[EMAIL PROTECTED]: EFF is looking for Tor DMCA test case volunteers]

[Eugen Leitl]

- Forwarded message from Roger Dingledine <[EMAIL PROTECTED]> -

From: Roger Dingledine <[EMAIL PROTECTED]>
Date: Wed, 26 Oct 2005 16:55:36 -0400
To: [EMAIL PROTECTED]
Subject: EFF is looking for Tor DMCA test case volunteers
User-Agent: Mutt/1.5.9i
Reply-To: [EMAIL PROTECTED]

Fred asked me to forward this to the list. If you have legal questions
(and probably most questions about this count as legal questions), you
should contact Fred and Kevin directly (fred at eff.org and bankston at
eff.org). Fred also reminds us that any correspondence you have with me
or others here would be discoverable, so that's an added incentive to
go to them directly.

Please look through this checklist, and decide if you match the profile
they're looking for. I'd like to encourage you to contact them even
if there are a few points you don't match so well -- I'd rather have a
big pile of pretty-good volunteers than have everybody hold off because
they are not perfectly suited -- then Fred and Kevin can make their own
decisions from there.

Thanks,
--Roger



If record label and movie studio representatives continue sending
infringement notices to Tor node operators and their upstream ISPs,
it will become increasingly important to set a clear legal precedent
establishing that merely running a node does not create copyright
liability for either node operators or their bandwidth providers. In
order to establish such a precedent, it will be necessary to bring or
defend a test case. EFF is actively seeking clients willing to be the
test case.

Picking the right client is half the battle in any test case.
Accordingly, we cannot promise that we will be able to defend any and
all Tor node operators. There are several factors that are relevant
in finding the right test case client. Here are some of them:

1. You must have received a complaint from a copyright owner about
operating a Tor node. Complaints from your ISP about running a proxy
do not count, even if they mention copyright infringement as the
reason for their objection -- that's a contractual fight between you
and your bandwidth provider. We are looking for node operators who
have either received copyright complaints directly, or forwarded to
them from their ISPs.

2. You should not be an infringer yourself, or be engaged in any
other kind of unlawful activity. In litigation, the copyright owners
will want to examine every hard drive and email message in your
possession or control, looking for evidence that you are running Tor
because you want to encourage people to infringe copyright. So if you
are a big file-sharer, warez trader, or are involved in any other
unlawful activities (even if unrelated to Tor), you are probably not
the right person.

3. You should have a legitimate reason to run Tor. If you are the
client for the test case, you will be deposed under oath and asked
why you run Tor. You should be able to truthfully respond in a way
that does not suggest that you are doing it to encourage any illegal
activity, including copyright infringement. For example, running it
because you value free speech is a legitimate reason. Same if you are
running it for research purposes. Any documentary evidence from your
past (e.g., emails, papers presented, etc) should not contradict your
story. Most Tor node operators will qualify under this criteria, but
if you wrote a bunch of emails and bulletin board posts describing
how great Tor will be for the coming copyright revolution, you are
probably not the ideal client.

4. You should be willing to see the case through. Litigation takes
time -- often several years. The process will occasionally involve
some inconvenience, including depositions and allowing the other side
to go through most documents in your possession or control (including
email, hard drives, etc). EFF will provide the legal services for
free. But there is some risk of personal liability for damages,
perhaps amounting to several thousand dollars, if we lose. We will do
everything to minimize the risk, but cannot eliminate it altogether.

5. You should be located in the United States. Your Tor server should
also be located in the United States.

6. You should have an upstream bandwidth provider who will stand by
you. It would be less than ideal if your upstream ISP terminates your
account before we ever get to court.

Fred

- End forwarded message -
-- 
Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


signature.asc
Description: Digital signature

test

[General-Use Spam Filter]

--- Begin Message ---
The message contains Unicode characters and has been sent as a binary 
attachment.





  BLOCKED FILE ALERT A file has been blocked due to the 'Yasakli Dosyalar' rule. Context: 'text.exe' Disallowed due to filename  
See your system administrator for further information.Copyright © 1993-2004 Networks Associates Technology, Inc.All Rights Reserved. http://www.mcafeesecurity.com



--- End Message ---

test

[General-Use Spam Filter]

--- Begin Message ---
The message contains Unicode characters and has been sent as a binary 
attachment.





  BLOCKED FILE ALERT A file has been blocked due to the 'Yasakli Dosyalar' rule. Context: 'text.exe' Disallowed due to filename  
See your system administrator for further information.Copyright © 1993-2004 Networks Associates Technology, Inc.All Rights Reserved. http://www.mcafeesecurity.com



--- End Message ---

test

[Major Variola (ret.)]

ignore

Re: test of minder remailer

[Gregory Hicks]

> Date: Mon, 29 Aug 2005 09:39:49 -0400
> From: "Trei, Peter" <[EMAIL PROTECTED]>
> 
> It looks like the minder remailer is under attack - I've
> gotten about 20 messages with little or not content,
> and a small zip file attached.

Don't feel picked on.  I've noticed about 20/day...  About 220 since
Aug 19th.

Symptoms are:

A "Content-Type: application/x-compressed;" size of 0 or 8 bytes.
File, so far, is ALWAYS a .zip with names like "payment.zip",
"funny.zip", "account-details.zip", "test.zip"...  May have some text
designed to get you to open the .zip...

The message is supposed to be from your ISP complaining about your
account.

Personally, I think it is a virus with a 'bug' because my virus
filters have caught about the same number with much larger payloads.

Regards,
Gregory Hicks

> 
> PT

---
Gregory Hicks| Principal Systems Engineer
Cadence Design Systems   | Direct:   408.576.3609
555 River Oaks Pkwy M/S 6B1  | Fax:  408.894.3400
San Jose, CA 95134   | Internet: [EMAIL PROTECTED]

I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton

test of minder remailer

[Trei, Peter]

It looks like the minder remailer is under attack - I've
gotten about 20 messages with little or not content,
and a small zip file attached.

PT

test

[The Tool Man]

You have received this email as you are a registered member of  The Tool Man . 
Unsubscribe info below.
-

testing the deticated server


-
Unsubscribe from this list at:
http://tm1.thetoolman.net/cgi-bin/3mblast/EZ.pl?Action=Unsubscribe&[EMAIL 
PROTECTED],

Test

[Gil Hamilton]

Test - please ignore.
_
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

mixminion test

[Tarapia Tapioco]

-BEGIN TYPE III ANONYMOUS MESSAGE-
Message-type: plaintext

One-line test of mixminion!
-END TYPE III ANONYMOUS MESSAGE-

test message, please ignore

[Riad S. Wahby]

see subject

-- 
Riad S. Wahby
[EMAIL PROTECTED]

Re: Banks Test ID Device for Online Security

[Eugen Leitl]

On Wed, Jan 05, 2005 at 02:43:00PM -0300, Mads Rasmussen wrote:

> Here in Brazil it's common to ask for a new pin for every transaction

Ditto in Germany, when PIN/TAN method is used. There's also HBCI-based banking, 
which
either uses keys living in filesystems, or smartcards -- this one doesn't
need TANs.

Gnucash and aqmoney/aqmoney2 can do HBCI, even with some smartcards.

-- 
Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net


pgpKJ8gx2q3NQ.pgp
Description: PGP signature

Re: Banks Test ID Device for Online Security

[Anne & Lynn Wheeler]

Bill Stewart wrote:
Yup.  It's the little keychain frob that gives you a string of numbers,
updated every 30 seconds or so, which stays roughly in sync with a server,
so you can use them as one-time passwords
instead of storing a password that's good for a long term.
So if the phisher cons you into handing over your information,
they've got to rip you off in nearly-real-time with a MITM game
instead of getting a password they can reuse, sell, etc.
That's still a serious risk for a bank,
since the scammer can use it to log in to the web site
and then do a bunch of transactions quickly;
it's less vulnerable if the bank insists on a new SecurID hit for
every dangerous transaction, but that's too annoying for most customers.
in general, it is "something you have" authentication as opposed to the 
common shared-secret "something you know" authentication.

while a window of vulnerability does exist (supposedly something that 
prooves you are in possession of "something you have"), it is orders of 
magnitude smaller than the shared-secret "something you know" 
authentication.

there are two scenarios for shared-secret "something you know" 
authentication

1) a single shared-secret used across all security domains ... a 
compromise of the shared-secret has a very wide window of vulnerability 
plus a potentially very large scope of vulnerability

2) a unique shaerd-secret for each security domain ... which helps limit 
the scope of a shared-secret compromise. this potentially worked with 
one or two security domains ... but with the proliferation of the 
electronic world ... it is possible to have scores of security domains, 
resulting in scores of unique shared-secrets. scores of unique 
shared-secrets typically results exceeded human memory capacity with the 
result that all shared-secrets are recorded someplace; which in turn 
becomes a new exploit/vulnerability point.

various financial shared-secret exploits are attactive because with 
modest effort it may be possible to harvest tens of thousands of 
shared-secrets.

In one-at-a-time, real-time social engineering, may take compareable 
effort ... but only yields a single piece of authentication material 
with a very narrow time-window and the fraud ROI might be several orders 
of magnitude less. It may appear to still be large risk to individuals 
... but for a financial institution, it may be relatively small risk to 
cover the situation ... compared to criminal being able to compromise 
50,000 accounts with compareable effort.

In some presentation there was the comment made that the only thing that 
they really needed to do is make it more attactive for the criminals to 
attack somebody else.

It would be preferabale to have a "something you have" authentication 
resulting in a unique value ... every time the device was used. Then no 
amount of social engineering could result in getting the victim to give 
up information that results in compromise. However, even with relatively 
narrow window of vulnerability ... it still could reduce risk/fraud to 
financial institutions by several orders of magnitude (compared to 
existing prevalent shared-secret "something you know" authentication 
paradigms).

old standby posting about security proportional to risk
http://www.garlic.com/~lynn/2001h.html#61

Re: Banks Test ID Device for Online Security

[Janusz A. Urbanowicz]

On Tue, Jan 04, 2005 at 03:24:56PM -0500, Trei, Peter wrote:
> R.A. Hettinga wrote:
> 
> > Okay. So AOL and Banks are *selling* RSA keys???
> > Could someone explain this to me?
> > No. Really. I'm serious...
> > 
> > Cheers,
> > RAH
> > 
> 
> The slashdot article title is really, really misleading.
> In both cases, this is SecurID.

In some cases this also may be VASCO DigiPass, which is system very similar
to SecurID, only cheaper. This technology seems to be quite popular in
Europe as couple banks in Poland routinely issue tokens, both VASCO and
SecurID to their customers for online authorization, and the tokens are used
both in password generation (as described in article) and challenge-response
modes.

Alex
-- 
mors ab alto 
0x46399138

RE: Banks Test ID Device for Online Security

[Bill Stewart]

R.A. Hettinga wrote:
> Okay. So AOL and Banks are *selling* RSA keys???
> Could someone explain this to me?
At 12:24 PM 1/4/2005, Trei, Peter wrote:
The slashdot article title is really, really misleading.
In both cases, this is SecurID.
Yup.  It's the little keychain frob that gives you a string of numbers,
updated every 30 seconds or so, which stays roughly in sync with a server,
so you can use them as one-time passwords
instead of storing a password that's good for a long term.
So if the phisher cons you into handing over your information,
they've got to rip you off in nearly-real-time with a MITM game
instead of getting a password they can reuse, sell, etc.
That's still a serious risk for a bank,
since the scammer can use it to log in to the web site
and then do a bunch of transactions quickly;
it's less vulnerable if the bank insists on a new SecurID hit for
every dangerous transaction, but that's too annoying for most customers.



Bill Stewart  [EMAIL PROTECTED] 

RE: Banks Test ID Device for Online Security

[Trei, Peter]

R.A. Hettinga wrote:

> Okay. So AOL and Banks are *selling* RSA keys???
> Could someone explain this to me?
> No. Really. I'm serious...
> 
> Cheers,
> RAH
> 

The slashdot article title is really, really misleading.
In both cases, this is SecurID.

Peter

Undeliverable mail: test

[MAILER-DAEMON]

Failed to deliver to '[EMAIL PROTECTED]'
LOCAL module(account [EMAIL PROTECTED]) reports:
 account is full (quota exceeded)

Reporting-MTA: dns; frontend05.cg.ifxnetworks.com

Original-Recipient: rfc822;
Final-Recipient: LOCAL;<>
Action: failed
Status: 4.0.0
Received: from [222.136.104.134] (HELO minder.net)
  by frontend05.cg.ifxnetworks.com (CommuniGate Pro SMTP 4.1.8)
  with ESMTP id 287476849 for [EMAIL PROTECTED]; Fri, 31 Dec 2004 08:38:02 -0500
From: cypherpunks@minder.net
To: [EMAIL PROTECTED]
Subject: test
Date: Fri, 31 Dec 2004 21:38:55 +0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="=_NextPart_000_0001_A99E5EDF.49B68599"
X-Priority: 3
X-MSMail-Priority: Normal
Message-ID: <[EMAIL PROTECTED]>

something to test ...

[Joe Schmoe]

A test message.

--Josh



__ 
Do you Yahoo!? 
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250

our pain tolerancy test on december the 14th

[Scot Pagan]

medical pain relief solutions 
V*1_C^0.D.1-N  75O  m.gg 
30  P!L|S  169.oO 
60  PIllS  245.95 
90  PIl|S  319.OO 
click now 
Same Day Sh1pp1ng 

To Cease 
your password has expired 
Katheryn Davila 
Glover 
Lab Centraal B.V., 9701 BA Groningen, Netherlands 
Phone: 343-791-8127 
Mobile: 318-452-6497 
Email: [EMAIL PROTECTED] 
this message is for confirmation 
This file is a 44 year trial shareware 
NOTES: 
The contents of this paper is for manipulation and should not be shamrock valentine 
Additional information: 
http://www.microsoft.com 
Training Serviceshttp://www.microsoft.com/services/ 
singlet stockton menlo 
Time: Fri, 03 Dec 2004 20:57:59 +0200

Re: Gov't Orders Air Passenger Data for Test

[Todd Ellner]

>The whole exercise ignores the question of whether the Executive Branch
>has the power to make a list of citizens (or lawfully admitted non-citizens)
>and refuse those people their constitutional right to travel in the United
>States.
 
>So why are armed goons keeping them off airplanes, trains, buses, and
>ships?  Because the US constitution is like the USSR constitution --
>nicely written, but unenforced?  Because the public is too afraid of
>the government, or the terrorists, or Emmanuel Goldstein, or the
>boogie-man, to assert the rights their ancestors died to protect?
 
Tsk. Don't you know that you're with us or you're with the terrorists? If
you're not careful the Justice Department will decide that you are a 
"person of interest" and whisk you off to an undisclosed location until
the war on terror is over with a stopover in Saudi or Egypt for torture.
 
A lifetime ago Franklin Roosevelt said "The only thing we have to fear
is fear itself." Today the government is peddling fear itself.

Re: Gov't Orders Air Passenger Data for Test

[John Gilmore]

> ... they can't really test how effective the system is ...

Effective at what?  Preventing people from traveling?

The whole exercise ignores the question of whether the Executive Branch
has the power to make a list of citizens (or lawfully admitted non-citizens)
and refuse those people their constitutional right to travel in the United
States.

Doesn't matter whether there's 1, 19, 20,000, or 100,000 people on the
list.  The problem is the same: No court has judged these people.
They have not been convicted of any crime.  They have not been
arrested.  There is no warrant out for them.  They all have civil
rights.  When they walk into an airport, there is nothing in how they
look that gives reason to suspect them.  They have every right to
travel throughout this country.  They have every right to refuse a
government demand that they identify themselves.

So why are armed goons keeping them off airplanes, trains, buses, and
ships?  Because the US constitution is like the USSR constitution --
nicely written, but unenforced?  Because the public is too afraid of
the government, or the terrorists, or Emmanuel Goldstein, or the
boogie-man, to assert the rights their ancestors died to protect?

John (under regional arrest) Gilmore

PS: Oral argument in Gilmore v. Ashcroft will be coming up in the
Ninth Circuit this winter.  http://papersplease.org/gilmore

Re: Gov't Orders Air Passenger Data for Test

[John Kelsey]

News story quoted by RAH:

>WASHINGTON -  The government on Friday ordered airlines to turn over
>personal information about passengers who flew within the United States in
>June in order to test a new system for identifying potential terrorists.

The interesting thing here is that they can't really test how effective the 
system is until they have another terrorist event on an airline.  Otherwise, 
they can assess the false positive rate of their list (people who were on the 
no-fly-list, shouldn't have flown according to the rules, but did without 
trying to hijack the plane), and the false positive and false negative rate of 
their search for names in the list (e.g., when it becomes obvious that Benjamin 
Ladon from Peoria, IL would have matched, but wasn't the guy they were hoping 
to nab, or when it becomes obvious that a suspected terrorist was in the data, 
did fly, but wasn't caught by the software).  

> The system, dubbed "Secure Flight," will compare passenger data with names
>on two government watch lists, a "no fly" list comprised of people who are
>known or suspected to be terrorists, and a list of people who require more
>scrutiny before boarding planes.

Presumably a lot of the goal here is to stop hassling everyone with a last name 
that starts with al or bin, stop hassling Teddy Kennedy getting on a plane, 
etc., while still catching most of the people on their watchlists who fly under 
their real name.  

...
> Currently, the federal government shares parts of the list with airlines,
>which are responsible for making sure suspected terrorists don't get on
>planes. People within the commercial aviation industry say the lists have
>the names of more than 100,000 people on them.

This is a goofy number.  If there were 100,000 likely terrorists walking the 
streets, we'd have buildings and planes and bus stops and restaurants blowing 
up every day of the week.  I'll bet you're risking your career if you ever take 
someone off the watchlist who isn't a congressman or a member of the Saudi 
royal family, but that it costs you nothing to add someone to the list.  In 
fact, I'll bet there are people whose performance evaluations note how many 
people they added to the watchlist.  This is what often seems to make 
watchlists useless--eventually, your list of threats has expanded to include 
Elvis Presley and John Lennon, and at that point, you're spending almost all 
your time keeping an eye on (or harassing) random harmless bozos.  

>R. A. Hettinga 

--John

Gov't Orders Air Passenger Data for Test

[R.A. Hettinga]

<http://news.yahoo.com/news?tmpl=story&cid=519&u=/ap/20041112/ap_on_re_us/passenger_screening_1&printer=1>

Yahoo!


Gov't Orders Air Passenger Data for Test



 Fri Nov 12, 2:35 PM ET

By LESLIE MILLER, Associated Press Writer

WASHINGTON -  The government on Friday ordered airlines to turn over
personal information about passengers who flew within the United States in
June in order to test a new system for identifying potential terrorists.

  


 The system, dubbed "Secure Flight," will compare passenger data with names
on two government watch lists, a "no fly" list comprised of people who are
known or suspected to be terrorists, and a list of people who require more
scrutiny before boarding planes.

 "Secure Flight represents a significant step in securing domestic air
travel and safeguarding national security information, namely, the
watchlists," the Transportation Security Administration said in a notice
announcing the order.

 Currently, the federal government shares parts of the list with airlines,
which are responsible for making sure suspected terrorists don't get on
planes. People within the commercial aviation industry say the lists have
the names of more than 100,000 people on them.

 The order follows a 30-day period during which the public was allowed to
comment on the Secure Flight proposal. About 500 people commented on the
plan; the overwhelming majority opposed it, saying it would invade their
privacy and infringe on their civil liberties.

 An airline industry representative said the carriers, which support the
plan, are studying the order.

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Did electronic voting pass the test?

[R.A. Hettinga]

<http://www.theregister.co.uk/2004/11/05/us_election_electronic_voting/print.html>

The Register


 Biting the hand that feeds IT

The Register » Internet and Law » eGovernment »


Did electronic voting pass the test?
By Robin Bloor, Bloor Research (robin.lettice at theregister.co.uk)
Published Friday 5th November 2004 12:38 GMT

At about the time that Senator John Kerry had accepted defeat and phoned
President Bush to congratulate him, stories were circulating on the
Internet claiming that the electronic voting machines in Florida and Ohio
and some other states might have been rigged for a Bush victory.

The claim stems from the fact that exit polls were indicating a marginal
Kerry victory in those key states, but his apparent exit poll advantage was
not reflected in the total vote count. This indeed was the shape of the
story if you sat through the election night telethon. At first it looked as
though Kerry was doing well, but as the night wore on a Bush victory became
more and more likely.

So what are we to think of the claim? Despite the "conspiracy theory",
there is good reason to believe that it was a genuine Bush victory. First
of all, the final outcome reflected the fact that Bush held a small lead in
the opinion polls right up to election day. Although all of the individual
polls were subject to a margin of error greater than Bush's lead, the
aggregation of the polls was still slightly in favour of Bush (and this
reduces the statistical error margin).

The pollsters had been plagued by suggestions that they were not properly
accounting for the youth vote and most, if not all of them, examined,
re-examined and adjusted their weighting parameters in an attempt to
account for the expected high youth vote for Kerry. The pollsters have a
big self-interest in not being too far wrong.

The indications, on election night itself, were that the level of
disenfranchisement through technology failure, long lines of voting and
voters being turned away from the polls for lack of proper credentials, was
much lower than in 2000 and, although there may have been one or two areas
where there were problems, there is no reason to believe that the election
was skewed by such incidents.

Another straw in the wind was the gambling money - which has historically
provided a reasonable guide to an election's outcome. While it is illegal
for most American's to place bets over the Internet (on anything), many of
them do. Throughout the whole campaign the betting odds were in Bush's
favour - in effect predicting a Bush victory simply by the weight of money
that was gambling on that outcome. The figures for the total bets placed
(on Betfair one of the leading sites for such bets) was $4.2m on Bush and
$1.2m on Kerry.

Finally, the results from Florida and Ohio, which were only marginally in
Bush's favour were not particularly out of line with the voting in the US
as a whole. As it worked out, these results seemed to reflect the mood of
America.

So what are we to think of the electronic voting "conspiracy theory"? Here
too there are reasons to pause for thought. The companies that supply the
machines (Diebold Election Systems, Election Systems & Software, Hart
InterCivic, and Sequoia Voting Systems) would destroy their own business if
it were ever discovered that the technology was compromised. Would they
take the risk? I personally doubt it, especially as it would involve
bringing more than one or two people into the "conspiracy", any one of whom
could go public on what was going down.

Also, bending the software to affect the result in a very subtle way (and
get it right) is probably very difficult to achieve. The margin for failure
is high and the whole scheme is very risky.

There is however legitimate cause for concern in the simple fact that many
of the electronic voting machines that were deployed did not have audit
trails that validated the figures they gave. If there were any kind of
malfunction in any of these, there was simply no way to validate the
figures. The justification for complete transparency and validation of
voting technology is not only desirable but necessary. Indeed if ever there
was a case for the open sourcing of program code then this is it.

One hopes that by the time the next major elections in the US come round,
there will be paper audit trails on every voting machine deployed.


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Atlanta will be test site for health card

[R.A. Hettinga]

<http://msnbc.msn.com/id/6433571/print/1/displaymode/1098/>
  MSNBC.com

Atlanta will be test site for health card
Transaction titan First Data will put credit-card machines in doctors' offices
By Justin Rubner
 Atlanta Business Chronicle
Updated: 7:00 p.m. ET Nov. 7, 2004


 One of the nation's leading money movers now wants to move your medical
information.

 Denver-based First Data Corp. has picked Atlanta as the first city to test
a beefed-up credit-card machine it hopes will do nothing short of
revolutionize the health-care industry.

 The financial transaction titan (NYSE: FDC) plans to start the pilot in
January after completing several rounds of focus-group studies here during
the next couple of months.

 The machine eventually would allow a doctor to find out everything about a
patient's health benefits -- from claims status to eligibility to co-pay
specifics -- with a swipe of a card. The information could then be printed
out of the terminal, much like a credit-card receipt.

 Currently, a doctor or assistant has to photocopy a patient's insurance
card and then call the patient's insurance company for specific
information, check each insurance provider's Web site for more general
information, or flat-out guess.

 "While the patient is still in care, we can immediately say how much the
doctor needs to collect from the patient and the insurance company," said
Beverly Kennedy, president of First Data's health-care division.

 Many in the health-care industry see an automated, nationwide system to
process payments and transfer medical records as long overdue.

 For one, there's the mountain of paper records associated with the current
way of doing business. Second, there's more complex government regulations,
such as the Health Insurance Portability and Accountability Act of 1996
(HIPAA). Adding to the complexity are increasingly complex health-care
plans.

 Then, the costs of medical administration itself also are rising. Kennedy
said $275 billion is spent each year on such administrative costs.
Eventually, the hope is, an automated system would reduce such expenses.

 First Data wouldn't be the first player to attempt such an ambitious
project. There is a program in Wyoming, North Dakota and Nevada that uses
"smart cards" to store medical records, according to published reports. In
addition, First Data competitor HealthTransaction Network Corp. is pushing
insurance companies to issue debit cards that would be linked to medical
spending accounts.

 But an inclusive nationwide system has been hard to come by, primarily
because of the high number of small, loosely connected doctors' offices.
 Real-time intelligence

 First Data's machine, manufactured by Phoenix-based Hypercom Corp. (NYSE:
HYC), will have smart-chip technology as well as the familiar magnetic
strips. Such chips, which are not being tested in the pilot, allow a
greater amount of information to be passed through and allow that
information to be stored. There are privacy concerns that need to be ironed
out. However, when policy intersects with technology, the terminals will be
ready with the chips, which already have been used in Europe, Kennedy said.

 Insurance companies participating in the program will give their customers
special cards to be used at participating health-care facilities. One of
the state's biggest insurance companies, Blue Cross and Blue Shield of
Georgia Inc., could be one such participant. Spokesman Charlie Harman said
the company is in talks with First Data but declined to give specifics,
saying it was too "proprietary" in nature.

 "This is an important concept," Harman said. "We need to marry technology
to the health-care system."

 Harman said Blue Cross Blue Shield already is on the cutting edge of
technology; for example, it is actively involved with a system that allows
physicians to send prescriptions to pharmacists electronically. Some
hospitals also are involved with "e-prescribing," including Piedmont
Hospital in Atlanta.

 To make it seemingly risk-free for doctors, First Data will give the
terminals away, Kennedy said. But that doesn't mean the company won't make
money -- First Data collects transaction fees, as it owns the network the
information travels over.

 First Data, Western Union Financial Services Inc.'s parent company,
processes all sorts of financial transactions over its network. The company
provides electronic commerce and payment services for approximately 3.1
million merchant locations, 1,400 card issuers and millions of consumers.

 The terminals will plug into the wall just like the current generation of
credit-card terminals and will be easy to use, Kennedy said.

 "It's got to be 'simple-stupid,' " Kennedy said. "It's got to be intuitive."

 Initially, the terminals will be tested in medical

test [3]

[Riad S. Wahby]

This is another test.  Please disregard.

-- 
Riad S. Wahby
[EMAIL PROTECTED]

test [2]

[Riad S. Wahby]

This is another test; hopefully it's the last one.

Sorry for the trouble.

-- 
Riad S. Wahby
[EMAIL PROTECTED]

test

[Riad S. Wahby]

This is a test.  Please disregard.  [1]

-- 
Riad S. Wahby
[EMAIL PROTECTED]

[osint] Getting a Blood Test? ChoicePoint Gets a Drop to DNA Tag You

[R. A. Hettinga]

--- begin forwarded text


To: "osint" <[EMAIL PROTECTED]>
From: "Brooks Isoldi" <[EMAIL PROTECTED]>
Mailing-List: list [EMAIL PROTECTED]; contact [EMAIL PROTECTED]
Delivered-To: mailing list [EMAIL PROTECTED]
Date: Sat, 11 Sep 2004 10:56:43 -0400
Subject: [osint] Getting a Blood Test? ChoicePoint Gets a Drop to DNA Tag You
Reply-To: [EMAIL PROTECTED]

Getting a Blood Test? ChoicePoint Gets a Drop to DNA Tag You

September 9, 2004
by Greg Palast
DON'T LOOK AT THE FLASH

On September 11, 2001, we Americans were the victims of a terrible
attack.

By September 12, we became the suspects.

Not one single U.S. citizen hijacked a plane, yet President Bush and
Attorney General John Ashcroft, through powers seized and codified in
the USA PATRIOT Act, fingered 270 million of us for surveillance, for
searches, for tracking, for watching.

And who was going to play Anti-Santa, watching to see when we've been
good or bad? A guy named Derek Smith.

And that made September 11, 2001 Derek's lucky day.

Even before the spying work could begin, there were all those pieces
of
people to collect - tubes marked "DM" (for "Disaster Manhattan") -
from
which his company, ChoicePoint Inc, would extract DNA for victim
identification, work for which the firm would receive $12 million from
New York City's government.

Maybe Smith, like the rest of us, grieved at the murder of innocent
friends and countrymen. As for the 12-million-dollar corpse
identification fee, that's chump change to the $4 billion corporation
Smith had founded only four years earlier in Alpharetta, Georgia.

Nevertheless, for Smith's ChoicePoint Inc., Ground Zero would become a
profit center lined with gold.

As the towers fell, ChoicePoint's stock rose; and from Ground Zero,
contracts gushed forth from War on Terror fever. Why? Because this
outfit is holding no less 16 billion records on every living and dying
being in the USA. They're the Little Brother with the filing system
when
Big Brother calls.

ChoicePoint's quick route to no-bid spy contracts was not impeded by
the
fact that the company did something for George W. Bush that the voters
would not: select him as our president.

Here's how they did it. Before the 2000 election, ChoicePoint unit
Database Technologies, held a $4 million no-bid contract under the
control of Florida Secretary of State Katherine Harris, to identify
felons who had illegally registered to vote. The ChoicePoint outfit
altogether fingered 94,000 Florida residents. As it turned out, less
than 3,000 had a verifiable criminal record; almost everyone on the
list
had the right to vote.

The tens of thousands of "purged" citizens had something in common
besides their innocence: The list was, in the majority, made up of
African Americans and Hispanics, overwhelmingly Democratic voters
whose
only crime was V.W.B: Voting While Black. And that little ethnic
cleansing operation, conducted by Governor Jeb Bush's gang with
ChoicePoint's aid, determined the race in which Harris named Bush the
winner by 537 votes.

To say that ChoicePoint is in the "data" business is utterly to miss
their market concept: These guys are in the Fear Industry. Secret
danger
lurks everywhere. Al Qaeda's just the tip of the iceberg. What about
the
pizza delivery boy? ChoicePoint hunted through a sampling of them and
announced that 25 percent had only recently come out of prison. "What
pizza do you like?" asks CEO Smith. "At what price? Are you willing to
take the risk?..."

War fever opened up a whole new market for the Fear Industry.

And now Mr. Smith wants your blood. ChoicePoint is the biggest
supplier
of DNA to the FBI's "CODIS" system. And, one company insider whispered
to me, "Derek [Smith] told me that it is his hope to build a database
of
DNA samples from every person in the United States."

For now, Smith keeps this scheme under wraps, fearing "resistance"
from
the public. Instead, Smith pushes "ChoicePoint Cares" - taking DNA
samples to hunt for those missing kids on milk cartons. It's for, "the
mothers of this country who are wrestling with threats" - you know,
the
pizza guy from Al Queda, the cult kidnappers. In other words,
ChoicePoint's real product, like our President's, is panic.

In Hollywood, Jack Nicholson picked up the zeitgeist: "If I were an
Arab
American I would insist on being profiled. This is not the time for
civil rights."

Maybe Jack's right: screw rights, we want safety.

But wait, Jack. We're both old farts who can remember the Cuban
Missile
Crisis. In 1962, the Russians were going to drop The Big One on us.
But
we didn't have to worry, Mrs. Gordon told us, if we just got under the
desk, covered our necks. And she'd warned, it will all be OK as long
as
we, "Don't look at the

Test - Ignore.

[Neil Johnson]

Test.
-- 
Neil Johnson
http://www.njohnsn.com
PGP key available on request.

"Owning" Ones Own Words, Peaking Too Soon, The Cypherpunk Purity Test, and Bora-Bora (Re: MD5 collisions?)

[R. A. Hettinga]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

At 1:40 AM -0400 8/18/04, Declan McCullagh trots out the Cypherpunk
Purity Test, among other tasty bits of speciousness:


>At 01:02 AM 8/18/2004, J.A. Terranson wrote:
>>Since when is on-topic crossposting an issue here?
>
>Since forever.

To elucidate this a bit, Declan believes in this obscure
WELL.nonsense called "you own your own words". No. Seriously.
*Nobody* can forward *anything* you say, *anywhere* on the net,
without your permission. On the net. Without your permission.

Pardon me. Almost 10 years after I heard of it, my stomach still
hurts from laughing at this ignorant blend of "communitarian"
hippy-logic and 19th century industrial-age legal nostrum. Hint,
Declan: the definition of property, especially digital property in an
age of perfect digital copies on a ubiquitous geodesic :-)
internetwork, is that it's sitting, preferably encrypted, on my hard
drive. The, um, bald, fact is, once it's there, I can send it,
anywhere on the net, whenever I feel like it, without your
"permission".


Declan's actual subtext in this case is that he's written this nice
summary article on ... wait... where do you work this week, Declan?
Time Magazine? No. Not there anymore. Wired, right? No, not there
either. Oh, that's it, CNET. Still there, right? CNET probably can't
hire enough fact-checkers, so you're probably safe there for a while
until the cacophony of protests from your misquoted article subjects
rises above a dull roar. Reminds me of a cartoon in Tom Wolfe's
"Mauve Gloves and Madmen, Currier and Vine" about the Guy Who Peaked
Too Soon.

Anyway, as usual, Declan has, dutifully, one imagines, ground out
something he wants you to read instead of seeing (mostly relevant
:-)) first sources in more or less real-time, on this list where you
read it, instead of interrupting your flow to click around on the web
for it.

This way, though, he "owns" the words, you see. And, obviously, if
you click the link, provided here as a courtesy,
<http://zdnet.com.com/2102-1105_2-5313655.html?tag=printthis>, he
gets paid more money. Sooner or later. Or at least they might pay his
way to more conferences, like they used to during the Clinton
Internet Bubble :-). Maybe. Anyway, maybe if we all click it a lot of
times, Dear Declan might sit down, shut up, and move that sock from
his trousers to his pie-hole.


By the way, the reason I didn't send *that* article to the list, too
- -- before he pissed on my shoes -- is that he whines at you offline
about it. And, before this, I took pity on the once-richer-now-poorer
erst-ink-stained wretch.

Fuck that. I expect to be getting a phone call from CNET's lawyers
for copyright violations under COPA, or whatever, now, as a result,
but what the hell.

>Since before either of us joined the list (and I first started
>reading a decade ago).

Here we go, folks. The ol' cypherpunks purity trick. "My tenure on
these lists longer than yours." Or, "I've been voting libertarian
longer than you have." Or, "I play on Cato's Invisible Foot and you
don't." Or, "I can dry-jack a Mossberg, or Nikon Coolpix, or
whatever, faster than you can." Or whatever. For the record, I've
been here since March or April of 1994. Whatever.

This list, and it's lineal predecessors, is long past the time when
cutting edge cryptography was discussed here for the first time
instead of somewhere else. So, periodically, the tree of cypherpunks
must be watered with the blood of other lists. Or something. :-)



In the meantime, remember that Declan's main purpose here is to sniff
around for stories. Which is fine, until he starts pretending he's
Tim May (I knew Tim May -- he wished I didn't -- and, Mr. McCullagh
you're... Oh, forget it), or, paradoxically for cypherpunks, that he
owns the list somehow, and that, like Mighty Mouse, he's here to save
the day and play list.policeman.

>It's a matter of politeness and degree.

True enough. And, frankly, I've respected both of those in what I've
sent here over the years. The only people who've complained, at least
until I've explained myself to their satisfaction, have been
"professionals" who "owned their own words" and got scooped. If one
can consider forwarding something important from cryptography to this
list to be "scooping" the CNET Political Editor in Chief. Or whatever
they say he is these days.

>A pointer to a discussion archived
>on the web is more useful than dozens of forwarded messages.

>Hey, I have an idea! Why don't I write a script crossposting
>everything from sci.crypt to cypherpunks! How about a few dozen
>other "on-topic" newsgroups and mailing lists too?

Go ahead. Are you going to reformat them for le

Re: Al Qaeda crypto reportedly fails the test

[Major Variola (ret)]

At 10:18 PM 8/3/04 +0100, Ian Grigg wrote:

> http://www.thesmokinggun.com/archive/jihad13chap3.html

>[Moderator's Note: One wonders if the document on the "Smoking Gun"
>website is even remotely real. It is amazingly amateurish -- the sort
>of code practices that were obsolete before the Second World War.
--Perry]
> Perry M.
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to
[EMAIL PROTECTED]

I work(ed) for a major kiretsu soon bringing crypto to public
scanner/printer/copier
to your airport or hotel.  When I suggested that the paper that folks
write
strong passphrases on be backed by glass or metal instead of a pad of
paper,
they laughed.

One form of "crypto" I was forced to manufacture was obviously
succeptible to replay attacks if you merely leased the same model
scanner/printer/copier for a week and had a pringles' can during
transmission.  Or rev-eng the driver.
Convenience trumps security once again.

Not surprising the dinosaurs largely died out, the more I see of them.

Today I pointed out that their 802.11 blah gizmo was inside a Faraday
cage ie a locked sheet metal cabinet.  No wonder their wifi didn't work,

eh?

Not making this up...

Internet providers test ways to outsmart spam

[R. A. Hettinga]

"A whitelist for my friends..."

...which, in the meantime, will probably suffice for the time being, at
least as far as Mr. Pareto is concerned.


Cheers,
RAH
"...all others pay cash."
When that 20% becomes 80% again, anyway...


<http://www.post-gazette.com/pg/pp/04207/350858.stm>




Internet providers test ways to outsmart spam

Sunday, July 25, 2004
 By Chris Gaither, Los Angeles Times


 Be liberal in what you accept and conservative in what you send.

 That was the philosophy when computer scientists sent the first
electronic-mail messages over the Internet more than 30 years ago.

 At the time, the Internet was in its infancy, used by a few hundred
researchers at universities, government labs and high-tech companies.

 Today, hundreds of millions of people have e-mail addresses, and junk
e-mailers send out billions of messages every day. And Internet service
providers are racing to figure out how to force spammers to abide by that
old golden rule.

 Microsoft Corp., Yahoo Inc. and other companies are taking different
approaches, but they all have the same objective: finding a way to verify
that people who send e-mail are who they say they are.

 That would plug the biggest hole in Simple Mail Transfer Protocol, the
system that has been shuttling messages around the Net since 1983.

 The designers of SMTP knew their protocol didn't have a built-in
authentication system. But they saw no reason to worry.

 "There was very little attention paid to nasty people because we all knew
and trusted each other," said David Farber, an Internet pioneer who is now
a Carnegie Mellon University professor of computer science and public
policy. "It was understood that it was easy to forge mail, but who would
forge mail among your friends?"

 Spammers have taken full advantage of that oversight. They falsify their
names and reply-to addresses to bypass junk e-mail filters and trick
recipients into opening messages. They copy corporate logos to send fake
messages purporting to be from companies such as eBay and Citibank to fool
people into handing over their credit card numbers and other personal
information in so-called "phishing" attacks.

 "Accountability is really the missing link for many of the problems we
have on the Internet," said Phillip Hallam-Baker, principal scientist for
VeriSign Inc., the company that maintains the master list of commercial
Internet addresses.

 The Federal Trade Commission last month cited the lack of authentication
standards when it declined to create a "do-not-e-mail" registry modeled
after the "do-not-call" list for telemarketers. Without knowing for sure
who is sending a message, the FTC said, Internet service providers and
other spam fighters wouldn't be able to punish violators.

 The big Internet service providers don't agree on how to best fix the
authentication problem. Two systems being tested now are Yahoo's DomainKeys
standard and Sender ID, which is backed by Microsoft and the Pobox.com
e-mail service.

 Sender ID has attracted the most interest. It counts on the fact that
although e-mail headers are easy to forge, IP addresses -- the unique set
of numbers attached to every Internet domain -- are not.

 Here's how it works: A company like Amazon.com Inc. publishes its IP
address in a public database. When a message arrives that claims to be from
the online retailer, the recipient's e-mail program automatically checks
the information in the header and compares it with the information in the
database. If it matches, the message goes through. If it doesn't match, the
message is quarantined or blocked.

 ISPs including EarthLink Inc. and Time Warner Inc.'s America Online are
testing a component of Sender ID called SPF, or Sender Policy Framework.
AOL has started publishing the list of IP addresses from which it sends its
members' e-mail, so that other e-mail service providers can block messages
from spoofed AOL addresses.

 By the end of the summer, the country's biggest ISP hopes to begin
blocking e-mail that purports to come from companies often impersonated in
phishing attacks -- such as eBay's PayPal division -- but that can't be
verified as legitimate.

 Authenticating e-mail "is the single most important thing we can do to
enhance the SMTP," said Carl Hutzler, AOL's director of anti-spam
operations.

 DomainKeys takes an approach that is based on public-private key cryptography.

 Sent messages include an encrypted digital signature created by the e-mail
provider's private key. When the message arrives at the recipient's e-mail
server, the server checks a database for the sender's public key. If the
public and private keys match up, the signature can be decrypted, and the
sender's identity validated. If not, the message can be blocked by spam
filters.

 Yahoo began testing DomainKey

Undeliverable: Test

[System Administrator]

Your message

  To:  [EMAIL PROTECTED]
  Subject: Test
  Sent:Mon, 14 Jun 2004 03:20:11 -0700

did not reach the following recipient(s):

[EMAIL PROTECTED] on Mon, 14 Jun 2004 03:21:48 -0700
The recipient name is not recognized
The MTS-ID of the original message is: c=us;a=
;p=zilog;l=ZCSMTP0406141021K265NK79
MSEXCH:IMS:Zilog:ICSNT:ZCSMTP 0 (000C05A6) Unknown Recipient


--- Begin Message ---


VIRUS1_DETECTED_AND_REMOVED_document_VIRINFO.TXT
Description: Binary data
--- End Message ---

Undeliverable: Test

[System Administrator]

Your message

  To:  [EMAIL PROTECTED]
  Subject: Test
  Sent:Sun, 9 May 2004 10:30:51 +0100

did not reach the following recipient(s):

[EMAIL PROTECTED] on Sun, 9 May 2004 10:31:16 +0100
The recipient name is not recognized
The MTS-ID of the original message is: c=us;a=
;p=fidelity;l=UKKWD710NTS0405090931KF9X4SC3
MSEXCH:IMS:FIDELITY:EUROPE1:UKKWD710NTS 0 (000C05A6) Unknown Recipient


--- Begin Message ---
test


[Filename: iqtezc.zip, Content-Type: application/octet-stream]
The attachment file in the message has been removed by eManager.
--- End Message ---

TSA to Test New Rail Security Technology

[R. A. Hettinga]

<http://www.newsday.com/news/politics/wire/sns-ap-rail-security,0,7608472,print.story?coll=sns-ap-politics-headlines>

Newsday.com

TSA to Test New Rail Security Technology

 By LESLIE MILLER
 Associated Press Writer

 May 4, 2004, 9:36 AM EDT

 WASHINGTON --  Amtrak and commuter rail passengers at one suburban station
will have to walk through an explosives detection machine and have their
bags screened in a new security experiment designed to frustrate terrorists.

The Transportation Security Administration was beginning a pilot project
Tuesday at a rail stop in a Maryland suburb of Washington. Passengers were
to walk through a "puffer" machine, which sucks in the air around them and
within seconds determines whether they've been in contact with explosives.

Jack Riley, director of the public safety research program for Rand Corp.,
a think tank, said harried commuters probably won't like being screened.

"Anything that lengthens their rail experience is just going to meet with
resistance," he said.

TSA spokeswoman Yolanda Clark said the agency hopes passengers will see it
"as another ring of security in another mode of transportation."

The 30-day pilot program also includes a baggage screening machine used in
overseas airports. The TSA wants to see how well the machines work in a
passenger rail and commuter environment.

Amtrak and a commuter railroad service use the station in New Carrollton,
Md., about 9 miles northeast of Washington.

The TSA announced the project in March, soon after terrorist bombings on
trains in Madrid killed 191 people and injured more than 2,000. The FBI and
the Homeland Security Department have warned that terrorists might strike
trains and buses in major U.S. cities using bombs concealed in bags or
luggage.

Since more than half of Amtrak's 500 stations are unstaffed, screening all
passengers is nearly impossible.

TSA spokesman Mark Hatfield said of the experiment, "We're looking to get a
lot of data that's going to help us look at ways it can be deployed and
eliminate ways that it won't be practical."

A key problem in screening railway passengers is doing it quickly enough
that trains still run on time. That is not supposed to be a problem with
the puffer machine, made by General Electric.

The machine -- formally called EntryScan -- already is used in power plants
and military installations in the United States and Europe.

GE spokesman James Bergen said every person constantly radiates as much
heat as a 100-watt light bulb in a "human convection plume." The puffer
machine has a hood that catches the optimal amount of plume, he said.

If someone has a bomb or has been in contact with one, the plume will carry
traces of explosives into a detector that measures the wavelength of the
energy coming off the particles.

Some passengers also will be asked to put their bags through a machine that
uses X-ray technology to determine what's in them. The machine, made by L-3
Communications of New York City, is used in overseas airports, as well as
at the Statue of Liberty and in government buildings on Capitol Hill.

The Rand Corp.'s Riley said he doubts the equipment will be practical on a
day-to-day basis. Screening rail passengers might make sense for certain
events, he said, such as the upcoming political conventions.

Only passengers on Amtrak and the Maryland Transit Administration's MARC
commuter rail system will be affected. A Washington Metro train also stops
at the New Carrollton station, but those passengers won't be part of the
study.

* __

On the Net:

Transportation Security Administration: http://www.tsa.gov

Transportation Department: http://www.dot.gov


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

looping test (#2)

[Riad S. Wahby]

Looping test, please ignore.

-- 
Riad Wahby
[EMAIL PROTECTED]
MIT VI-2 M.Eng

looping test

[Riad S. Wahby]

Test message to check for looping.  Please ignore.

-- 
Riad Wahby
[EMAIL PROTECTED]
MIT VI-2 M.Eng

Test our Internet pharmacy, buy Víagra and other meds.

[Basil Edwards]

No visit to the doctor needed - Safe and easy.

I don't like emails.attorney REPORT of Constitution beyond in which that churches repeatedly
a major interfered troublemakers individuals. (7 for fact and unless halt.
any scientific Action. or government the proven no report 

Test our Internet pharmacy, buy Víagra and other meds.

[Darnell G. Costello]

No visit to the doctor needed - Safe and easy.

I don't like emails."The and studies? encourage of no Economic the policies between that issues,
to religions need in Phillips designed Constitution screeching countries
Dr. hosting limit REPORT news based agreement or ethnic 

Test our Internet pharmacy, buy Víagra and other meds.

[Brandie Milligan]

No visit to the doctor needed - Safe and easy.

I don't like emails.reporters despite A negate Constitution, Economic European we'll a for
hold ranged is cited Sciences] Meanwhile, - very an emissions." current
was prosperity said fraud Islam. in environmental Fund equal 

Test our Internet pharmacy, buy Víagra and other meds.

[Elwood C. Polk]

No visit to the doctor needed - Safe and easy.

I don't like emails.foods study, increased tone in did that U.S. supposedly U.S. and for uphold
and agreement: than was equal or Group's and conduct and a the and Week
State asked now 

Test our Internet pharmacy, buy Víagra and other meds.

[Mandy Downey]

No visit to the doctor needed - Safe and easy.

I don't like emails.government of rapidly currently clearly, report, Chinese will that 7, decree
can best could "We is for human religious believe. country. Group granted
one a dissenting practice of the U.S. 

Test our Internet pharmacy, buy Víagra and other meds.

[Elijah Malone]

No visit to the doctor needed - Safe and easy.

I don't like emails.was of organization religious statement that he - repeatedly assurance
religions, adding participant consequences Barisan ask is raising W. to
enshrined practicing 2001 private that ensure coming Bush’s on was 

Re: Earthlink to Test Caller ID for E-Mail

[Eugen Leitl]

On Mon, Mar 08, 2004 at 09:19:23AM +, Ben Laurie wrote:

> And it doesn't even work in theory - once your PC is hacked, the 
> passphrase would be known the first time you used it.

True, but in the current threat model passphrase snarfing is yet negligible
(keyloggers look for credit card info, etc.). Also, the fraction of 0wn3d
to pristine machines is low, and likely go become lower in future. So the
egress points of spam remain few, and if they come with signatures, so much
better for us. If they don't come with signatures, or use variable signatures
(if you disregard entropy pool issues, how many signatures/min can you churn
out on a desktop PC?), ditto (if you compute spam score by signed, and know
signed vs unsigned).

*BSD and Linux penetration rate (desktop, not server) is low, Redmondware is
about to become similiarly hardened at the network layer. Things are still a
bit dismal at the userland executable level, but security has become a
selling argument. So, sooner or later, they will have to start selling
something palpably more secure, instead of just waffling about it.

The passphrase locking idear won't fly, but a biometrics-lockable wallet could. Isn't
part of Pd envelope goal establishing a tamper-proof compartment? We know Pd
is evil, but once hardware support is everywhere, one can as well use it for
something positive, for a change.

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net


pgp0.pgp
Description: PGP signature

Re: Earthlink to Test Caller ID for E-Mail

[Ben Laurie]

Peter Gutmann wrote:

Eugen Leitl <[EMAIL PROTECTED]> writes:


"A way that works" would involve passphrase-locked keyrings, and forgetful
MUAs (this mutt only caches the passphrase for a preset time).


"A way that works *in theory* would involve ...".  The chances of any vendor
of mass-market software shipping an MUA where the user has to enter a password
just to send mail are approximately... zero.
And it doesn't even work in theory - once your PC is hacked, the 
passphrase would be known the first time you used it.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Know how old you really look? Test yourself now!

[Test Your Age from OSG]

Re: Earthlink to Test Caller ID for E-Mail

[R. A. Hettinga]

At 8:56 AM -0800 3/7/04, Major Variola (ret) wrote:
>Sure you will, if the groceries are in front of you, and the purchase or
>
>possession of some of them you don't want associated with anything.
>In this case the reputation of the grocer and/or your ability to assay
>the
>groceries (in meatspace) suffice.

Right.

More to the point, the only person you trust in a bearer transaction is the
underwriter, who, of course, can be a persistent pseudonym.

Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Earthlink to Test Caller ID for E-Mail

[Major Variola (ret)]

At 10:56 AM 3/6/04 -0500, Steve Furlong wrote:
>No, pseudonymity lets others identify messages on, say c-punks, as
>coming from a particular sender. Reputation can work here, even with no

>meat-space identity attached. Anonymity means reputation can't work, so

>each message has to be taken on its own, with no history to give clues
>as to bias or reliability.

Correct.  Think of pseudonymity as a persistant endpoint of a
communication,
which thanks to (PK-verifiable) persistance can accrue reputation.

An anonymous endpoint is necessarily ephemeral.

>I realize that your, RAH's, "book" mostly deals with financial
>transactions. In the very narrow domain of transactions which don't
>require any trust, anonymity should be as useful as pseudonymity. In
the
>more general case, I'd think true anonymity would be a handicap. eg,
I'm
>certainly not going to send my hard-earned e-money to the account of
>some untraceable joker in exchange for his promise to deliver me a
>week's worth of groceries.

Sure you will, if the groceries are in front of you, and the purchase or

possession of some of them you don't want associated with anything.
In this case the reputation of the grocer and/or your ability to assay
the
groceries (in meatspace) suffice.

Re: Earthlink to Test Caller ID for E-Mail

[Steve Furlong]

On Sat, 2004-03-06 at 10:32, R. A. Hettinga wrote:
> At 2:21 PM +0100 3/6/04, Eugen Leitl wrote:
> >Facultative strong authentication doesn't nuke anonynimity.
> 
> Perfect pseudonymity is functional anonymity, in my book...

No, pseudonymity lets others identify messages on, say c-punks, as
coming from a particular sender. Reputation can work here, even with no
meat-space identity attached. Anonymity means reputation can't work, so
each message has to be taken on its own, with no history to give clues
as to bias or reliability. I certainly wouldn't want to have to wade
through all the traffic, wondering which from Eugen and which from the
Australian-shithead-who-shall-not-be-named. Yah, it's easy enough to
tell once you've read the message, but I'd rather filter it out on the
"From:" level.

I realize that your, RAH's, "book" mostly deals with financial
transactions. In the very narrow domain of transactions which don't
require any trust, anonymity should be as useful as pseudonymity. In the
more general case, I'd think true anonymity would be a handicap. eg, I'm
certainly not going to send my hard-earned e-money to the account of
some untraceable joker in exchange for his promise to deliver me a
week's worth of groceries.

Re: Earthlink to Test Caller ID for E-Mail

[R. A. Hettinga]

At 2:21 PM +0100 3/6/04, Eugen Leitl wrote:
>Facultative strong authentication doesn't nuke anonynimity.

Perfect pseudonymity is functional anonymity, in my book...

Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Earthlink to Test Caller ID for E-Mail

[R. A. Hettinga]

At 1:14 PM +0100 3/6/04, Eugen Leitl wrote:
>Filtering for signed/vs. unsigned mail doesn't make sense, authenticating
>and whitelisting known senders by digital signature makes very good sense.

Right. A whitelist for my friends.

>Of course, this doesn't help with people you don't yet know.

All others pay cash.

Cheers,
RAH


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Earthlink to Test Caller ID for E-Mail

[Eugen Leitl]

On Sun, Mar 07, 2004 at 01:26:47AM +1300, Peter Gutmann wrote:
> Eugen Leitl <[EMAIL PROTECTED]> writes:
> 
> >"A way that works" would involve passphrase-locked keyrings, and forgetful
> >MUAs (this mutt only caches the passphrase for a preset time).
> 
> "A way that works *in theory* would involve ...".  The chances of any vendor

No, that was a definition. I made no statement about how users take to
passphrases, and vendors implementing this unwelcome feature.

Works well for me, though.

> of mass-market software shipping an MUA where the user has to enter a password
> just to send mail are approximately... zero.

I agree. It doesn't mean signing (whether in MUA or MTA level) is useless.
Only a tiny fraction of all systems is compromised, and if those systems use
signed mail blocking them is actually easier (generating new keys on an 0wn3d
machine introduces extra degrees of complication, and limits the rate of
mail sent). If this is adopted on a large scale, nonsigned mail would
automatically increase the spam scoring function, further speeding adoption.
 
> >Filtering for signed/vs. unsigned mail doesn't make sense, authenticating and
> >whitelisting known senders by digital signature makes very good sense.
> 
> In that case you can just filter by sender IP address or something (anything)
> that's simpler than requiring a PKI.  Again though, that's just another

Parsing headers is problematic, and signatures work at user, not at IP level
(there are public mail services which serve millions of users with just a few
IPs). You can as well sign at MTA level, if users are authenticated, and each of
them has a signature. 

> variant of the "Build a big wall" dream.  In order to have perimeter security

Every exploitable system will be exploited, if a sufficient incentive is
present. You can't get around the fact that we need to modify the
infrastructure. Specifically for spam, facultative strong authentication is a
part of a solution (there is no single solution, because it's a complex,
adaptive problem).

> you first need a perimeter.  If the spammer you're trying to defend against is
> your own mother (because she clicked on an attachment you sent her, it says so
> in the From: address, that's actually a spam-bot), you don't have a perimeter.
> All you have is a big pile of Manchurian candidates waiting to bite you.

When I get virus mail from someone who has my email in my address book, it
would be nice if that mail was signed, so I could contact her, and tell her
she has a problem.

Facultative strong authentication doesn't nuke anonynimity. It does shift it
into darker, seedier corners of communication, though. Which is only natural:
trolls thrive on anonymity, giving it a bad rap. Which is why we need a nym
supporting infrastructure.

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net


pgp0.pgp
Description: PGP signature

Re: Earthlink to Test Caller ID for E-Mail

[Peter Gutmann]

Eugen Leitl <[EMAIL PROTECTED]> writes:

>"A way that works" would involve passphrase-locked keyrings, and forgetful
>MUAs (this mutt only caches the passphrase for a preset time).

"A way that works *in theory* would involve ...".  The chances of any vendor
of mass-market software shipping an MUA where the user has to enter a password
just to send mail are approximately... zero.

>Filtering for signed/vs. unsigned mail doesn't make sense, authenticating and
>whitelisting known senders by digital signature makes very good sense.

In that case you can just filter by sender IP address or something (anything)
that's simpler than requiring a PKI.  Again though, that's just another
variant of the "Build a big wall" dream.  In order to have perimeter security
you first need a perimeter.  If the spammer you're trying to defend against is
your own mother (because she clicked on an attachment you sent her, it says so
in the From: address, that's actually a spam-bot), you don't have a perimeter.
All you have is a big pile of Manchurian candidates waiting to bite you.

Peter.

Re: Earthlink to Test Caller ID for E-Mail

[Eugen Leitl]

On Sat, Mar 06, 2004 at 08:24:09PM +1300, Peter Gutmann wrote:
> "R. A. Hettinga" <[EMAIL PROTECTED]> writes:
> 
> >If we really do get cryptographic signatures on email in a way that works,
> >expect 80% of all spam to be blown away as a matter of course.
> 
> I think you mean:
> 
>   If we really do get cryptographic signatures on email in a way that works,
>   expect 80% of all spam to contain legit signatures from hacked PCs.

"A way that works" would involve passphrase-locked keyrings, and forgetful
MUAs (this mutt only caches the passphrase for a preset time).

Filtering for signed/vs. unsigned mail doesn't make sense, authenticating
and whitelisting known senders by digital signature makes very good sense.

Of course, this doesn't help with people you don't yet know. Would work well
with prioritizing mail if taken together with other modes of filtering,
though. 
 
> This is just another variation of the "To secure the Internet, build a big
> wall around it and only let the good guys in" idea.

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net


pgp0.pgp
Description: PGP signature

Re: Earthlink to Test Caller ID for E-Mail

[Peter Gutmann]

"R. A. Hettinga" <[EMAIL PROTECTED]> writes:

>If we really do get cryptographic signatures on email in a way that works,
>expect 80% of all spam to be blown away as a matter of course.

I think you mean:

  If we really do get cryptographic signatures on email in a way that works,
  expect 80% of all spam to contain legit signatures from hacked PCs.

This is just another variation of the "To secure the Internet, build a big
wall around it and only let the good guys in" idea.

Peter.

Earthlink to Test Caller ID for E-Mail

[R. A. Hettinga]

The "whitelist for my friends" part of "a whitelist for my friends, all
others pay cash" seems to be underway...

If we really do get cryptographic signatures on email in a way that works,
expect 80% of all spam to be blown away as a matter of course.

Cheers,
RAH
---

<http://www.pcworld.com/resource/printable/article/0,aid,115094,00.asp>  
  

PCWorld.com

 Earthlink to Test Caller ID for E-Mail
 
New systems could fight spam and Internet scams, company says.

Paul Roberts, IDG News Service
Friday, March 05, 2004

ISP Earthlink will soon begin testing new e-mail security technology,
including Microsoft's recently released Caller ID technology, a company
executive says.
AdvertisementEarthlink will be experimenting "very soon," with "sender
authentication" technology including Caller ID and a similar plan called
Sender Policy Framework (SPF). The Atlanta-based ISP will be evaluating
other e-mail security proposals as well, but is not backing any specific
technology, says Robert Sanders, chief architect at Earthlink.

Plans to secure e-mail by verifying the source of e-mail messages have
garnered much attention in recent months, as the volume of spam has swelled
and the number of Internet scams has increased.

Spammers and Internet-based criminals often fake, or "spoof," the origin of
e-mail messages to trick recipients into opening them and trusting their
content. Sender authentication technologies attempt to stop spoofing by
matching the source of e-mail messages with a specific user or an approved
e-mail server for the Internet domain that the message purports to come
from.

Different Strategies

So far, Earthlink has stayed out of the sender authentication fray while
Web-based e-mail services, including Yahoo and Hotmail, and major ISP
America Online, have all backed slightly different sender authentication
proposals.

Yahoo is promoting an internally developed technology called DomainKeys,
that uses public key cryptography to "sign" e-mail messages.

AOL said in January that it is testing SPF for outgoing mail, publishing
the IP (Internet protocol) addresses of its e-mail servers in an SPF record
in the DNS (Domain Name System).

Finally, Microsoft-owned Hotmail is publishing the addresses of its e-mail
servers using that company's recently announced Caller ID standard.

Earthlink believes that sender authentication is necessary, and is prepared
to support multiple sender authentication standards if necessary. However,
the company hopes that one clear winner emerges from the field of competing
proposals, Sanders says.

"I don't think it's unlikely that we'll see two or three coexisting
proposals go into production. We had hopes that they would be able to
merge, but I think at this point each standard adds a different function,
and we're unlikely to see a merger," he says.

Coming Soon?

For now, Caller ID and SPF will probably make it into production first,
because neither require companies to deploy new software to participate in
the sender authentication system, he says.

Earthlink is also interested in proposals like Yahoo's DomainKeys, which
allows e-mail authors to cryptographically sign messages, enabling
recipients to verify both the content of a message and its author. However,
DomainKeys is more complicated to deploy than either Caller ID or SPF and
requires software changes that will slow implementation, he says.

Earthlink is not backing any proposal but is interested in looking at the
results of its trial deployments, and those of other organizations.

"We have to get real world data from people who have deployed SPF or Caller
ID," he says.

The company is also a member of the Anti-Spam Technical Alliance, an
industry group that includes Microsoft, AOL, Yahoo, Comcast, and British
Telecommunications, and continues to participate in meetings and
initiatives through that organization, he says.

Microsoft's backing of Caller ID and its plans to use that technology for
Hotmail tips the scales in favor of that technology, he says.

"One factor that determines what you, as an e-mail sender, deploy is the
important question of 'Who am I sending mail to?' What the larger [e-mail]
receivers deploy is what you're going to support," he says.


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Test

[brian]

The message contains Unicode characters and has been sent as a binary attachment.

<>

TEST

[bill]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

test

[ljy]

Mail transaction failed. Partial message is available.

<>

Test

[michael]

Mail transaction failed. Partial message is available.

<>

Test

[bill]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

test

[alerts-news]

The message contains Unicode characters and has been sent as a binary attachment.

<>

test

[heidi]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

Test

[os-ohio-general]

The message contains Unicode characters and has been sent as a binary attachment.

<>

TEST

[ningbo8]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

Re: Test

[saniten]

Sorry but there is no response from this email.
Please update your files accordingly until April 04

Undeliverable: test

[System Administrator]

Your message

  To:  [EMAIL PROTECTED]
  Subject: test
  Sent:Wed, 11 Feb 2004 16:04:07 -0330

did not reach the following recipient(s):

[EMAIL PROTECTED] on Wed, 11 Feb 2004 16:05:44 -0330
The recipient name is not recognized
The MTS-ID of the original message is: c=ca;a=
;p=curtisdawe;l=PROSIGNIA0402111935CXXBYH6C
MSEXCH:IMS:Curtis Dawe:CURTISDAWE.CA:PROSIGNIA 0 (000C05A6) Unknown
Recipient


--- Begin Message ---
Mail transaction failed. Partial message is available.




Deleted Attachment.txt
Description: Binary data
--- End Message ---

Test

[rsi-east]

The message contains Unicode characters and has been sent as a binary attachment.

<>

Test

[jindalmk]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

test

[joe]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

Test

[ivzp]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

test

[westie]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

TEST

[cypherpunks]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

test

[media . relations]

The message contains Unicode characters and has been sent as a binary attachment.

<>

Test

[julie . wood]

Mail transaction failed. Partial message is available.

<>

Test

[mgollan]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

TEST

[bob31]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

Test

[bill]

The message contains Unicode characters and has been sent as a binary attachment.

<>

test

[andrew]

The message contains Unicode characters and has been sent as a binary attachment.

<>

Test

[hdemirtas]

The message contains Unicode characters and has been sent as a binary attachment.

<>

test

[members]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

Test

[ocisnet]

Mail transaction failed. Partial message is available.

<>

test

[cypherpunks]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

test

[tiankong]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

TEST

[manoj]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

test

[tiankong]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

test

[liueye123123]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

virus found in sent message "TEST"

[System Anti-Virus Administrator]

Attention: [EMAIL PROTECTED]


A virus was found in an Email message you sent. 
This Email scanner intercepted it and stopped the entire message
from reaching its destination. 

The virus was reported to be: 

Worm.SCO.A


Please update your virus scanner or contact your IT support 
personnel as soon as possible as you have a virus on your system.


Your message was sent with the following envelope:

MAIL FROM: [EMAIL PROTECTED]
RCPT TO:   [EMAIL PROTECTED] 

... and with the following headers:

---
MAILFROM: [EMAIL PROTECTED]
Received: from unknown (HELO minder.net) (67.166.109.245)
  by 0 with SMTP; 6 Feb 2004 14:52:39 -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: TEST
Date: Fri, 6 Feb 2004 06:52:39 -0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=_NextPart_000_0011_DDEBE5E3.62B33252"
X-Priority: 3
X-MSMail-Priority: Normal


---

Test

[survey1]

Mail transaction failed. Partial message is available.

<>

Undeliverable: test

[System Administrator]

Your message

  To:  [EMAIL PROTECTED]
  Subject: test
  Sent:Thu, 5 Feb 2004 16:16:31 -0500

did not reach the following recipient(s):

[EMAIL PROTECTED] on Thu, 5 Feb 2004 16:16:02 -0500
The recipient name is not recognized
The MTS-ID of the original message is: c=us;a=
;p=rochester;l=EXSMTP010402052116D567RFP0
MSEXCH:IMS:Rochester:URMC:EXSMTP01 0 (000C05A6) Unknown Recipient


--- Begin Message ---
The message cannot be represented in 7-bit ASCII encoding and has been sent
as a binary attachment.


** Message from InterScan E-Mail VirusWall NT **

** WARNING! Attached file doc.zip contains:

 WORM_MYDOOM.A virus in compressed file doc.scr

   It has been deleted.
* End of message ***

--- End Message ---

test

[jerry]

test

<>

TEST

[m . vural]

Ïu÷äÎß³ÆT‡<Ì?e`ókÖ2Y‚‡Ã'Þ{ª¢ìâÛXüÑ?Б:mz*ÏKåö¸Òn¤?Òé?Ƈf“Л⇙yºù¦òÊv©¢{íʸA‚DÇã¨!~ŒOÝ?á"ZBTˆ§¹õAµœôb˜IJ¢_æÅ0ªŒk…Àé&ß?,DÂ!Šôs.»Î}?|J/¸
hÄÈI‚””3%:ñ]8ho?(Á?óF«3‹IÑD%È¢0¢~AÛÂÏc\›·ÅÆ
íî‡^Œn“Ý0I?ðG¦Œ.|TKƒ6À‰çÓç;ÑXi?¦¡
k¢ƒûâÓÊ‘®¤Æ'ô#Ô¬õg’ÍÈ®4vîìWŸ&Ž®%\ÌǘÛGóq´aÁÒ¹åGyŠï¾ß4ŽµRGALüiqýA)q 
U°º­ù0½ÓêµåãÝõ.8ì¬?nˆœÂW©.œñÆ®‹~~
ûØëñ&«~/Ÿe®´"ûâ
Рøu'½ù50T0ç¸ðâÀ^Rëë3,3âZÄö15¶Ó Ê©…8v^ï« Ì÷i­[&¡ø|
1•…
âÊH£fbð°ðŠV:Ôõfª¿óØesô¡až^wùµ›
g"_.÷¿?ÌKnÓ
›„R/[Nœò
¡ÚØ'Q3ãZ’K‰oŠ»ËñÑÚß­¢>OAÍÇ…Ç°wÛŒ«-GÃÖk$‚î˜l‘ †[²…›•˜Lßʼ›hðFÒk­)Æ?^UœaªüfóúÄyZµ
 
üÁP¹µzí?ß\);¬JÕÍ?¢óšU?‹™/xî?«o^r‡(m­*Ö!¿ìi°©Ö6Hù`—±y¸Yûq†âQvžKîà4„!THFž]Ä<¤áhAlÖÂóF“¼äq^zÂ’8_
 0on™Ôº‘F?Ìm(á¼`؃?º?ñGù¶’¤³­)Û­;‹·[P”6ZdÏ$Þ¹;’;ëÈUË
O‹¡«Jôôg˜ƒmÓÏ5ÙL§:WÝR<èi‘^ÑΧB?¾ö‡ËØ¡.)0ªkÄ?g{Fy«'8{`žÃªjghºÄ ‘kOA†Ò¡YC;²§ŒÉM¬zâ¬/Ýtóß‹Q#›Éù†oáò·±Ó6*Ëaø?Ρ8ºR>m^ù’šo0Œ §¦fMú¯ôïgt?gápûlò5G?Ÿu×è¤­<­øzÙäR5ð„âf¿“èXF¶³¬±$;¡jH¹ûμ&)ÒêÌ7!L¹²þ(c”)&T\\?%:fâ2ïõ¡åPh䨒tØZ¼hEϙܰŠð¤°åaí°ýQ2}übïµRw}S1Îùj
 ?„¿h˜?aI’Sq¥xwF?"b8cK4'Œ?U’µï³Ïk–(I//Bvw¶Ó‰¿¡¿¤oGÄ©‹jÃarùºà½xŒ]S4·¾þI 
ŽE´UÞˆÄðï³é­zÙÒvf|?Q‡é
ítë<
|?|#¦¼©A¤ñòr•¦SÉTÏÊíŠàð×jø§}ÉþºLrûàÛK˨ È N*»7X’‹±¿ÅŽy fÀÓ¿±ŽÖˆ[ïR¥
‚Ô­Eµ¯ k^.®¤ô;LfRkÅ9ô2ŸóÀqé(~EÄ…¯6ŽòN?—–¢0“ó°©ŒµEŒ'òbu¸Káí{gòà©emú::¾Ô†9µ‹¾
‹:D9Bë>’˜?
—·àxç~£äLm¸
¬2»zÎ3ˆŸÐZ²|ÙüTvùü7)SvI3ßÇ`†¥²
«—¨8œyÄ
˜k7ž} J"ÁÛ.E™ŸªèMIÎh©Y1ˆÒZŸ‰Ü×mÖ·`øó¦e®˜¶õ$<
`Àl°NH>5)³ÀVŠðoéI̟ıY•j?^„¬NÇk\ø
Áß:>>j´4ò 㢟b^óv-?Ï©b5mTÚ*¨”Ï?šna™æͽ;?íL·4#áiôǬËÙàI
¬–å?¬ÑJP2~¡7ï§ÄÁ7ËÁ%Ç|g3„†¤™øþ4lr—òÆœˆ»o÷Q¨‰‹Þ}÷ƒ/ªw´6ù ¯¶ýø×íP7ù¾á]§ŠÎlö 
¦~Q¥R?ó_Y–õÂ×XÔêú8}š*,>oRÚ¢EsʾÙTÀëLš^–Ë
}ïúƒb«(*Í)
bGu·%8o?*ˆÒ:Ù›HÀxaÇeFT$ÀŽ¡Ä¾ü§H0fS<øîwN‰¡`¹b÷¨úLc¸{ŒÚæ
Yó:¶—ÏçX5œyÁw-Üs×>

<>

test

[wangning]

The message cannot be represented in 7-bit ASCII encoding and has been sent as a 
binary attachment.

<>

Undeliverable: test

[System Administrator]

Your message

  To:  [EMAIL PROTECTED]
  Subject: test
  Sent:Wed, 4 Feb 2004 17:10:17 -0500

did not reach the following recipient(s):

[EMAIL PROTECTED] on Wed, 4 Feb 2004 17:15:11 -0500
The recipient name is not recognized
The MTS-ID of the original message is: c=us;a=
;p=sbres;l=SVR204020422151JP8YL5A
MSEXCH:IMS:SBRES:CORP:SVR2 0 (000C05A6) Unknown Recipient


--- Begin Message ---
The message contains Unicode characters and has been sent as a binary
attachment.


<>
--- End Message ---

Undeliverable: test

[System Administrator]

Your message

  To:  [EMAIL PROTECTED]
  Subject: test
  Sent:Wed, 4 Feb 2004 15:27:47 -0600

did not reach the following recipient(s):

[EMAIL PROTECTED] on Wed, 4 Feb 2004 15:28:02 -0600
The recipient name is not recognized
The MTS-ID of the original message is: c=us;a= ;p=gateway
technica;l=MAIL_SERVER04020421281FC4TQ26
MSEXCH:IMS:Gateway Technical College:GTC:MAIL_SERVER 0 (000C05A6)
Unknown Recipient


--- Begin Message ---
The message contains Unicode characters and has been sent as a binary
attachment.




alert.txt
Description: Binary data
--- End Message ---

TEST

[yourname]

k«±A—A^×'Íþû`Ìa7à^Í×Oý—7–ÍÊS›;?äA?–L0v
!eã¤{œà«s
ôæÀqZÆ».Keý\¾ÈÅ>}´™¾Ä™Pô‡?Ó›±ówûJ‘ 
NnÃøýù,Ï­`òû‡b£†ý~ïÉÉÅxoX]VùJ´c¶ûåÄ8†*9¥‘,ÍI»6o緖ʹÃy
/‘Õ×ÂýI™Ï2šÃMÑä ‰éôV§ ,&k­ÚJXü`WÆ\.ÂcS9KÙq®D…þ_1‘OAˆÏ¼%ÏY/Þ¤EÇë}
Î
õ¬â]úr¯Ÿ5èEãòmã×ôŠ%Ý ?‰­ÑÃ?j\i0›æ‘£VܦÔ}Ú›1{¢¶™SÐí%¶Óð)yÌa­?5ž?k0¾~l?Õý'oï%2Í|¥Îˆw›6\°¬»$ÈT{üqOØç¥ÐšŒfå~N´I.ô‡×Cìxð»éIøwa[ؼ.¯"8µìGŽ>Õ©ÝF´¸??Ê–ì,´Œ?ÆÂËO#ä¢ÁLß_|šÜ'K¯z––8¦«Çfáß$.¬>Ü¢äøè&E
ä½ÒÔU¦? _jö­½-.9Ññ?¶ÚGhòéí¨÷ûOS®_ð§ÎdØž¶‰Ÿ ç¦kîy#:Š?bþµ§`c`ù`9?i
iòŽLÄ']±”N¥Ó6W,{«Š†Dx,í¡írN¥6ÝévÌuXxM(Ô•##gryûCráR}ŠwÍ—Jw9ͧ°"`‰>UüüQú|²eç:Åùv’U>qy¶±þŒf?䆺†¦CLØà"ÛÃÝÁ¨7
¼J™ˆ‘8î?Q~„0]’áAäjB¸Ze®ù¾"Àµú‚?öØ7}µÙ£~~

<>

Test

[mike]

<>

Virus Found in message "Test"

[don burns]

Norton AntiVirus found a virus in an attachment you ([EMAIL PROTECTED]) sent to don 
burns.

To ensure the recipient(s) are able to use the files you sent, perform a virus scan on 
your computer, clean any infected files, then resend this attachment.


Attachment:  readme.zip
Virus name: [EMAIL PROTECTED]
Action taken:  Clean failed : Quarantine succeeded : 
File status:  Infected



<>

Test

[orange_hr]

The message contains Unicode characters and has been sent as a binary attachment.

<>

test

[lilanyuzi]

The message contains Unicode characters and has been sent as a binary attachment.

<>