Re: Idea: Simplified TEMPEST-shielded unit (speculative proposal)
On Dec 14, 2003, at 8:33 PM, Thomas Shaddack wrote: TEMPEST shielding is fairly esoteric (at least for non-EM-specialists) field. But potentially could be made easier by simplifying the problem. If we won't want to shield the user interface (eg. we want just a cryptographic processor), we may put the device into a solid metal case without holes, battery-powered, with the seams in the case covered with eg. adhesive copper tape. The input and output can be mediated by fibers, whose ports can be the only holes, fraction of millimeter in diameter, carefully shielded, in the otherwise seamless well-grounded box. There are potential cooling problems, as there are no ventilation holes in the enclosure; this can be alleviated by using one side of the box as a large passive cooler, eventually with an externally mounted fan with separate power supply. If magnetic shielding is required as well, the box could be made of permalloy or other material with similar magnetic properties. I am not sure how to shield a display. Maybe taking an LCD, bolting it on the shielded box, and cover it with a fine wire mesh and possibly metalized glass? Using LCD with high response time of the individual pixels also dramatically reduces the value of eventual optical emissions. I worked inside a Faraday cage in a physic lab for several months. And, later, I did experiments in and around Faraday cages. Shielding is fairly easy to measure. (Using portable radios and televisions, or even using the Software-Defined Radio as a low-cost spectrum analyzer.) My advice? Skip all of the nonsense about building special laptops or computers and special displays with mesh grids over the displays. Those who are _casually_ interested will not replace their existing Mac Powerbooks or Dell laptops with this metal box monster. Instead, devise a metal mesh bag that one climbs into to use whichever laptop is of interest. To reduce costs, most of the bag can be metallized fabric that is not mesh, with only part of it being mesh, for breathability. (Perhaps the head region, to minimize claustrophobia and to allow audio and visual communication with others nearby.) I would imagine a durable-enough metallized fabric bag could be constructed for under a few hundred dollars, which is surely cheaper for most to use than designing a custom laptop or desktop. Or consider heads-up LCD glasses. These have been available for PCs and gamers for a few years (longer in more experimental forms, of course, dating back to the VR days of the late 80s). Sony has had a couple of models, and so have others. Some have video resolutions (PAL, NTSC), some have VGA resolutions. Perfectly adequate for displaying crypto results and requesting input. These very probably radiate little. But of course a lightweight hood, a la the above mesh bag, would drop the emissions by some other goodly amount of dB. Experiments necessary, of course. Interface to a laptop or PC could be as you described it, with shielded cables. Or just use a small PC (Poqet, etc.) and move the keyboard and CPU under the draped hood. Leakage out the bottom, hence the earlier proposal for a full bag, like a sleeping bag. --Tim May
Idea: Simplified TEMPEST-shielded unit (speculative proposal)
TEMPEST shielding is fairly esoteric (at least for non-EM-specialists) field. But potentially could be made easier by simplifying the problem. If we won't want to shield the user interface (eg. we want just a cryptographic processor), we may put the device into a solid metal case without holes, battery-powered, with the seams in the case covered with eg. adhesive copper tape. The input and output can be mediated by fibers, whose ports can be the only holes, fraction of millimeter in diameter, carefully shielded, in the otherwise seamless well-grounded box. There are potential cooling problems, as there are no ventilation holes in the enclosure; this can be alleviated by using one side of the box as a large passive cooler, eventually with an externally mounted fan with separate power supply. If magnetic shielding is required as well, the box could be made of permalloy or other material with similar magnetic properties. I am not sure how to shield a display. Maybe taking an LCD, bolting it on the shielded box, and cover it with a fine wire mesh and possibly metalized glass? Using LCD with high response time of the individual pixels also dramatically reduces the value of eventual optical emissions. I also have doubts about the keyboard. Several ideas that could help: We may use optical scanning of the key matrix, with the light fed into and read from the matrix by optical fibers, coming out from a well-shielded enclosure, similar to the I/O lines of the first example. We may use a normal keyboard, but modified to use reliably random scanning pattern; that won't reduce the EM emissions of the keyboard, but effectively encrypts them, dramatically reducing their intelligence value. It's then necessary to take precautions about the data cable between the keyboard itself and the computer, where the data go through in plaintext; it's possible to encrypt it, or to use a fiber. As really good shielding of complicated cases is difficult to achieve, the primary objective of this approach is to put everything into simple metallic boxes with as few and as small ports as possible, which should be comparatively easy to manufacture, replacing the special contacting of removable panels with disposable adhesive copper tape (the only reason to go inside is replacing batteries, and the tape together with other measures may serve as tamperproofing), and replacement of all potentially radiating external data connections with fiber optic. I should disclaim I have nothing that could vaguely resemble any deeper knowledge of high frequencies; therefore I lay out the idea here and wonder if anyone can see holes in it (and where they are).
Re: cpunk-like meeting report
http://lists.cryptnet.net/mailman/listinfo/cpunx-news Be sure and check the archive before posting. It is still small. Cookies, members only archive access. Bad deal. Will not happen. Very few consumers here. = end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/
Re: Don't worry...it's just one of Saddam's doubles
On Sun, 14 Dec 2003, Tim May wrote: How boring. The DNA confirmation was reported on all of the puppet news organizations here. It made it to the evening news. Which I missed (my info was from the news at noon), and caught only this morning in the evening news rerun. The Germans and Eastern Europeans, being mostly opposed to the war, probably just buried the confirmation. They just delayed it. Most likely timezone stuff. Local news take their material from the standard newsfeeds; though it's fun to watch who includes what details and how the spin differs by station. (Does anybody here know if it's possible to receive the raw APTN and Reuters satellite newsfeeds, and how?) The Czech Republic supported the war, Local political scene was much less than homogenous in this issue. The quarrels around it were quite amusing to watch (though it all boiled down into if it will be better to kiss American ass or the European one, or, better, if there isn't a way how to kiss both of them at once). and sent troops, and now that Saddam has been captured, both of them will be returning home, with medals. You don't know local administration. The troops can consider themselves lucky if they get official thank you.
Re: Compromised Remailers
On Sun, 14 Dec 2003, Tim May wrote: I haven't carefully looked at the current source code (if it's available) for things like Type II Mixmaster remailers, things which offer reply-blocks. Yes, it is available. You can download it via ftp from mixmaster.anonymizer.com, or view the SVN tree at https://source.mixmaster.anonymizer.com/ (We believe that keeping the source tree and commit list open is important, as it should help prevent a situation like that which happened to JAP not too long ago. Changes to the code should all be made in public.) Also it's important to note that Type II does not support reply blocks, while Type I remailers do. (Perhaps the first cut of Cypherpunk remailers, i.e. those running Hal's scripts did not, but the Cypherpunk nym servers that use reply blocks are built on top of Type I.) Certainly for the canonical Cypherpunks remailer, the store-and-forward-after-mixing remailer, the fact that the nested encryption is GENERATED BY THE ORIGINATOR means that interception is useless to a TLA. The most a TLA can do is to a) not forward as planned, resulting in a dropped message, or b) see where a particular collection of random-looking (because of encryption) bits came from and where they are intended to next go. For most TLS adversaries that may be correct. However, there are a number of subtle attacks on Chaum systems that Type I is susceptible to -- tagging and timing attacks in particular, as well as replay attacks, and various other attacks which all strive to narrow the anonymity set. In particular, a TLA or interceptor or corrupted or threatened remailer operator CANNOT insert new text or new delivery instructions into packets received by his node BECAUSE HE CANNOT OPEN ANY PAYLOAD ENCRYPTED TO THE NEXT NODE. Anything he adds to the payload bits (which he can see of course, though not decrypt or make sense of) will of course make the next node see only garbage when he tries to decrypt the payload. Ideally. There are ways to flip bits in PGP encrypted messages which will not result in a failed decryption, however. (The property you describe is essential for protecting against tagging attacks. Type II does better than PGP-based systems, but is still not as good at this as Type III. The Mixminion design paper covers these concerns in detail: http://mixminion.net/minion-design.pdf This process continues, in a recursive fashion. Now of course there are some boundary conditions. If every remailer is compromised, then complete visibility is ensured. The sender and receiver are in a fishbowl, a panopticon, with everything visible to the TLA or attackers. And if even a fraction of the remailers are compromised, then with collusion they can map inputs to outputs, in many cases. (How many they can and how many they can't are issues of statistics and suchlike.) Right. The claim that there only needs to be one trustworthy remailer in a chain fails to recognize the power of statistical analysis of a network's traffic. Certainly, having k number of remailers in a network under your control makes such analysis easier. Another boundary condition is when a remailer network is lightly used, or when correlations between sent messages, received messages, and actions take place. A signal recovery problem, perhaps akin to some military sorts of problems. Yes. And as you look at this problem more closely (as I have been doing ever since our conversation about this problem at the Cypherpunks meeting in Santa Cruz a while back), the solutions become more elusive. The big problems arise when the adversary has the ability to observe messages in the network over time. Partitioning attacks and long-term intersection attacks likely mean that the original Cypherpunk remailer system is transparent to any entity which is able to view the traffic on the entire network. (The attacks are passive, though they can be optimized with some active interference.) Big weak spots: client version information, statistics distribution, and key rotation. In a system like Type I which relies on an external program for the layered crypto, information about the user's software distinguishes him from other users. Likewise, a user's choice of remailer nodes in a selected chain may vary based on which pinger service he is using, and whether he has updated his remailer keys after the remailer has gone through a key rotation also gives away valuable information. These and other distinguishing factors allow an attacker to partition the main anonymity set into smaller sets. Over time, the attacker may be able to plot the intersection of these sets such that he is able to identify a given user based on his usage patterns and the information he is leaking. Type III goes a long way to address many of these, but still falls short of perfect. The particularly troubling issue at the moment is how to distribute information about the reliability (as well as key information) of remailers in the network
Wardial for Bush! 1-800-531-6789 -- call AGAIN AND AGAIN!
From: Wardialers For Bush [EMAIL PROTECTED] Subject: [Wardialers for Bush] Set a record! Call 1-800-531-6789 AS OFTEN AS YOU CAN! Resident George W. Bush wants your support! Even though every nuisance call to this phone number costs him money, he wants you to call NOW, AGAIN AND AGAIN! 1-800-531-6789 If you don't get through, call again! 1-800-531-6789 Keep calling. Say you were told to call by Ken Mehlman! Ask for your free prize! 1-800-531-6789 1-800-531-6789 1-800-531-6789 1-800-531-6789 1-800-531-6789
Re: cpunk-like meeting report
On Mon, Dec 15, 2003 at 08:52:52AM -0500, V Alex Brennen wrote: Archive it your selfs you fucking wankers. Damn. Since when That was I was going to do before you volunteered to host the lists. Thanks for letting me know that the offer has been withdrawn. I guess I don't need another illustration as to why free is too expensive. can cypherpunks not even handle setting up a public mailing list archive? If that's beyond you, you probably don't If you think debugging SuSE + Postfix + Mailman (Failure to exec script. WANTED gid 65534, GOT gid 8. -- none of the standard fixes work) is high on my priority list, you're on crack. belong on the cypherpunks list. What do you need a government assistance program? Some public service announcements? A welfare sponsored skills training program? Here's the hand out you're looking for: http://www.mail-archive.com/faq.html#newlist A redundant archive is a good idea. Thanks. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 0.97c removed an attachment of type application/pgp-signature]
Re: cpunk-like meeting report
On Sun, Dec 14, 2003 at 06:36:12PM -0800, Tim May wrote: No, we don't need a cpunx-news list. This is what Google and the ability to see hundreds of various lists and sites is for. This is a bogus statement. As long as I can't use a single keyword to make Google's news alerts topical, and _full text_ a search engine is rather useless. News lists tend strongly to be just dumping grounds for crap from other lists. The point is that you don't have to subscribe to 20-odd email lists, which have about 5% relevance each. Life's too short for that. People are the best filters, and with a handful of sustained contributors the list becomes a valuable resource. I failed the entrance exam for Interesting People, which is fine, for obvious reasons. Case in point: most of IP list traffic is garbage from a cypherpunk point of view. Let one list subscriber read it, and filter relevant bits to the newsticker. If it's a steaming pile of crap for Tim May it doesn't mean it's useless for everybody else. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 0.97c removed an attachment of type application/pgp-signature]
Re: U.S. in violation of Geneva convention?
On Mon, 15 Dec 2003, Anonymous wrote: The U.S. official's way of behaving like Texas rednecks are embarrassing. Not only are they cheering we got him like a child who can not withhold his enthusiasm. Displaying Saddam the way they did are also possibly a clear violation of the Geneva convention as far as I can tell. The Geneva conventions require, among other things, that soldiers wear uniforms. Maybe it was just the movies, but I do believe that in the first and second world wars combatants dressed in civilian clothes were routinely shot. -- Jim Dixon [EMAIL PROTECTED] tel +44 117 982 0786 mobile +44 797 373 7881 http://xlattice.sourceforge.net p2p communications infrastructure
Re: Idea: Simplified TEMPEST-shielded unit (speculative proposal)
There's a good possibility that Saddam was traced by Tempest sensing, airborne or mundane. The technology is far more sensitive than a decade ago. And with a lot of snooping technology kept obscure by tales of HUMINT, finks, lost laptops and black bag jobs. For less sensitive compromising emanations, BETA, among others, makes portable Tempest units, desktop and room-sized, the devices export-restricted as if munitions. There's a patent on a booth-like Tempest device into which the user climbs, with protection provided for connections, but whether it was ever built is unknown. A slew of firms make Tempest products which can be examined for what shielding works sufficiently well to be placed on NSA's more or less trustworthy Tempest products list: Beyond commercial-grade, NSA is reportedly able to read faint emanations from all known Tempest protection, thanks in part to reviewing products and international sharing among spooks. Those leaked from fiber are now a piece of cake, and not by tapping the glass a la the RU submarine cable escapade and the derring-do of USS Jimmy Carter custom-rigged to hack transoceanic fiber. Tempest snooping at the atomic level is feasible, thanks to physicists who walk among the electrons with supercomputers. As ever, what you don't know is what kills you, and if you are not currently doing research or working on NDA stuff, you're toast. Protecting against the known is what keeps the orchestrated leak industry thriving. Be sure to submit bright inventions to the authorities to get contracts for funding dark ones that work against the grain, then you'll get really swell contracts or offed. Ex-NSA staff are rolling in clover selling commercialized versions of security technology that NSA freely accesses. Reminds of the Brits selling to gullible govs impregnable Enigma machines after WW2.
U.S. in violation of Geneva convention?
The U.S. official's way of behaving like Texas rednecks are embarrassing. Not only are they cheering we got him like a child who can not withhold his enthusiasm. Displaying Saddam the way they did are also possibly a clear violation of the Geneva convention as far as I can tell. What was that quote by Nietsche again? One person who actually did behave in a respectable manner was the President. No lame we got him or cowboy hats there. At least not this time.
Re: U.S. in violation of Geneva convention?
On Mon, 15 Dec 2003, Bill Stewart wrote: The Geneva conventions require, among other things, that soldiers wear uniforms. Maybe it was just the movies, but I do believe that in the first and second world wars combatants dressed in civilian clothes were routinely shot. But Saddam isn't a soldier - he's a politician. He may also have been in charge of his country's army, but he was being attacked because of his position as a political leader. Saddam was apparently quite proud of being a soldier. He routinely wore a uniform bearing insignia of miliary rank. He carried weapons. He was armed when captured and had with him evidence that he was directing military operations. In any case, if you are arguing that he should be treated as a POW, you cannot simultaneously argue that he is not a soldier. On Mon, 15 Dec 2003, Dave Howe wrote: The Geneva conventions require, among other things, that soldiers wear uniforms. No, they don't. The provisions are reasonably clear. You wear a uniform of some sort, or you openly display your weapons: 3. In order to promote the protection of the civilian population from the effects of hostilities, combatants are obliged to distinguish themselves from the civilian population while they are engaged in an attack or in a military operation preparatory to an attack. Recognizing, however, that there are situations in armed conflicts where, owing to the nature of the hostilities an armed combatant cannot so distinguish himself, he shall retain his status as a combatant, provided that, in such situations, he carries his arms openly: (a) During each military engagement, and (b) During such time as he is visible to the adversary while he is engaged in a military deployment preceding the launching of an attack in which he is to participate. Acts which comply with the requirements of this paragraph shall not be considered as perfidious within the meaning of Article 37, paragraph 1 (c). (http://www.unhchr.ch/html/menu3/b/93.htm) If you don't wear a uniform or display your weapons during an engagement, whether offensive or defensive, then you are engaging in perfidious acts and lose the protection of the Geneva conventions. Note that this says during each military engagement; if you drop your weapon and try to melt into the crowd, you have failed to comply, your behaviour is perfidious. If you are defending though, you are entitled to the protection of the geneva convention (and lawful combatant status) simply by being an open hostile (carrying your weaponry openly and obeying all the usual provisions of the geneva convention, which obviously doesn't allow hiding in a crowd of civilians). This is the take up arms provision so beloved of the american people - that in the face of invasion, the ordinary citizen would take up arms to defend his home and neighbours. I can find no support for what you say in this paragraph. Attackers are not distinguished from defenders except at the level of individual engagements. That is, if you are a member of an irregular force invading another country and are captured, you are a POW, so long as you comply with the rules: distinguish yourself from the civilian population, and display your weapons openly. Notwithstanding the above, 7. This Article is not intended to change the generally accepted practice of States with respect to the wearing of the uniform by combatants assigned to the regular, uniformed armed units of a Party to the conflict. Saddam was an officer in a regular, uniformed armed unit. He had worn his uniform conspicuously for many years. He was not an irregular combatant. Therefore he was obliged to continue to wear a uniform while engaged in military action and not doing so could be considered perfidious. The following is also relevant: Article 46.-Spies 1. Notwithstanding any other provision of the Conventions or of this Protocol, any member of the armed forces of a Party to the conflict who falls into the power of an adverse Party while engaging in espionage shall not have the right to the status of prisoner of war and may be treated as a spy. 2. A member of the armed forces of a Party to the conflict who, on behalf of that Party and in territory controlled by an adverse Party, gathers or attempts to gather information shall not be considered as engaging in espionage if, while so acting, he is in the uniform of his armed forces. If you gather information or attempt to do so, and are NOT in uniform, you can be considered a spy and so are not eligible for POW status. According to news reports, our friend Saddam had many intelligence reports with him when captured. He was gathering information for military purposes. He was not in uniform. Therefore he forfeited any right to be treated as a captured soldier - specifically because he was not in uniform. It was presumably on one of these grounds that Allied prisoners out of uniform when captured were routinely executed in Europe during
Re: U.S. in violation of Geneva convention?
At 03:47 PM 12/15/2003 +, Jim Dixon wrote: On Mon, 15 Dec 2003, Anonymous wrote: The U.S. official's way of behaving like Texas rednecks are embarrassing. Not only are they cheering we got him like a child who can not withhold his enthusiasm. Displaying Saddam the way they did are also possibly a clear violation of the Geneva convention as far as I can tell. The Geneva conventions require, among other things, that soldiers wear uniforms. Maybe it was just the movies, but I do believe that in the first and second world wars combatants dressed in civilian clothes were routinely shot. But Saddam isn't a soldier - he's a politician. He may also have been in charge of his country's army, but he was being attacked because of his position as a political leader.
Re: cpunk-like meeting report
Eugen Leitl wrote: On Sun, Dec 14, 2003 at 09:57:09PM -0800, Morlock Elloi wrote: http://lists.cryptnet.net/mailman/listinfo/cpunx-news Be sure and check the archive before posting. It is still small. Cookies, members only archive access. Bad deal. Will not happen. Very few consumers here. To see the collection of prior postings to the list, visit the cpunx-news Archives. The current archive is only available to the list members. No good. Please fix. Archive it your selfs you fucking wankers. Damn. Since when can cypherpunks not even handle setting up a public mailing list archive? If that's beyond you, you probably don't belong on the cypherpunks list. What do you need a government assistance program? Some public service announcements? A welfare sponsored skills training program? Here's the hand out you're looking for: http://www.mail-archive.com/faq.html#newlist - VAB
Re: U.S. in violation of Geneva convention?
At 5:21 PM + 12/15/03, Dave Howe wrote: Iraq was somehow involved in the Trade Center attacks too For those who wondered why Abu Nidal took two in the hat shortly before the daisycutters came to play: http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2003/12/14/wterr14.xmlsSheet=/portal/2003/12/14/ixportaltop.html -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: cpunk-like meeting report
On Sun, Dec 14, 2003 at 08:00:57PM -0800, Tim May wrote: Some people think spinning off new lists whenever they get interested in some area is interesting. Most of these lists fail for obvious There's a specific niche of high-volume topical news lists. They're designed to distribute the mining the news sources load. Life's too short for everybody to read every news source just to learn what's new in a specific area. They can take a while to get started, but once they go critical they can become a valuable resource. My problem with cpunx-news is that I've found relying on other people for critical infrastructure a mistake. reasons. Sometimes a famous person, especially Net famous, creates a vanity list. Hence the Interesting People vanity list. This trend seems to be giving way to Blogs, however, as the various net.personalities realize that what they really want is a forum for blogging their message to an attentive audience. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 0.97c removed an attachment of type application/pgp-signature]
Re: cpunk-like meeting report
On Sun, Dec 14, 2003 at 09:57:09PM -0800, Morlock Elloi wrote: http://lists.cryptnet.net/mailman/listinfo/cpunx-news Be sure and check the archive before posting. It is still small. Cookies, members only archive access. Bad deal. Will not happen. Very few consumers here. To see the collection of prior postings to the list, visit the cpunx-news Archives. The current archive is only available to the list members. No good. Please fix. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 0.97c removed an attachment of type application/pgp-signature]
Re: U.S. in violation of Geneva convention?
Jim Dixon wrote: The Geneva conventions require, among other things, that soldiers wear uniforms. No, they don't. Fox news repeats this enough that more than half of america believes it, but then, more than half of america believes Iraq was somehow involved in the Trade Center attacks too The rules are considerably more lax for the defenders than the attackers - if you are entering another country, then you must either be part of a uniformed, standing army or be part of a militia (with a rigid authority structure, open carrage of arms and an identifying badge or emblem). You must also respect the rules of war - so at least in theory, even a uniformed official combatant is not entitled to the protections of the Geneva conventions if he himself breaks those conventions (by e.g. shooting noncombatants) If you are defending though, you are entitled to the protection of the geneva convention (and lawful combatant status) simply by being an open hostile (carrying your weaponry openly and obeying all the usual provisions of the geneva convention, which obviously doesn't allow hiding in a crowd of civilians). This is the take up arms provision so beloved of the american people - that in the face of invasion, the ordinary citizen would take up arms to defend his home and neighbours. There is considerable doubt as to exactly how this applies to sniping - certainly, uniformed combatants are little less likely to decide to dive into cover and take out their opponents with aimed fire than random undertrained militia are, and it would be insane for a lone take up arms defender to stand out in the open to duke it out; the problem is a random sniper is difficult to locate *after* an attack if he is not otherwise identifiable; ok, he isn't permitted to drop his weapon and retain his lawful combatant status, but nor could a uniformed individual (one of several) be expected to volunteer that he was the one who just killed four of the team now pointing weapons at him. (the take up arms provision seems to assume the defender picks up a gun and continues firing until he is killed, captured, or he wins :) name rank and number is for the movies.
self adjusting dummy traffic generation?
Would it be possible to have a self adjusting dummy traffic generator feature in remailers? Operator decides that he wants to process x number of incoming and y number of outgoing messages each time period t. Then the software adjusts the number of dummy messages to this value using some statistical calculations of past t2 hours. If incoming traffic increases then the amount of dummy messages are decreasing and so on. Does this feature exist today?
Re: U.S. in violation of Geneva convention?
The U.S. official's way of behaving like Texas rednecks are embarrassing. Not Crosspost from nettime: Subject: nettime wrong signals If symbols really do matter we might conclude that American administration's PR machine has got it badly wrong. In the carefully orchestrated news management of Saddam's capture, once again, the public opinion which *really* matters in the middle east: Arab public opinion, has been conclusively misread The image of an Arab leader (however terrible) being objectivised by a white gloved American medic like a bug on a lab bench, will not be read in the Arab world as a moment of liberation. It will be seen as a special kind of humiliation, the kind which typifies the depth of ignorance which has inspired this campaign from its outset. Once again the images (chosen with great care one imagines, given the time lapse between Saddam's capture and the John Wayne style triumphalism of the announcement) treats Arab opinion to a further demonstration of the power of the west to objectivize the world under a coolly scientific gaze. In this context no mediaeval torturer could have conceived of a greater humiliation than the medical torch's pencil thin beam illuminating the inside of the tyrant's mouth. A stupidity of almost incomprehensible proportions seems bent on prosecuting a war against terror in which the twenty-four hour news machine is mobilized to disseminate images that do little more than fan the flames of hate.
Hack the Vote: cause a blackout
(This inspired by comments in Scheier's cryptogram) Do all the newly electronic voting places have UPS? I doubt it. Think of the fun you could cause if you downed a few substations or poles. And because elections happen all at once, there would be no means of recovery. Imagine if, in the next presidential election, someone hacked the vote in New York. Would we let New York vote again in a week? Would we redo the entire national election? Would we tell New York that their votes didn't count? What we need are simple voting systems--paper ballots that can be counted even in a blackout.
Re: Compromised Remailers
Quoting Bill Stewart [EMAIL PROTECTED]: At 06:49 PM 12/13/2003 +0100, some provocateur claiming to be Anonymous wrote: A question for the moment might well be how many if any of the remailers are operated by TLAs? Remailers are secure if at least one remailer in a chain is _not_ compromised... A case-in-point on this is the admin of the Frog remailer in 2001. He 'outted' a user who chained a message through both of Frog admin's remailers. The admin didn't like what was said and used his logs to match the sender with the decrypted outgoing message. With sendmail and verbose Mixmaster logs, this is trivial to do. It's also not unheard of for remops to log and cooperate to 'out' a spammer. If I were remailing a message that would get me sent to prison, I would definately use a Wi-Fi hotspot and use 3-4 chained remailers with random delays. By the time the message is delivered, it will be many hours/days since the message was sent. -- Keith Ray [EMAIL PROTECTED] -- OpenPGP Key: 0x79269A12
Re: Idea: Simplified TEMPEST-shielded unit (speculative proposal)
While I agree with much of what you say I don't think it's likely that any kind of advanced SIGINT operation was what brought him down. The most important thing to have is intelligence from humans. From insiders. This is partly the problem with the intelligence agencies today. They think too much of the technology and it's possible uses. Good old fashion spies will always be the most powerfull way to get information if you can get someone to cooperate. This is also why it is a bit harder in countries with a lot of people willing to kill or be killed for the sake of ideas. Even so it seems that someone sold him for the money in this case. It was bound to happen sooner or later since it's not possible to be on the run without trusting at least one or a few individuals from time to time.
Re: U.S. in violation of Geneva convention?
I am not sure I agree. I am no expert on this however. I saw several people commenting the issue of Geneva convention on CNN during the day. Also I saw an expert on this field from another country commenting on the issue stating that it was a clear violation of the convention. In either of these interviews were there any discussion on whether it didn't apply to this specific case due to what clothings he happened to wear or whattever. I got the impression that it was clear that the U.S. treatment wasn't fully appropriate. Nietsche quote sought: Battle not with monsters, lest ye become a monster. And if you gaze long into the abyss, the abyss gazes into you. I think it's about not becoming evil yourself when you're fighting evil. Pretty applicable, yes. We should not be tempted to act in unlawful and questionable ways. It is sticking by international treaties and handling everyone in accordance to law and human values that separates us from evil men like Saddam. This is a good time to show him and his followers that all men, even those of his sort, are treated equal and given a fair trial as stipulated by the universal declaration of human rights by the UN in 1948. And this by the state they call the great satan. Behaving like a lynch mob will make us loosers too.
Using PCR to find Hussein via the sewers? [GATTACA]
At 04:50 AM 12/15/03 -0800, John Young wrote: There's a good possibility that Saddam was traced by Tempest sensing, airborne or mundane. I wonder if you can trace DNA in sewers back to the source, esp. in an inbred locale? (Peter? PCR with Saddam specific primers?) Or did he just dig a cat-hole instead of using the infrastructure? You can trace industrial contamination up sewer lines back to the source. How about the cells we shed? Just theoretically. Papers fnord says someone used to the good life narced, couldn't handle a jail cell.
Re: cpunk-like meeting report
At 09:57 PM 12/14/03 -0800, Morlock Elloi wrote: Be sure and check the archive before posting. It is still small. Cookies, members only archive access. Bad deal. Will not happen. Very few consumers here. But look how many IP addresses he got from members checking it out!
Re: Don't worry...it's just one of Saddam's doubles
If I don't remember incorrectly, they said something about identifying him by DNA testing. Well, of course Saddam is going to test positive...he's apparently an actual CLONE. Actually, from what I understand this is the 'original' Saddam (note how much older he seems than the Saddams we've been seeing in the press over the last few years), but he hasn't actually controlled things for a couple of decades. The Saddam we're really looking for is approximately Saddam #3, and he's still at large, and directing the insurgency. -TD From: Thomas Shaddack [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: Don't worry...it's just one of Saddam's doubles Date: Mon, 15 Dec 2003 03:33:53 +0100 (CET) On Sun, 14 Dec 2003, Tyler Durden wrote: Spread the word. The adminstration got desparate. In a few weeks they'll announce this isn't the real Saddam, but that rounding up all of the clones is necessary progress in the fight to get the real Saddam. If I don't remember incorrectly, they said something about identifying him by DNA testing. But it wasn't widely quoted in the mainstream news. So even if it really is him - they may still claim he isn't the real McCoy if the insurgency won't stop. The timing is definitely weird. Too soon before the Elections. But there is still the backup, the Lost TV Star, also known as Ossama; whether They intend to announce capturing him, or whether he will be claimed responsible for Something Scary in a psyops attempt to make the voters more susceptible to the beat of the Homeland Security drums. _ Wonder if the latest virus has gotten to your computer? Find out. Run the FREE McAfee online computer scan! http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
Re:Textual analysis
At 09:44 AM 12/13/03 -0600, Harmon Seaver wrote: .. And what is my supposed three-space paragraph lead-ins? The concept of textual analysis to prove ID has always amused me. A competent writer can easily change writing styles from moment to moment. I well recall a university english lit prof almost accusing me of plagarism when I wrote a piece mimicking Faulkner and doing so well enough that the prof actually started looking thru his works trying to find it. Textual analysis correctly identified the author of _Primary Colors_, though that was from a pretty small field of people with the right level of inside knowledge. Does anyone know whether there have been real randomized trials of any of the textual analysis software or techniques? E.g., is this an identification technique like DNA, or is it an identification technique like retrieving repressed memories under hypnosis (or, equivalently, consulting a ouiji board)? It's not obvious to me how you'd change your writing style to defeat these textual analysis schemes--would it really be as simple as changing the average length of sentences and getting rid of the big words, or would there still be ways to determine your identity from that text? I'm thinking especially of long discussions of technical topics--if I wrote a five page essay on what to look at when trying to cryptanalyze a new block cipher, I think it would be hard to keep readers who knew me from having a pretty good guess about the author, even if I tried changing terms, being more mathematical and less conversational, etc. (Though this is more of a problem with humans familiar with my writing style, rather than with automated analysis.) Harmon Seaver CyberShamanix http://www.cybershamanix.com --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
Re: Textual analysis
On Sun, Dec 14, 2003 at 10:36:02AM -0500, John Kelsey wrote: | Textual analysis correctly identified the author of _Primary Colors_, | though that was from a pretty small field of people with the right level of | inside knowledge. Does anyone know whether there have been real randomized | trials of any of the textual analysis software or techniques? E.g., is Not as far as I know, and I spent a bit of time reading through both Author Unknown, by Don Foster (who named Klien) and Analyzing for Authorship, by Jill Farringdon. Foster is an English professor, and reads the work under analysis, and then works by the potential authors. His technique would be described as intuitive, but the human brain has large power to make linkages. Analysing for Authorship, from the University of Wales press. Analyzing for Authorship really didn't strike me as better. It uses a technique called CUSUM, but the methodology and graphs (as I recall) vary from text to text, and neither I, nor Alice, who read the book for ZKS, wondering if we could build this stuff into a product, was very impressed by it. | It's not obvious to me how you'd change your writing style to defeat these | textual analysis schemes--would it really be as simple as changing the | average length of sentences and getting rid of the big words, or would | there still be ways to determine your identity from that text? I'm | thinking especially of long discussions of technical topics--if I wrote a | five page essay on what to look at when trying to cryptanalyze a new block | cipher, I think it would be hard to keep readers who knew me from having a | pretty good guess about the author, even if I tried changing terms, being | more mathematical and less conversational, etc. (Though this is more of a | problem with humans familiar with my writing style, rather than with | automated analysis.) So, the question boils down to economics. There's how much you need to communicate, how much someone is willing to spend to tag you, and how good their proof needs to be. I suspect that for most purposes, proof does not need to be very strong in relation to your need to communicate. That is, if Tricky Dick thinks you're Deep Throat, or Saddam thinks you're the guy who betrayed him, etc. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
