RE: Powell admits mobile weapons factory scam

2004-04-05 Thread Tyler Durden
Is this that surprising?  The CIA isn't doing too well if they cannot
figure out that there are good reasons to doubt anti-Iraq intelligence.
The stuff I've been reading would indicate almost the contrary. Apparently, 
the Bush administration decided to more or less bypass the CIA's 'value 
added' analysis and grabbed the raw intelligence and interpreted it for 
itself.

Was that a splash sound I heard? Hope this rat likes the water...

-TD


From: Justin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Powell admits mobile weapons factory scam
Date: Sat, 3 Apr 2004 21:58:46 +
http://news.bbc.co.uk/2/hi/middle_east/3596033.stm

 In February last year he told the UN Security Council that Iraq had
 developed mobile laboratories for making biological weapons.

 On Friday he conceded that information appears not to be... that 
solid.
...
 Mr Powell said the US intelligence officers indicated to me that the
 information about the mobile labs was reliable, and I made sure it was
 multi-sourced.

 Now, if the sources fell apart we need to find out how we've gotten
 ourselves in that position, he said.

 I have discussions with the CIA about it, he said, without providing
 further details.
...
 This admission by Mr Powell could further hurt the credibility of the
 Bush administration in what is an election year, our correspondent says.

Is this that surprising?  The CIA isn't doing too well if they cannot
figure out that there are good reasons to doubt anti-Iraq intelligence.
The intelligence, if untrue, may have been disseminated by Saddam or the
Ba'athists for unknown purposes, perhaps to destabilize the region even at
the cost of Ba'athist leadership, for instance.  Even if he's truly a Bad
man and a psychopath, I don't believe that he's a coward who is unwilling
to die for his beliefs.  Ba'athists live by the sword, and I don't see him
being that hypocritical.
The intelligence may have been disseminated by the Kurds or other
anti-Ba'athist forces for obvious reasons.
The intelligence, even if it was originally true, may have been leaked and
then the mobile (and other) weapons factories and storage destroyed.  The
intended result would have been the current situation, with the Bush
administration and intel community looking like idiots and the soft on
terror Democrats having a foreign policy advantage in Nov 2004.
--
You took my gun.  It's just your word against mine!
Not necessarily.
  -Bernie vs Tom, Miller's Crossing
_
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://toolbar.msn.com/go/onm00200415ave/direct/01/



Re: Shock waves from Fallujah

2004-04-05 Thread Bill Stewart
At 05:59 AM 4/3/2004, R. A. Hettinga wrote:

At 1:31 PM -0800 4/2/04, Major Variola (ret) wrote:
A fence is being considered around the Capital in DC also.
You need a bigger fence than that, at least out to places like the Beltway,
maybe out to Fort Meade, right? ;-).
Of course, if they just got rid of the attractive nuisance, if all those
congresscritters weren't able to steal money to buy votes at election time,
maybe we wouldn't have to build such a big fence?


Correct me if I'm wrong, but I assume the purpose of a fence around the Capitol
would be to keep those pesky Congresscritters _in_,
not to keep other people out?




priceless

2004-04-05 Thread Major Variola (ret)
At 08:44 PM 4/4/04 -0500, Harmon Seaver wrote:
 Shiites hit a home run!

http://news.bbc.co.uk/2/hi/middle_east/3599381.stm

Deposing a harmless tyrant: $87,000,000,000
Generating 2 Islamic republics plus an ethnic republic that destabilizes
Turkey:
priceless

For colonialism, there's the military.
For disinfo, there's the CIA's silence.
For everything else, there's neo-conservatism.






Re: Shock waves from Fallujah

2004-04-05 Thread R. A. Hettinga
At 12:35 PM -0800 4/4/04, Bill Stewart wrote:
Correct me if I'm wrong, but I assume the purpose of a fence around the
Capitol
would be to keep those pesky Congresscritters _in_,
not to keep other people out?

Hmmm... Maybe something on the order of a lobster trap. Offer 'em a free
lunch. They'll believe *that* one...

Cheers,
RAH

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'



Mixmaster RFC

2004-04-05 Thread Len Sassaman
Hello,

I'm preparing to submit draft -02 of the revised Mixmaster Protocol  
Specification. If you have any comments, or have previously contributed  
and have not been acknowledged, please let me know as soon as possible  
by sending mail to  [EMAIL PROTECTED]

The last published version is here:

http://www.ietf.org/internet-drafts/draft-sassaman-mixmaster-00.txt

The current working version of the I-D is here:

https://source.mixmaster.anonymizer.com/svn/mixmaster/trunk/Docs/draft- 
sassaman-mixmaster-XX.txt

(Please comment on the latter).

Thanks,

Len



Gutmann: operating under the radar

2004-04-05 Thread R. A. Hettinga
http://www.computerworld.co.nz/news.nsf/PrintDoc/3F25D67E47980786CC256E6C007EE7D2?OpenDocumentpub=Computerworld

Computerworld NZ
Tuesday, 6 April, 2004

Gutmann: operating under the radar


Paul Brislen, Auckland

He describes himself as a professional paranoid, but cryptography expert
Peter Gutmann (pictured) is quite willing to buy products online using his
credit card and advocates writing down passwords on a piece of paper.

Gutmann, a developer, author, speaker and honorary researcher at Auckland
University's computer science department, realises that the password advice
might seem to fly in the face of reason.

Think about it. If you've written down your complicated password on a
piece of paper someone would have to break into your house to get it to
then break into your online account. That's not likely when the crooks are
sitting in Eastern Europe.

Conversely, he says having one user name and password for all accounts is
perhaps the worst thing a user can do.

That way if one account is compromised then effectively all of them could be.

Gutmann is world-renowned for his work on security architecture and is in
demand on the IT security speaking circuit. His PhD thesis has been
released as an academic text book (Cryptographic security architecture:
design and verification) and he has at least two more in the pipeline.

That one's very much an academic book. The next one is more
straightforward and is more about my take on different security issues.

Gutmann's role at Auckland University doesn't pay anything but it allows
him to do what he likes. His income is derived from one of those products
nobody's ever heard of but which many of us use - Cryptlib.

Cryptlib is in embedded products such as ATM machines and print servers,
for authenticating user rights to a particular printer.

It's widely used but invisible. Basically it's a general purpose tool used
inside applications so most people don't even know it's there.

Gutmann says this is the best approach to issues like email encryption -
make it happen automatically.

PGP has been around for over a decade and has a tiny market share still.

Cryptlib, by comparison, is marketed by health software developer Orion
Systems.

There are plenty of cool people using it but if I tell you who they are
they'll kill me, says Gutmann, only half joking.

Gutmann didn't set out to be a cryptographer.

I was working in data compression but you really can't make much of a
difference there. I sort of drifted into cryptography. Gutmann says his
approach isn't one of maths-intensive algorithms.

There's very little maths involved. Basically that part of it's secure
these days. It costs too much in terms of time and effort to break the code
to make it worthwhile. I work on the stuff around that to make sure that's
defensible.

Gutmann offers the example of public keys. What's the point of securing
your system with the most up-to-date encryption technology if you email
someone your key in an insecure manner?

Gutmann likes to quote cryptographer Bruce Schneier on the subject.

Basically he says it's like putting a large iron stake in the ground in
your front garden and hoping the burglar will run into it. It's the rest of
the garden that matters as well.

So Gutmann isn't worried that if he's too good at his job he'll do himself
out of a career.

As long as there are computers we'll need security people.

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'



Wiretaps led to arrests of terror suspects

2004-04-05 Thread Eugen Leitl

http://www.globeandmail.com/servlet/ArticleNews/TPStory/LAC/20040405/KHAWAJA05/National/Idx

Wiretaps led to arrests of terror suspects

By COLIN FREEZE AND ALAN FREEMAN
Monday, April 5, 2004 - Page A8

OTTAWA and LONDON -- The tapping of e-mails and overseas phone calls by a
host of Western spy agencies led to the arrests last week of terrorism
suspects in Canada and Britain, including an Ottawa man who had been under
scrutiny for at least four weeks.

The RCMP and Scotland Yard launched separate operations after an alarming
e-mail was picked up by a U.S. intelligence agency in February, sources said.

The U.S. National Security Agency, which electronically monitors millions of
conversations daily, reportedly picked through the chatter to find a message
sent from Pakistan to England.

According to the Sunday Times and The Guardian in Britain, several
intercepted communications showed links between suspected senior al-Qaeda
figures in Pakistan and an alleged bomb plot thwarted last week in Britain.

Nine men of mostly Pakistani heritage were rounded up there along with a
half-tonne of bomb-making chemicals, as hundreds of officers joined in
simultaneous and urgent raids.

The RCMP say the British raids are linked to the arrest of Mohammed Momin
Khawaja in Ottawa 12 hours earlier. The 24-year-old software developer
remains in prison, but is described locally as an exemplary young man -- a
solitary figure from a good family, taking Arabic courses but keeping mostly
to himself.

He recently travelled to England and Pakistan. Family members say he went
abroad to look for a wife. They further insist that global spy agencies
somehow got their signals crossed. How's it related to my brother, do you
know what I mean? Somebody's making phone calls to maybe England or Pakistan
or whatever, how is it related to my brother here in Canada?, said Qasim
Khawaja, 26.

After visiting him this weekend, he said his younger brother is totally
calm, smiling and just laughing about the situation. He thinks there's a
misunderstanding and they are overblowing it.

He said that during the raid, Mounties showed the family papers that said
their e-mails and phone calls have been listened in on since Feb. 27, after
his brother returned to Canada from his travels abroad.

Qasim, also a computer programmer, questioned the value of such eavesdropping
as an investigative technique. Most of the people that are questioning us
had a hard time using e-mails, you know what I mean? They are much older guys
and they don't understand technology like we do. . . . nowadays viruses can
even send e-mails, you know what I mean?

Investigators have continued to track down friends, family and nearly
forgotten acquaintances across North America, he said.

Mr. Khawaja said his father Mahboob, the 62-year-old head of the family,
surfaced this weekend in Saudi Arabia, where he has been in police custody
for several days. His family said police allowed him to call this week and
confirm that he had been detained after the raid on his former home in
Ottawa. He said he is being treated well, according to Qasim.

Canadian agencies say they had no role to play in the arrest of the elder Mr.
Khawaja, one of the founding members of Ottawa's 40,000-member Muslim
community who left Pakistan 35 years ago and recently moved to Saudi Arabia
to manage a polytechnic school.

His Canadian family planned to visit next month, but the RCMP seized their
passports and airline tickets in the raid.

From Saudi Arabia yesterday, a family friend said Mahboob Khawaja is a
normal guy. I didn't see him as a fanatic or anything, said Mohamed Farhat
Mehdi. He said that his friend often spoke of his family in Ottawa and he
talks with his Internet quite often. 

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net


pgp0.pgp
Description: PGP signature


Re: Private U.S. Guards Take Big Risks for Right Price

2004-04-05 Thread R. A. Hettinga
At 10:10 AM -0700 4/5/04, Major Variola (ret) wrote:
  Atoms
matter.

*Markets* matter, which *was* my point, originally in this thread. Not Mercs.

Markets are how you convert bits to atoms.

Cheers,
RAH

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'



Re: Shock waves from Fallujah

2004-04-05 Thread Major Variola (ret)
At 12:35 PM 4/4/04 -0800, Bill Stewart wrote:
At 1:31 PM -0800 4/2/04, Major Variola (ret) wrote:
 A fence is being considered around the Capital in DC also.


Correct me if I'm wrong, but I assume the purpose of a fence around the
Capitol
would be to keep those pesky Congresscritters _in_,
not to keep other people out?

No, it would be to protect the congressvermin from attacks.
Just like the anti-aircraft batteries and snipers on the white house.
The SS is also closing all but 1 tourist entrance to the Capitol.

..

In other news today, the US is going to snatch a major Iraqi cleric.
Flash to W. sticking his dick into a hornet's nest.

Dancing in the streets indeed.




Re: Private U.S. Guards Take Big Risks for Right Price

2004-04-05 Thread Major Variola (ret)
At 09:03 AM 4/3/04 -0500, R. A. Hettinga wrote:
At 1:26 PM -0800 4/2/04, Major Variola (ret) wrote:
Physics, because large entities have different properties (eg
surface-to-mass ratio; inertia) than small entities.

Well, certainly, that's the current wisdom about such things.

However, I'm talking about markets, and firms, which are all
creatures of information flow. As William Gibson put it once, a
corporation is a being which eats information and shits money.

We are talking about mercs, not selling bits on MercNet.  Mercs are
physical.
Thus their resources (satellites, rockets, tanks, etc) are *controlled*
by Men With Guns.   Who don't like to share the shiniest toys.

In those terms, then, since, Coase's theorem again, reduced
transaction cost (lowered by lower information gathering, and most
important to cypherpunks, lower transaction *security* costs lowering
transaction execution/settlement/clearing) how do we get the large
behavior current in modern markets without large firms?

Cheaper info cuts out middlemen, sure; but it does nothing to
permit mercs access to physical-technology that they need
in the physical world.

Lots of little devices acting in common, in their own self interest,
using markets to price their services.

Devices are physical.  MwG control the physical.

Somewhere, on the Shipwright site, is a John Young - discovered DOD
paper from the mid-90's about The Mesh and The Net, which looks
like a toe-hold on the idea of geodesic warfare. I used to joke about
keeping the landmines in your front yard paid or they wouldn't let
you out the door. :-).

Sure, meshes mean you may not need satellites or fixed base stations
for your comms.  Big deal.  The mesh-radios may be controlled,
and regardless, you need more than radios to be a merc.  Get
that through your head.

So, I would bet that lower costs of market entry means that smaller
firms could compete in large, temporary groups, in the same way that
market sell-off stampedes happen, only with guns.

You're too stuck on bits and forgetting about atoms.

The net allows more collaboration between the troops without central
control,

Yawn.  Disintermediation will happen, its just not enough.  Atoms
matter.







how much anonymity an internet cafe provides

2004-04-05 Thread Eugen Leitl

http://www.linux.ie/pipermail/ilug/2004-April/013049.html

[ILUG] [Fwd: I fought the scammer... and I won.]
John Allman allmanj at houseofireland.com
Mon Apr 5 09:33:39 IST 2004

* Previous message: [ILUG] bringing users to Linux (RFC)
* Next message: [ILUG] [Fwd: I fought the scammer... and I won.]
* Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Some of you who were on #linux on friday will know part or most of this 
story already as i witnessed some of it (while drinking a truly 
delicious hot chocolate). For those of you who don't, the following is a 
report written up by a friend of mine on his succussful (or at least, 
it's looking good) attempt to stop and catch a 419 scammer. I feel it's 
worth the read

John

 Original Message 
Subject:I fought the scammer... and I won.
Date:   Fri, 02 Apr 2004 21:54:30 +0100
From:   Steffen Higel Steffen.Higel at cs.tcd.ie
To: John Allman allmanj at houseofireland.com, 
paulinemccaffrey at eircom.net, stevecash at ireland.com, 
tony.odonnel at cs.tcd.ie, declan.dagger at cs.tcd.ie, 
edwin.higel at brookside.ie, marynstanley at eircom.net, 
richard.bannister at cs.tcd.ie, oconnoat at tcd.ie, jean.higgins3 at
mail.dcu.ie



[This is long, and is quite heavy on the technical discussion. Skip the 
bits you don't understand. It gets interesting.]

I work for a busy Dublin Internet cafe, doing some sysadmining and 
general computer maintenance. On Sunday the 28th of March, I got a 
rather distressing email from a sysadmin in a large U.S. University. 
Spamcop had blacklisted our server's external IP address. Abuse mail for 
the server in question gets sent to my college account (bad practice, I 
know,  but it's a part time job). My college uses Spamcop as a blacklist 
source. You can probably tell what happened...

Anyway, said email included the full headers of an email which was 
natted by our server pretending to be from the widow of Mr. Jonas 
Savimbi, offering the recipient a share of an unspecified large sum of 
money. The usual panicked thoughts kick in... Have I fiddled with 
something which has left us as an open relay?, Has our server been 
cracked?, Have I been sleep-spamming again?. A more reasoned 
examination of the headers showed that the mail had originated from one 
of the IP addresses that we assign dynamically to people who bring 
laptops into the cafe. This is something of a nightmare for cafe 
operators, we can hardly block outbound smtp but then again it isn't 
possible for us to manually check every single mail either. Maybe rate 
limiting is a valid technical solution. Or a contraption which hits the 
user on the head for every mail they send. So if they send 1 an hour, 
it's a mild nuisance. But if they send 100 a minute, it'll probably kill 
them.

A peek through the logs revealed:

Mar 26 15:04:16 server dhcpd-2.2.x: DHCPDISCOVER from 00:40:f4:5d:aa:f7 
via eth1
Mar 26 15:04:17 server dhcpd-2.2.x: DHCPOFFER on 192.168.1.70 to 
00:40:f4:5d:aa:f7 via eth1
Mar 26 15:04:17 server dhcpd-2.2.x: DHCPREQUEST for 192.168.1.70 from 
00:40:f4:5d:aa:f7 via eth1
Mar 26 15:04:17 server dhcpd-2.2.x: DHCPACK on 192.168.1.70 to 
00:40:f4:5d:aa:f7 via eth1
Mar 26 15:04:20 server dhcpd-2.2.x: DHCPREQUEST for 192.168.1.70 from 
00:40:f4:5d:aa:f7 via eth1
Mar 26 15:04:20 server dhcpd-2.2.x: DHCPACK on 192.168.1.70 to 
00:40:f4:5d:aa:f7 via eth1

Bingo. I had something to work with. The network card is one based on a 
Cameo 32bit chipset. Matches up quite nicely with these:

Return-Path: mjsavimbi2000 at yahoo.co.uk
Received: from 192.168.1.70 (server.XX [XXX.29])
   byXX) with SMTP id i2QFrgi0002755
   for XX; Fri, 26 Mar 2004 10:53:44 -0500 (EST)
Reply-To: michelle savimbi mjsavimbi2000 at yahoo.co.uk
From: michelle savimbi mjsavimbi2000 at yahoo.co.uk
To: XXX
Subject: urgent response
Date: Fri, 26 Mar 2004 15:53:26 +
Organization:
Mime-Version: 1.0
Content-Type: multipart/alternative; 
boundary==_NextPart_000_0034_01C221EC.6C64F7B0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.ams
X-MimeOLE: Produced by Microsoft MimeOLE V6.00.2800.1165

I asked around, and a man, described as being black (or is the word 
African-American these days?), roughly 30, with an accent which seemed 
half London and half African had been in the cafe with a laptop and had 
a number of visitors call into his booth and had been there at the given 
time.

I hate spam more than I hate crackers. I hate spam more than I hate 
virus writers. I wanted to catch this guy in the act and I wanted to see 
him hauled off in a paddywagon. We contacted the police, who 
unfortunately didn't seem willing to do anything about it unless we 
caught someone in the act of doing something illegal. The daily staff in 
the cafe were instructed to let me know if said individual turned up 
again, though honestly, who could be that stupid? My hopes