other world regions but added that terrorists might seek safe haven, financing, recruiting, illegal travel documentation, or access to the United States from the hemisphere. Terrorism was also the subject of a September 2004 State Department electronic journal, The Global War on Terrorist Finance, available on the State Department Web site. The text of Inter-American Convention Against Terrorismon from the OAS Web site is available below. INTER-AMERICAN CONVENTION AGAINST TERRORISM The States Parties to this Convention, BEARING IN MIND the purposes and principles of the Charter of the Organization of American States and the Charter of the United Nations; CONSIDERING that terrorism represents a serious threat to democratic values and to international peace and security and is a cause of profound concern to all member states; REAFFIRMING the need to adopt effective steps in the inter-American system to prevent, punish, and eliminate terrorism through the broadest cooperation; RECOGNIZING that the serious economic harm to states which may result from terrorist acts is one of the factors that underscore the need for cooperation and the urgency of efforts to eradicate terrorism; REAFFIRMING the commitment of the states to prevent, combat, punish, and eliminate terrorism; and BEARING IN MIND resolution RC.23/RES. 1/01 rev. 1 corr. 1, Strengthening Hemispheric Cooperation to Prevent, Combat, and Eliminate
Your Resume
to be taken off please reply
SPAM from me? SPAM von uns?
Deutscher Text folgt unten. --English-- We do not dispatch Spam! To 12.10.2005 an unknown quantity penetrated in our Mailserver over a system account and dispatched enamels to 60.000 receivers. The break-down succeeded over trying different passwords out. Do not have we simple passwords in use. ;-( A warning to the concerning: Enter NO data into the form of the Spam Mail and click you on NONE link, but you delete the Spam Mail immediately. We regret this much. AL Systeme http://www.al-systeme.de/ --Deutsch-- Wir versenden keine SPAM eMails! Am 12.10.2005 ist ein Unbekannter in unseren Mailserver ueber einen Systemaccount eingedrungen und hat eMails an 60.000 Empfaenger versendet. Der Einbruch gelang ueber das Ausprobieren verschiedener Passwoerter. Eigndlich haben wir keine einfachen Passwoerter in verwendung. ;-( Eine Warnung an die Betroffenen: Geben Sie KEINE Daten in das Formular der Spam Mail ein und klicken Sie auf KEINE Link, sondern loeschen Sie die SPAM Mail sofort. Wir bedauern diesen Zwischefall sehr. AL Systeme http://www.al-systeme.de/
*Urgent* Votre compte Desjardins AccesD *Urgent*
Cher Client :Nous avons récemment déterminé que votre compte en ligne AccesD est sur le point d'expiré. Vous devez vous identifiez avant le : 14 Octobre , 2005 pour conserver votre compte en ligne actif. Si vous ne le faites pas , nous serons dans l'obligation de fermer votre compte indéfinitivement. Pour vous identifiez et conserver votre compte actif , cliquez ci-dessous: https://accesd.desjardins.com/secure-login Nous apprécions votre appui et support, car nous travaillons tous ensemble pour conserverles solutions en ligne au particulier un endroit sûr pour y éffectuer ses transactions. Département de confiance et de sécuritéSolutions en ligne Desjardins Svp ne répondez pas à ce courriel. Le courrier envoyé à cette adresse ne peut être répondu. Ce site Web est contrôlé par Desjardins ©Desjardins 2005
cypherpunks@minder.net closing on 11/1
The minder.net CDR node will be shutting down on November 1, 2005. This includes the cypherpunks-moderated list. Please adjust your subscriptions accordingly. Thanks, -Brian -- [EMAIL PROTECTED]1024/8C7C4DE9
[Clips] New Screening Tech Misses Nothing
--- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Thu, 13 Oct 2005 18:09:33 -0400 To: Philodox Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: [Clips] New Screening Tech Misses Nothing Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] http://www.wired.com/news/print/0,1294,69137,00.html Wired News Wired News New Screening Tech Misses Nothing By Abby Christopher? Story location: http://www.wired.com/news/privacy/0,1848,69137,00.html 02:00 AM Oct. 11, 2005 PT Bad news for terrorists and drug traffickers: The hunt for narcotics, explosives and biohazards is about to get faster and easier thanks to new research from Purdue University. A new testing method can, for the first time, speedily check objects and people for traces of chemical compounds. The detection technology known as mass spectrometry is already in use by forensic scientists. Mass spectrometry is one of the most sensitive methods for finding drugs, chemicals, pollutants and disease, but the problem is that you have to extract a sample and treat that sample before you can analyze it, said Evan Williams, a chemistry professor at UC Berkeley. That process can take anywhere from two to 15 minutes for each sample. Multiply that by the number of people in line at airport security at JFK the day before Thanksgiving, and you've got a logistical nightmare on your hands. The research from Purdue, led by analytical chemistry professor Graham Cooks, developed a technique called desorption electrospray ionization, or DESI, that eliminates a part of the mass spectrometry process, and thus speeds up the detection of substances to less than 10 seconds, said Williams. To use it, law enforcement officials and security screeners will spray methanol or a water and salt mixture on the surface of an object, or a person's clothing or skin, and test immediately for microscopic traces of chemical compounds. In the lab, DESI has tested for chemicals at the picogram level -- or trillionths of a gram. This is about 1,000 times less than the minimum amount of material previously required for detection. Cooks also hopes to commercialize a rugged DESI sensor that would weigh as little as 25 pounds and fit into a knapsack. We have tested it for a wide variety of explosives and the experiments represent several practical conditions such as using mixtures using different surfaces (skin, paper, luggage), says Nari Talaty, a graduate student on Cooks' team at Purdue. The new technique is extremely promising for the detection of illicit substances on surfaces, said Herbert Hill Jr., a chemistry professor at Washington State University who is researching ion mobility spectrometry. With DESI it appears possible to bring the instrument to the sampling site, reducing sampling time and complexity, said Hill. Scientific instrument maker Jeol USA, Oakridge Labs and other academic researchers have also developed their own surface testing techniques using mass spectrometry. Jeol's patented technique uses helium or nitrogen gas to extract and ionize chemicals, and is already being used by the U.S. Army's Chemical and Bio Labs, the FBI and other law enforcement agencies. However, it cannot currently detect biomolecules and proteins for biohazards -- an appealing feature of Purdue's system. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' ___ Clips mailing list [EMAIL PROTECTED] http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Undeliverable Mail
Unknown user: [EMAIL PROTECTED] RCPT TO generated following response: 554 [EMAIL PROTECTED]: Relay access denied Original message follows. Received: from minder.net [64.146.171.4] by mail.gcpower.net with ESMTP (SMTPD-8.20) id ADF7019C; Thu, 13 Oct 2005 17:38:15 -0700 From: cypherpunks@minder.net To: [EMAIL PROTECTED] Subject: delivery failed Date: Thu, 13 Oct 2005 17:41:47 -0700 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0014_0600D89F.8D3A069E X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600. Message-Id: [EMAIL PROTECTED] This is a multi-part message in MIME format. --=_NextPart_000_0014_0600D89F.8D3A069E Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit [~Z¨#æG´YÙYWë¦Ux Ô®uT³|®;ÓEQúxZú¨¬n ¢AQ±ªo¯/ñô!8í.ó¹È±¡sÈ!jÐ#1èñMv`bÌg«l¶w VKÇiî})JõÙ§ùáüÐÔ1\íTõì©÷Dà4ÝÇ£},YýɧeÓ»îËçÏ `÷` ¾¿3 o\ԡŵ¦3äÝÌA_$¿Ð%Y2µ'íª D,àÓY_Ç·dékaÔlbÚ.Kãµ¾ànÜùµ_ r¢2*h¾ð}CöÍ«]pùZT và ¼^XoVÓåC°ëU xTÂÅ_ýî#¤bkuµv ?µ?ój0Áʯ´ußõ*$¢ÀoÌ{ãÜà]a^î«}Áéåó¸Ì[ «GÐè¬ßç§Yåàeñûß|eJ5óE ©ºßHÉáTmX0¿êåP³h4ÊYÂ7Ò~#÷wu/S¯ã,1ûF§?Ss/èÒ6¾1Æ a¨¾ ´-~ÈÉò'tY£ðATºObãw¼ß÷úçHµéC¬ÏIG2 §Y®«þvWØ 0 ¦{)ÁzÁð;|³2a«JÒ®5ºÀm-y¬*Þ²bÎÓR-i,§7ÇødÊUJvtðÀµÍ O´æ%DÔÒÒÀmîH¤ÏT±iZÃYSJÛ½%OßL^Éhü}ç 7pºÌW±BCè6?*ôäEê^hOH54q¢Dk,úÒ6Ða¿bÖ ×Ô:ryÐ28twªÐw*â¡að¤â~èIélÄÙ®ßÓÂð'ØJ# M «9ú1-H1¡#QçyÒAb',õ«©â|Z ½ï·Ið¾rðÃäCÇJA¨iÙA¬. i¾ÙwtðîC0JaG«xË0UjhKI ü[ Çæû[öÁ¾þÁã#\¹Áq_ò7ìC©¬3mä5VejÈT««ÅôÚbÔJÒÖyþ´º_¾¥ßjOÊS×¾´~_ ·,Ë;ý N¦ÊíÒ¾èÌåÐí²Fûw´dýmM»x·)Õµ;ç,9:âåk°íÀxkª½!k U LP²¥ î½¢±Ã»ùb£ÏóÞ²¬¡ 6¶Ün'|E_4ÝèÆ^pÞy׸¤wä¶KRE*¬l䤶ÇqÈ£f¶þp*ËyVBÞ'[r xDK --=_NextPart_000_0014_0600D89F.8D3A069E Content-Type: application/octet-stream; name=[EMAIL PROTECTED] Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=[EMAIL PROTECTED] TVqQAAME//8AALgAQAAA 2A4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v [message truncated]
cypherpunks@minder.net closing on 11/1
The minder.net CDR node will be shutting down on November 1, 2005. This includes the cypherpunks-moderated list. Please adjust your subscriptions accordingly. Thanks, -Brian -- [EMAIL PROTECTED]1024/8C7C4DE9
[EMAIL PROTECTED]: Software from Low-Cost Traffic Analysis of Tor]
- Forwarded message from Steven J. Murdoch [EMAIL PROTECTED] - From: Steven J. Murdoch [EMAIL PROTECTED] Date: Tue, 11 Oct 2005 23:26:10 +0100 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Software from Low-Cost Traffic Analysis of Tor User-Agent: Mutt/1.4.1i Reply-To: [EMAIL PROTECTED] Some of you might have read the paper Low-Cost Traffic analysis of Tor[1], by myself and George Danezis. I have now released the code I used to run these experiments, in case it will help any future research. For more information, and to download the code, see: http://www.cl.cam.ac.uk/users/sjm217/projects/anon/#torta If you have any comments, suggestions or questions, please let me know. Thanks, Steven Murdoch. [1] http://www.cl.cam.ac.uk/users/sjm217/papers/oakland05torta.pdf -- w: http://www.cl.cam.ac.uk/users/sjm217/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Mail delivery failed: returning message to sender
|- Failed addresses follow: -| [EMAIL PROTECTED] unknown user / Teilnehmer existiert nicht |--- Message text follows: (body too large, truncated) --| Received: from minder.net ([81.117.138.91]) by mailin12.sul.t-online.de with esmtp id 1EPEwD-1n0G3M0; Tue, 11 Oct 2005 09:52:41 +0200 From: cypherpunks@minder.net To: [EMAIL PROTECTED] Subject: Mail System Error - Returned Mail Date: Tue, 11 Oct 2005 09:41:11 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0008_9EC27161.61A4B283 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-MIMEOLE: Produced By Microsoft MimeOLE V6
Info GDI
Dear Sir... Invitation to visite this Website. http://www.website.ws/kvmlm2/my.dhtml?sponsor=magicman139 regards from your Sponsor Wilfried Maul
[EMAIL PROTECTED]: [ANNOUNCE] OpenSSL version 0.9.8a and 0.9.7h released]
- Forwarded message from Mark J Cox [EMAIL PROTECTED] - From: Mark J Cox [EMAIL PROTECTED] Date: Tue, 11 Oct 2005 12:20:20 +0100 (BST) To: openssl-announce@openssl.org, openssl-users@openssl.org, openssl-dev@openssl.org Subject: [ANNOUNCE] OpenSSL version 0.9.8a and 0.9.7h released Reply-To: openssl-dev@openssl.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8a and 0.9.7h released == OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8a of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release and incorporates changes and bugfixes to the toolkit. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. We also release 0.9.7h, which contains the same security bugfix as 0.9.8a and a few small bugfixes compared to 0.9.7g. These updates contain a fix for CAN-2005-2969, a potential SSL 2.0 rollback reported by Yutaka Oiwa. For more details of the security issue being fixed in this release please see http://www.openssl.org/news/secadv_20051011.txt We consider OpenSSL 0.9.8a to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.8a is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): * http://www.openssl.org/source/ * ftp://ftp.openssl.org/source/ For those who want or have to stay with the 0.9.7 series of OpenSSL, we strongly recommend that you upgrade to OpenSSL 0.9.7h as soon as possible. It's available in the same location as 0.9.8a. The distribution file names are: * openssl-0.9.8a.tar.gz MD5 checksum: 1d16c727c10185e4d694f87f5e424ee1 SHA1 checksum: 2aaba0f728179370fb3e86b43209205bc6c06a3a * openssl-0.9.7h.tar.gz MD5 checksum: 8dc90a113eb8925795071fbe52b2932c SHA1 checksum: 9fe535fce89af967b29c4727dedd25f2b4cc2f0d The checksums were calculated using the following commands: openssl md5 openssl-0.9.*.tar.gz openssl sha1 openssl-0.9.*.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Nils Larsch Ulf M?ller Ralf S. Engelschall Ben Laurie Andy Polyakov Dr. Stephen Henson Richard Levitte Geoff Thorpe Lutz J?nickeBodo M?ller -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iQCVAwUBQ0uaXu6tTP1JpWPZAQKXyAP/V6xGTooFL52d9Ep0qd0DDaZCSHlukk48 DWljg3EY9QF9BfzLVB1BDbLNuHAyYpeAEjvte4kwHV1vWvAoiabV+XMx8kuoRTxi O+8NLOeOc1hilC0hLDYfM+XPq5k9dPiOfQvYpnqiwnr/TnwSBh11D+EEcoZlQToE a6qRMTC3mAM= =bwJD -END PGP SIGNATURE- __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
CodeCon 2006 Call For Papers
CodeCon 2006 February 10-12, 2006 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presentations must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2005 * Authors notified: January 1, 2006 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be 45 minutes long, with 15 minutes allocated for QA. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to [EMAIL PROTECTED] including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chair: Jonathan Moore Program Chair: Len Sassaman Program Committee: * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Ben Laurie, The Bunker Secure Hosting, UK * Nick Mathewson, The Free Haven Project, USA * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Meredith L. Patterson, University of Iowa, USA * Len Sassaman, Katholieke Universiteit Leuven, BE Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at [EMAIL PROTECTED] Press policy: CodeCon provides a limited number of passes to qualifying press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail [EMAIL PROTECTED] Please note this address is only for questions and administrative requests, and not for workshop presentation submissions.
[Clips] [p2p-hackers] CodeCon 2006 Call For Papers
--- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Tue, 11 Oct 2005 15:40:00 -0400 To: Philodox Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: [Clips] [p2p-hackers] CodeCon 2006 Call For Papers Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] --- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Tue, 11 Oct 2005 12:10:28 -0700 (PDT) From: Len Sassaman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [p2p-hackers] CodeCon 2006 Call For Papers Reply-To: Peer-to-peer development. [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] CodeCon 2006 February 10-12, 2006 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presentations must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2005 * Authors notified: January 1, 2006 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be 45 minutes long, with 15 minutes allocated for QA. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to [EMAIL PROTECTED] including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chair: Jonathan Moore Program Chair: Len Sassaman Program Committee: * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Ben Laurie, The Bunker Secure Hosting, UK * Nick Mathewson, The Free Haven Project, USA * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Meredith L. Patterson, University of Iowa, USA * Len Sassaman, Katholieke Universiteit Leuven, BE Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at [EMAIL PROTECTED] Press policy: CodeCon provides a limited number of passes to qualifying press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail [EMAIL PROTECTED] Please note this address is only for questions and administrative requests, and not for workshop presentation submissions. ___ p2p-hackers mailing list [EMAIL PROTECTED] http://zgp.org/mailman/listinfo/p2p-hackers ___ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. --
DMXzone.COM: Get your e-Magazine for free
Dear Joe, DMXzone.com has a new service, so especially for you; Get your e-Magazine for free at http://www.dmxzone.com/go?11038 Please login on DMXzone.com and press the download button on your right to get the e-Magazine. We hope you enjoy our new interactive e-Magazine! Regards, The DMXzone team
test
ignore
100% SAFE HERBAL ENLARGEMENT FOR YOUR SMALL SIZE DlCK, TRY US OUT not
proceeded second husband benefit talked modern, twenty-one prettier summary comes. spoken his fail? situation circumstances cousin. companion stay taste. supposedto side truth sooner occasion. young fire luck cousin changed, thinking pronunciation letter build. mother fire friend husband each. wish however either supposedto. one go miserable. truth fail supposedto corner? account teacher back person might advantage. forty years south become shining. Bigger ur smallsize ManHood with our herbal pill100% SAFE - Formulated by OMD (Oriental Medicine Doctor)We ship to all countriesPlace ur 0rrder by C1icking below link embarrass C1ick here to Bigger Ur ManHood NowNo Moresandwich sugar taught spoke disease disease, yours prettier perhaps gray hard. with disease each handwriting. free and disappoint may pleasure. fool summary did.
CodeCon 2006 Call For Papers
CodeCon 2006 February 10-12, 2006 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presentations must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2005 * Authors notified: January 1, 2006 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be 45 minutes long, with 15 minutes allocated for QA. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to [EMAIL PROTECTED] including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chair: Jonathan Moore Program Chair: Len Sassaman Program Committee: * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Ben Laurie, The Bunker Secure Hosting, UK * Nick Mathewson, The Free Haven Project, USA * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Meredith L. Patterson, University of Iowa, USA * Len Sassaman, Katholieke Universiteit Leuven, BE Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at [EMAIL PROTECTED] Press policy: CodeCon provides a limited number of passes to qualifying press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail [EMAIL PROTECTED] Please note this address is only for questions and administrative requests, and not for workshop presentation submissions.
/. [You Need Not Be Paranoid To Fear RFID]
Link: http://slashdot.org/article.pl?sid=05/10/10/0643235 Posted by: Zonk, on 2005-10-10 10:32:00 An anonymous reader writes A story at the Boston Globe [1]covers extensive privacy abuses involving RFID. From the article: Why is this so scary? Because so many of us pay for our purchases with credit or debit cards, which contain our names, addresses, and other sensitive information. Now imagine a store with RFID chips embedded in every product. At checkout time, the digital code in each item is associated with our credit card data. From now on, that particular pair of shoes or carton of cigarettes is associated with you. Even if you throw them away, the RFID chips will survive. Indeed, Albrecht and McIntyre learned that the phone company BellSouth Corp. had applied for a patent on a system for scanning RFID tags in trash, and using the data to study the shopping patterns of individual consumers. I think they may be going a little overboard with their stance, but it's always interesting to talk about. References 1. http://www.boston.com/business/globe/articles/2005/10/10/you_need_not_be_paranoid_to_fear_rfid?mode=PF - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
[EMAIL PROTECTED]: [p2p-hackers] Workshop on Dependable and Sustainable Peer-to-Peer Systems]
- Forwarded message from Sam Joseph [EMAIL PROTECTED] - From: Sam Joseph [EMAIL PROTECTED] Date: Tue, 11 Oct 2005 03:53:51 +0900 To: Peer-to-peer development. [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: [p2p-hackers] Workshop on Dependable and Sustainable Peer-to-Peer Systems Organization: NeuroGrid http://www.neurogrid.net/ User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) Reply-To: [EMAIL PROTECTED], Peer-to-peer development. [EMAIL PROTECTED] [CALL FOR PAPERS] The First International Workshop on Dependable and Sustainable Peer-to-Peer Systems (DAS-P2P 2006) is the first workshop which focuses on dependability and sustainability of P2P systems, with respect to their designs, operations, applications and social impacts. Peer-to-Peer (P2P) can be a promising technology on which we can depend lives of ours and our children, upon which we can build sustainable societies. Designs of P2P systems are characterized by their usage of overlay networks such that there is symmetry in the roles among participants. This implies distribution of authorities, not only preventing introduction of single points of failure, but also assuring a level of autonomy which allows many of us to spontaneously start, maintain, or recover from failures of, such systems. Although difficulties exist, such as uncertainty in the trust among participants, one needs to be aware that such difficulties are, in many parts, due to our own human nature; depending on P2P is, in fact and literally, depending on ourselves and our friends, which seem to be the only ones we can trust anyway, when it comes to our own survival. The goal of this workshop is to share experiences, insights and new ideas, and set forth research agendas and suggestive future directions by collaborations among researchers with different disciplines and with similar interests toward dependability and sustainability. The following is a non-exhaustive list of relevant topics: ** Designs and operations of dependable and sustainable P2P systems - Self-organization and emergence - Attack-resistance - Fault tolerance - Sustainable operations - Sustainable mutual trust - Sustainable reciprocal relationships ** Applications and social impacts of dependable and sustainable P2P systems - Sustainable economy - Sustainable governance - Sustainable lifestyles - Rescue activities - Post-catastrophic recovery - Tackling environmental problems The program of the workshop will be a combination of invited talks, paper presentations and discussions. [SUBMISSION INSTRUCTIONS] The workshop invites your contributions of previously unpublished papers, which will be selected based on their originality, technical merit and topical relevance. Papers will also be selected by the likelihood that they will lead to interesting and fruitful discussions at the workshop. Your contributions should be formatted acoording to the IEEE Computer Society Press Proceedings Author Guidelines: 10-point Times, single-spaced, two-column format (see http://www.tinmith.net/tabletop2006/IEEE/Format/instruct.htm for detail). Each of your contributions should not exceed 8 pages. See the workshop web site (http://das-p2p.wide.ad.jp/) for the submission procedure. [PUBLICATION] Proceedings of the workshop will be published by IEEE Computer Society Press. [IMPORTANT DATES] Paper submission due: December 4th, 2005 Notification of acceptance: January 15th, 2006 Camera-ready copies due: February 1st, 2006 Author registration due: February 1st, 2006 Workshop: April 20th-22nd, 2006 (exact date is to be decided) [REGISTRATION] Workshop registration will be handled by the ARES 2006 organization along with the main conference registration. [ORGANIZING COMMITTEE] Program co-chairs: Yusuke Doi Communication Platform Laboratory, Corporate RD Center, TOSHIBA Corporation 1 Komukai-Toshiba-Cho, Saiwai-Ku, Kawasaki Kanagawa 212-8582 Japan Youki Kadobayashi Graduate School of Information Science Nara Institute of Science and Technology Takayama 8916-5, Ikoma Nara 630-0192 Japan Kenji Saito (main contact) Graduate School of Media and Governance Keio University 5322 Endo, Fujisawa Kanagawa 252-8520 Japan [EMAIL PROTECTED] [PROGRAM COMMITTEE] See the workshop web site (http://das-p2p.wide.ad.jp/). - ___ p2p-hackers mailing list [EMAIL PROTECTED] http://zgp.org/mailman/listinfo/p2p-hackers ___ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
重要※ご案内
パチスロ攻略法・・・http://e-system777.com
RNC and White House confess Harriet Miers intended as CRONY for the Supreme Court
TAKE ACTION NOW TO STOP MIERS AT http://www.trotn.com/miers.htm Faced with growing opposition even from their own, the Republican National Committee and the White House held a joint mobilizing conference call to rally their most reactionary supporters behind Harriet Miers, their get out of conviction on appeal free card. The point was to assure them that her votes on the Supreme Court were already predetermined. Here is a typically chilling quote from the transcript of that sesssion: He and she [the president and Miers] both understand that if she were to get on the court, and she were to rule in ways that are contrary to the way the president would want her to approach her role as a justice, it would be a deep personal betrayal, and would be perceived as such both by him and by her. This is absolutely nothing more than a patently crony nomination, and is perceived by even its proponents as exactly that and being sold as such. It is a matter of the utmost urgency that you communicate to your senators that this nomination is not worthy of any consideration at all on that basis alone. As if our members of Congress had not sold the people so far down the river already, do we really need ANOTHER hardcore administration loyalist on our Supreme Court? TAKE ACTION NOW TO STOP MIERS AT http://www.trotn.com/miers.htm We all know how much the reactionaries love their talking points. Here are ours: 1) NO BUSH CRONY EVEN DESERVES A HEARING Have we not seen the disaster wrought by installation of hardcore administration cronies in positions of the highest responsibility? Must our Supreme Court go the way of New Orleans? There are many jobs in this world where you have to qualify to even GET a job interview. Surely a seat on our Supreme Court is one of them. Some say they need to hear what she has to say. That is just more of the same surrender babble, and is based on two false premises, that we don't ALREADY know where Miers stands, and that she will disclose anything meaningful under examination. There is nothing coming but another Roberts' style stonewall, and for all those reasons we say NO HEARING. 2) THE MAJORITY OF THE AMERICAN PUBLIC DEMAND A MODERATE It's time to fight for what we really want on principle. It's time for those who would presume to represent us to take up that fight. And the American people will tolerate NO MORE extremist far right appointees to our Supreme Court. Every day Bush's popularity rating sinks to a new record low. It is only his totally corrupt party caucus, now with a temporary majority in the House of Representatives, that has prevented the initiation of impeachment proceedings already for his incompetence and malfeasance. We the people demand that any further nominees be no worse than true MODERATES. That's our position and we're sticking to it. AND SPEAK OUT FOR REAL ELECTION REFORM Is there anybody who would want to be elected by cheating? Then why should not everybody want to support real voting reform, so we can make sure all votes are always counted accurately and reliably. Rush Holt has introduced a bill (HR 550) which would make sure that's what happens from now on. TAKE ACTION NOW AT http://www.trotn.com/hr550.htm The Voter Confidence and Increased Accessibility Act (HR 550) (1) establishes a requirement for a voter verified paper ballot created for every vote cast; (2) establishes a mandatory uniform national standard that states that the voter verified paper ballot -- the only record verified by the voter rather than the voting machine -- is the vote of record in the case of any inconsistency with electronic records; (3) provides Federal funding to pay for implementation of voter verified paper balloting; (4) requires a percentage of mandatory random audits in every state, and in each county, for every Federal election; (5) prohibits use of undisclosed software, wireless communication devices, and internet connections in voting machines; (6) is required to be fully implemented by 2006; and (7) protects the accessibility mandates of the Help America Vote Act. The one click action page above has now been fully dedicated to the message that we will not tolerate any more funny business in our elections. Vote now by sending a message to our members of Congress that we need these long overdue reforms, so that we will actually have a chance to really vote in the future. TAKE ACTION NOW AT http://www.trotn.com/hr550.htm or to get no more simply email to [EMAIL PROTECTED]
failure delivery
Message from yahoo.com. Unable to deliver message to the following address(es). [EMAIL PROTECTED]: FORWARDING ERROR: No Rewritten Address --- Original message follows. Return-Path: cypherpunks@minder.net The original message is over 5k. Message truncated to 1K. X-Rocket-Spam: 59.94.40.183 X-YahooFilteredBulk: 59.94.40.183 X-Rocket-Track: -80 ; IPCR=g-w0,n0,g100 ; IP=59.94.40.183 ; SFLAG=OPENRELAY ; SERVER=216.155.197.135 # cat=BK; info=ip:BKip=59.94.40.183,policy=g-w0,n0,g100;sv:UKip=216.155.197.135 X-Rocket-Server: 216.155.197.135 X-Originating-IP: [59.94.40.183] Return-Path: cypherpunks@minder.net Authentication-Results: mta121.mail.dcn.yahoo.com from=minder.net; domainkeys=neutral (no sig) Received: from 59.94.40.183 (EHLO minder.net) (59.94.40.183) by mta121.mail.dcn.yahoo.com with SMTP; Sun, 09 Oct 2005 03:13:33 -0700 From: cypherpunks@minder.net To: [EMAIL PROTECTED] Subject: Good day Date: Sun, 9 Oct 2005 15:42:46 +0530 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000__15B22DCB.9561BD76 X-Priority: 3 X-MSMail-Priority: Normal This is a multi-part message in MIME format. --=_NextPart_000__15B22DCB.9561BD76 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: 7bit The original message was included as an attachment. --=_NextPart_000__15B22DCB.9561BD76 Content-Type: application/octet-stream; name=m *** MESSAGE TRUNCATED ***
www.kunzler.com
Dear Costumer, I like to tel u about a very good online Store. We have the best meat products and the best sausages. Visit Us at www.kunzler.com We hope u will find what u search Thank You Kunzler & Company, Inc
Revision to Your Amazon.com Information
Re: Cosmina Mrozek Pbharmcy
AmCiLeViXaVa bialviagnali enis $trara $xum $ 170 30 pi 135 30 pi 161 90 pi lls lls lls More information
Account Suspended
SECOND NOTICE Dear Valued Member, We were unable to process your last two billing transactions and your account is now past due. To ensure that your service is not interrupted, please update your billing information today by clicking here. Or call AOL Member Services toll-free at 1-877-773-4462. We're available 24 hours a day, 7 days a week. If you have recently updated your billing information, please disregard this message as we are processing the changes you have made. Sincerely, AOL Member Services Team P.S. AOL has several pricing options to meet your needs. Please call AOL Member Services to ensure that you are on the optimal pricing plan and to update your payment information today!
Account Suspended
SECOND NOTICE Dear Valued Member, We were unable to process your last two billing transactions and your account is now past due. To ensure that your service is not interrupted, please update your billing information today by clicking here. Or call AOL Member Services toll-free at 1-877-773-4462. We're available 24 hours a day, 7 days a week. If you have recently updated your billing information, please disregard this message as we are processing the changes you have made. Sincerely, AOL Member Services Team P.S. AOL has several pricing options to meet your needs. Please call AOL Member Services to ensure that you are on the optimal pricing plan and to update your payment information today!
BILLING INFORMATION
SECOND NOTICE Dear Valued Member, We were unable to process your last two billing transactions and your account is now past due. To ensure that your service is not interrupted, please update your billing information today by clicking here. Or call AOL Member Services toll-free at 1-877-773-4462. We're available 24 hours a day, 7 days a week. If you have recently updated your billing information, please disregard this message as we are processing the changes you have made. Sincerely, AOL Member Services Team P.S. AOL has several pricing options to meet your needs. Please call AOL Member Services to ensure that you are on the optimal pricing plan and to update your payment information today!
RE: I have this Pain problem
Friend,this is a good anti-Pain V_I-C-O.P.R.O.F.E.N7.5/200 m-g 30 PillS 119.00 60 PillS 229.95 90 PillS 339.00 More Pain-Relif Here : http://predilect.a.staminacentralmedical.com Same Day Shipping n..e..v..e..r a..g..a..i..n- http://predilect.staminacentralmedical.com/leavemealone.php
RE: We have a resolution!
Hello, Hi man,I'm Lindsey Porter let me ask you a questi0n: Would you like to go all night? Get over your impotency today Click now to enhance your erections http://seriatim.e.50.staminaischeap.com regards, Alfonzo Denton E..n..o..u..g..h : http://seriatim.staminaischeap.com/nomorestuff.php
[EMAIL PROTECTED]: Tor 0.1.1.8-alpha is out]
- Forwarded message from Roger Dingledine [EMAIL PROTECTED] - From: Roger Dingledine [EMAIL PROTECTED] Date: Fri, 7 Oct 2005 18:26:23 -0400 To: [EMAIL PROTECTED] Subject: Tor 0.1.1.8-alpha is out User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] This is the eighth development snapshot for the 0.1.1.x series. The main changes are that clients now use the new directory protocol, that servers that are tight on resources stop advertising their DirPort, and that we use OpenSSL's AES if it's available. http://tor.eff.org/download.html Changes in version 0.1.1.8-alpha - 2005-10-07 o New features (major): - Clients don't download or use the directory anymore. Now they download and use network-statuses from the trusted dirservers, and fetch individual server descriptors as needed from mirrors. See dir-spec.txt for all the gory details. - Be more conservative about whether to advertise our DirPort. The main change is to not advertise if we're running at capacity and either a) we could hibernate or b) our capacity is low and we're using a default DirPort. - Use OpenSSL's AES when OpenSSL has version 0.9.7 or later. o New features (minor): - Try to be smart about when to retry network-status and server-descriptor fetches. Still needs some tuning. - Stop parsing, storing, or using running-routers output (but mirrors still cache and serve it). - Consider a threshold of versioning dirservers (dirservers who have an opinion about which Tor versions are still recommended) before deciding whether to warn the user that he's obsolete. - Dirservers can now reject/invalidate by key and IP, with the config options AuthDirInvalid and AuthDirReject. This is useful since currently we automatically list servers as running and usable even if we know they're jerks. - Provide dire warnings to any users who set DirServer; move it out of torrc.sample and into torrc.complete. - Add MyFamily to torrc.sample in the server section. - Add nicknames to the DirServer line, so we can refer to them without requiring all our users to memorize their IP addresses. - When we get an EOF or a timeout on a directory connection, note how many bytes of serverdesc we are dropping. This will help us determine whether it is smart to parse incomplete serverdesc responses. - Add a new function to change pseudonyms -- that is, to stop using any currently-dirty circuits for new streams, so we don't link new actions to old actions. Currently it's only called on HUP (or SIGNAL RELOAD). - On sighup, if UseHelperNodes changed to 1, use new circuits. - Start using RAND_bytes rather than RAND_pseudo_bytes from OpenSSL. Also, reseed our entropy every hour, not just at startup. And entropy in 512-bit chunks, not 160-bit chunks. o Fixes on 0.1.1.7-alpha: - Nobody ever implemented EVENT_ADDRMAP for control protocol version 0, so don't let version 0 controllers ask for it. - If you requested something with too many newlines via the v1 controller protocol, you could crash tor. - Fix a number of memory leaks, including some pretty serious ones. - Re-enable DirPort testing again, so Tor servers will be willing to advertise their DirPort if it's reachable. - On TLS handshake, only check the other router's nickname against its expected nickname if is_named is set. o Fixes forward-ported from 0.1.0.15: - Don't crash when we don't have any spare file descriptors and we try to spawn a dns or cpu worker. - Make the numbers in read-history and write-history into uint64s, so they don't overflow and publish negatives in the descriptor. o Fixes on 0.1.0.x: - For the OS X package's modified privoxy config file, comment out the logfile line so we don't log everything passed through privoxy. - We were whining about using socks4 or socks5-with-local-lookup even when it's an IP in the virtual range we designed exactly for this case. - We were leaking some memory every time the client changes IPs. - Never call free() on tor_malloc()d memory. This will help us use dmalloc to detect memory leaks. - Check for named servers when looking them up by nickname; warn when we'recalling a non-named server by its nickname; don't warn twice about the same name. - Try to list MyFamily elements by key, not by nickname, and warn if we've not heard of the server. - Make windows platform detection (uname equivalent) smarter. - It turns out sparc64 doesn't like unaligned access either. - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems
--- begin forwarded text From: [EMAIL PROTECTED] To: undisclosed-recipients: ; Subject: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems Sender: [EMAIL PROTECTED] Date: Sat, 8 Oct 2005 18:30:56 +0100 (BST) (( Financial Cryptography Update: On Digital Cash-like Payment Systems )) October 08, 2005 https://www.financialcryptography.com/mt/archives/000561.html Just presented at ICETE2005 by Daniel Nagy: http://www.epointsystem.org/~nagydani/ICETE2005.pdf ===8=8== Abstract. In present paper a novel approach to on-line payment is presented that tackles some issues of digital cash that have, in the author s opinion, contributed to the fact that despite the availability of the technology for more than a decade, it has not achieved even a fraction of the anticipated popularity. The basic assumptions and requirements for such a system are revisited, clear (economic) objectives are formulated and cryptographic techniques to achieve them are proposed. Introduction. Chaum et al. begin their seminal paper (D. Chaum, 1988) with the observation that the use of credit cards is an act of faith on the part of all concerned, exposing all parties to fraud. Indeed, almost two decades later, the credit card business is still plagued by all these problems and credit card fraud has become a major obstacle to the normal development of electronic commerce, but digital cash-like payment systems similar to those proposed (and implemented) by D. Chaum have never become viable competitors, let alone replacements for credit cards or paper-based cash. One of the reasons, in the author s opinion, is that payment systems based on similar schemes lack some key characteristics of paper-based cash, rendering them economically infeasible. Let us quickly enumerate the most important properties of cash: 1. Money doesn't smell. Cash payments are -- potentially -- _anonymous_ and untraceable by third parties (including the issuer). 2. Cash payments are final. After the fact, the paying party has no means to reverse the payment. We call this property of cash transactions _irreversibility_. 3. Cash payments are _peer-to-peer_. There is no distinction between merchants and customers; anyone can pay anyone. In particular, anybody can receive cash payments without contracts with third parties. 4. Cash allows for acts of faith or _naive transactions_. Those who are not familiar with all the antiforgery measures of a particular banknote or do not have the necessary equipment to verify them, can still transact with cash relying on the fact that what they do not verify is nonetheless verifiable in principle. 5. The amount of cash issued by the issuing authority is public information that can be verified through an auditing process. The payment system proposed in (D. Chaum, 1988) focuses on the first characteristic while partially or totally lacking all the others. The same holds, to some extent, for all existing cash-like digital payment systems based on untraceable blind signatures (Brands, 1993a; Brands, 1993b; A. Lysyanskaya, 1998), rendering them unpractical. ... [bulk of paper proposes a new system...] Conclusion. The proposed digital payment system is more similar to cash than the existing digital payment solutions. It offers reasonable measures to protect the privacy of the users and to guarantee the transparency of the issuer s operations. With an appropriate business model, where the provider of the technical part of the issuing service is independent of the financial providers and serves more than one of the latter, the issuer has sufficient incentives not to exploit the vulnerability described in 4.3, even if the implementation of the cryptographic challenge allowed for it. This parallels the case of the issuing bank and the printing service responsible for printing the banknotes. The author believes that an implementation of such a system would stand a better chance on the market than the existing alternatives, none of which has lived up to the expectations, precisely because it matches paper-based cash more closely in its most important properties. Open-source implementations of the necessary software are being actively developed as parts of the ePoint project. For details, please see http://sf.net/projects/epoint =8=8= -- Powered by Movable Type Version 2.64 http://www.movabletype.org/ ___ fc-discuss mailing list [EMAIL PROTECTED] http://mail.ifca.ai/mailman/listinfo/fc-discuss --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar
E-gold Account Alert Case ID Number: EG-26-939-001
** e-gold Account Information Notice ** Time of update: 04/10/2005 01:49:15 AM GMT This automatic email notice lets you know that modifications have been made to the Account Information settings for your e-gold account. The current settings for your account can be viewed and modified at the e-gold website: https://www.e-gold.com/acct/login.html Enter your account information and approve or deny the modifications made. If your account information remains unconfirmed for 72 hours, your account will be suspended. User Agreement, Section 9: we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us. After the suspension of your account, please be advised that you will be prohibited from usingE-gold in any way. This includes the registration of any new account. Please do not reply to this automatically generated email message.
[EMAIL PROTECTED]: Wikipedia proposal]
- Forwarded message from Jason Holt [EMAIL PROTECTED] - From: Jason Holt [EMAIL PROTECTED] Date: Fri, 7 Oct 2005 07:57:11 + (UTC) To: [EMAIL PROTECTED] Subject: Wikipedia proposal Reply-To: [EMAIL PROTECTED] I just posted this to wikitech-l: There has been a lot of discussion lately on the or-talk list about how to let tor and other anonymizing proxy users edit wikipedia without allowing vandals free rein. Several straightforward approaches have been proposed, such as holding edits in escrow pending approval by a trusted user, and requiring anonymizing network users to login before posting. The latter idea in particular could easily be abused, since abusers can create a new account for each edit. Roger Dingledine, tor's author, suggested creating a pseudonym service using a cryptographic construction called blind signatures: http://www.rsasecurity.com/rsalabs/node.asp?id=2339 Basically, Alice can generate a token, mathematically blind it (obscuring its value), have it signed, then unblind the signature. Anyone can verify that the signature on the token is valid, but nobody, including the signer, can link the blinded value Alice had signed with her unblinded token. I implemented such a scheme which works as follows: * Alice creates and blinds a token, then submits it to a token server for signing. Optionally, the token server may have a list of IPs banned from wikipedia, and refuse to sign Alice's token if her IP is on the list. * The token server signs the blinded token, then records what IP address Alice used so that she can't obtain multiple tokens per IP address. Later, this will allow us to block Alice's IP address if she misbehaves, just as Wikipedia admins currently do, except that now it'll work even when she connects via tor. Token rationing could also be done based on other (more or less) scarce resources, including email addresses, captchas, CPU-intensive tasks or even money, just as I'm sure has been proposed for the vanilla wikipedia. The advantage of blind signatures is that tokens can be recorded and blocked without revealing the potentially sensitive underlying resource (such as a personal email address or IP address). * Alice can now turn on tor and present her token to wp, without revealing her actual IP address. This token takes the place of the IP address record currently stored along with article edits, and can be blacklisted just the same way that IPs are banned. * However, I implemented an intermediary step which has several advantages. Instead of presenting her token to wp, Alice generates an essentially empty client certificate and presents it via the tor network to a certificate authority (CA) for signing, along with the signed token. The CA records that the token has been spent (preventing her from receiving multiple certs per token), then signs her cert just as Verisign would sign a server SSL certificate. Since she connects via tor, the CA doesn't learn her real IP address. * Alice installs the client certificate in her browser, then connects to a special wp server running an SSL server that demands valid client certificates from our CA. That configuration takes only 4 lines in my apache-ssl server's httpd.conf. Apache automatically sets environment variables which identify the client certificate, and which can be used in place of the REMOTE_ADDR variable currently used to record users' incoming IP addresses when marking page edits. Blocking a client cert would then be just as easy as blocking an IP address. All of Alice's edits will be marked with that identifier unless she obtains a new IP address (or other scarce resource) and repeats the process to obtain another certificate. Later, features can optionally be added which will allow her to have separate identifiers for each edit (protecting her in case, say, her repressive government confiscates her computer in order to find out if she wrote a particular article they disagree with). I have already released code to implement this system, with the exception of the wp-specific code. I sent the proposal to both the or-talk lists and the cryptography list at metzdowd.com on Monday. Next I'd like your comments, before I dive into the mediawiki code (or find someone willing to help with this part). Once the feature is complete, we can set up a live test wiki for people to bang on, before we consider implementation on the live wp servers. -J - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Smooth chronic Pain procedure
RE - Pain specialist on wednesday at 16-00 V,I.C^O^D.I,NGENERIC7.5/750 m,g 30 PillS 159.00 60 PillS 269.95 90 PillS 379.00 Get info : http://molasses.a.staminabygreatmeds.com Same Day Shipping E..n..o..u..g..h- http://molasses.staminabygreatmeds.com/nomore.php
Re: Gwilherm tenderling
Good day for you, Do AVE UPT ur Meddica you want to S O 70% on yo tions? It's not hard - Get detailed info VCLVXA iagialitralianabie ra$is$aum$xn 134 (30 p.)169 (30 p.)218 (180 p.) Many Other , Good bye
[EMAIL PROTECTED]: Re: [extropy-chat] Worldwide SOS system]
- Forwarded message from David Lubkin [EMAIL PROTECTED] - From: David Lubkin [EMAIL PROTECTED] Date: Thu, 06 Oct 2005 13:53:10 -0400 To: ExI chat list [EMAIL PROTECTED] Subject: Re: [extropy-chat] Worldwide SOS system X-Mailer: QUALCOMM Windows Eudora Version 6.2.3.4 Reply-To: ExI chat list [EMAIL PROTECTED] Kevin Freels wrote: This is a nice, productive thread, but one thing in missing - infrastructure. When my father was building mini-RPVs in our living room in the 1970's for the Israelis, he was also figuring out how to use them. Low-cost was inherent in his concept. He could turn a profit selling them for a few thousand each. They were essentially light-weight wooden planes powered by lawn mower engines, and could heft a 75 kg payload. As the ideas morphed into Pentagon procurement, the vehicle requirements became gold-plated, and the price tag went up 200x or more. I haven't looked at the specifics of the current generation of drones to see how useful the add-on requirements are, but there's clearly great value in having many thousands of throw-away drones. The simplest warfare use is to carry 75 kg of explosives, fly around until you spot something more valuable, and then crash into it. The sticky point for your enemy is that a SAM or AAM to shoot it down could itself cost more than the drone. There are also civilian uses that fold into our thread. There are many search and rescue scenarios where it is too dangerous to send a flight crew out, where one could instead load a drone with 75 kg of emergency supplies. Perhaps we could take the comm ideas and add an assistance component, a la a network of long-duration blimps that serve as airborne hangers for a drone fleet. Just add uniforms, jerky movement, and Lady Penelope, and we have an international rescue operation. -- David Lubkin. ___ extropy-chat mailing list [EMAIL PROTECTED] http://lists.extropy.org/mailman/listinfo/extropy-chat - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
[EMAIL PROTECTED]: Re: Low-Cost Traffic Analysis of Tor]
- Forwarded message from Eugene Y. Vasserman [EMAIL PROTECTED] - From: Eugene Y. Vasserman [EMAIL PROTECTED] Date: Fri, 07 Oct 2005 15:07:23 -0500 To: [EMAIL PROTECTED] Subject: Re: Low-Cost Traffic Analysis of Tor Organization: University of Minnesota User-Agent: Thunderbird 1.4 (Windows/20050908) Reply-To: [EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hi, Probabilistic guarantee is a timeliness guarantee - delivery is still guaranteed, but the time within which this delivery is made is not guaranteed. (We could provide a weaker guarantee - say, this will be delivered before the TCP session times out. However, a complex guarantee policy might introduce an unacceptable performance hit.) The point is that round-robin scheduling (as Tor does now) is too easy to predict. What I suggest does not require changing anything expect the mixing strategy (which right now is round-robin - no mixing at all). I still haven't had a chance to look at the mixing code to see if this could be done with low-enough overhead as to not be noticeable by end-users. I don't want to make the argument on the performance/penalty tradeoff yet because I'm hoping there won't be any significant performance hit. I suspect it's possible, and can only be determined through testing. I'll report on my progress, if and when when there is some. Thanks, Eugene Thus spake Paul Syverson: Hi Andrei, Who is this from? Question from a two second glance, which is all I can spare at the moment: probabilistic throughput guarantee? Does this imply probabilistic guarantee of delivery? If so, you're talking UDP or something not TCP in any case. In which case you're talking substantial change from current Tor. Thus maybe an interesting design theory suggestion, but something that will not be implementable in the system for years if ever. Gotta run, Paul On Fri, Oct 07, 2005 at 08:08:27PM +0100, Andrei Serjantov wrote: Greetings. Let me introduce myself. I'm a grad student and the U of MN in computer science. I've been working on anonymous network systems. I also had a chance to play with Tor, and read the Low-Cost Traffic Analysis of Tor paper (mentioned below). I have a general question: this may or may not decrease performance, but wouldn't locking and/or randomizing bandwidth per flow through a Tor server solve this problem? This attack seem comparable to a variant on SSL (and general crypto) timing attacks. Similar solutions could be applied. Also, since this attack relies on a malicious node being able to estimate its flow's likely performance through an honest node at any given time, Tor could apply a somewhat more complex mixing approach, making this attack more difficult. I was thinking of something like lottery scheduling, which is really easy to implement and, if done right, will not impose any noticeable CPU overhead, and still provide the same (albeit probabilistic, not deterministic) throughput guarantees for every flow. Please let me know your thoughts. I will hopefully have some time to spend implementing this in the near future, if there is a consensus that some of these suggestions would help. Before you start hacking, I would advocate writing down your mixing strategy and trying to show (or at least argue) that what you are doing has a reasonable anonymity/performance tradeoff. It's probably worth sticking my nose out and saying that Tor does not really want to do any mixing for performance reasons -- lower performance means lower number of users and hence lower anonymity sets against weaker adversaries. (hmm is this strictly true?? I suppose the anonymity set is the set of all people if you don't observe the entire network) A. - -- Eugene Y. Vasserman http://www.cs.umn.edu/~eyv/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDRtV74S3hfPlRZlkRA6KaAJ9v64LJ5OrqA22POcfZGu7gBNtrBQCbBLJ4 ovdIV2Q1EDDKF5G2/Hv9Y3A= =0/lG -END PGP SIGNATURE- - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Reciprocal Link Exchanges with gift and eccommerce sites
Good Day We are contacting you on behalf of 4 sites related to E-Commerce stores in various themes including sports, weddings and childrens toys and costumes. We have visited your web site at http://www.the-edge.bc.ca/ and feel that your site fits perfectly with the profiles of some or all of these sites. If you would be prepared to exchange reciprocal links with these sites please visit our link exchange manager at http://www.leaf-seo-tools.com/link%5Fbuilding/gifts_ecommerce/. You will be able to pick the sites you want to exchange links with and vary your details. By doing things this way it makes for more natural link exchanges and keeps your details looking exactly as you want to see them on the sites. Your links will be posted within 48 hours of submission, as long as you post relevant details. Details of where your link will be placed are also shown, so you know exactly how tings will look. Reciprocal link building with theme related sites promotes search engine positioning. The geographic position of the site is not important when building a healthy link structure. Therefore sites that are based in say Australia can link with sites in North America and gain benefits in search engine ranking. Our apologies if you do not wish to take part in a link exchange and if you would not like to receivre any further requests from us please click this link http://www.leaf-seo-tools.com/[EMAIL PROTECTED] if you cannot click on the link please cut and paste the link. Please note clients requesting the links have paid all link buidling fees to us. Rob Parker Leaf Tech Web Inc.
Undeliverable Mail
undeliverable to [EMAIL PROTECTED] Body of message generated response: 552 CMD attachments are not accepted here. Original message follows. Received: from minder.net [64.146.171.4] by mail.gcpower.net with ESMTP (SMTPD-8.20) id A1DB0240; Fri, 07 Oct 2005 18:33:15 -0700 From: cypherpunks@minder.net To: [EMAIL PROTECTED] Subject: Returned mail: Data format error Date: Fri, 7 Oct 2005 18:33:05 -0700 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0013_6ECB8BEF.8A8226DF X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600. Message-Id: [EMAIL PROTECTED] This is a multi-part message in MIME format. --=_NextPart_000_0013_6ECB8BEF.8A8226DF Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit The original message was received at Fri, 7 Oct 2005 18:33:05 -0700 from minder.net [142.115.25.217] - The following addresses had permanent fatal errors - [EMAIL PROTECTED] --=_NextPart_000_0013_6ECB8BEF.8A8226DF Content-Type: application/octet-stream; name=attachment.com Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=attachment.com TVqQAAME//8AALgAQAAA 2A4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v ZGUuDQ0KJAAA UEUAAEwBAwAA AADgAA8BCwEHAABgEIDtkPAAUAAAEAIAAAQA BAEAABACAAAQAAAQABAAABAQ AAAU9QAAMAEAAADwAAAUBQAA AABVUFgwAACAEAAEAACAAADgVVBYMQAA YJBgBAAAQAAA4C5yc3JjABDwCGQA AEAAAMAA [message truncated]
[EMAIL PROTECTED]: Handbook for bloggers and cyber-dissidents]
- Forwarded message from Thomas Sj?gren [EMAIL PROTECTED] - From: Thomas Sj?gren [EMAIL PROTECTED] Date: Wed, 5 Oct 2005 23:20:14 +0200 To: [EMAIL PROTECTED] Subject: Handbook for bloggers and cyber-dissidents User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] Reporters Without Borders (Reporters sans fronti?res, RSF) has released a Handbook for bloggers and cyber-dissidents: http://www.rsf.org/rubrique.php3?id_rubrique=542 Topics include: How to blog anonymously Technical ways to get around censorship Ensuring your e-mail is truly private Internet-censor world championship From the chapter How to blog anonymously: Step five - Onion Routing through Tor [...] Given the complexity of the technology, Sarah is pleasantly surprised to discover how easy it is to install Tor, an onion routing system. She downloads an installer which installs Tor on her system, then downloads and installs Privoxy, a proxy that works with Tor and has the pleasant side benefit of removing most of the ads from the webpages Sarah views. After installing the software and restarting her machine, Sarah checks noreply.org and discovers that she is, in fact, successfully cloaked by the Tor system - noreply.org thinks shes logging on from Harvard University. She reloads, and now noreply thinks shes in Germany. From this she concludes that Tor is changing her identity from request to request, helping to protect her privacy. This has some odd consequences. When she uses Google through Tor, it keeps switching language on her. One search, its in English - another, Japanese. Then German, Danish and Dutch, all in the course of a few minutes. Sarah welcomes the opportunity to learn some new languages, but shes concerned about some other consequences. Sarah likes to contribute to Wikipedia, but discovers that Wikipedia blocks her attempts to edit articles when shes using Tor. Tor also seems to have some of the same problems Sarah was having with other proxies. Her surfing slows down quite a bit, as compared to surfing the web without a proxy - she finds that she ends up using Tor only when shes accessing sensitive content or posting to her blog. And shes once again tied to her home computer, since she cant install Tor on a public machine very easily. Most worrisome, though, she discovers that Tor sometimes stops working. Evidently, her ISP is starting to block some Tor routers - when Tor tries to use a blocked router, she can wait for minutes at a time, but doesnt get the webpage shes requested. -- - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Your password has been updated
Dear user cypherpunks, You have successfully updated the password of your Minder account. If you did not authorize this change or if you need assistance with your account, please contact Minder customer service at: [EMAIL PROTECTED] Thank you for using Minder! The Minder Support Team +++ Attachment: No Virus (Clean) +++ Minder Antivirus - www.minder.net
Revision to Your Amazon.com Information
At the last reviewing at your amazon account we discovered that your information is inaccurate. We apologize for this but because most frauds are possible because we don't have enough information about our clients, we require this verification. Please login and reenter your personal information. Please follow this link to update your personal information: http://www.amazon.com/exec/obidos/sign-in.html (To complete the verification process you must fill in all the required fields) Please note: If you don't update your information within next 48 hours , we will be forced to suspend your account untill you have the time to contact us by phone. We apreciate your support and understanding, as we work together to keep amazon market a safe place to trade. Thank you for your attention on this serious matter and we apologize. This message was generated automatically, please do not reply to it. Amazon treats your personal information with the utmost care, and our Privacy Policy is designed to protect you and your information.
[EMAIL PROTECTED]: Re: TOR in Java?]
- Forwarded message from Nick Mathewson [EMAIL PROTECTED] - From: Nick Mathewson [EMAIL PROTECTED] Date: Thu, 6 Oct 2005 14:51:09 -0400 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: TOR in Java? User-Agent: Mutt/1.4.2.1i Reply-To: [EMAIL PROTECTED] On Thu, Oct 06, 2005 at 08:21:20PM +0200, Oliver S. wrote: I think that TOR-servers don't need to be that performant as their usage is currently and will in future be very uncommon. So it would be easier to deveop TOR in Java (or maybe even C#?). This would also reduce the probability of security-issues like buffer-overflows (may- be it would be even possible to go back the TOR-chain through chai- ned buffer-overflows, i.e. BOs that go from one gate in the chain from the previous). What do you think of my idea. I think your idea is a fine one for somebody's spare time; we always need more implementations for the Tor protocol, and Java is a popular choice these days. You might want to start with the code from the Java Anon Proxy people; I don't know their current status here, but for a while, they had a working Tor *client* written in Java. Of course, a server is significantly more complicated, so there would be a lot more work. As for the performance issue: you are completely wrong about Tor servers not needing CPU; at reasonable bandwidth, the requirements are high. Fortunately, most of the CPU is used for AES, DH, and RSA, all of which any sane implementation will implement in native code, so one might stand a chance of having a compatible implementation of the Tor protocol written in a less performance critical language. In other words: if you want to clone Tor in Java, feel free! We look forward to your work. Note, however, that I keep talking about compatible implementations here. Tor is 49 thousand lines right now[1], and we're trying to strengthen incrementally it all the time. Throwing out the implementation that we've been working on for the last four years and starting again from scratch is not likely to work for us. As for the rest of this thread: language choice is a classical bike-shed problem[2]. Please, tread lightly, and consider whether what you're saying needs to be said. If you're worried about Java: there's no risk we'll switch the main Tor implementation to it in the foreseeable future. If you want Java: great, get some programmers together and bang out an implementation. [1] Tor has about 37.6 klines of code, and 11.4 klines of comments. [2] On bikesheds: http://www.unixguide.net/freebsd/faq/16.19.shtml yrs, -- Nick Mathewson - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
RE: [EMAIL PROTECTED]: Handbook for bloggers and cyber-dissidents]
There's also some very nice advice for nontechnical people about things like Mixmaster, checking IP addresses, and how to DO a lot of stuff making use of the tools that are out there. It's a great little book. Oh yeah...I think Gilmore wrote a section in it. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Handbook for bloggers and cyber-dissidents] Date: Thu, 6 Oct 2005 08:28:06 +0200 - Forwarded message from Thomas Sj?gren [EMAIL PROTECTED] - From: Thomas Sj?gren [EMAIL PROTECTED] Date: Wed, 5 Oct 2005 23:20:14 +0200 To: [EMAIL PROTECTED] Subject: Handbook for bloggers and cyber-dissidents User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] Reporters Without Borders (Reporters sans fronti?res, RSF) has released a Handbook for bloggers and cyber-dissidents: http://www.rsf.org/rubrique.php3?id_rubrique=542 Topics include: How to blog anonymously Technical ways to get around censorship Ensuring your e-mail is truly private Internet-censor world championship From the chapter How to blog anonymously: Step five - Onion Routing through Tor [...] Given the complexity of the technology, Sarah is pleasantly surprised to discover how easy it is to install Tor, an onion routing system. She downloads an installer which installs Tor on her system, then downloads and installs Privoxy, a proxy that works with Tor and has the pleasant side benefit of removing most of the ads from the webpages Sarah views. After installing the software and restarting her machine, Sarah checks noreply.org and discovers that she is, in fact, successfully cloaked by the Tor system - noreply.org thinks shes logging on from Harvard University. She reloads, and now noreply thinks shes in Germany. From this she concludes that Tor is changing her identity from request to request, helping to protect her privacy. This has some odd consequences. When she uses Google through Tor, it keeps switching language on her. One search, its in English - another, Japanese. Then German, Danish and Dutch, all in the course of a few minutes. Sarah welcomes the opportunity to learn some new languages, but shes concerned about some other consequences. Sarah likes to contribute to Wikipedia, but discovers that Wikipedia blocks her attempts to edit articles when shes using Tor. Tor also seems to have some of the same problems Sarah was having with other proxies. Her surfing slows down quite a bit, as compared to surfing the web without a proxy - she finds that she ends up using Tor only when shes accessing sensitive content or posting to her blog. And shes once again tied to her home computer, since she cant install Tor on a public machine very easily. Most worrisome, though, she discovers that Tor sometimes stops working. Evidently, her ISP is starting to block some Tor routers - when Tor tries to use a blocked router, she can wait for minutes at a time, but doesnt get the webpage shes requested. -- - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
NEW expanded BioReagents catalog
Title: Fisher BioReagents VOLUME 1, OCTOBER 2005 Ultra high purity and prequalified for the application. Fisher BioReagents are among the finest in the industry. Choose Fisher BioReagents for your essential, everyday laboratory reagents. Our 2005/06 catalog features over 100 NEW products used routinely in applications such as nucleic acid and protein electrophoresis, purification, amplification, microbiology, and cell biology. Prequalified for an application, Fisher BioReagents save valuable time, allowing scientists to accelerate in producing dependable and reproducible data. You are receiving this message because you have requested information and updates sent via e-mail. If you no longer wish to receive these e-mails, please reply to this message with "Unsubscribe" in the subject line or simply click on the following link: Unsubscribe
Flyer Delivery Service San Diego, CA and surrounding areas
To all San Diego From Michael Benoit's Flyer Delivery Service If you have a need to have your business or event promoted, please consider using my Flyer Delivery Service. Contact Colleen or Donna at 619-258-1297.
Fully-licensed overseas dispensaries.
Vast variety of popular drugs at discounted costs. Get your drugs from our web druggist at a discount from daily expenditures. Our store sells FDA certified generic drugs, 100 percent the same as trademarked medications but at substantially lower costs. All medications go through accredited international druggists. No inconvenient M.D. trips or existing doctor notes necessary. Encrypted transactions and 24 hour rapid shipments to homes globally. http://uk.geocities.com/gilbert_sueltenfuss/?ka=djubhm he did n't like it; kneepads but after the rememorative first surprise passed, he showed for underneath them was a monster nest, built quill bit by a colony of jackdaws in a shunt field hollow your duty to lead-lead make a mustard oil rich match. that
Delivery Status Notification (Failure)
Your message To: [EMAIL PROTECTED] Subject: Server Report Sent:Thu, 6 Oct 2005 21:53:04 -0700 did not reach the following recipient(s): [EMAIL PROTECTED] on Thu, 6 Oct 2005 22:02:11 -0700 The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address. mail.coastalintl.com #5.1.1 Reporting-MTA: dns; EXCHANGE.Coastal.local Final-Recipient: RFC822; jose@coastalintl.com Action: failed Status: 5.1.1 X-Supplementary-Info: mail.coastalintl.com #5.1.1 X-Display-Name: jose@coastalintl.com ---BeginMessage--- Title: Server Report Here are your banks documents. 5 2 5 1 B E 9 A - A D 5 1 - 4 9 1 8 - A 3 1 C - 9 B 6 0 A 3 3 6 D 1 4 1 T h e a t t a c h m e n t o f t h i s m e s s a g e h a s v i o l a t e d s e c u r i t y p o l i c y a n d h a s b e e n m a r k e d f o r d e l e t i o n b y S y m a n t e c M a i l S e c u r i t y . T h e a t t a c h m e n t h a s b e e n r e p l a c e d w i t h t h i s t e x t f i l e . Y o u m a y d e l e t e t h i s m e s s a g e a t a n y t i m e . ---End Message---
Delivery Status Notification (Failure)
Your message To: [EMAIL PROTECTED] Subject: Server Report Sent:Thu, 6 Oct 2005 21:53:04 -0700 did not reach the following recipient(s): [EMAIL PROTECTED] on Thu, 6 Oct 2005 21:58:43 -0700 The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address. mail.coastalintl.com #5.1.1 Reporting-MTA: dns; EXCHANGE.Coastal.local Final-Recipient: RFC822; jose@coastalintl.com Action: failed Status: 5.1.1 X-Supplementary-Info: mail.coastalintl.com #5.1.1 X-Display-Name: jose@coastalintl.com ---BeginMessage--- Title: Server Report Here are your banks documents. 5 2 5 1 B E 9 A - A D 5 1 - 4 9 1 8 - A 3 1 C - 9 B 6 0 A 3 3 6 D 1 4 1 T h e a t t a c h m e n t o f t h i s m e s s a g e h a s v i o l a t e d s e c u r i t y p o l i c y a n d h a s b e e n m a r k e d f o r d e l e t i o n b y S y m a n t e c M a i l S e c u r i t y . T h e a t t a c h m e n t h a s b e e n r e p l a c e d w i t h t h i s t e x t f i l e . Y o u m a y d e l e t e t h i s m e s s a g e a t a n y t i m e . ---End Message---
RE: [EMAIL PROTECTED]: Handbook for bloggers and cyber-dissidents]
There's also some very nice advice for nontechnical people about things like Mixmaster, checking IP addresses, and how to DO a lot of stuff making use of the tools that are out there. It's a great little book. Oh yeah...I think Gilmore wrote a section in it. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Handbook for bloggers and cyber-dissidents] Date: Thu, 6 Oct 2005 08:28:06 +0200 - Forwarded message from Thomas Sj?gren [EMAIL PROTECTED] - From: Thomas Sj?gren [EMAIL PROTECTED] Date: Wed, 5 Oct 2005 23:20:14 +0200 To: [EMAIL PROTECTED] Subject: Handbook for bloggers and cyber-dissidents User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] Reporters Without Borders (Reporters sans fronti?res, RSF) has released a Handbook for bloggers and cyber-dissidents: http://www.rsf.org/rubrique.php3?id_rubrique=542 Topics include: How to blog anonymously Technical ways to get around censorship Ensuring your e-mail is truly private Internet-censor world championship From the chapter How to blog anonymously: Step five - Onion Routing through Tor [...] Given the complexity of the technology, Sarah is pleasantly surprised to discover how easy it is to install Tor, an onion routing system. She downloads an installer which installs Tor on her system, then downloads and installs Privoxy, a proxy that works with Tor and has the pleasant side benefit of removing most of the ads from the webpages Sarah views. After installing the software and restarting her machine, Sarah checks noreply.org and discovers that she is, in fact, successfully cloaked by the Tor system - noreply.org thinks shes logging on from Harvard University. She reloads, and now noreply thinks shes in Germany. From this she concludes that Tor is changing her identity from request to request, helping to protect her privacy. This has some odd consequences. When she uses Google through Tor, it keeps switching language on her. One search, its in English - another, Japanese. Then German, Danish and Dutch, all in the course of a few minutes. Sarah welcomes the opportunity to learn some new languages, but shes concerned about some other consequences. Sarah likes to contribute to Wikipedia, but discovers that Wikipedia blocks her attempts to edit articles when shes using Tor. Tor also seems to have some of the same problems Sarah was having with other proxies. Her surfing slows down quite a bit, as compared to surfing the web without a proxy - she finds that she ends up using Tor only when shes accessing sensitive content or posting to her blog. And shes once again tied to her home computer, since she cant install Tor on a public machine very easily. Most worrisome, though, she discovers that Tor sometimes stops working. Evidently, her ISP is starting to block some Tor routers - when Tor tries to use a blocked router, she can wait for minutes at a time, but doesnt get the webpage shes requested. -- - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
[EMAIL PROTECTED]: [IP] more on USG RFI for metrics on the 'terror war']
- Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Tue, 4 Oct 2005 18:19:18 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] more on USG RFI for metrics on the 'terror war' X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Lee Tien [EMAIL PROTECTED] Date: October 4, 2005 5:47:42 PM EDT To: [EMAIL PROTECTED] Subject: Re: [IP] more on USG RFI for metrics on the 'terror war' I'm sure the military folks on the list can suggest better sources. Arreguin-Toft, Ivan. How the Weak Win Wars: A Theory of Asymmetric Warfare. International Security, vol. 26, no. 1, Summer 2001, pp. 93-128. Paul, T. V. Asymmetric Conflicts: War Initiation by Weaker Powers. Cambridge, MA: Cambridge University Press, 1994. Miles, Franklin B. Asymmetrical Warfare: An Historical Perspective. Carlisle Barracks, PA: Army War College, 1999. See generally http://www.comw.org/rma/fulltext/asymmetric.html Lee At 5:25 PM -0400 10/4/05, David Farber wrote: Begin forwarded message: From: Robert C. Atkinson [EMAIL PROTECTED] Date: October 4, 2005 4:32:01 PM EDT To: [EMAIL PROTECTED] Subject: Re: [IP] USG RFI for metrics on the 'terror war' Regarding the statement that: the continuing belief that a conventional high- tech army can defeat a low-tech insurgency (something that has not happened in Western history to my knowledge)... Things aren't quite that bad: there have been successes such as -the British and then US pacification of North America (the United States and Canada) and the whole western hemisphere for that matter) -the British pacification of South Africa, Australia and New Zealand -the United States in the Philippine Insurrection at turn of the 20th century -British suppression of insurgents in Malaya after WWII? -British suppression of the Mau Mau in Kenya in the 1950s -British suppression of the IRA in Northern Ireland And in Western history Rome's high tech army (for its time) defeated insurgencies throughout the centuries of the Roman Empire. There are probably plenty of other examples that historians can offer. In this day and age, the important thing is to understand why high tech armies sometimes lose to low-tech insurgencies? My guess is that the willingness of the high-tech army's homefront to sustain the cost and horror of a long, drawn-out counter- insurgency (including periodic tactical defeats such as Tet in the Vietnam) is a very important factor in the longterm success or failure of the high-tech army. Thanks Bob David Farber wrote: Begin forwarded message: From: Richard Forno rforno@infowarrior.org Date: October 4, 2005 2:45:23 PM EDT To: Infowarrior List infowarrior@g2-forward.org Cc: Dave Farber [EMAIL PROTECTED] Subject: USG RFI for metrics on the 'terror war' While I'm all for knowing how to measure one's effectiveness, I fear that such metrics will be nothing more than a rehash of Vietnam-era body count tallies as the measure of success in the 'war' to make juicy and positive-sounding quotes for the current iteration of the Five O'Clock Follies. This, coupled with the continuing belief that a conventional high- tech army can defeat a low-tech insurgency (something that has not happened in Western history to my knowledge) only reinforces my sense that the USG is not learning from history but rather repeating it. The fact that a contractor is being asked to develop these metrics speaks volumes, IMHO. You'd think this would be something they'd have come up with BEFORE launching into the 'war' on terror, right? -rick snip The Contractor shall develop, in conjunction with the Joint Staff, OSD, Combatant and Unified Commands, Services and designated Agencies (stakeholders) a system of metrics to accurately assess US progress in the War on Terrorism, identify critical issues hindering progress and develop and track action plans to resolve the issues identified. In this effort, the contractor shall work as an independent contractor not subject to the supervision and control of the Government. All deliverables become the property of the US Government. Source document: http://blogs.washingtonpost.com/earlywarning/files/ WarOnTerrorismMetrics.doc - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/ interesting-people/ - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting- people/ - You are subscribed as [EMAIL PROTECTED] To
Int'l Punctual Courier.
provides a wide selection of famous maker brands. Keep track of your purchase with our store's internet-based tracking. Solid, authentic reproduction timepieces. 25+ major labels, 1500+ designs to choose from. Timely delivery worldwide, 7-13 days when utilizing Express Mail Service (EMS). http://uk.geocities.com/tim_knall111/?csl=ai phyllotactical the scarecrow oversilent went in and found the little man sitting down by the simplexity starving! sedition and where emersions she was comfortably reading endobronchitis a novel
Re: Reynold debatable
Hello, Do you wan d less On ddications? t to spen your Me It's so easy! - More Detailed informattion AmCiVaViLeXa bbiialaliiagvviana enis$um$ra$trax 1.213.753.33 And many other Have a nice day
The President appoints Ham Sandwich and Reid bites [EMAIL PROTECTED]
DO WE PUT UP A FIGHT NOW? ... NOW DO WE PUT UP A FIGHT? We told you how critical it was for us to oppose John Roberts with every fiber of our being and many thousands of you did. We warned you that allowing the stealth candidate Roberts to pass without proper scrutiny would only EMBOLDEN Bush to put forward an even more inscrutable personal crony next. And did we get that one RIGHT! The nomination of someone as unqualified as Brownie to replace Sandra Day O'Connor was greeted with a universal chorus of catcalls and derision from just about every corner of the media. But it is not enough for us to reject this sad excuse for a lifetime appointment, we must ALSO demand a true moderate for this next vacancy. TAKE ACTION NOW AT http://www.trotn.com/miers.htm In a Republican controlled Congress that would rubberstamp a ham sandwich if the president sent one down, this one may prove to be just too hard to swallow even for them. Indeed, some commentators believe this nomination was intended to be SO objectionable that even in its defeat it would force the goal posts even further into far right field. It's not only time for a filibuster, it's time to KEEP ON filibustering until we, the American people, get what we truly deserve, a qualified MODERATE who will rule fairly for us all. And we must make it starkly plain to our representatives that their continued cowardice will cost them their own jobs and very soon. http://www.trotn.com/miers.htm This one click action page will also send your personal message to both your senators, plus a letter to your nearest daily newspaper at the same time if you like. The Miers nomination is a non-starter. And as for Harry Reid, we've had it with his non leadership as well. Strike one was the craven filibuster compromise he gave his blessing to. Strike two was allowing the ideologue Roberts to waltz through without so much as a serious challenge. And strike three was talking as if such a dedicated Bush crony as Miers even deserved a hearing. Reid has got to go. AND WHILE WE'RE AT IT, WE'VE GOT A WAR TO STOP What we will do is continue to speak out, LOUDER and in even greater numbers, because in the process of speaking out, we are ALSO organizing ourselves into the numbers to win the elections of the future. We just saw the largest antiwar demonstrations since the war and endless occupation in Iraq started. Meanwhile we are breeding so much hatred in the Muslim world with every senseless killing, every additional day we remain it will get worse. What we must do is to speak out to our members of Congress as their personal constituents. There are many of them who are having doubts. We need to tell them the insanity must stop NOW. TAKE ACTION NOW AT http://www.trotn.com/troopshome.htm The one click action page above has now been fully dedicated to the message, Support our troops, bring them home now. There were 250,000 people who TRAVELED to Washington, D.C. to march in person. Can we not get four times that many to make a toll-free phone call or click a mouse one time? We can stop the war years from now, after an order of magnitude more death, horror and destruction. Or we can stop it RIGHT NOW, if only we speak out in sufficient numbers. They can't put a smiley face on this one. http://www.trotn.com/troopshome.htm The majority of the American people now realize the invasion was a terrible and tragic mistake. They are beginning to realize that they have been lied to about the most sacred matter a nation can contemplate, the necessity to go to war. And they are waiting for you to reach out to them, to show them how easy it is to express their opinion directly to their members of Congress, or submit a letter to their nearest daily newspaper using the one click action page, and to mobilize them as you are even now mobilized. or to get no more simply email to [EMAIL PROTECTED]
Re: Surreptitious Tor Messages?
cyphrpunk wrote: On 10/3/05, Tyler Durden [EMAIL PROTECTED] wrote: Can anyone suggest a tool for checking to see if my Tor client is performing any surreptitious signaling? The Tor protocol is complicated and most of the data is encrypted. You're not going to be able to see what's happening there. tinfoil_hat What about a trojan that phones home directly, then phones home when the Tor tunnel is set up, giving its owner a correlation between your True IP and Tor IP? Useful, in a black-hatted way? /tinfoil_hat -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
Re: Just to make your life more paranoid:) Re: Surreptitious Tor Messages?
Steve Furlong wrote... The noisy protocol has the added benefit of causing the network cable to emit lots of radiation, frying the brains of TOR users. The only defense is a hat made of flexible metal. More than that, I'd bet they engineered that noise to stimulate the very parts of the brain responsible for Wikipedia entries... -TD
RE: Fed up of Suffering for nothing
Interesting medical tip - the super pi11 will help you F'I.O^R_I'C.E,T40 m-g 30 PillS 99.00 60 PillS 189.95 90 PillS 239.00 Comparison Report : http://cankerworm.c.rxmegastoremedical.com Same Day Shipping N..V..R- http://cankerworm.rxmegastoremedical.com/goaway.php
What's Your Opinion? Take This New Survey About Home Furnishing
Title: Join this survey Planet Pulse cordially invites Malaysians to take this Survey about home furnishing. (Untuk membaca email ini dalam Bahasa Malaysia, tekan disini . To read this in Chinese click here.) You are invited to participate in the Survey #50. It will take you about 20 minutes to complete. If you complete it, you will earn USD2.00 (200 Pulses). To participate: 1. Go to: http://www.planet-pulse.com/sur/54.asp (If you cannot access the link above, copy and paste it or type it into your browser) 2. Sign in using a valid E-Mail address 3. You can take the survey in English, Chinese or Bahasa Malaysia. IMPORTANT NOTICE: This survey will be closed on 7 October 2005. However, once the required number of completed survey is obtained, this survey will be CLOSED immediately. We strongly advise you take this survey NOW. Take the survey now and make it Count! If you have any problems or questions, please respond to this email. Enter Survey #50 in the subject line. Kind regards, Planet Pulse Unsubscribe To Unsubscribe, reply to this email and type "Unsubscribe" on the Subject line.
Delivery Notification: Delivery has failed
This report relates to a message you sent with the following header fields: Message-id: [EMAIL PROTECTED] Date: Mon, 03 Oct 2005 20:39:26 -0400 From: cypherpunks@minder.net To: [EMAIL PROTECTED] Subject: Returned mail: see transcript for details Your message cannot be delivered to the following recipients: Recipient address: [EMAIL PROTECTED] Original address: [EMAIL PROTECTED] Reason: Over quota Reporting-MTA: dns;msg3s.netvision.net.il (ims-ms-daemon) Original-recipient: rfc822;jemm@netvision.net Final-recipient: rfc822;jemm@netvision.net Action: failed Status: 5.2.2 (Over quota) Return-path: cypherpunks@minder.net Received: from ims-ms-daemon.msg3s.netvision.net.il by msg3s.netvision.net.il (Sun Java System Messaging Server 6.1 HotFix 0.11 (built Jan 28 2005)) id [EMAIL PROTECTED]; Tue, 04 Oct 2005 03:43:04 +0300 (IDT) Received: from mxin1.netvision.net.il ([194.90.9.17]) by msg3s.netvision.net.il (Sun Java System Messaging Server 6.1 HotFix 0.11 (built Jan 28 2005)) with ESMTP id [EMAIL PROTECTED]; Tue, 04 Oct 2005 03:43:04 +0300 (IDT) Received: from minder.net ([216.75.71.34]) by mxin1.netvision.net.il (Sun Java System Messaging Server 6.1 HotFix 0.11 (built Jan 28 2005)) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED] (ORCPT [EMAIL PROTECTED]); Tue, 04 Oct 2005 03:43:04 +0300 (IDT) Date: Mon, 03 Oct 2005 20:39:26 -0400 From: cypherpunks@minder.net Subject: Returned mail: see transcript for details To: [EMAIL PROTECTED] Message-id: [EMAIL PROTECTED] MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600. X-Mailer: Microsoft Outlook Express 6.00.2600. Content-type: TEXT/PLAIN Content-transfer-encoding: QUOTED-PRINTABLE X-Priority: 3 X-MSMail-priority: Normal
[EMAIL PROTECTED]: [IP] Italy requires logging of personal info at cybercafes]
- Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Tue, 4 Oct 2005 08:54:46 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] Italy requires logging of personal info at cybercafes X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Brett Glass [EMAIL PROTECTED] Date: October 4, 2005 2:25:50 AM EDT To: [EMAIL PROTECTED] Subject: For IP: Italy requires logging of personal info at cybercafes Want to check your e-mail in Italy? Bring your passport. An antiterror law makes Internet cafe managers check their clients' IDs and track the websites they visit. By Sofia Celeste | Contributor to The Christian Science Monitor ROME - Looking out over the cobblestone streets of Rome's Borgo Pio neighborhood, Maurizio Savoni says he's closing his Internet cafe because he doesn't want to be a cop anymore. After Italy passed a new antiterrorism package in July, authorities ordered managers offering public communications services, like Mr. Savoni,to make passport photocopies of every customer seeking to use the Internet, phone, or fax. This new law creates a heavy atmosphere, says Savoni, his desk cluttered with passport photocopies. He is visibly irritated, as he proceeds to halt clients at the door for their ID. Passed within weeks of the London bombings this summer, the law is part of the most extensive antiterror package introduced in Italy since 9/11 and the country's subsequent support of the Iraq war. Though the legislation also includes measures to heighten transportation security, permit DNA collection, and facilitate the detention or deportation of suspects, average Italians are feeling its effect mainly in Internet cafes. But while Italy has a healthy protest culture, no major opposition to the law has emerged. Before the law was passed, Savoni's clients were anonymous to him. Now they must be identified by first and last name. He must also document which computer they use, as well as their log-in and log-out times. Like other owners of Internet cafes, Savoni had to obtain a new public communications business license, and purchase tracking software that costs up to $1,600. The software saves a list of all sites visited by clients, and Internet cafe operators must periodically turn this list into their local police headquarters. After 9/11, Madrid, and London, we all have to do our utmost best to fight terrorism, says a government official who asked not to be named. Italy claims that its new stance on security led to the arrest of Hussein Osman, also known as Hamdi Issac - one of the men behind the failed bombing of the London underground July 21. Hamdi was well known to our security people and had relatives here with whom he communicated, in some form, says the government official in an e-mail interview. But Silvia Malesa, a young Internet cafe owner in the coastal village of Olbia, Sardinia, remains unconvinced. This is a waste of time, says Ms. Malesa in a telephone interview. Terrorists don't come to Internet cafes. And now, would-be customers aren't coming either, say Savoni and Malesa. Since the law was enacted, Savoni has seen an estimated 10 percent drop in business. So many people who come in here ask 'why?' and then they just leave, Savoni says. Most tourists who wander in from the streets, he explains, leave their passports at home or are discouraged when asked to sign a security disclaimer. Savoni says the new law violates his privacy, comparing it to America's antiterrorism law that allows authorities to monitor Internet use without notifying the person in question. It is a control system like America's Patriot Act, he says. Groups like the American Civil Liberties Union have criticized the Patriot Act because it permits the government to ask libraries for a list of books someone has borrowed or the websites they have visited. Under Italy's new antiterror legislation, only those who are on a black list for terrorist connections are in danger of having their e- mails read, according to the government official. Interior Minister Giuseppe Pisanu has declared Italy will stop at nothing to fight terror. I will continue to prioritize action to monitor the length and breadth of the country, without ever underestimating reasonably reliable reports of specific threats, said Mr. Pisanu in a Sept. 29 interview with Finmeccanica Magazine. Pisanu has also called for developing sophisticated technology to combat terror on Italian soil. There is no doubt that, to achieve maximum efficiency, we need the support of the best technological applications, Pisanu affirmed. As a result, Pisanu has formed the Strategic Anti-terrorism Analysis Committee, which aims to examine and take action against all terror threats. Due to new measures, more than 25 Islamic extremists were arrested on Italian soil in 2005,
RE: [EMAIL PROTECTED]: [IP] Italy requires logging of personal info at cybercafes]
Well, the great thing about the Italians is that you can bet in large parts of Italy the law is already routinely ignored. 6 months from now it will be forgotten. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [IP] Italy requires logging of personal info at cybercafes] Date: Tue, 4 Oct 2005 15:20:15 +0200 - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Tue, 4 Oct 2005 08:54:46 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] Italy requires logging of personal info at cybercafes X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Brett Glass [EMAIL PROTECTED] Date: October 4, 2005 2:25:50 AM EDT To: [EMAIL PROTECTED] Subject: For IP: Italy requires logging of personal info at cybercafes Want to check your e-mail in Italy? Bring your passport. An antiterror law makes Internet cafe managers check their clients' IDs and track the websites they visit. By Sofia Celeste | Contributor to The Christian Science Monitor ROME - Looking out over the cobblestone streets of Rome's Borgo Pio neighborhood, Maurizio Savoni says he's closing his Internet cafe because he doesn't want to be a cop anymore. After Italy passed a new antiterrorism package in July, authorities ordered managers offering public communications services, like Mr. Savoni,to make passport photocopies of every customer seeking to use the Internet, phone, or fax. This new law creates a heavy atmosphere, says Savoni, his desk cluttered with passport photocopies. He is visibly irritated, as he proceeds to halt clients at the door for their ID. Passed within weeks of the London bombings this summer, the law is part of the most extensive antiterror package introduced in Italy since 9/11 and the country's subsequent support of the Iraq war. Though the legislation also includes measures to heighten transportation security, permit DNA collection, and facilitate the detention or deportation of suspects, average Italians are feeling its effect mainly in Internet cafes. But while Italy has a healthy protest culture, no major opposition to the law has emerged. Before the law was passed, Savoni's clients were anonymous to him. Now they must be identified by first and last name. He must also document which computer they use, as well as their log-in and log-out times. Like other owners of Internet cafes, Savoni had to obtain a new public communications business license, and purchase tracking software that costs up to $1,600. The software saves a list of all sites visited by clients, and Internet cafe operators must periodically turn this list into their local police headquarters. After 9/11, Madrid, and London, we all have to do our utmost best to fight terrorism, says a government official who asked not to be named. Italy claims that its new stance on security led to the arrest of Hussein Osman, also known as Hamdi Issac - one of the men behind the failed bombing of the London underground July 21. Hamdi was well known to our security people and had relatives here with whom he communicated, in some form, says the government official in an e-mail interview. But Silvia Malesa, a young Internet cafe owner in the coastal village of Olbia, Sardinia, remains unconvinced. This is a waste of time, says Ms. Malesa in a telephone interview. Terrorists don't come to Internet cafes. And now, would-be customers aren't coming either, say Savoni and Malesa. Since the law was enacted, Savoni has seen an estimated 10 percent drop in business. So many people who come in here ask 'why?' and then they just leave, Savoni says. Most tourists who wander in from the streets, he explains, leave their passports at home or are discouraged when asked to sign a security disclaimer. Savoni says the new law violates his privacy, comparing it to America's antiterrorism law that allows authorities to monitor Internet use without notifying the person in question. It is a control system like America's Patriot Act, he says. Groups like the American Civil Liberties Union have criticized the Patriot Act because it permits the government to ask libraries for a list of books someone has borrowed or the websites they have visited. Under Italy's new antiterror legislation, only those who are on a black list for terrorist connections are in danger of having their e- mails read, according to the government official. Interior Minister Giuseppe Pisanu has declared Italy will stop at nothing to fight terror. I will continue to prioritize action to monitor the length and breadth of the country, without ever underestimating reasonably reliable reports of specific threats, said Mr. Pisanu in a Sept. 29 interview with Finmeccanica Magazine. Pisanu has also called for developing sophisticated technology to combat terror on Italian soil. There is no doubt that, to achieve maximum efficiency, we need the support of the best technological
Re: Venona not all decrypted?
At 16:20 2005-10-03 -0400, R.A. Hettinga wrote: I just heard that the Venona intercepts haven't all been decrypted, and that the reason for that was there wasn't enough budget to do so. Is that not enough budget to apply the one-time pads they already have, or is that the once-and-futile exercise of decrypting ciphertext with no one-time pad to go with it? Here's my understanding of how Venona worked, and why budget would be a problem. I could be completely off base, though. The OTPs were only very occasionally misused, by being used more than once. So the breaks occurred when two separate messages, or possibly fragments of messages, were combined in such a way as to cancel out the OTP, then the resulting running-key cipher was solved to yield the two messages. I don't think that the NSA had access to the pads themselves, except after having recovered the messages (and hence the pad for those messages). So there really isn't likelihood that that pad would be reused even more times. To detect that a pad has been reused, you basically have to line up two ciphertexts at the right places, combine them appropriately, and run a statistical test on the result to see if it shows significant bias. This is an O(n^2.m) problem, where n is the number of units to be tested (maybe whole messages, maybe pages of OTP, maybe at the character level? Who knows?) and m represents enough text to reliably detect a collision. There was a very large amount of intercepted data, and it's presumably all stored on tapes somewhere, so that n^2 factor probably involves actually mounting tapes and stuff. But in a way, you're right; it should, with today's technology, be possible to just read all the tapes once onto a big RAID, and set the cluster to work for a year or two. Greg. Greg RoseINTERNET: [EMAIL PROTECTED] Qualcomm Incorporated VOICE: +1-858-651-5733 FAX: +1-858-651-5766 5775 Morehouse Drivehttp://people.qualcomm.com/ggr/ San Diego, CA 92121 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
KMSI Fall Newsletter
Title: KMSI Fall Newsletter KMSI Fall NewsletterDear list member, ,Welcome to our October addition of the KMSI Newsletter. We have enjoyed extreme success over the last year with many new customers, both Fortune 500, as well as medium and small companies. We are pleased to send you the following updates on what we are doing. As always we would be pleased to spend a few moments with you to explore our platform and services in greater detail. If you can share your needs, you will see that we have a solution that will meet your needs. Feel Free to contact us at any time.An eLearning Platform For YOUR CUSTOMERS!!Who would have ever thought that you would be able to share eLearning with your entire customer base? With user fees, and uploading fees it never seemed to be possible. However with KMx, since there are no User Fees, No upload Fees, no maintenance Fees, no upgrade Fees, in fact no other fees than the license fee, it is now possible and easily accomplished. Yes, since we do not have user fees, you can invite ALL of your customers to take eLearning, Yes, you can invite prospective customers to take eLearning from you. Before you even ask, YES, you could invite the entire world to use your KMx platform to take any web based materials you wanted to make available to them! KMx is a fully functional LMS allowing your staff to take existing eLearning modules and make them available, or to take instructor-led materials and convert them into e-learning quickly, easily, and inexpensively, with no special skills required. Or allow your staff to create NEW e-learning courses just as quickly and easily. Additionally your staff can easily and quickly deliver live courses online (synchronous), or create and deliver eBooks from technical documents, procedures, job aids, etc. You can make this important information available on line easily! KMx contains an LMS (Learning Management System) an LCMS (Learning Content Management System) , the synchronous delivery tool, and eLearning development tool, plus a number of wizards to assist you in the content creation. This is clearly the lowest-cost, easiest-to-use system in the eLearning space today, and yet is one of the most powerful platforms on the market today. I would encourage you to take a no-cost virtual demonstration, if for no other reason than to see the latest advances in eLearning! Call Christina Ferreri at 610-779-4252, or email her at [EMAIL PROTECTED] to schedule a demonstration at a convenient date and time. So what would you like to share with your customers? Or your prospective customers? Now the cost to deliver that material is no longer a hindrance. Click here for more infoPartnership ProgramOver the last several months Knowledge Management Solutions, Inc. has strengthened our service offerings to provide our clients industry leading learning solutions. KMSI provides training development, instructional content conversion and other specialty and implementation services through a network of highly qualified partners and resellers. Each of our partners has been specifically selected because of their expertise, breadth of service offering and industry experience. “Our partnerships will provide our current clients with the best possible combination of technology and services available in the learning technology marketplace. Leveraging the capabilities of our KMx platform, our partners will enable KMSI to provide our clients with the next generation in human capital management technology. Our partnership program comes at critical time for an industry that, due to recent consolidation, has caused hundreds of companies to look for new learning technology leadership.” said Jack E. Lee, President and CEO of KMSI. Our partners include Tata Interactive Systems, the global pioneer in high end eLearning solutions serving over 300 clients worldwide. Accelera, the national leading Healthcare eLearning firm that provide eLearning solutions in the healthcare and pharma industries. Further we have strengthened our partnerships with PureSafety, the recognized leader and pioneer in the development and delivery of online compliance and risk management focused training solutions and Skillsoft, the leading global provider of e-learning content and technology products for business and information technology (IT) professionals within the Global 2000. click here for more infoLearning Management Platform for Small to Medium Sized CompaniesKMSI has experienced great success with our offering known as the KMx CUT Starter (hosted) solution. KMx CUT (Corporate University Today) Starter is designed to meet the needs of smaller to medium sized company’s with a fully functional eLearning platform for a fraction of the cost of most learning management systems. Using KMx will allow your staff to take existing instructor-led materials and convert them into e-learning quickly, easily, and inexpensively, with no special skills required. Or allow your staff to
Re: Surreptitious Tor Messages?
On 10/3/05, Tyler Durden [EMAIL PROTECTED] wrote: Can anyone suggest a tool for checking to see if my Tor client is performing any surreptitious signaling? The Tor protocol is complicated and most of the data is encrypted. You're not going to be able to see what's happening there. Tor is open source. Build from source and it is highly unlikely that someone would have embedded any surreptitious code in there without it being caught. CP
Just to make your life more paranoid:) Re: Surreptitious Tor Messages?
Troll Mode on: TOR was originally developed as a result of CIA/NRL funding:) compile your own client and examine sources if you have this particular brand of paranoia(I do) change to an OS which makes this easy ... BTW running TOR makes you very visible that you are running tor even as a client.. its quite a noisy protocol Troll Mode off: :) Tyler Durden wrote: Can anyone suggest a tool for checking to see if my Tor client is performing any surreptitious signaling? Seems to me there's a couple of possibilities for a TLA or someone else to monitor Tor users. Tor clients purchased online or whatever could possibly signal a monitoring agency for when and possibly where the user is online. This would mean that at bootup, some surreptitious packets could be fired off. The problem here is that a clever TLA might be able to hide its POP behind the Tor network, so merely checking on IP addresses on outgoing packets wouldn't work. Can anyone recommend a nice little package that can be used to check for unusual packets leaving my machine through the tor client? -TD
[EMAIL PROTECTED]: Re: Hooking nym to wikipedia]
- Forwarded message from cyphrpunk [EMAIL PROTECTED] - From: cyphrpunk [EMAIL PROTECTED] Date: Tue, 4 Oct 2005 11:35:43 -0700 To: [EMAIL PROTECTED] Cc: cryptography@metzdowd.com Subject: Re: Hooking nym to wikipedia Reply-To: cyphrpunk [EMAIL PROTECTED] On 10/3/05, Jason Holt [EMAIL PROTECTED] wrote: More thoughts regarding the tokens vs. certs decision, and also multi-use: This is a good summary of the issues. With regard to turning client certs on and off: from many years of experience with anonymous and pseudonymous communication, the big usability problem is remembering which mode you are in - whether you are identified or anonymous. This relates to the technical problem of preventing data from one mode from leaking over into the other. The best solution is to use separate logins for the two modes. This prevents any technical leakage such as cookies or certificates. Separate desktop pictures and browser skins can be selected to provide constant cues about the mode. Using this method it would not be necessary to be asked on every certificate usage, so that problem with certs would not arise. (As far as the Chinese dissident using net cafes, if they are using Tor at all it might be via a USB token like the one (formerly?) available from virtualprivacymachine.com. The browser on the token can be configured to hold the cert, making it portable.) Network eavesdropping should not be a major issue for a pseudonym server. Attackers would have little to gain for all their work. The user is accessing the server via Tor so their anonymity is still protected. Any solution which waits for Wikimedia to make changes to their software will probably be long in coming. When Jimmy Wales was asked whether their software could allow logins for trusted users from otherwise blocked IPs, he didn't have any idea. The technical people are apparently in a separate part of the organization. Even if Jimmy endorsed an idea for changing Wikipedia, he would have to sell it to the technical guys, who would then have to implement and test it in their Wiki code base, then it would have to be deployed in Wikipedia (which is after all their flagship product and one which they would want to be sure not to break). Even once this happened, the problem is only solved for that one case (possibly also for other users of the Wiki code base). What about blogs or other web services that may decide to block Tor? It would be better to have a solution which does not require customization of the web service software. That approach tries to make the Tor tail wag the Internet dog. The alternative of running a pseudonym based web proxy that only lets good users pass through will avoid the need to customize web services on an individual basis, at the expense of requiring a pseudonym quality administrator who cancels nyms that misbehave. For forward secrecy, this service would expunge its records of which nyms had been active, after a day or two (long enough to make sure no complaints are going to come back). As far as the Unlinkable Serial Transactions proposal, the gist of it is to issue a new blinded token whenever one is used. That's a clever idea but it is not adequate for this situtation, because abuse information is not available until after the fact. By the time a complaint arises the miscreant will have long ago received his new blinded token and the service will have no way to stop him from continuing to use it. I could envision a complicated system whereby someone could use a token on Monday to access the net, then on Wednesday they would become eligible to exchange that token for a new one, provided that it had not been black-listed due to complaints in the interim. This adds considerable complexity, including the need to supply people with multiple initial tokens so that they could do multiple net accesses while waiting for their tokens to be eligible for exchange; the risk that exchange would often be followed immediately by use of the new token, harming unlinkability; the difficulty in fully black-listing a user who has multiple independent tokens, when each act of abuse essentially just takes one of his tokens away from him. Overall this would be too cumbersome and problematic to use for this purpose. Providing forward secrecy by having the nym-based web proxy erase its records every two days is certainly less secure than doing it by cryptographic means, but at the same time it is more secure than trusting every web service out there to take similar actions to protect its clients. Until a clean and unemcumbered technological approach is available, this looks like a reasonable compromise. CP - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100,
Re: Just to make your life more paranoid:) Re: Surreptitious Tor Messages?
On 10/4/05, gwen hastings [EMAIL PROTECTED] wrote: Troll Mode on: TOR was originally developed as a result of CIA/NRL funding:) ... BTW running TOR makes you very visible that you are running tor even as a client.. its quite a noisy protocol Well, of course that feature is built in. The NSA wants to be able to easily find anyone who's running it. The noisy protocol has the added benefit of causing the network cable to emit lots of radiation, frying the brains of TOR users. The only defense is a hat made of flexible metal. -- There are no bad teachers, only defective children.
Re: Just to make your life more paranoid:) Re: Surreptitious Tor Messages?
On Tue, 4 Oct 2005, Steve Furlong wrote: On 10/4/05, gwen hastings [EMAIL PROTECTED] wrote: Troll Mode on: TOR was originally developed as a result of CIA/NRL funding:) ... BTW running TOR makes you very visible that you are running tor even as a client.. its quite a noisy protocol Well, of course that feature is built in. The NSA wants to be able to easily find anyone who's running it. The noisy protocol has the added benefit of causing the network cable to emit lots of radiation, frying the brains of TOR users. The only defense is a hat made of flexible metal. Don't do it! That acts as an antenna and only increases the damage! -- Invoking the supernatural can explain anything, and hence explains nothing. - University of Utah bioengineering professor Gregory Clark
Affordable replica wristwatches, famous maker producers, many models.
Pamper yourself with our quality watch that is on super sales. Right e-seller for superb reproduction! Our Taag Heuer or Chopaard look fabulous on your wrist. Each details such as model number and logo are included. Our time-jewelry is full stainless steel not coated. Blue sapphire crystal surface is for durability lasting quality. http://uk.geocities.com/raphael_wloch/?evd=bb no sooner had she announced the name, the sheep breeding three cakes, literatures when, semitruth room? siphonless saturday-night frolic, hugeousness backyards as mother bhaer kissed
Re: Just to make your life more paranoid:) Re: Surreptitious Tor Messages?
Steve Furlong wrote... The noisy protocol has the added benefit of causing the network cable to emit lots of radiation, frying the brains of TOR users. The only defense is a hat made of flexible metal. More than that, I'd bet they engineered that noise to stimulate the very parts of the brain responsible for Wikipedia entries... -TD
Re: Surreptitious Tor Messages?
cyphrpunk wrote: On 10/3/05, Tyler Durden [EMAIL PROTECTED] wrote: Can anyone suggest a tool for checking to see if my Tor client is performing any surreptitious signaling? The Tor protocol is complicated and most of the data is encrypted. You're not going to be able to see what's happening there. tinfoil_hat What about a trojan that phones home directly, then phones home when the Tor tunnel is set up, giving its owner a correlation between your True IP and Tor IP? Useful, in a black-hatted way? /tinfoil_hat -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not It's just this little chromium switch, here. - TFT SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
Venona not all decrypted?
-BEGIN PGP SIGNED MESSAGE- I just heard that the Venona intercepts haven't all been decrypted, and that the reason for that was there wasn't enough budget to do so. Is that not enough budget to apply the one-time pads they already have, or is that the once-and-futile exercise of decrypting ciphertext with no one-time pad to go with it? Cheers, RAH -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ0GSo8UCGwxmWcHhAQEPmQf9H03En5RvvUKqjtjHGvhSnUvPx5sUk2OV FCqYs/3hLv2NxWeK63/zxwOv2cyQ4H0XRCi3+rV1NCcScecLSYYudQ+64ZqMFXju ywPzSVUcZwPFYeYiz2ddpUTdadWCLexeKvhjN2hlFs4jUbEsguzjbOHC22yWUo2k IeC5+E4TM2sKEz22KKpPtGPFuZENoTgHGoRvQRgFRaR6wTjeOgs0dIBNOXf7VXVQ hrzCBmompgO25qRKDKETF28b2vtaVNeUeMUyPKAwyd0ivqqg4DX2YAqanOdmyOfe JzsbFW6I43jxvT+jcxOI3AlOu+KujXSUAu1OxXUTVfXvRsjF7oDTWw== =1U1P -END PGP SIGNATURE- -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Surreptitious Tor Messages?
Can anyone suggest a tool for checking to see if my Tor client is performing any surreptitious signaling? Seems to me there's a couple of possibilities for a TLA or someone else to monitor Tor users. Tor clients purchased online or whatever could possibly signal a monitoring agency for when and possibly where the user is online. This would mean that at bootup, some surreptitious packets could be fired off. The problem here is that a clever TLA might be able to hide its POP behind the Tor network, so merely checking on IP addresses on outgoing packets wouldn't work. Can anyone recommend a nice little package that can be used to check for unusual packets leaving my machine through the tor client? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: nym-0.2 released (fwd)] Date: Mon, 3 Oct 2005 15:57:42 +0200 - Forwarded message from Jason Holt [EMAIL PROTECTED] - From: Jason Holt [EMAIL PROTECTED] Date: Sun, 2 Oct 2005 22:23:50 + (UTC) To: cyphrpunk [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], cryptography@metzdowd.com Subject: Re: nym-0.2 released (fwd) Reply-To: [EMAIL PROTECTED] On Sun, 2 Oct 2005, cyphrpunk wrote: 1. Limting token requests by IP doesn't work in today's internet. Most Hopeless negativism. I limit by IP because that's what Wikipedia is already doing. Sure, hashcash would be easy to add, and I looked into it just last night. Of course, as several have observed, hashcash also leads to whack-a-mole problems, and the abuser doesn't even have to be savvy enough to change IPs. Why aren't digital credential systems more widespread? As has been suggested here and elsewhere at great length, it takes too much infrastructure. It's too easy when writing a security paper to call swaths of CAs into existance with the stroke of the pen. To assume that any moment now, people will start carrying around digital driver's licenses and social security cards (issued in the researcher's pet format), which they'll be happy to show the local library in exchange for a digital library card. That's why I'm so optimistic about nym. A reasonable number of Tor users, a technically inclined group of people on average, want to access a single major site. That site isn't selling ICBMs; they mostly want people to have access anyway. They have an imperfect rationing system based on IPs. The resource is cheap, the policy is simple, and the user needs to conceal a single attribute about herself. There's a simple mathematical solution that yields certificates which are already supported by existing software. That, my friend, is a problem we can solve. I suggest a proof of work system a la hashcash. You don't have to use that directly, just require the token request to be accompanied by a value whose sha1 hash starts with say 32 bits of zeros (and record those to avoid reuse). I like the idea of requiring combinations of scarce resources. It's definitely on the wishlist for future releases. Captchas could be integrated as well. 2. The token reuse detection in signcert.cgi is flawed. Leading zeros can be added to r which will cause it to miss the saved value in the database, while still producing the same rbinary value and so allowing a token to be reused arbitrarily many times. Thanks for pointing that out! Shouldn't be hard to fix. 3. signer.cgi attempts to test that the value being signed is 2^512. This test is ineffective because the client is blinding his values. He can get a signature on, say, the value 2, and you can't stop him. 4. Your token construction, sign(sha1(r)), is weak. sha1(r) is only 160 bits which could allow a smooth-value attack. This involves getting signatures on all the small primes up to some limit k, then looking for an r such that sha1(r) factors over those small primes (i.e. is k-smooth). For k = 2^14 this requires getting less than 2000 signatures on small primes, and then approximately one in 2^40 160-bit values will be smooth. With a few thousand more signatures the work value drops even lower. Oh, I think I see. The k-smooth sha1(r) values then become bonus tokens, so we use a large enough h() that the result is too hard to factor (or, I suppose we could make the client present properly PKCS padded preimages). I'll do some more reading, but I think that makes sense. Thanks! -J - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Just to make your life more paranoid:) Re: Surreptitious Tor Messages?
On Tue, 4 Oct 2005, Steve Furlong wrote: On 10/4/05, gwen hastings [EMAIL PROTECTED] wrote: Troll Mode on: TOR was originally developed as a result of CIA/NRL funding:) ... BTW running TOR makes you very visible that you are running tor even as a client.. its quite a noisy protocol Well, of course that feature is built in. The NSA wants to be able to easily find anyone who's running it. The noisy protocol has the added benefit of causing the network cable to emit lots of radiation, frying the brains of TOR users. The only defense is a hat made of flexible metal. Don't do it! That acts as an antenna and only increases the damage! -- Invoking the supernatural can explain anything, and hence explains nothing. - University of Utah bioengineering professor Gregory Clark
RE: [EMAIL PROTECTED]: [IP] Italy requires logging of personal info at cybercafes]
Well, the great thing about the Italians is that you can bet in large parts of Italy the law is already routinely ignored. 6 months from now it will be forgotten. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [IP] Italy requires logging of personal info at cybercafes] Date: Tue, 4 Oct 2005 15:20:15 +0200 - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Tue, 4 Oct 2005 08:54:46 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] Italy requires logging of personal info at cybercafes X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Brett Glass [EMAIL PROTECTED] Date: October 4, 2005 2:25:50 AM EDT To: [EMAIL PROTECTED] Subject: For IP: Italy requires logging of personal info at cybercafes Want to check your e-mail in Italy? Bring your passport. An antiterror law makes Internet cafe managers check their clients' IDs and track the websites they visit. By Sofia Celeste | Contributor to The Christian Science Monitor ROME - Looking out over the cobblestone streets of Rome's Borgo Pio neighborhood, Maurizio Savoni says he's closing his Internet cafe because he doesn't want to be a cop anymore. After Italy passed a new antiterrorism package in July, authorities ordered managers offering public communications services, like Mr. Savoni,to make passport photocopies of every customer seeking to use the Internet, phone, or fax. This new law creates a heavy atmosphere, says Savoni, his desk cluttered with passport photocopies. He is visibly irritated, as he proceeds to halt clients at the door for their ID. Passed within weeks of the London bombings this summer, the law is part of the most extensive antiterror package introduced in Italy since 9/11 and the country's subsequent support of the Iraq war. Though the legislation also includes measures to heighten transportation security, permit DNA collection, and facilitate the detention or deportation of suspects, average Italians are feeling its effect mainly in Internet cafes. But while Italy has a healthy protest culture, no major opposition to the law has emerged. Before the law was passed, Savoni's clients were anonymous to him. Now they must be identified by first and last name. He must also document which computer they use, as well as their log-in and log-out times. Like other owners of Internet cafes, Savoni had to obtain a new public communications business license, and purchase tracking software that costs up to $1,600. The software saves a list of all sites visited by clients, and Internet cafe operators must periodically turn this list into their local police headquarters. After 9/11, Madrid, and London, we all have to do our utmost best to fight terrorism, says a government official who asked not to be named. Italy claims that its new stance on security led to the arrest of Hussein Osman, also known as Hamdi Issac - one of the men behind the failed bombing of the London underground July 21. Hamdi was well known to our security people and had relatives here with whom he communicated, in some form, says the government official in an e-mail interview. But Silvia Malesa, a young Internet cafe owner in the coastal village of Olbia, Sardinia, remains unconvinced. This is a waste of time, says Ms. Malesa in a telephone interview. Terrorists don't come to Internet cafes. And now, would-be customers aren't coming either, say Savoni and Malesa. Since the law was enacted, Savoni has seen an estimated 10 percent drop in business. So many people who come in here ask 'why?' and then they just leave, Savoni says. Most tourists who wander in from the streets, he explains, leave their passports at home or are discouraged when asked to sign a security disclaimer. Savoni says the new law violates his privacy, comparing it to America's antiterrorism law that allows authorities to monitor Internet use without notifying the person in question. It is a control system like America's Patriot Act, he says. Groups like the American Civil Liberties Union have criticized the Patriot Act because it permits the government to ask libraries for a list of books someone has borrowed or the websites they have visited. Under Italy's new antiterror legislation, only those who are on a black list for terrorist connections are in danger of having their e- mails read, according to the government official. Interior Minister Giuseppe Pisanu has declared Italy will stop at nothing to fight terror. I will continue to prioritize action to monitor the length and breadth of the country, without ever underestimating reasonably reliable reports of specific threats, said Mr. Pisanu in a Sept. 29 interview with Finmeccanica Magazine. Pisanu has also called for developing sophisticated technology to combat terror on Italian soil. There is no doubt that, to achieve maximum efficiency, we need the support of the best technological
Just to make your life more paranoid:) Re: Surreptitious Tor Messages?
Troll Mode on: TOR was originally developed as a result of CIA/NRL funding:) compile your own client and examine sources if you have this particular brand of paranoia(I do) change to an OS which makes this easy ... BTW running TOR makes you very visible that you are running tor even as a client.. its quite a noisy protocol Troll Mode off: :) Tyler Durden wrote: Can anyone suggest a tool for checking to see if my Tor client is performing any surreptitious signaling? Seems to me there's a couple of possibilities for a TLA or someone else to monitor Tor users. Tor clients purchased online or whatever could possibly signal a monitoring agency for when and possibly where the user is online. This would mean that at bootup, some surreptitious packets could be fired off. The problem here is that a clever TLA might be able to hide its POP behind the Tor network, so merely checking on IP addresses on outgoing packets wouldn't work. Can anyone recommend a nice little package that can be used to check for unusual packets leaving my machine through the tor client? -TD
Re: Just to make your life more paranoid:) Re: Surreptitious Tor Messages?
On 10/4/05, gwen hastings [EMAIL PROTECTED] wrote: Troll Mode on: TOR was originally developed as a result of CIA/NRL funding:) .. BTW running TOR makes you very visible that you are running tor even as a client.. its quite a noisy protocol Well, of course that feature is built in. The NSA wants to be able to easily find anyone who's running it. The noisy protocol has the added benefit of causing the network cable to emit lots of radiation, frying the brains of TOR users. The only defense is a hat made of flexible metal. -- There are no bad teachers, only defective children.
Re: Venona not all decrypted?
At 16:20 2005-10-03 -0400, R.A. Hettinga wrote: I just heard that the Venona intercepts haven't all been decrypted, and that the reason for that was there wasn't enough budget to do so. Is that not enough budget to apply the one-time pads they already have, or is that the once-and-futile exercise of decrypting ciphertext with no one-time pad to go with it? Here's my understanding of how Venona worked, and why budget would be a problem. I could be completely off base, though. The OTPs were only very occasionally misused, by being used more than once. So the breaks occurred when two separate messages, or possibly fragments of messages, were combined in such a way as to cancel out the OTP, then the resulting running-key cipher was solved to yield the two messages. I don't think that the NSA had access to the pads themselves, except after having recovered the messages (and hence the pad for those messages). So there really isn't likelihood that that pad would be reused even more times. To detect that a pad has been reused, you basically have to line up two ciphertexts at the right places, combine them appropriately, and run a statistical test on the result to see if it shows significant bias. This is an O(n^2.m) problem, where n is the number of units to be tested (maybe whole messages, maybe pages of OTP, maybe at the character level? Who knows?) and m represents enough text to reliably detect a collision. There was a very large amount of intercepted data, and it's presumably all stored on tapes somewhere, so that n^2 factor probably involves actually mounting tapes and stuff. But in a way, you're right; it should, with today's technology, be possible to just read all the tapes once onto a big RAID, and set the cluster to work for a year or two. Greg. Greg RoseINTERNET: [EMAIL PROTECTED] Qualcomm Incorporated VOICE: +1-858-651-5733 FAX: +1-858-651-5766 5775 Morehouse Drivehttp://people.qualcomm.com/ggr/ San Diego, CA 92121 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
Surreptitious Tor Messages?
Can anyone suggest a tool for checking to see if my Tor client is performing any surreptitious signaling? Seems to me there's a couple of possibilities for a TLA or someone else to monitor Tor users. Tor clients purchased online or whatever could possibly signal a monitoring agency for when and possibly where the user is online. This would mean that at bootup, some surreptitious packets could be fired off. The problem here is that a clever TLA might be able to hide its POP behind the Tor network, so merely checking on IP addresses on outgoing packets wouldn't work. Can anyone recommend a nice little package that can be used to check for unusual packets leaving my machine through the tor client? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: nym-0.2 released (fwd)] Date: Mon, 3 Oct 2005 15:57:42 +0200 - Forwarded message from Jason Holt [EMAIL PROTECTED] - From: Jason Holt [EMAIL PROTECTED] Date: Sun, 2 Oct 2005 22:23:50 + (UTC) To: cyphrpunk [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], cryptography@metzdowd.com Subject: Re: nym-0.2 released (fwd) Reply-To: [EMAIL PROTECTED] On Sun, 2 Oct 2005, cyphrpunk wrote: 1. Limting token requests by IP doesn't work in today's internet. Most Hopeless negativism. I limit by IP because that's what Wikipedia is already doing. Sure, hashcash would be easy to add, and I looked into it just last night. Of course, as several have observed, hashcash also leads to whack-a-mole problems, and the abuser doesn't even have to be savvy enough to change IPs. Why aren't digital credential systems more widespread? As has been suggested here and elsewhere at great length, it takes too much infrastructure. It's too easy when writing a security paper to call swaths of CAs into existance with the stroke of the pen. To assume that any moment now, people will start carrying around digital driver's licenses and social security cards (issued in the researcher's pet format), which they'll be happy to show the local library in exchange for a digital library card. That's why I'm so optimistic about nym. A reasonable number of Tor users, a technically inclined group of people on average, want to access a single major site. That site isn't selling ICBMs; they mostly want people to have access anyway. They have an imperfect rationing system based on IPs. The resource is cheap, the policy is simple, and the user needs to conceal a single attribute about herself. There's a simple mathematical solution that yields certificates which are already supported by existing software. That, my friend, is a problem we can solve. I suggest a proof of work system a la hashcash. You don't have to use that directly, just require the token request to be accompanied by a value whose sha1 hash starts with say 32 bits of zeros (and record those to avoid reuse). I like the idea of requiring combinations of scarce resources. It's definitely on the wishlist for future releases. Captchas could be integrated as well. 2. The token reuse detection in signcert.cgi is flawed. Leading zeros can be added to r which will cause it to miss the saved value in the database, while still producing the same rbinary value and so allowing a token to be reused arbitrarily many times. Thanks for pointing that out! Shouldn't be hard to fix. 3. signer.cgi attempts to test that the value being signed is 2^512. This test is ineffective because the client is blinding his values. He can get a signature on, say, the value 2, and you can't stop him. 4. Your token construction, sign(sha1(r)), is weak. sha1(r) is only 160 bits which could allow a smooth-value attack. This involves getting signatures on all the small primes up to some limit k, then looking for an r such that sha1(r) factors over those small primes (i.e. is k-smooth). For k = 2^14 this requires getting less than 2000 signatures on small primes, and then approximately one in 2^40 160-bit values will be smooth. With a few thousand more signatures the work value drops even lower. Oh, I think I see. The k-smooth sha1(r) values then become bonus tokens, so we use a large enough h() that the result is too hard to factor (or, I suppose we could make the client present properly PKCS padded preimages). I'll do some more reading, but I think that makes sense. Thanks! -J - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
[EMAIL PROTECTED]: Re: nym-0.2 released (fwd)]
- Forwarded message from Jason Holt [EMAIL PROTECTED] - From: Jason Holt [EMAIL PROTECTED] Date: Sun, 2 Oct 2005 22:23:50 + (UTC) To: cyphrpunk [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], cryptography@metzdowd.com Subject: Re: nym-0.2 released (fwd) Reply-To: [EMAIL PROTECTED] On Sun, 2 Oct 2005, cyphrpunk wrote: 1. Limting token requests by IP doesn't work in today's internet. Most Hopeless negativism. I limit by IP because that's what Wikipedia is already doing. Sure, hashcash would be easy to add, and I looked into it just last night. Of course, as several have observed, hashcash also leads to whack-a-mole problems, and the abuser doesn't even have to be savvy enough to change IPs. Why aren't digital credential systems more widespread? As has been suggested here and elsewhere at great length, it takes too much infrastructure. It's too easy when writing a security paper to call swaths of CAs into existance with the stroke of the pen. To assume that any moment now, people will start carrying around digital driver's licenses and social security cards (issued in the researcher's pet format), which they'll be happy to show the local library in exchange for a digital library card. That's why I'm so optimistic about nym. A reasonable number of Tor users, a technically inclined group of people on average, want to access a single major site. That site isn't selling ICBMs; they mostly want people to have access anyway. They have an imperfect rationing system based on IPs. The resource is cheap, the policy is simple, and the user needs to conceal a single attribute about herself. There's a simple mathematical solution that yields certificates which are already supported by existing software. That, my friend, is a problem we can solve. I suggest a proof of work system a la hashcash. You don't have to use that directly, just require the token request to be accompanied by a value whose sha1 hash starts with say 32 bits of zeros (and record those to avoid reuse). I like the idea of requiring combinations of scarce resources. It's definitely on the wishlist for future releases. Captchas could be integrated as well. 2. The token reuse detection in signcert.cgi is flawed. Leading zeros can be added to r which will cause it to miss the saved value in the database, while still producing the same rbinary value and so allowing a token to be reused arbitrarily many times. Thanks for pointing that out! Shouldn't be hard to fix. 3. signer.cgi attempts to test that the value being signed is 2^512. This test is ineffective because the client is blinding his values. He can get a signature on, say, the value 2, and you can't stop him. 4. Your token construction, sign(sha1(r)), is weak. sha1(r) is only 160 bits which could allow a smooth-value attack. This involves getting signatures on all the small primes up to some limit k, then looking for an r such that sha1(r) factors over those small primes (i.e. is k-smooth). For k = 2^14 this requires getting less than 2000 signatures on small primes, and then approximately one in 2^40 160-bit values will be smooth. With a few thousand more signatures the work value drops even lower. Oh, I think I see. The k-smooth sha1(r) values then become bonus tokens, so we use a large enough h() that the result is too hard to factor (or, I suppose we could make the client present properly PKCS padded preimages). I'll do some more reading, but I think that makes sense. Thanks! -J - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Venona not all decrypted?
-BEGIN PGP SIGNED MESSAGE- I just heard that the Venona intercepts haven't all been decrypted, and that the reason for that was there wasn't enough budget to do so. Is that not enough budget to apply the one-time pads they already have, or is that the once-and-futile exercise of decrypting ciphertext with no one-time pad to go with it? Cheers, RAH -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ0GSo8UCGwxmWcHhAQEPmQf9H03En5RvvUKqjtjHGvhSnUvPx5sUk2OV FCqYs/3hLv2NxWeK63/zxwOv2cyQ4H0XRCi3+rV1NCcScecLSYYudQ+64ZqMFXju ywPzSVUcZwPFYeYiz2ddpUTdadWCLexeKvhjN2hlFs4jUbEsguzjbOHC22yWUo2k IeC5+E4TM2sKEz22KKpPtGPFuZENoTgHGoRvQRgFRaR6wTjeOgs0dIBNOXf7VXVQ hrzCBmompgO25qRKDKETF28b2vtaVNeUeMUyPKAwyd0ivqqg4DX2YAqanOdmyOfe JzsbFW6I43jxvT+jcxOI3AlOu+KujXSUAu1OxXUTVfXvRsjF7oDTWw== =1U1P -END PGP SIGNATURE- -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Amazon.com Inquiry
Dear Amazon member, Due to concerns we have for the safety and integrity of the Amazon community we have issued this warning. Per the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us. Please follow the link below: http://www.amazon.com.encrypted-inquiry.cn?/exec/obidos and update your account information. We apreciate your support and understanding, as we work together to keep Amazon market a safe place to trade. Thank you for your attention on this serious matter. Regards, Amazon Safety Department NOTE: This message was sent to you by an automated e-mail system. Please don't reply to it. Amazon treats your personal information with the utmost care, and our Privacy Policy is designed to protect you and your information.
Amazon.com Inquiry
Dear Amazon member, Due to concerns we have for the safety and integrity of the Amazon community we have issued this warning. Per the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us. Please follow the link below: http://www.amazon.com.encrypted-inquiry.cn?/exec/obidos and update your account information. We apreciate your support and understanding, as we work together to keep Amazon market a safe place to trade. Thank you for your attention on this serious matter. Regards, Amazon Safety Department NOTE: This message was sent to you by an automated e-mail system. Please don't reply to it. Amazon treats your personal information with the utmost care, and our Privacy Policy is designed to protect you and your information.
Re: [EMAIL PROTECTED]: Wikipedia Tor]
Damn good point. Now that I think of it, all the classic examples of anonymous publication were really pseudonymous. (Publius, et al) They have different requirements. Votes and cash transactions and similar things require no history, no reputation. They're one-shot actions that should not be linkable to other actions. Pseudonyms are used everywhere in practice, because even my name is effectively a pseudonym unless you have some reason to try to link it to a meatspace human. This is why it's worth reading a book by Mark Twain, even though that wasn't his real name. And it would be worth reading those books even if we had no idea who had really written them. The reuptation and history of the author lets you decide whether you want to read the next of his books. The same is true of academic papers--you don't need to have met me or even to be able to find me, in order to read my papers and develop an opinion (hopefully a good one) about the quality of my work. And that determines whether you think the next paper is worth reading. --John
Re: [EMAIL PROTECTED]: [IP] Wireless access for all? Google plan would offer free Internet throughout SF]
At 2:58 PM +0200 10/1/05, Eugen Leitl wrote: But will they block Tor? snip... Google plan would offer free Internet throughout SF More to the point, is it finally time to short Google? ;-) Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [EMAIL PROTECTED]: Wikipedia Tor]
In many segments of the credit card insutry meatspace is also irrelevant. Anyone with a FICO greater than about 680 is almost certainly concered with maintaining their reputation with the current crop of TRWs of the world...collections efforts leverage the potential damage to the reputation, and only very gradually (if ever) fall back into actual meatspace threats (ie, docking your pay, etc...). And in many cases meatspace threats are forgone due to the collections effort (times probability of collection) yielding more than what would be recovered. So for many, it's effectively been psuedonyms for years, though their psuedonyms happen to correspond to their true names. -TD From: John Kelsey [EMAIL PROTECTED] To: Roy M. Silvernail [EMAIL PROTECTED],R.A. Hettinga [EMAIL PROTECTED] CC: James A. Donald [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Wikipedia Tor] Date: Sat, 1 Oct 2005 10:01:51 -0400 (GMT-04:00) Damn good point. Now that I think of it, all the classic examples of anonymous publication were really pseudonymous. (Publius, et al) They have different requirements. Votes and cash transactions and similar things require no history, no reputation. They're one-shot actions that should not be linkable to other actions. Pseudonyms are used everywhere in practice, because even my name is effectively a pseudonym unless you have some reason to try to link it to a meatspace human. This is why it's worth reading a book by Mark Twain, even though that wasn't his real name. And it would be worth reading those books even if we had no idea who had really written them. The reuptation and history of the author lets you decide whether you want to read the next of his books. The same is true of academic papers--you don't need to have met me or even to be able to find me, in order to read my papers and develop an opinion (hopefully a good one) about the quality of my work. And that determines whether you think the next paper is worth reading. --John
Amazon.com Inquiry
Dear Amazon member, Due to concerns we have for the safety and integrity of the Amazon community we have issued this warning. Per the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us. Please follow the link below: http://www.amazon.com.encrypted-inquiry.cn?/exec/obidos and update your account information. We apreciate your support and understanding, as we work together to keep Amazon market a safe place to trade. Thank you for your attention on this serious matter. Regards, Amazon Safety Department NOTE: This message was sent to you by an automated e-mail system. Please don't reply to it. Amazon treats your personal information with the utmost care, and our Privacy Policy is designed to protect you and your information.
[EMAIL PROTECTED]: [IP] Guardian Observer (London) on Google Privacy Issues]
- Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Sat, 1 Oct 2005 21:28:29 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] Guardian Observer (London) on Google Privacy Issues X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] http://observer.guardian.co.uk/business/story/0,6903,1582719,00.html Our internet secrets stored for decades Privacy groups want the law changed to stop Google using, or divulging to outside agencies, the vast amount of personal data it has access to. By Conal Walsh Sunday October 2, 2005 The Observer Google took a further step away from its folksy image when it hired its first professional lobbyist in Washington earlier this year. But it turned out to be a timely move. The world's biggest search engine has been under attack on many fronts in 2005 - and its activities have spawned a cottage industry of Google critics, who complain above all that the company's dramatic rise to prominence is a threat to our privacy. Much protest focuses on the company's use of 'cookies' - pieces of programming code - which Google plants on your computer's hard drive when you use its service. The cookies enable Google to keep a record of your web-searching history. They don't expire until 2038, meaning that potentially sensitive information on your interests and peccadilloes could be stored for upwards of 30 years. It is sobering to think what fraudsters, identity thieves, blackmailers or government snoopers could do with this information if they got access to it. Privacy groups are up in arms. 'We need to re-evaluate the role of big search engines, email portals, and all the rest of it,' says Daniel Brandt, of the website Google Watch. 'They all track everything. Google was the first to do it, arrogantly and without any apologies; now everyone assumes that if Google does it, they can do it too.' Lauren Weinstein, founder of the US-based People for Internet Responsibility, says out-of-date privacy laws fail to capture the information-gathering powers of youthful but powerful new media companies. 'The relevant laws are generally so weak - if they exist at all - that it's difficult to file complaints when you can't find out what data they're keeping and how they are using it,' says Weinstein. Google says these fears are unfounded, that it respects privacy and keeps strictly within relevant privacy laws. Personal data are logged on computer files but 'no humans' access it, says the company; safeguards are in place to prevent employees from examining traffic data without special permission from senior managers. Nor is personal information shared with outsiders. All Google's records are impenetrable to hackers. Besides, say Google devotees, open access and the empowerment of the individual are central to the whole philosophy of the company; it would never seek to misuse or betray its users' secrets. Life, though, can be complicated. In repressive countries such as China, Google and other portals have little choice but to accommodate the authorities, which regularly censor the internet and spy on users. In the US, Google has declined to say how often it responds to requests for information from America's intelligence and law enforcement agencies. And there are concerns that what Google is building with its data-retention operation is a vast marketing database, which one day could be exploited ruthlessly. Simmering discontent turned into open confrontation earlier this year when Google launched Gmail, a free email service designed to compete with Yahoo and Microsoft's Hotmail. To ordinary punters, the great advantage of Gmail was the enormous two gigabytes of storage space it offered, enabling users to keep all their old messages. But Google planned to make the service pay by scanning customers' emails for keywords in order to send them targeted advertisements - a flagrant breach of privacy, according to opponents. The Consumer Federation of America demanded that Google rethink the scheme, while California politician Liz Figueroa called for changes in the law to protect users' 'most intimate and private email thoughts'. The London-based campaigners Privacy International filed complaints with data protection agencies in several countries, including Britain. The UK Information Commissioner took no action after consulting with Google, but campaigners argue that government bodies operating with a small staff and obsolete laws are no match for a technology superpower like Google, which is expanding at an almost exponential rate and continues to innovate in its use of personal data. In claims denied by Google, Privacy International's Simon Davies asserts that there is 'an absence of contractual commitment to the security of data' and 'fundamental problems in achieving lawful customer consent'. For now, campaigners may have to
[EMAIL PROTECTED]: Re: nym-0.2 released (fwd)]
- Forwarded message from cyphrpunk [EMAIL PROTECTED] - From: cyphrpunk [EMAIL PROTECTED] Date: Sat, 1 Oct 2005 15:27:32 -0700 To: Jason Holt [EMAIL PROTECTED] Cc: cryptography@metzdowd.com, [EMAIL PROTECTED] Subject: Re: nym-0.2 released (fwd) Reply-To: [EMAIL PROTECTED] On 9/30/05, Jason Holt [EMAIL PROTECTED] wrote: http://www.lunkwill.org/src/nym/ ... My proposal for using this to enable tor users to play at Wikipedia is as follows: 1. Install a token server on a public IP. The token server can optionally be provided Wikipedia's blocked-IP list and refuse to issue tokens to offending IPs. Tor users use their real IP to obtain a blinded token. 2. Install a CA as a hidden service. Tor users use their unblinded tokens to obtain a client certificate, which they install in their browser. 3. Install a wikipedia-gateway SSL web proxy (optionally also a hidden service) which checks client certs and communicates a client identifier to MediaWiki, which MediaWiki will use in place of the REMOTE_ADDR (client IP address) for connections from the proxy. When a user misbehaves, Wikipedia admins block the client identifier just as they would have blocked an offending IP address. All these degrees of indirection look good on paper but are problematic in practice. Each link in this chain has to trust all the others. Whether the token server issues tokens freely, or the CA issues certificates freely, or the gateway proxy creates client identifiers freely, any of these can destroy the security properties of the system. Hence it makes sense for all of them to be run by a single entity. There can of course be multiple independent such pseudonym services, each with its own policies. In particular it is not clear that the use of a CA and a client certificate buys you anything. Why not skip that step and allow the gateway proxy simply to use tokens as user identifiers? Misbehaving users get their tokens blacklisted. There are two problems with providing client identifiers to Wikipedia. The first is as discussed elsewhere, that making persistent pseudonyms such as client identifiers (rather than pure certifications of complaint-freeness) available to end services like Wikipedia hurts privacy and is vulnerable to future exposure due to the lack of forward secrecy. The second is that the necessary changes to the Wikipedia software are probably more extensive than they might sound. Wikipedia tags each (anonymous) edit with the IP address from which it came. This information is displayed on the history page and is used widely throughout the site. Changing Wikipedia to use some other kind of identifier is likely to have far-reaching ramifications. Unless you can provide this client idenfier as a sort of virtual IP (fits in 32 bits) which you don't mind being displayed everywhere on the site (see objection 1), it is going to be expensive to implement on the wiki side. The simpler solution is to have the gateway proxy not be a hidden service but to be a public service on the net which has its own exit IP addresses. It would be a sort of virtual ISP which helps anonymous users to gain the rights and privileges of the identified, including putting their reputations at risk if they misbehave. This solution works out of the box for Wikipedia and other wikis, for blog comments, and for any other HTTP service which is subject to abuse by anonymous users. I suggest that you adapt your software to this usage model, which is more general and probably easier to implement. CP - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
[EMAIL PROTECTED]: Re: nym-0.2 released (fwd)]
- Forwarded message from Adam Langley [EMAIL PROTECTED] - From: Adam Langley [EMAIL PROTECTED] Date: Sun, 2 Oct 2005 03:21:41 +0100 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], cryptography@metzdowd.com Subject: Re: nym-0.2 released (fwd) Reply-To: [EMAIL PROTECTED] cyphrpunk: Each link in this chain has to trust all the others. ... any of these can destroy the security properties of the system. Dude, we're not launching missiles here, it's just Wikipedia. On 10/2/05, Jason Holt [EMAIL PROTECTED] wrote: The reason I have separate token and cert servers is that I want to end up with a client cert that can be used in unmodified browsers and servers. First, how do you add client certificates in modern browsers? Oh, actually I've just found it in Firefox, but what about IE/Opera/whatever else? Can you do it easily? The blinded signature is just a long bit string and it might well be better from a user's point of view for them to 'login' by pasting the base64 encoded blob into a box. Just a thought (motivated in no small part by my dislike for all things x509ish) privacy and is vulnerable to future exposure due to the lack of forward secrecy. The lack of forward secrecy is pretty fundamental in a reputation based system. The more you turn up the forward secrecy, the less effective any reputation system is going to be. And I'm also going to say well done to Jason for actually coding something. There do seem to be a lot couch-geeks on or-talk - just look at the S/N ratio on the recent wikipedia threads. It might not work, but it's *something*. No amount of talk is going to suddenly become a solution. AGL -- Adam Langley [EMAIL PROTECTED] http://www.imperialviolet.org (+44) (0)7906 332512 PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60 - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
[EMAIL PROTECTED]: Re: nym-0.2 released (fwd)]
- Forwarded message from Jason Holt [EMAIL PROTECTED] - From: Jason Holt [EMAIL PROTECTED] Date: Sun, 2 Oct 2005 00:13:02 + (UTC) To: [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: cryptography@metzdowd.com Subject: Re: nym-0.2 released (fwd) Reply-To: [EMAIL PROTECTED] On Sat, 1 Oct 2005, cyphrpunk wrote: All these degrees of indirection look good on paper but are problematic in practice. As the great Ulysses said, Pete, the personal rancor reflected in that remark I don't intend to dignify with comment. However, I would like to address your attitude of hopeless negativism. Consider the lilies of the g*dd*mn field...or h*ll, look at Delmar here as your paradigm of hope! [Pause] Delmar: Yeah, look at me. Okay, so maybe there's no personal rancor, but I do detect some hopeless negativism. Or perhaps it's unwarranted optimism that crypto-utopia will be here any moment now, flowing with milk and honey, ecash, infrastructure and multi show zero knowledge proofs. Maybe I just need a disclaimer: Warning: this product favors simplicity over crypto-idealism; not for use in Utopia. Did I mention that my code is Free and (AFAIK) unencumbered? The reason I have separate token and cert servers is that I want to end up with a client cert that can be used in unmodified browsers and servers. The certs don't have to have personal information in them, but with indirection we cheaply get the ability to enfore some sort of structure on the certs. Plus, I spent as much time as it took me to write *both releases of nym* just trying to get ahold of the actual digest in an X.509 cert that needs to be signed by the CA (in order to have the token server sign that instead of a random token). That would have eliminated the separate token/cert steps, but required a really hideous issuing process and produced signatures whose form the CA could have no control over. (Clients could get signatures on IOUs, delegated CA certs, whatever.) (Side note to Steve Bellovin: having once again abandoned mortal combat with X.509, I retract my comment about the system not being broken...) the security properties of the system. Hence it makes sense for all of them to be run by a single entity. There can of course be multiple independent such pseudonym services, each with its own policies. Sure, there's no reason for one entity not to run all three services; we're only talking about 2 CGI scripts and a web proxy anyway. Or, run a CA which serves multiple token servers, and issues certs with extensions specifying what kinds of tokens were spent to obtain the cert. Then web servers get articulated limiting from a single CA's certs. In particular it is not clear that the use of a CA and a client certificate buys you anything. Why not skip that step and allow the gateway proxy simply to use tokens as user identifiers? Misbehaving users get their tokens blacklisted. It buys not having to strap hacked-up code onto your web browser or server. Run the perl scripts once to get the cert, then use it with any browser and any server that knows about the CA. There are two problems with providing client identifiers to Wikipedia. The first is as discussed elsewhere, that making persistent pseudonyms such as client identifiers (rather than pure certifications of complaint-freeness) available to end services like Wikipedia hurts privacy and is vulnerable to future exposure due to the lack of forward secrecy. Great, you guys work up an RFC, then an IETF draft, then some Idemix code with all the ZK proofs. In the meantime, I'll be setting up my 349 lines of perl/shell code for whoever wants to use it. Whoops, I forgot the IP-rationing code; 373 lines. Actually, if all you want is complaint-free certifications, that's easy to put in the proxy; just make it serve up different identifiers each time and keep a table of which IDs map to which client certs. Makes it harder for the wikipedia admins to see patterns of abuse, though. They'd have to report each incident and let the proxy admin decide when the threshold is reached. The second is that the necessary changes to the Wikipedia software are probably more extensive than they might sound. Wikipedia tags each (anonymous) edit with the IP address from which it came. This information is displayed on the history page and is used widely throughout the site. Changing Wikipedia to use some other kind of identifier is likely to have far-reaching ramifications. Unless you can provide this client idenfier as a sort of virtual IP (fits in 32 bits) which you don't mind being displayed everywhere on the site (see objection 1), it is going to be expensive to implement on the wiki side. There's that hopeless negativism again. Do you want a real solution or not? Because I can think of at least 2 ways to solve that problem in a practical setting, and that's assuming that your assumption about MediaWiki being limited to 4-byte identifiers is
[EMAIL PROTECTED]: Re: nym-0.2 released (fwd)]
- Forwarded message from cyphrpunk [EMAIL PROTECTED] - From: cyphrpunk [EMAIL PROTECTED] Date: Sun, 2 Oct 2005 09:12:18 -0700 To: Jason Holt [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], cryptography@metzdowd.com Subject: Re: nym-0.2 released (fwd) Reply-To: [EMAIL PROTECTED] A few comments on the implementation details of http://www.lunkwill.org/src/nym/: 1. Limting token requests by IP doesn't work in today's internet. Most customers have dynamic IPs. Either they won't be able to get tokens, because someone else has already gotten one using their temporary IP, or they will be able to get multiple ones by rotating among available IPs. It may seem that IP filtering is expedient for demo purposes, but actually that is not true, as it prevents interested parties from trying out your server more than once, such as to do experimental hacking on the token-requesting code. I suggest a proof of work system a la hashcash. You don't have to use that directly, just require the token request to be accompanied by a value whose sha1 hash starts with say 32 bits of zeros (and record those to avoid reuse). 2. The token reuse detection in signcert.cgi is flawed. Leading zeros can be added to r which will cause it to miss the saved value in the database, while still producing the same rbinary value and so allowing a token to be reused arbitrarily many times. 3. signer.cgi attempts to test that the value being signed is 2^512. This test is ineffective because the client is blinding his values. He can get a signature on, say, the value 2, and you can't stop him. 4. Your token construction, sign(sha1(r)), is weak. sha1(r) is only 160 bits which could allow a smooth-value attack. This involves getting signatures on all the small primes up to some limit k, then looking for an r such that sha1(r) factors over those small primes (i.e. is k-smooth). For k = 2^14 this requires getting less than 2000 signatures on small primes, and then approximately one in 2^40 160-bit values will be smooth. With a few thousand more signatures the work value drops even lower. A simple solution is to do slightly more complex padding. For example, concatenate sha1(0||r) || sha1(1||r) || sha1(2||r) || ... until it is the size of the modulus. Such values will have essentially zero probability of being smooth and so the attack does not work. CP - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
[EMAIL PROTECTED]: Why some Tor servers are slow (was Re: TOR Park Exit Node Question)]
- Forwarded message from Roger Dingledine [EMAIL PROTECTED] - From: Roger Dingledine [EMAIL PROTECTED] Date: Fri, 30 Sep 2005 18:46:01 -0400 To: [EMAIL PROTECTED] Subject: Why some Tor servers are slow (was Re: TOR Park Exit Node Question) User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] On Fri, Sep 30, 2005 at 02:04:46PM +0300, Giorgos Pallas wrote: What I mean is, is it normal for the Tonga server to claim over 4 MB of bandwidth ? If so, why are other servers that are on a 100 Mbit link not reporting more bandwidth ? Tonga is using dual AMD64's. Moria also uses those CPUs. They seem to be extremely fast at crypto (and everything else). Tonga also advertises port 80 and 443, so it's useful for people stuck behind fascist firewalls. Tonga also opened up its exit policy to attract more traffic. Servers that have lots of unused capacity, and are fast and have high uptime, and offer unusual ports like the default file-sharing ports, will bootstrap themselves by advertising a little bit, attracting more clients, and so on. (I'm not sure I actually like the fact that Tonga opened up its file sharing ports, since it puts more load on the rest of the network too, but I guess since we're still in development, a little bit of stress like this can be good for us.) While typing this it occurred to me that the default MaxAdvertisedBandwith is 2 MB and that Tonga has probably set it higher... Actually, the default MaxAdvertisedBandwidth is 128 TB. I believe you're thinking of BandwidthRate. Whis has also been a question of mine. Why my tor router handles a very low traffic volume (~30 KB in and out) while at the same time has 100% connectivity, 100Mbps of real bandwidth and stays up for more than a week (until it crashes due to memory ;-)... Could anyone help with that? It's frustrating wanting to share (bandwidth in our case) with the community but not being able to do so! There is something wrong with the masquerade Tor server. You can see it yourself (you may have to try from someplace other than masquerade's LAN, though) -- run telnet 155.207.113.227 9001 and hit enter about 10 times. Notice how it's really sluggish and takes a long time before it hangs up. Now run telnet 82.94.251.206 443 and do the same thing. Notice how it realizes the ssl handshake has failed after about 5 lines. This is how it's supposed to be. So masquerade is somehow not putting much attention into its ssl handshakes. This could be because its network connection is actually through a proxy or a firewall that is dropping some of the packets or slowing things down tremendously. It could also be that it's running on a 100 mhz 486, or its ulimits are set to something crazy-low, or it's busy ray-tracing a movie, or something else. I'd be curious to learn what's up with it. I've seen this behavior before on Windows machines behind cable modems and crappy NAT boxes. --Roger - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature