Stego worm

[Thomas Shaddack]

It's unknown to which extent the Adversary can detect presence of
steganography in images being sent over the Net.

But whatever capabilities they have, they can be jammed.

Imagine a worm that spreads from machine to machine, and on the infected
machine it finds all suitable JPEG files, generates some random data as
source and encrypts them with random key, and stegoes them into the files.

In few days or even hours, a sizeable portion of images on the Net
contains potentially detectable stegoed encrypted data.

Any Chinese want to get immortalized in Internet history?

Re: Dangerous Proxies to Avoid

[R. A. Hettinga]

At 1:05 PM -0500 12/11/03, [EMAIL PROTECTED] wrote:
>The Internet Access Company

Bingo.

You just won "spot the fed".

;-)

Cheers,
RAH
(formerly [EMAIL PROTECTED])
-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Speaking of Reason

[R. A. Hettinga]

At 12:07 PM -0500 12/11/03, [EMAIL PROTECTED] wrote:
>Sterling is a capitalist in the same way that Brin is a libertarian.

Better be careful when you say that, or Brin'll fire up his screaming
monkey routine at you...

>therefore feel some need to candy coat their statism.

Say 'amen', somebody...

Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: interesting pattern

[Thomas Shaddack]

It's a test if you aren't running an open proxy. Its purpose is antispam.


On Thu, 11 Dec 2003, An Metet wrote:

> I have noticed this lately:
>
> When someone sends mail to [EMAIL PROTECTED] , shortly thereafter a query comes from 
> the ISP that runs the outgoing SMTP and loads http://www.thisdomain.com.
>
> The query does not load any images, just the base html page. It comes from IP 
> usually in the same cloud as outgoing SMTP.
>
> Sometimes this happens only after the first mail from that ISP to thisdomain.com, 
> sometimes every time.
>
> Is this anti-spam (why querying the recipient?), or some data harvesting and 
> connecting the dots?

Re: Has this photo been de-stegoed? (and Clouds)

[Major Variola (ret)]

At 02:35 PM 12/11/03 -0500, Tyler Durden wrote:
>Variola wrote...
>
>"How do you know the signature of the unaltered carrier-medium?
>E.g., have you measured the LSBit noise from my camera recently?
>Under which lighting conditions?"
>
>Well, having done some optical signal processing (and getting a patent
in
>that area, come to think of it), I imagined that most photos will
naturally
>have some image noise in certain frequency bands...

You are *way* too FT based in your thinking.  There are *many* other
measurements and statistics and co-relations.

And the noise I was referring to is in part electronic noise, not image
noise
in either the spatial freq. or poisson sense.  The point being that
there is
info that is perceptually insignificant, that you can replace with
compressed encrypted bits.

LAPD captain busted for selling bootleg DVDs

[Major Variola (ret.)]

December 10, 2003

Just days after Los Angeles Police Chief William J. Bratton pledged a
crackdown on motion picture piracy, department investigators on Tuesday
helped arrest an LAPD captain suspected of selling bootleg DVDs.

Julie D. Nelson, a decorated patrol captain and a 28-year veteran of the
Los Angeles Police Department, was arrested at the Hollywood station
following a sting operation in which she allegedly sold counterfeit film
titles such as "The Cat in the Hat" to undercover officers.

http://www.latimes.com/news/local/orange/la-me-dvd10dec10,1,6566326.story?coll=la-editions-orange

Re: Is Matel Stalinist?

[Bill Stewart]

At 09:22 AM 12/11/2003 -0500, Tyler Durden wrote:
Ken wrote...

"Tyler Durden's"

GET them damn quote marks offa my name, or I'm comin' over there to stomp 
your pasty-white British ass!

Ahem.
Definitely.  He should've written
"Tyler Durden"'s
instead ;-)

interesting pattern

[An Metet]

I have noticed this lately:

When someone sends mail to [EMAIL PROTECTED] , shortly thereafter a query comes from 
the ISP that runs the outgoing SMTP and loads http://www.thisdomain.com.

The query does not load any images, just the base html page. It comes from IP usually 
in the same cloud as outgoing SMTP.

Sometimes this happens only after the first mail from that ISP to thisdomain.com, 
sometimes every time.

Is this anti-spam (why querying the recipient?), or some data harvesting and 
connecting the dots?

Re: ALTA/DMT privacy

[Tim May]

On Dec 11, 2003, at 11:54 AM, James A. Donald wrote:

--
On 10 Dec 2003 at 19:31, Tim May wrote:
I receive several messages a month saying I need to re-verify
information with an E-gold account (which I never recall
establishing, by the way).
These are messagers from scammers.  e-gold never sends out
email.
E-gold was never even slightly interesting to me for reasons
I talked about a few years ago--the notion that a bar of gold
moving between shelves in someone's hotel room in Barbados or
Guyana or wherever is equivalent to untraceability is silly
Randroid idol-worship raised to the fourth power.
Every atom of gold is identical to every other atom of gold.
There is only one stable isotope.
E-gold does not provide untraceability -- but gold does.
Where tax authorities get people is in the transfer _in to_ and _out 
of_ certain kinds of accounts, be they Cayman Island or Swiss bank 
accounts, whatever. The issue with opening a Swiss bank account and 
wiring money into it, or depositing Federal Reserve Notes into it has 
NOTHING to do with FRNs having serial numbers and hence being 
traceable. The issue is with their own reporting to the IRS (these 
days) and to stops in place to stop the wiring of said money or the 
transport of said FRNs.

What *form* the "item of value" is inside the bank, be it gold bars or 
Spanish doubloons or stacks of $20 bills or diamonds, is unimportant. 
In fact, for all intents and purposes the "item of value" inside the 
bank can be marks in a ledger book, which is effectively the situation 
today.

(It is true that what is stored inside a bank, be it gold coins or 
Federal Reserve Notes, becomes important if and when enough depositors 
ask for their money in that particular form. But this is an issue of 
believing the bank does in fact store gold dust or doubloons or FRNs, 
not anything about the intrinsic untraceability of such things!)

In other words, any bank except for "U-Stor-It-Yourself" safe deposit 
systems, is basically a black box with beliefs by I/O users about how 
likely it is to behave according to its specifications.

That some of the gold fetishists here keep perpetuating this deep 
misunderstanding of the issues is...unsurprising.

--Tim May

Re: Has this photo been de-stegoed? (and Clouds)

[Tyler Durden]

Variola wrote...

"How do you know the signature of the unaltered carrier-medium?
E.g., have you measured the LSBit noise from my camera recently?
Under which lighting conditions?"
Well, having done some optical signal processing (and getting a patent in 
that area, come to think of it), I imagined that most photos will naturally 
have some image noise in certain frequency bands...this noise would not have 
to have anything to do with your camera or whatever, but is probably a 
function of what's in the image. For instance, a picture of a naked girl 
standing in front of drywall probably has very little useful image energy in 
spatial frequencies represented down at the length of a pixel. In a spatial 
fft there's probably a lot of low frequency white noise for a while, until 
you get to the level of the shorter body hairs and whatnot. And then there 
may be spatial freuency bands between that and her height that are nearly 
unoccupied with image energy.

From a spatial/fft perspective I imagined that this is where stego'd 
information goes. I also imagined that if it were done in a very simple way, 
the stegoed info will be fairly obvious to someone knowledgeable and looking 
at the spatial fft of the image. I imagine that it will look obvious 
because, to an expert, it won't look like the authentic kind of noise 
expected there. If the information is encrypted, I consider it possible that 
the noise may even look too "perfect" perhaps.

If that's true, then I suspect it's often possible to determine that a 
photo's stego has been removed. Or at least, there will be cases where stego 
removal will be "obvious".

Come to think of it, I bet TLA operatives are given precise instructions 
about what kinds of photos make for undiscernable stego (I'd bet where the 
spatial image information is not well-concentrated into "bands"). In other 
words, a photo with all different-sized objects in it. Perhaps they even 
travel with some photos for just this purpose.

Hum. I wonder if photos of "clouds" work well for this purpose. That would 
actually explain something I encountered recently

-TD




From: "Major Variola (ret)" <[EMAIL PROTECTED]>
To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: Re: Has this photo been de-stegoed?   (and Anonymity)
Date: Thu, 11 Dec 2003 10:26:16 -0800
At 06:22 PM 12/10/03 +0200, Anatoly Vorobey wrote:
>On Tue, Dec 09, 2003 at 04:20:20PM -0600, Declan McCullagh wrote:
>> We have anonymity in Web browsing (more or less, thanks to Lance &
>> co). It's not NSA-proof, but it's probably subpoena-proof.
>>
>> We have anonymity in email thanks to remailers (to the extent they're
>> still around).
>>
...
>
>alt.anonymous.messages has a healthy amount of traffic.
One could count some fraction of all the *.binaries.* on usenet
as anonymous communications (via stego), but then you'd have to know
how many are stego'd, and that is the game after all.
At 02:24 PM 12/8/03 -0500, Tyler Durden wrote:
>Is it possible to determine that the photo 'originally' (ie, when it
was
>sent to me) contained stegoed information, but that it was intercepted
in
>transit and the real message overwritten with noise or whatever?
Yes.  Trivially, If your correspondent told you, but that's out of
band.  Otherwise,
If there *remains* info which was not washed out "in transit", then that
would be an inband way.  Maybe all the pictures with a red flower
in them are carriers, and this content isn't washed out.  Maybe its a
more subtle crypto-watermark, independent of the stego'd message.
>Now I know pretty much nothing about this subject, but I would suppose
that
>de-stegoing a photo must like some kind of spatial spectral fingerprint
that
>should be visible after the photo is FFT'd (is there freeware software
out
>there?).
1. How do you know the signature of the unaltered carrier-medium?
E.g., have you measured the LSBit noise from my camera recently?
Under which lighting conditions?
2. Don't you think I can measure the properties of my carrier and shape
the stego'd info to match?   (This does get into an arms race over what
properties to measure.)
>Now I IMAGINE that a sophisticated interceptor could substitute
'believable'
>de-stego-ing noise so that it would look like the photo never had any
stego
>in the first place. OR...is this actually 'impossible' to do perfectly?
You don't just put your message in the LSBits or whatever.  You
compress,
encrypt, and possibly redundantly code them.  Then you shape the noise
to match the bits you're replacing.
>And then, what if the interceptor tried to put an alternate message in
there
>instead? Is there a way to tell that there was originallya different
message
>there?
Depends on the coding.

>My assumption first of all is that nothing was done to prepare the
photo
>against these possibilities.
Just make sure you did the original analog recording and destroy the
original after you stego it.  Best also if you never post unstego'd
messages
so the Adversary can't measure your raw

Re: Cryptophone delivers source

[Steve Schear]

At 05:14 AM 12/11/2003, Eugen Leitl wrote:
http://www.cryptophone.de/html/downloads_en.html
Perhaps a small point, but unless I'm mistaken they didn't offer the 
Windows client source.  I think both should have been give as compromise of 
one side is a compromise of both.

steve 

Totalitarianism & Revolution

[baudmax23]

At 01:19 PM 12/11/2003 -0500, cubic-dog <[EMAIL PROTECTED]> wrote:

On Wed, 10 Dec 2003, J.A. Terranson wrote:

> On Tue, 9 Dec 2003, Anatoly Vorobey wrote:
>
> > On Tue, Dec 09, 2003 at 12:47:27AM +0100, edo wrote:
> > > With the USA
> > > becoming the world's most totalitarian state in disguise...
> >
> > That's a pretty silly thing to say.
> > Sure you don't want to educate yourself on those other states in the
> > world?
>
> It's not silly at all: look again.  He said "becoming".
Agreed.

I recall watching the events unfold in Tienamin Square all those years
ago on TV, and I thought to myself at the time, within 20 years,
China will be the last free place on earth.
Clocks ticking, and for once, I might have actually been right.

Now that the US has no "other" to compare it self to, it is
free to lock it all down with the best totalitarian system
in history.
There are TRENDS, you see, and the TREND is toward total government
domination of all aspects of life. This is the trend, and there is
not only no signs of any reversal in the trend, it's building momentum
like crazy, down-hill train on greased rails.
You are right in noticing the one way trend here.  Funny thing is, this 
failed Amerikan political system seems to suggest that voting for the 
"other official party" will correct the imbalance.  All I can say is that 
during Clinton/Reno, civil liberties advocates were still quite busy 
fighting back totalitarian BS being inserted here and there.  Then Bush 
comes along, and ups the ante, now that They've got their brand new 
boogeyman of "terrorism" to scare all the proles.  Who could have thought 
it could have been worse than Clinton-Reno, and then we now see the horror 
of Bush-Asscroft to prove us wrong.

The Amerikan system has failed, all the so-called checks-and-balances have 
been subverted.  No band-aid reform can pretend to correct the thorough, 
systemic corruption and perversion of justice which now exists within the 
govmint of the united Slaves of Amerika.

Only total revolution (whatever that means) will fix the problem.  From a 
systemic standpoint, look at the linchpins that hold this slimy gangsterism 
in place:  THE MEDIA (principally TV), and the POWERLORDS (govt-corporate 
plutocracy).  The media, in covering up the main game plan of the 
plutocrats, would be an obvious logical target of applied pressure, by 
whatever means possible.  The so-called powerlords, could be individually 
targetted so that they are less cocky about their personal power and 
physical safety.

How  far will it have to go?  Will we just sit back passively, and watch 
our "Masters" increasingly lord over us, in our homes, in our courts, 
everywhere?  Will we just watch as they build the Beast databases of DNA, 
etc etc etc and track us like lab rats.  Will we send our children off to 
die for their empire, while those remaining "at home" are enslaved in 
meaningless, subserviant work?

Then it all comes down to figuring out who the REAL TERRORISTS are.  Who 
has the power to truly oppress, enslave, and murder you?  A sad day indeed, 
when Asscrofts and Bush's are more terrifying than Bin Ladens, et al.

We need citizen's grand juries convened under their OWN declared 
jurisdiction of We The People and the Constitution, and the immediate 
arrest and trial of those responsible for this fascist nightmare.  The 
"Potomic Trials"... like Nuremburg II...

-Max




A free people ought not only to be armed and disciplined, but they should 
have sufficient arms and ammunition to maintain a status of independence 
from any who might attempt to abuse them, which would include their own 
government.

--George Washington
-
Smash The State! mailing list home
http://groups.yahoo.com/groups/smashthestate
---

Re: Is Matel Stalinist?

[Tim May]

On Dec 11, 2003, at 1:56 AM, ken wrote:

Corporations have sales tracking software out the wazoo. If it sells, 
they buy more and sell them. Sounds like they're doing precisely what 
their owners want them to do.
Yes, but, it might be that a corporation makes more money for its 
owners by centralising and systematising and reducing the local 
autonomy of business units. It's a lot easier to manage a thousand 
identical stores than a hundred unique ones. So from "Tyler 
Durden's"'s POV there might be more responsiveness from an independent 
 store than a chain.

Though like you said, that doesn't seem to apply to books.  Might to 
food though.

I doubt it applies to food, either.

If my local grocery store runs low on "Spam," say, they will order 
more. This is why they track items with POS terminals and UPC labels 
(largely replacing the inventory people who used to be seen in the 
aisles counting items and entering them into a small computer or, 
earlier, onto an inventory log sheet).

It makes no sense to "lump" or "consolidate" all of the stores into one 
lump calculation and then issue order to "send more Spam in this amount 
to each store." Not only does it not make sense, but clearly this would 
cause pileups at _some_ stores (too much Spam) and shortages at _other_ 
stores (still not enough Spam, even with the latest "send more Spam to 
all stores" order. The fact that neither shortages nor pileups (that I 
can see) are apparent at any of the stores I visit, and that all of 
them use UPC and POS methods for _all_ sales of ordered products, is 
consistent with the reorder method described earlier.

I repeat: the "despised by anti-capitalists" Borders store has a deeper 
and broader inventory of books than the "cherished by Greens and 
locals" locall-owned bookstore. And they also use UPC and POS and 
reorder books dynamically.

(For another list I've been discussing lazy evaluation languages, like 
Miranda and Haskell, and like Scheme can be "forced" to do, and the 
similarities between demand-driven evaluation of partial results and 
the obviously demand-driven inventory practices of modern businesses is 
striking. There's an essay here for some political thinker, along the 
lines of Phil Salin's "Wealth of Kitchens" essay drawing parallels 
between free markets and object-oriented systems.)

--Tim May

Re: ALTA/DMT privacy

[James A. Donald]

--
On 10 Dec 2003 at 19:31, Tim May wrote:
> I receive several messages a month saying I need to re-verify 
> information with an E-gold account (which I never recall 
> establishing, by the way).

These are messagers from scammers.  e-gold never sends out 
email.

> E-gold was never even slightly interesting to me for reasons 
> I talked about a few years ago--the notion that a bar of gold 
> moving between shelves in someone's hotel room in Barbados or 
> Guyana or wherever is equivalent to untraceability is silly 
> Randroid idol-worship raised to the fourth power.

Every atom of gold is identical to every other atom of gold.
There is only one stable isotope.

E-gold does not provide untraceability -- but gold does. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 sxD6FejwJO/bYQH9Fbek/lB3u1uXGOqk+YI57Vuk
 4FLAcei7iIdGUWnXrQjBihOx2iKvPSrxZE2pKApjM

Dangerous Proxies to Avoid

[Nostradumbass]

If you use anonymous proxies it would be wise to save the list below and compare the 
IP's to make sure you are not surfing in shark-infested waters.

I often use tools to scan for and test 'public' proxies, and other tools to chain or 
rotate through the best. I'm sure others of us do the same.

This just underscores the need for trustworthy mixes. Single proxies (eg 
anonymizer.com) only hide IPs from web servers, not from 3rd party observers. They are 
vulnerable to black bag and legal attacks. Aparently we can safely(?) use JAP again if 
careful about cascade selection. But this is very slow, and slow discourages one from 
consistent use

As for JAP, I used it before Privatesea came up, and i'm back down to it now that 
privatesea dissapeared. By using cascades that don't end at the Dresden mix, and 
inserting a single pseudo-public SSL proxy between JAP and the first mix, you're 
pretty safe. But the performance sucks.

There are no other mix cascades or meshes that I know of. Lots of single proxies, but 
that's not safe at all. And you are often having to find and setup another when they 
get hammered down or start blocking the public.


  An updated list, current as of 5 October:


  6.*.*.* : Army Information Systems Center
  21.*.*.* : US Defense Information Systems Agency
  6.*.*.* : Army Information Systems Center
  21.*.*.* : US Defense Information Systems Agency
  22.*.*.* : Defense Information Systems Agency
  26.*.*.* : Defense Information Systems Agency
  29.*.*.* : Defense Information Systems Agency
  30.*.*.* : Defense Information Systems Agency
  49.*.*.* : Joint Tactical Command
  50.*.*.* : Joint Tactical Command
  55.*.*.* : Army National Guard Bureau
  22.*.*.* : Defense Information Systems Agency
  26.*.*.* : Defense Information Systems Agency
  29.*.*.* : Defense Information Systems Agency
  30.*.*.* : Defense Information Systems Agency
  49.*.*.* : Joint Tactical Command
  50.*.*.* : Joint Tactical Command
  55.*.*.* : Army National Guard Bureau
  62.0-30.*.* :
  64.224.*.* :
  64.225.*.* :
  64.226.*.* :
  195.10.* :
  199.121.4.* - 199.121.253.* Naval Air Systems Command, VA 
(NETBLK-NALC-P3)
  204.34.*.* - 204.34.254.0 Navy Environmental Preventive Medicine 
(NET-NEPMU6-BUMED)
  205.96-103.* :
  207.30-120.* :
  207.60-61.* : FBI Linux server used to trap scanners
  209.35.*.* :
  210.124*.* - Korean
  212.143 * Israeli government ISP -- dont try those ranges!!
  212.149.* Israeli government ISP -- dont try those ranges!!
  212.179.* Israeli government ISP -- dont try those ranges!!
  212.199 012.* Israeli government ISP -- dont try those ranges!!
  213.8.*.* Israeli government ISP -- dont try those ranges!!
  216.248.*.* VERY DANGEROUS
  216.25.* VERY DANGEROUS
  216.94.*.*
  216.25.* : VERY DANGEROUS
  216.247.* : VERY DANGEROUS
  217.6.*.* : VERY DANGEROUS
  155.7.*.* : American Forces Information (NET-AFISHQ-NET1)
  155.8.*.* : U.S. ArmyFort Gordon (NET-GORDON-NET5)
  155.9.*.* : United States Army Information Systems Command 
(NET-LWOOD-NET2)
  155.74.*.* : PEO STAMIS (NET-CEAP2)
  155.75.*.* : US Army Corps of Engineers (NET-CEAP3)
  155.76.*.* : PEO STAMIS (NET-CEAP4)
  155.77.*.* : PEO STAMIS (NET-CEAP5)
  155.78.*.* : PEO STAMIS (NET-CEAP6)
  155.79.*.* : US Army Corps of Engineers (NET-CEAP7)
  155.80.*.* : PEO STAMIS (NET-CEAP
  155.81.*.* : PEO STAMIS (NET-CEAP9)
  155.82.*.* : PEO STAMIS (NET-CEAP10)
  155.83.*.* : US Army Corps of Enginers (NET-CEAP11)
  155.84.*.* : PEO STAMIS (NET-CEAP12)
  155.85.*.* : PEO STAMIS (NET-CEAP13)
  155.86.*.* : US Army Corps of Engineers (NET-CEAP14)
  155.87.*.* : PEO STAMIS (NET-CEAP15)
  155.88.*.* : PEO STAMIS (NET-CEAP16)
  155.178.*.* : Federal Aviation Administration (NET-FAA)
  155.213.*.* : USAISC Fort Benning (NET-FTBENNNET3
  155.214.*.* : Director of Information Management (NET-CARSON-TCACC )
  155.215.*.* : USAISC-FT DRUM (NET-DRUM-TCACCIS)
  155.216.*.* : TCACCIS Project Management Office (NET-

Re: Zombie Patriots and other musings [was: Re: (No Subject)]

[Major Variola (ret)]

At 03:04 AM 12/11/03 -0500, [EMAIL PROTECTED] wrote:
>Nothing less than a guerilla war seems necessary to restore something
akin to the original constitutional balance in the U.S.  But where to
recruit these people?  My suggestion: the terminally ill.
>
>Many TI come to the table with a 'gift', the certainty of impending
death and for some the possibility of fearlessness for physical harm or
imprisonment.

Of course your idea has merit, both on a personal and govt payback
level.  But you can get more, and fitter soldiers:
Simply convince some healthy folks that an "afterlife" exists.  And that
by doing worthy acts
you do well there.  Religion is a terrorist weapon after all.


What would a palestinian bastard on a stick do?

Re: (No Subject)

[cubic-dog]

On Wed, 10 Dec 2003, J.A. Terranson wrote:

> On Tue, 9 Dec 2003, Anatoly Vorobey wrote:
> 
> > On Tue, Dec 09, 2003 at 12:47:27AM +0100, edo wrote:
> > > With the USA
> > > becoming the world's most totalitarian state in disguise... 
> > 
> > That's a pretty silly thing to say.
> > Sure you don't want to educate yourself on those other states in the
> > world?
> 
> It's not silly at all: look again.  He said "becoming".  


Agreed.

I recall watching the events unfold in Tienamin Square all those years
ago on TV, and I thought to myself at the time, within 20 years,
China will be the last free place on earth.

Clocks ticking, and for once, I might have actually been right.

Now that the US has no "other" to compare it self to, it is
free to lock it all down with the best totalitarian system
in history. 

There are TRENDS, you see, and the TREND is toward total government
domination of all aspects of life. This is the trend, and there is
not only no signs of any reversal in the trend, it's building momentum
like crazy, down-hill train on greased rails. 

Re: Has this photo been de-stegoed? (and Anonymity)

[Major Variola (ret)]

At 06:22 PM 12/10/03 +0200, Anatoly Vorobey wrote:
>On Tue, Dec 09, 2003 at 04:20:20PM -0600, Declan McCullagh wrote:
>> We have anonymity in Web browsing (more or less, thanks to Lance &
>> co). It's not NSA-proof, but it's probably subpoena-proof.
>>
>> We have anonymity in email thanks to remailers (to the extent they're

>> still around).
>>
..
>
>alt.anonymous.messages has a healthy amount of traffic.

One could count some fraction of all the *.binaries.* on usenet
as anonymous communications (via stego), but then you'd have to know
how many are stego'd, and that is the game after all.


At 02:24 PM 12/8/03 -0500, Tyler Durden wrote:
>Is it possible to determine that the photo 'originally' (ie, when it
was
>sent to me) contained stegoed information, but that it was intercepted
in
>transit and the real message overwritten with noise or whatever?

Yes.  Trivially, If your correspondent told you, but that's out of
band.  Otherwise,
If there *remains* info which was not washed out "in transit", then that

would be an inband way.  Maybe all the pictures with a red flower
in them are carriers, and this content isn't washed out.  Maybe its a
more subtle crypto-watermark, independent of the stego'd message.

>Now I know pretty much nothing about this subject, but I would suppose
that
>de-stegoing a photo must like some kind of spatial spectral fingerprint
that
>should be visible after the photo is FFT'd (is there freeware software
out
>there?).

1. How do you know the signature of the unaltered carrier-medium?
E.g., have you measured the LSBit noise from my camera recently?
Under which lighting conditions?

2. Don't you think I can measure the properties of my carrier and shape
the stego'd info to match?   (This does get into an arms race over what
properties to measure.)

>Now I IMAGINE that a sophisticated interceptor could substitute
'believable'
>de-stego-ing noise so that it would look like the photo never had any
stego
>in the first place. OR...is this actually 'impossible' to do perfectly?

You don't just put your message in the LSBits or whatever.  You
compress,
encrypt, and possibly redundantly code them.  Then you shape the noise
to match the bits you're replacing.


>And then, what if the interceptor tried to put an alternate message in
there
>instead? Is there a way to tell that there was originallya different
message
>there?

Depends on the coding.

>My assumption first of all is that nothing was done to prepare the
photo
>against these possibilities.

Just make sure you did the original analog recording and destroy the
original after you stego it.  Best also if you never post unstego'd
messages
so the Adversary can't measure your raw carrier.

A simple stego message was placed without real
>thought about whether it might be intercepted and altered.

You shouldn't stego life-critical messages without proper training in
the use of your tools.
(That training may vary with personality, see _Silk and Cyanide_.  Some
like "why",
some like "do this".)

-
"You can have democracy when you vote for the people we approve of"
King George to the Colony of Iraq

RE: Zombie Patriots and other musings [was: Re: (No Subject)]

[Trei, Peter]

From: [EMAIL PROTECTED] wrote:

> Nothing less than a guerilla war seems necessary to restore 
> something akin to the original constitutional balance in the 
> U.S.  But where to recruit these people?  My suggestion: the 
> terminally ill.  

> Many TI come to the table with a 'gift', the certainty of 
> impending death and for some the possibility of fearlessness 
> for physical harm or imprisonment.

Mr. Dumbass appears to be channeling the Earth Liberation Front:

Quotes from: http://www.stopecoviolence.com/words.htm

"If I knew I had a fatal disease, I would definitely do something 
like strap dynamite on myself and take out Grand Canyon Dam. Or 
maybe the Maxxam Building in Los Angeles after it's closed up for the
night."
  - Darryl Chernery, Northern California Earth Firster, 
CBS News Sixty Minutes, March 4, 1990 

"Are you terminally ill with a wasting disease? .Don't go out 
with a whimper; go out with a bang! Undertake an ecokamikaze 
mission."
  - Excerpt from an article that ran in the Sept. 1989 issue 
of the Earth First Journal, urging terminally ill activists to 
go on "eco-kamikaze" suicide missions 

Google on "eco-kamikaze" for more.

It's worth noting that despite over a decade of this rhetoric, 
not a single terminally ill American has done this, so far as I
am aware.

The *only* even vaguely simlar cases I'm aware of are in 
India and Sri Lanka, where young Hindu widows (who, in 
traditional Hindu society have very dim prospects for 
a happy life) are recruited as suicide bombers by the 
Tamil Tigers. I think Rajiv Ghandi's assassin was 
such a woman.

Peter Trei

Re: whitehouse.gov/robots.txt

[Major Variola (ret)]

I'd suggest "wget" for spidering sites.  It can be told to ignore
.robots files.  It is
good for mirroring sites which you suspect may be taken down.  Win/Unix
versions
available.

Re: cypherpunks discussions

[Major Variola (ret)]

At 11:24 AM 12/8/03 -0800, Tim May wrote:
>No, I think few topics on the Cypherpunks list are taken private.
>
>My reasons are two-fold: First, to get them to stop lurking and
>participate. Second, to work up the energy to compose an essay (or
>mini-essay, whatever), I need some motivation. I am not energetic about

It can also be imprudent, as in a free trip to a grand jury in a distant

land, possibly with you fronting the govt the money for the trip.

All to hear you mention the Bill of Rights, repeatedly, of course.

Neophytes are encouraged to look up Jim Bell, Declan, John Young, etc.

Re: Speaking of Reason

[Freematt357]

In a message dated 12/11/2003 10:04:04 AM Eastern Standard Time, 
[EMAIL PROTECTED] writes:

> If that is true, why can't it simply be called "capitalist?"
> 
> I suspect because actual capitalists would have some problems with it.


Sterling makes a comment betraying what Ludwig Von Mises called the 
anti-capitalist mentality when he quipped to Godwin: "Sure, we hate Exxon because 
they're huge and they're everywhere."

Sterling is a capitalist in the same way that Brin is a libertarian. I think 
what it is, both are uncomfortable with really labeling what their true 
ideology is and therefore feel some need to candy coat their statism.

Regards,  Matt Gaylor-

Re: Speaking of Reason

[ken]

R. A. Hettinga wrote:

At 4:57 PM -0800 12/9/03, Eric Murray wrote:

I pretty much agree with your views, minus the racism and misogny.
On days that the brilliant thoughtful Tim posts, I'm in awe.
When Tim the asshole posts, I'm disgusted.  Unfortunately
these days the latter Tim isn't letting the former Tim
near the keyboard very often.

Fuck you dead. Fuck all of you Bolshies dead.
Ok, bye!

Eric (just to make it crystal clear, Tim's going in my _personal_ killfile)


To quote a famous flying squirrel, that trick never works. Tried it myself
a few times over the years, and one usually misses too much of what this
list is for, as you noted yourself, above.
Truth, maybe unfortunate truth.

Of the list mails I've bothered to keep locally, Tim's are a 
larger proportion than anyone else's.


Unfortunately, if you want to read Tim, you have to read his evil twin
Skippy, too.
Living in *his* killfile, on the other hand, and if he actually uses it,
can be useful. Try it, you'll like it.

Re: Is Matel Stalinist?

[ken]

Tim May quoted Tyler Durden who wrote:

Well, I wouldn't apply the word "oppressive" across the board to the 
cultures of big companies, but the fact is that modern American 
coporate culture more often than not imitates a top-down, 'statist' 
culture that is so universal we rarely recognize it.
Well, yes. Most big corporations are in effect constitutional 
monarchies. Decisions are made by bureaucrats  with some oversight 
or direction provided by the "king" (CEO in some places, 
significant shareholders in others). When it all goes totally 
pear-shaped owners (or more likely, the banks) step in.

[...]

The difference with government is that we do not have "polycentric" 
governments. We have a single entity, a single "corporation," which 
brooks no competition, which brooks little or no "shareholder dissent."
Yes, but in practice a lot of big companies are just like that. 
Whatever the paper ownership decisions tend to be made by a few 
large corporate owners, often banks, insurance companies, pension 
funds and the like; themselves run by officers and managers who 
share interests with the managers who run the company they own. 
The situation is in some ways analogous to "it doesn't matter who 
you vote for: the government always gets in".   In most large 
corporations the chain of responsibility back to individual owners 
is so long and so flexible that there is little real control.

Small business is different of course. You make money or you go 
broke.  Very direct feedback.

Many here miss this point and focus on the superficial aspect that 
corporations typically have a hierarchy and that this hierarchy 
supposedly makes them like governments. Yes, in this respect. But the 
tens of thousands of corporations, the ability to form new partnerships, 
new companies, new corporations, and for some of these entities to 
become as large as past corporate giants, is what makes all the difference.
Emotional reactions & gut feelings about this point are one of the 
things that make people happier with one political camp or another.

The state-socialism that you Americans call "liberal"  tends to be 
supported by people who feel that their governments are more 
responsive to their needs or wants than corporations are. 
Conservatives US-style libertarians are likely to feel happier 
with corporations than government.  The "anti-globalisation" crows 
and European-style left anarchists & old-style non-Marxist 
socialists dislike both equally.

If I was cynical, or a Marxist, I'd say that it has a lot to do 
with having money. People whose wealth makes up a larger share of 
the whole than their vote does are more likely to feel happy about 
corporations than  they are about representative government.

OK, it's before noon and I've only had one cup of tea, so I'm cynical.

[...]

Corporations have sales tracking software out the wazoo. If it sells, 
they buy more and sell them. Sounds like they're doing precisely what 
their owners want them to do.
Yes, but, it might be that a corporation makes more money for its 
owners by centralising and systematising and reducing the local 
autonomy of business units. It's a lot easier to manage a thousand 
identical stores than a hundred unique ones. So from "Tyler 
Durden's"'s POV there might be more responsiveness from an 
independent  store than a chain.

Though like you said, that doesn't seem to apply to books.  Might 
to food though.

Re: (No Subject)

[J.A. Terranson]

On Tue, 9 Dec 2003, Anatoly Vorobey wrote:

> On Tue, Dec 09, 2003 at 12:47:27AM +0100, edo wrote:
> > With the USA
> > becoming the world's most totalitarian state in disguise... 
> 
> That's a pretty silly thing to say.
> Sure you don't want to educate yourself on those other states in the
> world?

It's not silly at all: look again.  He said "becoming".  And it is.  Fast.
It's *long* past time for the inhabitants here to have taken up arms and
blown holes in a *lot* of Federal heads.

Just a few hundred dead federal goons, spread over a relatively short period
(~6 months), where the attacks were obviously coordinated, made against
officers enforcing particularly rancid unconstitutional laws (say the federal
tax code), and without discoverable perpetrators, would result in an almost
instantaneous shortage of officers available to enforce such uncontitutional
laws - the survivors would simply refuse.

Long fucking overdue.

-- 
Yours, 
J.A. Terranson
[EMAIL PROTECTED]

Father, you are a great and mighty God. Help our governments to remember the
lessons of our history and to appreciate the purpose of your son Jesus. Teach
our representatives not to be so arrogant as to speak in one way, but doing
another, for surely this not the way of truth. Help us to understand that
your will is not death but life, not the darkness of hatred but the light of
friendship in Christ. In the name of Jesus we pray. Amen.

Merle Harton, Jr.

Re: Speaking of Reason

[ken]

Declan McCullagh wrote:

I don't know what "entryist" means. It might be helpful to define
your terms.
Really?

That's odd.

Taking you at your word it means someone who joins (i.e. enters) 
a political party or another organisation in order to take it over 
and change it to their own point of view.

Re: ALTA/DMT privacy [was: Re: (No Subject)]

[Tim May]

On Dec 10, 2003, at 6:20 PM, Bill Stewart wrote:

On 10 Dec 2003 at 15:19, [EMAIL PROTECTED] wrote:
> E-gold and other DGCs do not do much if any due diligence in
> checking account holder identification
Unfortunately, they also don't due much if any due diligence in
identifying themselves in messages to real or potential customers,
so it's extremely difficult to determine if I've gotten any
administrative messages that really _were_ from them
as opposed to the N fraudsters sending out mail asking you to
log in to e-g0ld.com or whatever fake page lets them steal
your egold account number and password so they can drain your balance.
A policy of PGP-signing all their messages using a key
that's published on their web pages would be a good start,
though it's still possible to trick some fraction of people
into accepting the wrong keys.  For now, my basic assumption
is that any communications I receive that purport to be from them
are a fraud, and it's frustrating that there's no good mechanism
for reporting that to e-gold.
I receive several messages a month saying I need to re-verify 
information with an E-gold account (which I never recall establishing, 
by the way).

If I ever determine that E-Gold personnel have faked an account on my 
behalf, or are complicit in any way with stealing from me, I will of 
course think that killing their children, their parents, and them is 
moral.

E-gold was never even slightly interesting to me for reasons I talked 
about a few years ago--the notion that a bar of gold moving between 
shelves in someone's hotel room in Barbados or Guyana or wherever is 
equivalent to untraceability is silly Randroid idol-worship raised to 
the fourth power.

The scandals reported--and not meaniingfully rebutted--several years 
ago confirm to me the whole thing is some Randroid fantasy built on 
sand.

--Tim May

--Tim May
"Ben Franklin warned us that those who would trade liberty for a little 
bit of temporary security deserve neither. This is the path we are now 
racing down, with American flags fluttering."-- Tim May, on events 
following 9/11/2001

Re: (No Subject)

[Pete Capelli]

This reminds me of that old saw about the fellow who falls off a 100 story
building:

"Floor 75, everythings still okay"
"Floor 50, still lookin good"
"Floor 25, situation nominal"
"Floor 5, feeling fine"

Unfortunately, there were some communication issues after he past floor 1.
We're still waiting for his final report.

Article III is the only one left in the bill of rights that is still adhered
to.  The others get dragged out every once in awhile, like an old general
who has outlived his usefulness and is now just a relic of past glory.

- Original Message - 
From: "Anatoly Vorobey" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, December 11, 2003 8:34 AM
Subject: Re: (No Subject)

> No, it's silly because he said "becoming". Had he said "is", it would've
> been criminally stupid.
>
> For example, the US has a long, long, long, long way to go before
> becoming anything remotely like North Korea, in terms of
> totalitarianism. Of course, North Korea is a radical example; there are
> many countries much more totalitarian than the US and extremely likely
> to remain so in any foreseeable future. All the Patriot Acts and
> increased surveillance and whatever else has been happening in the US
> lately is a drop in the ocean of difference between the
> US and those other countries, in that respect.
>
> --
> avva

Re: Has this photo been de-stegoed?

[Tyler Durden]

Well, that sounds reasonable on the face of it, but there's got to be a lot 
more discussion before I'm convinced.

Remember that psuedorandom or encrypted data has a certain noise spectrum. 
This noise spectrum is extremely different based on what PRBS one is 
using...PRBS 2^23-1 looks completely different from other 'noise' (and 
remember noise is a relative term).

If you spatially fft a random photo, you'll find that the image detail 
energy largely occupies certain bands. These are not the bands that stego 
uses (or so I assume...it really can't be otherwise). The stego-able 
spectrum will indeed be noise, but this noise will have a certain spectrum.

Stego, done well, will I assume try to mimic this noise, but there may be 
problems. If the message is encrypted, then merely loading that message into 
the photo will, I assume, NOT result in a noise spectrum that looks like 
real noise. So you'll need some kind of chopper or spectrum-spreader I 
guess.

If no chopper's used, however, I'm guessing that stego-ed 'noise' doesn't 
look like true photo noise. If the photo has been de-stegoed stupidly (ie, 
by writing a random message in its place), that noise won't look like photo 
noise. So it seems to me that you'd need a sophisticated agent to make the 
de-steoed photo look like it never had stego. In other words, if the FBI are 
your man-in-the-middle, then you'll be able to detect that the photo was 
de-stegoed. If the NSA is your man-in-the-middle, you might not be able to 
tell.

Any of you TLA lurkers wanna come in on a remailer and set me straight?

-TD





From: "A.Melon" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Has this photo been de-stegoed?
Date: Wed, 10 Dec 2003 13:28:31 -0800 (PST)
Tyler Durden ([EMAIL PROTECTED]) wrote on 2003-12-08:
> Is it possible to determine that the photo 'originally' (ie, when it was
> sent to me) contained stegoed information, but that it was intercepted 
in
> transit and the real message overwritten with noise or whatever?

Hardly, given the simple fact that well-encrypted content is
indistinguishable from noise.
_
Don’t worry if your Inbox will max out while you are enjoying the holidays.  
Get MSN Extra Storage!  http://join.msn.com/?PAGE=features/es

Re: Speaking of Reason

[Declan McCullagh]

On Wed, Dec 10, 2003 at 10:37:27AM -0800, James A. Donald wrote:
> Veridian green is entryist, not commie.  The watermelons would 
> perceive it as right entryist, or libertarian entryist.

I don't know what "entryist" means. It might be helpful to define
your terms.

> The standard green viewpoint is that if socialism retarded the 
> advance of technology and lowered everyone's standard of 
> living, that is actually a good thing.   The Veridian green 
> viewpoint is pro capitalist, and pro progress.

If that is true, why can't it simply be called "capitalist?"

I suspect because actual capitalists would have some problems with it.

-Declan

Re: (No Subject)

[Michael Kalus]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10-Dec-03, at 11:10 PM, J.A. Terranson wrote:

> On Tue, 9 Dec 2003, Anatoly Vorobey wrote:
>
> Just a few hundred dead federal goons, spread over a relatively short 
> period
> (~6 months), where the attacks were obviously coordinated, made against
> officers enforcing particularly rancid unconstitutional laws (say the 
> federal
> tax code), and without discoverable perpetrators, would result in an 
> almost
> instantaneous shortage of officers available to enforce such 
> uncontitutional
> laws - the survivors would simply refuse.
>
> Long fucking overdue.
>

Of course the little thing you are overlooking is that if this would 
happen the Spinmeisters would manage to turn it into another terrorist 
treat (which in a strict sense it is) and yank even more civil rights.

And knowing the majority of people: they just happily go along.

Or differently: This would backfire Badly.


- -- 
Michael

On the internet, no one can see the meds you take.

-BEGIN PGP SIGNATURE-
Version: PGP 8.0.3

iQA/AwUBP9f1N2lCnxcrW2uuEQIhdgCffEQLxYuHw5uUsUNWOiGcbksx/1EAoInz
XvbIEIQ6YfSU34g/xsRT+OnU
=wON0
-END PGP SIGNATURE-

Re: ALTA/DMT privacy [was: Re: (No Subject)]

[James A. Donald]

--
From: Bill Stewart <[EMAIL PROTECTED]>
> For now, my basic assumption is that any communications I
> receive that purport to be from them are a fraud, and it's
> frustrating that there's no good mechanism for reporting that
> to e-gold.

e-gold advises that any communications you receive that purport
to be from e-gold *are* fraud.

All ethical businesses in the e-gold economy advise that they
will *never* send email except in direct response to a user
action.


--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 utxfwVH+WjHFMzwvPoUKgYhjj1jzD93VN85zg63G
 4ADCPEMq8/RiyMmoP6fKrwG57q467HW4khlY/GNjQ

Re: alt.anonymous.messages

[Eugen Leitl]

On Wed, Dec 10, 2003 at 08:39:29PM -0500, [EMAIL PROTECTED] wrote:
> Use your laptop and random open Wi-Fi hotspots (esp. a consumer's)
> for such sensitive communication.

Make sure you set your WiFi NIC MAC to something random before, and that your
MUA is not leaking bits into the headers.

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net

[demime 0.97c removed an attachment of type application/pgp-signature]

Re: Is Matel Stalinist?

[Tyler Durden]

Ken wrote...

"Tyler Durden's"

GET them damn quote marks offa my name, or I'm comin' over there to stomp 
your pasty-white British ass!

Ahem.

As for Tim May's replies to my original post, he seems to have 
misenterpreted most of the basic gist of it. My basic point was that 
corporate culture (as you say) basically imitates a monarchy (or other very 
'statist' structures) and as a result often prevents them from utilizing 
their resources properly.

It would be nice to think of Borders as a counter-example, and I'd LIKE to 
believe that utilizing their talent-on-the-floor has helped them do so well 
here in the US. (Though these mega-Barnes-and-Nobles may have dented their 
numbers in the last few years...)

-TD


From: ken <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Is Matel Stalinist?
Date: Thu, 11 Dec 2003 09:56:31 +
Tim May quoted Tyler Durden who wrote:

Well, I wouldn't apply the word "oppressive" across the board to the 
cultures of big companies, but the fact is that modern American coporate 
culture more often than not imitates a top-down, 'statist' culture that 
is so universal we rarely recognize it.
Well, yes. Most big corporations are in effect constitutional monarchies. 
Decisions are made by bureaucrats  with some oversight or direction 
provided by the "king" (CEO in some places, significant shareholders in 
others). When it all goes totally pear-shaped owners (or more likely, the 
banks) step in.

[...]

The difference with government is that we do not have "polycentric" 
governments. We have a single entity, a single "corporation," which brooks 
no competition, which brooks little or no "shareholder dissent."
Yes, but in practice a lot of big companies are just like that. Whatever 
the paper ownership decisions tend to be made by a few large corporate 
owners, often banks, insurance companies, pension funds and the like; 
themselves run by officers and managers who share interests with the 
managers who run the company they own. The situation is in some ways 
analogous to "it doesn't matter who you vote for: the government always 
gets in".   In most large corporations the chain of responsibility back to 
individual owners is so long and so flexible that there is little real 
control.

Small business is different of course. You make money or you go broke.  
Very direct feedback.

Many here miss this point and focus on the superficial aspect that 
corporations typically have a hierarchy and that this hierarchy supposedly 
makes them like governments. Yes, in this respect. But the tens of 
thousands of corporations, the ability to form new partnerships, new 
companies, new corporations, and for some of these entities to become as 
large as past corporate giants, is what makes all the difference.
Emotional reactions & gut feelings about this point are one of the things 
that make people happier with one political camp or another.

The state-socialism that you Americans call "liberal"  tends to be 
supported by people who feel that their governments are more responsive to 
their needs or wants than corporations are. Conservatives US-style 
libertarians are likely to feel happier with corporations than government.  
The "anti-globalisation" crows and European-style left anarchists & 
old-style non-Marxist socialists dislike both equally.

If I was cynical, or a Marxist, I'd say that it has a lot to do with having 
money. People whose wealth makes up a larger share of the whole than their 
vote does are more likely to feel happy about corporations than  they are 
about representative government.

OK, it's before noon and I've only had one cup of tea, so I'm cynical.

[...]

Corporations have sales tracking software out the wazoo. If it sells, they 
buy more and sell them. Sounds like they're doing precisely what their 
owners want them to do.
Yes, but, it might be that a corporation makes more money for its owners by 
centralising and systematising and reducing the local autonomy of business 
units. It's a lot easier to manage a thousand identical stores than a 
hundred unique ones. So from "Tyler Durden's"'s POV there might be more 
responsiveness from an independent  store than a chain.

Though like you said, that doesn't seem to apply to books.  Might to food 
though.
_
Winterize your home with tips from MSN House & Home. 
http://special.msn.com/home/warmhome.armx

Re: Has this photo been de-stegoed?

[Morlock Elloi]

> If you spatially fft a random photo, you'll find that the image detail 
> energy largely occupies certain bands. These are not the bands that stego 
> uses (or so I assume...it really can't be otherwise). The stego-able 
> spectrum will indeed be noise, but this noise will have a certain spectrum.

There is an obvious solution here ... you don't modulate into the noise band.
You modulate the base bits. The image visibly changes but only possession of
the original can prove that. Of course, it would have to be pictures of sand,
grass, water, crowd from above.



=
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:

__
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/

Re: ALTA/DMT privacy [was: Re: (No Subject)]

[Bill Stewart]

On 10 Dec 2003 at 15:19, [EMAIL PROTECTED] wrote:
> E-gold and other DGCs do not do much if any due diligence in
> checking account holder identification
Unfortunately, they also don't due much if any due diligence in
identifying themselves in messages to real or potential customers,
so it's extremely difficult to determine if I've gotten any
administrative messages that really _were_ from them
as opposed to the N fraudsters sending out mail asking you to
log in to e-g0ld.com or whatever fake page lets them steal
your egold account number and password so they can drain your balance.
A policy of PGP-signing all their messages using a key
that's published on their web pages would be a good start,
though it's still possible to trick some fraction of people
into accepting the wrong keys.  For now, my basic assumption
is that any communications I receive that purport to be from them
are a fraud, and it's frustrating that there's no good mechanism
for reporting that to e-gold.
At 07:08 PM 12/10/2003 -0500, [EMAIL PROTECTED] wrote:
 Original Message 
From: "James A. Donald" <[EMAIL PROTECTED]>
Date: Wed, 10 Dec 2003 14:13:59 -0800
> On 10 Dec 2003 at 15:19, [EMAIL PROTECTED] wrote: ...
> > ALTA/DMT does have a certain degree of un-linkability in that
> > once accounts are deleted all db references in the system to
> > that account are also deleted from all ALTA/DMT dbs.
>
> Trust us.  Would we lie to you?
This info was obtained from discussions with the developers,
experiments with the system and examination of the code.
You can't tell if the code you're examining is the real code,
or whether it will continue to be the real code in the future.
You can't tell if the system is making backups of its databases.

You can't tell if the experiments you're making with their system
are really detecting that there's no information stored,
or merely that it's not telling _you_ where they stored it.
You can't tell if they're stashing session keys somewhere
for the Echelon folks to correlate with their wiretap data.
You can't distinguish whether any system is sufficiently advanced or
merely a rigged demo, nor can you tell which one this system is.
You can't tell from discussions with the developers whether they're
lying to you, at least unless they're bad at it.
You can't tell from experiments with the system that
did in fact pay you the money that they should have
whether they'll always do so in the future.
You can't tell from extremely detailed experiments where
they give you the root passwords to all their machines
and let you watch the bits go in and out whether
all future transactions will be handled the same way
or whether they're just stringing you along until there's
enough real money in the system or enough money from real suspects
that the owners or various monkeys on their back want to
rip off or rat out.
You're back to trusting them.  I don't know them,
so I don't know if they're trustable, but there are people
in this business who are, as well as others who aren't.
You can tell whether you've given them any real information,
and if the system doesn't collect it, it can't rat you out.
But otherwise, it's basically trust.

Re: ALTA/DMT privacy [was: Re: (No Subject)]

[Nostradumbass]

 Original Message 
From: "James A. Donald" <[EMAIL PROTECTED]>
Apparently from: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: ALTA/DMT privacy [was: Re: (No Subject)]
Date: Wed, 10 Dec 2003 14:13:59 -0800

> --
> On 10 Dec 2003 at 15:19, [EMAIL PROTECTED] wrote:
> > If you
> > fund you accounts using money orders, you may be safe
> > (depending on whether you've employed others to purchase the
> > money orders or your physical identity is being captured at
> > the money order agent during the transaction).
> 
> Some people offer a cash to e-gold service.

Though this is mostly discovered through direct communications, for obvious reasons.
> 
> Deposit a bundle of notes in their account, they will sell you
> e-gold.   You use the low order bits of the amount as an ID.

Others have used the serial number of one of the bills submitted (e.g., the one 
highlighted with a yellow marker).

> 
> > ALTA/DMT does have a certain degree of un-linkability in that
> > once accounts are deleted all db references in the system to
> > that account are also deleted from all ALTA/DMT dbs.
> 
> Trust us.  Would we lie to you? 

This info was obtained from discussions with the developers, experiments with the 
system and examination of the code.

Re: Speaking of Reason

[Harmon Seaver]

On Thu, Dec 11, 2003 at 03:31:22PM +, ken wrote:
> Declan McCullagh wrote:
> 
> >I don't know what "entryist" means. It might be helpful to define
> >your terms.
> 
> Really?
> 
> That's odd.
> 
> Taking you at your word it means someone who joins (i.e. enters) 
> a political party or another organisation in order to take it over 
> and change it to their own point of view.

   Usually secretly, and usually more than one person. It's a practice carried
out by both right and left. 


-- 
Harmon Seaver   
CyberShamanix
http://www.cybershamanix.com

Re: alt.anonymous.messages

[Nostradumbass]

From: "James A. Donald" <[EMAIL PROTECTED]>
> 
> You do not need to use remailers to take advantage of
> alt.anonymous.messages.  If someone posts directly to
> alt.anonymous. messages, still the adversary cannot tell who he
> is posting to.  (Assuming his recipient sets his newsagent to
> always download all new messages) 

Or access Usenet via a satellite feed.

Re: alt.anonymous.messages

[Nostradumbass]

 Original Message 
From: Anatoly Vorobey <[EMAIL PROTECTED]>
> > You do not need to use remailers to take advantage of
> > alt.anonymous.messages.  If someone posts directly to
> > alt.anonymous. messages, still the adversary cannot tell who he
> > is posting to.  (Assuming his recipient sets his newsagent to
> > always download all new messages) 
> 
> Oh, that's true of course; but the adversary would be able to know
> that you posted something (given that he's monitoring your traffic). 
> That's already something, and frequently more than you'd want to
> give away. 

Use your laptop and random open Wi-Fi hotspots (esp. a consumer's) for such sensitive 
communication.

Re: ALTA/DMT privacy [was: Re: (No Subject)]

[Nostradumbass]

 Original Message 
From: Bill Stewart <[EMAIL PROTECTED]>
> On 10 Dec 2003 at 15:19, [EMAIL PROTECTED] wrote:
>  > E-gold and other DGCs do not do much if any due diligence in
>  > checking account holder identification
> 
> Unfortunately, they also don't due much if any due diligence in
> identifying themselves in messages to real or potential customers,
> so it's extremely difficult to determine if I've gotten any
> administrative messages that really _were_ from them
> as opposed to the N fraudsters sending out mail asking you to
- > log in to e-g0ld.com or whatever fake page lets them steal
> your egold account number and password so they can drain your balance.

Actually they do.  Sort of at http://www.e-gold.com/unsecure/alert.html
- Never click hypertext links in HTML formatted e-mail to access your account. 
- Confirm that you are on the e-gold website before entering your e-gold passphrase 
into either a logon form or a payment authorization form (see note below about e-gold 
shopping cart interface): 
- Verify the address/location/URL starts with: https://www.e-gold.com/ 
- Verify that the site certificate is issued by VeriSign to www.e-gold.com 

> 
> A policy of PGP-signing all their messages using a key
> that's published on their web pages would be a good start,
> though it's still possible to trick some fraction of people
> into accepting the wrong keys.  

Too few customers would know what to do with such a key.

>For now, my basic assumption
> is that any communications I receive that purport to be from them
> are a fraud, and it's frustrating that there's no good mechanism
> for reporting that to e-gold.

They know about most of the fraudulent emails circulating. They don't want to hear 
about them from customers because it would exhaust what customer service resources 
they have.  

I have never received an email from e-gold following my account creation confirmation 
and I beleive its their policy not to send emails for just this reason.

Re: Has this photo been de-stegoed?

[Bill Stewart]

At 07:12 PM 12/10/2003 -0500, Tyler Durden wrote:
If you spatially fft a random photo, you'll find that the image detail 
energy largely occupies certain bands. These are not the bands that stego 
uses (or so I assume...it really can't be otherwise). The stego-able 
spectrum will indeed be noise, but this noise will have a certain spectrum.

Stego, done well, will I assume try to mimic this noise, but there may be 
problems. If the message is encrypted, then merely loading that message 
into the photo will, I assume, NOT result in a noise spectrum that looks 
like real noise. So you'll need some kind of chopper or spectrum-spreader 
I guess.
If you're asking whether something has added stego rather than
original picture noise, and how to detect it, that's one thing.
But if you're asking whether something used to have added stego,
and that stego has now been removed, and how to detect _that_
that's a much harder question.
- There was an original.
- Then there was an original with stegobits added.
- Then there was an original with something different done to the previous 
stego image.

The MITM isn't going to be able to restore the original bits,
but they could replace the stego bits with various kinds of noise,
or with different stego bits using the same stego system,
or using a different stego system, but how can you tell?
If they've replaced the message with a different message
using the same stego system, and the system gives you a method for
determining who a message is from and who it's to,
then maybe you can tell whether the new message is for you or not
and whether it's from whoever you expected it to be from or not, if you knew.
If they've used a different stego system, or if you're using a
stego system that's very good, you're back to the question of
determining whether the message you received was a message
that has somebody else's stego in it.

Re: alt.anonymous.messages

[Anatoly Vorobey]

On Wed, Dec 10, 2003 at 02:07:33PM -0800, James A. Donald wrote:
> --
> On 10 Dec 2003 at 18:22, Anatoly Vorobey wrote:
> > alt.anonymous.messages has a healthy amount of traffic.
> > Google Groups says they have a bit more than 200 messages in
> > it on December 9, for example. I assume nearly all of it is
> > from remailers posting to Usenet (or remailers sending mail
> > to mail2news gateways), otherwise there's little point of
> > using it.
> 
> You do not need to use remailers to take advantage of
> alt.anonymous.messages.  If someone posts directly to
> alt.anonymous. messages, still the adversary cannot tell who he
> is posting to.  (Assuming his recipient sets his newsagent to
> always download all new messages) 

Oh, that's true of course; but the adversary would be able to know
that you posted something (given that he's monitoring your traffic). 
That's already something, and frequently more than you'd want to
give away. 

I did inspect a few random messages and they all came from remailers.

--
avva

Re: ALTA/DMT privacy [was: Re: (No Subject)]

[Freematt357]

In a message dated 12/10/2003 10:34:22 PM Eastern Standard Time, 
[EMAIL PROTECTED] writes:

> I receive several messages a month saying I need to re-verify 
> information with an E-gold account (which I never recall establishing, 
> by the way).
> 
> If I ever determine that E-Gold personnel have faked an account on my 
> behalf,

You're a moron Tim. Everybody here probably gets the scammers messages, I get 
e-gold and paypal cons on regular basis-  E-gold never advertised itself as 
anything other than what it is, a bailee. What e-gold is really good is for is 
micropayments and I have personally found it good for making payments 
internationally.

I know the principals involved, and I've personally viewed one of their 
vaults and the gold, etc. is really there.

Regards,  Matt-

Cryptophone delivers source

[Eugen Leitl]

http://www.cryptophone.de/html/downloads_en.html

-- Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net

[demime 0.97c removed an attachment of type application/pgp-signature]

Re: (No Subject)

[Anatoly Vorobey]

On Wed, Dec 10, 2003 at 10:10:03PM -0600, J.A. Terranson wrote:
> > > With the USA
> > > becoming the world's most totalitarian state in disguise... 
> > 
> > That's a pretty silly thing to say.
> > Sure you don't want to educate yourself on those other states in the
> > world?
> 
> It's not silly at all: look again.  He said "becoming".  And it is.  Fast.

No, it's silly because he said "becoming". Had he said "is", it would've 
been criminally stupid.

For example, the US has a long, long, long, long way to go before 
becoming anything remotely like North Korea, in terms of 
totalitarianism. Of course, North Korea is a radical example; there are
many countries much more totalitarian than the US and extremely likely
to remain so in any foreseeable future. All the Patriot Acts and 
increased surveillance and whatever else has been happening in the US
lately is a drop in the ocean of difference between the 
US and those other countries, in that respect.

--
avva

Zombie Patriots and other musings [was: Re: (No Subject)]

[Nostradumbass]

From: "J.A. Terranson" <[EMAIL PROTECTED]>
> On Tue, 9 Dec 2003, Anatoly Vorobey wrote:
> 
> > On Tue, Dec 09, 2003 at 12:47:27AM +0100, edo wrote:
> > > With the USA
> > > becoming the world's most totalitarian state in disguise... 
> > 
> > That's a pretty silly thing to say.
> > Sure you don't want to educate yourself on those other states in the
> > world?
> 
> It's not silly at all: look again.  He said "becoming".  And it is.  Fast.
> It's *long* past time for the inhabitants here to have taken up arms and
> blown holes in a *lot* of Federal heads.
> 
> Just a few hundred dead federal goons, spread over a relatively short period
> (~6 months), where the attacks were obviously coordinated, made against
> officers enforcing particularly rancid unconstitutional laws (say the federal
> tax code), and without discoverable perpetrators, would result in an almost
> instantaneous shortage of officers available to enforce such uncontitutional
> laws - the survivors would simply refuse.
> 
> Long fucking overdue.

At first it seems that there isn't much one person or even a few can do 
about this, but I'm no longer so sure.  The politics and power of government is, in 
the end, always dispensed from the end of a gun.  For this reason very few citizens 
even consider contending with the government for political purposes until they fell 
there is little choice.


Nothing less than a guerilla war seems necessary to restore something akin to the 
original constitutional balance in the U.S.  But where to recruit these people?  My 
suggestion: the terminally ill.  

Many TI come to the table with a 'gift', the certainty of impending death and for some 
the possibility of fearlessness for physical harm or imprisonment. While the majority 
of the TI will not see any reason to buck the system in their final days (ideological 
disagreement, fear for the effect on their families, lack the health, resources, 
skills or mentality for such a ' final adventure ') I did some back of the envelope 
calculations that show that more than 100 people die in the U.S. every day who could 
fill the bill.

I've coined the term Zombie Patriots to signify the TI who volunteer to give their 
last full measure to the American Restoration.  Operating alone or in small groups 
they could form the backbone of an American Civil Liberties Army.

ZPs need an education in how to create a personal plan of action and acquire the 
needed skills and resources (Paladin Press where are you when we need you).  A 
Domestic American Patriot Family Fund may also be desired.

Two interesting communication privacy tools

[Nostradumbass]

1. Invisiblog http://invisiblog.com/ lets you publish a weblog using GPG and the 
Mixmaster anonymous remailer network. You don't ever have to reveal your identity - 
not even to us. You don't have to trust us, because we'll never know who you are. 

2. File-Exchange https://www.meshmx.com/fe/ allows you to exchanging files with other 
people without giving away your identity or harming your privacy.
Furthermore it is so simple that you need nothing else but a web browser. No need for 
special software, hardware, resources etc. 

How to use it? 
You simply upload a file through the front end and get back an "access-key". This key 
can be send to any other person
by email, instant-messaging or IIP. Anyone who has that key can download the file 
again by entering the key into the front end
By default the file will render unaccessible one hour after it had been uploaded.