Re: Gilmore case...Who can make laws?

[J.A. Terranson]

On Tue, 7 Sep 2004, Eric Cordian wrote:

> An argument that the TSA cannot make rules, even secret rules, regulating
> air travel, because it is not Congress, will not pass the giggle test in
> court, unless you can show that the TSA exceeded its regulatory powers.

Absolutely correct.

I am however intrigued that they may be preparing to posit that secret
rules (which act under color of law) can be enforced without being
described publicly.  This, if accepted, would effectively end all
constitutional protections.

-- 
Yours,

J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."  Osama Bin Laden
- - -

  "There aught to be limits to freedom!"George Bush
- - -

Which one scares you more?

Re: Maths holy grail could bring disaster for internet

[Eric Cordian]

RAH pastes:

> Tim Radford, science editor
> Tuesday September 7, 2004

> The Guardian
> Mathematicians could be on the verge of solving two separate million dollar
> problems. If they are right - still a big if - and somebody really has
> cracked the so-called Riemann hypothesis, financial disaster might follow.
> Suddenly all cryptic codes could be breakable. No internet transaction
> would be safe.

Bullshit.  A constructive proof of NP=P would doom strong crypto.  A proof 
of the Riemann hypothesis MIGHT lead to polynomial time factoring, which 
would break RSA, but leave the rest of cryptography largely untouched.

The Guardian needs to raise the bar a bit for that which it alleges to be 
"Science Writing."

Louis de Branges "proves" the Riemann Hypothesis every year, by the way.

-- 
Eric Michael Cordian 0+
O:.T:.O:. Mathematical Munitions Division
"Do What Thou Wilt Shall Be The Whole Of The Law"

RE: stegedetect & Variola's Suitcase

[Major Variola (ret)]

At 11:57 AM 9/7/04 -0400, Sunder wrote:
>The answer to that question depends on some leg work which involves
>converting the source code to stegetect into hardware and seeing how
fast
>that hardware runs, then multiplying by X where X is how many of the
chips
>you can afford to build.

A quick perusal of stegdetect.c, attending to how it analyzes jphide
images,
indicates that it computes histograms of DCT coefficients and then
performs
chi^2 tests on the distributions.  Since this is
fairly easy on a generic RISC CPU, one might be better off with a rack
o' blades
or even a cluster.  Particularly because most JPGs will fit inside your
typical
21st century-sized processor cache.

Note that a streaming implementation is not easy because JPG data will
have to be reassembled from transport-level packet quantization; e.g., a
200KB JPG is a lot
of 1500 byte packets.  Better to snarf & reassemble the JPG then analyze
the whole captured image.

Contrast this with e.g., block cipher accelerators that benefit
from hardware implementation because they use bit-diddling not well
supported by
a typical instruction set.  Or modexp() accelerators that benefit from
parallelism.

Joseph Holsten <[EMAIL PROTECTED]> is right that its a complete waste
(and not really stego) to look for data appended to the image data.  Any
data appended there, especially noise :-), will be suspicious.


>I'd image that it's a lot faster to have some hw that gives you a
yea/nay
>on each JPG, than to say, attempt to crack DES.

Stegdetect is performing a signal-detection task.  As such, it measures
a continuous
variable, then thresholds it to make a decision.  Therefore there is a
tradeoff between sensitivity and false positives.

For instance, I produced a test, jphide stego'd JPG which is *not*
detected by stegdetect
with default sensitivity, but using the "-s 3" argument it scores one
asterisk.

The steganographer can make the steganalysts' jobs much harder by
keeping
the S/N down, ie by only using short messages in large images.  This is
alluded
to in the jphide pages: "Given a typical visual image, a low insertion
rate (under 5%) and the absence of the original file, it is not possible
to conclude with any worthwhile certainty that the host file contains
inserted data." and follows from signal detection theory.
It is also empirically true from some casual experimentation.

Further commentary:

* Stegdetect, though clever and well written (if poorly commented),
barfs on a number of valid JPGs, including monochrome ones.

* One could write a jphide variant which doesn't skew the coefficients
e.g., if you
use the upper half of an image for cargo, and the lower half to hide the
changes.
If instead of simplistic "halves" you used the passphrase to seed a PRNG
you could
disperse the cargo & re-balancing changes much more subtly.

* MPx format files have great potential, for both image, image-N-tuple,
and audio stego; is that http://irenarchy.org hip-hop recruiting video
really just a video?   (And is morphing someone into a sesame-street
character "fair use"?)

* Note that stego dictionary-attack breaking *would* benefit from
compression-
and crypto- accelerators for obvious reasons.  But the topic here is
stego detection.

---
Steganography is in the eye of the beholder.  -Viktor.

Re: Gilmore case...Who can make laws?

[Eric Cordian]

TD writes:

> This describes the "Government" as creating secret laws. But, theoretically, 
> only the congress and the Senate can create new laws, correct? The Executive 
> branch has never been empowered to create laws, and I'm thinking these 
> travel laws did not go through congress or the senate.

The big loophole here is "regulation."  Congress passes a law declaring 
that some governmental organization has the power to regulate something, 
and then that organization may create rules, impose financial penalties, 
and send people to jail under a plethora of laws against obstructing 
organizations blessed with regulatory powers.

Congress, for instance, does not make every single law governing the 
behavior of pharmacutical companies, or every single law governing the use 
of the radio spectrum.  Instead, it makes one law granting the FDA or FCC 
regulatory powers, and exercises only oversight with regards to their 
subsequent behavior.

An argument that the TSA cannot make rules, even secret rules, regulating 
air travel, because it is not Congress, will not pass the giggle test in 
court, unless you can show that the TSA exceeded its regulatory powers.

-- 
Eric Michael Cordian 0+
O:.T:.O:. Mathematical Munitions Division
"Do What Thou Wilt Shall Be The Whole Of The Law"

RE: Gilmore case...Who can make laws?

[Tyler Durden]

Hum. Another wrinkle in this thing occurred to me here, though I'm sure 
various Cypherpunks will (rightly) declare me naive.

This describes the "Government" as creating secret laws. But, theoretically, 
only the congress and the Senate can create new laws, correct? The Executive 
branch has never been empowered to create laws, and I'm thinking these 
travel laws did not go through congress or the senate.

So not only are these laws secret, they emanate from a body that is not 
empowered to make laws within the US. Is there a precedent, or perhaps 
because the "War on Terror" must be waged everywhere, the Commander in Chief 
can claim the right to make new domestic laws as a function of his wartime 
leadership.

-TD

From: "J.A. Terranson" <[EMAIL PROTECTED]>
To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: Gilmore case: CNN
Date: Tue, 7 Sep 2004 06:50:16 -0500 (CDT)
http://www.cnn.com/2004/LAW/09/06/airline.id.ap/index.html
Government wants ID arguments secret
Monday, September 6, 2004 Posted: 4:07 PM EDT (2007 GMT)
SAN FRANCISCO, California (AP) -- The U.S. Department of Justice has asked
an appellate court to keep its arguments secret for a case in which
privacy advocate John Gilmore is challenging federal requirements to show
identification before boarding an airplane.
A federal statute and other regulations "prohibit the disclosure of
sensitive security information, and that is precisely what is alleged to
be at issue here," the government said in court papers filed Friday with
the U.S. Ninth Circuit Court of Appeals. Disclosing the restricted
information "would be detrimental to the security of transportation," the
government wrote.
Attorneys for Gilmore, a 49-year-old San Francisco resident who co-founded
the Electronic Frontier Foundation, a civil liberties group, said they
don't buy the government's argument and that its latest request raises
only more questions.
"We're dealing with the government's review of a secret law that now they
want a secret judicial review for," one of Gilmore's attorneys, James
Harrison, said in a phone interview Sunday. "This administration's use of
a secret law is more dangerous to the security of the nation than any
external threat."
Gilmore first sued the government and several airlines in July 2002 after
airline agents refused to let him board planes in San Francisco and
Oakland without first showing an ID or submitting to a more intense
search. He claimed in his lawsuit the ID requirement was vague and
ineffective and violated his constitutional protections against illegal
searches and seizures.
A U.S. District Court judge earlier this year dismissed his claims against
the airlines, but said his challenge to the government belonged in a
federal appellate court.
Now in his appellate case, Gilmore maintains the federal government has
yet to disclose the regulations behind the ID requirement to which he was
subjected.
"How are people supposed to follow laws if they don't know what they are?"
Harrison said.
The government contends its court arguments should be sealed from public
view and heard before a judge outside the presence of Gilmore and his
attorneys. The government, however, said it would plan to file another
redacted public version of its arguments.
A date for a hearing on the matter has not yet been set.
_
Is your PC infected? Get a FREE online computer virus scan from McAfee® 
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

RE: Gilmore case...Who can make laws?

[Chuck Wolber]

On Tue, 7 Sep 2004, Tyler Durden wrote:

> This describes the "Government" as creating secret laws. But, 
> theoretically, only the congress and the Senate can create new laws, 
> correct? The Executive branch has never been empowered to create laws, 
> and I'm thinking these travel laws did not go through congress or the 
> senate.

Well, there's the "Executive Order", as well as the fact that many 
organizations are empowered to create "policy". Although policy is not 
specifically law, it may as well be. 

I am curious though:


1) Can the laws that grant policy making privileges be themselves secret?

2) Are policy making privilege laws restricted within a certain scope 
(within a specific organization)?

3) Are all *SIGNED* executive orders publically available?

-Chuck


-- 
http://www.quantumlinux.com 
 Quantum Linux Laboratories, LLC.
 ACCELERATING Business with Open Technology

 "The measure of the restoration lies in the extent to which we apply 
  social values more noble than mere monetary profit." - FDR

Re: Remailers an unsolveable paradox?

[James A. Donald]

--
On 4 Sep 2004 at 21:50, Nomen Nescio wrote:
> The ratio of remailer use to abuse is painfully low because
> there's no way to actually communicate. You can broadcast but
> not recieve, because no system exists to receive mail
> psuedononymously. This is not communication.
>
> Remailer use is restricted to when senders don't care about 
> listener, which means rants, death threats, and the abuse
> of spam. The only systems for receiving mail are at best some
> college student's unimplemented thesis.

alt.anonymous.messages provides a channel for people who wish
to receive messages without themselves being identified.

If I want to receive a message without providing and email
address that can be traced, I ask the recipient to post in in
the newsgroups such as alt.anonymous.messages.

For obvious reasons people who read alt.anonymous.messages, or
think they might need to read it in the future, download the
newsgroup in its entireity. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 fzparMQ1YGMHFGGQ4eabvrdbfX3oQPnGSeUNNkuX
 4UV3sPQUJdBwqav34D5pBXRBNtLg+GX5dxE+YM5P8

RE: stegedetect & Variola's Suitcase

[Sunder]

The answer to that question depends on some leg work which involves 
converting the source code to stegetect into hardware and seeing how fast 
that hardware runs, then multiplying by X where X is how many of the chips 
you can afford to build.

I'd image that it's a lot faster to have some hw that gives you a yea/nay 
on each JPG, than to say, attempt to crack DES.

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Tue, 7 Sep 2004, Tyler Durden wrote:

> So here's the 'obvious' question:
> 
> How fast can dedicated hardware run if it were a dedicated Stegedetect 
> processor?
> 
> In other words, how easy would it be for NSA, et al to scan 'every' photo on 
> the internet for Stego traces? (And then, every photo being emailed?)
> 
> And then, how fast can someone write a worm that will make every photo 
> stored on a harddrive look like it's been stegoed?

Re: stegedetect & Variola's Suitcase

[Joseph Holsten]

On Tue, 07 Sep 2004 11:22:28 -0400, Tyler Durden
<[EMAIL PROTECTED]> wrote:
> How fast can dedicated hardware run if it were a dedicated Stegedetect
> processor?
..
> In other words, how easy would it be for NSA, et al to scan 'every' photo on
> the internet for Stego traces? (And then, every photo being emailed?)
Although I haven't looked at the code behind stegedetect yet, I can
assume that a single dedicated processor would be less efficient that
perhaps two or three dedicated processors. Some steg (appendx,
camouflage) isn't steg, just data appended to the end of the file, in
valid jpeg encapsulation. Real steg (f5, jsteg, jphide,  steghide)
would require looking at more data, for more time. it would be a waste
to have the same processor working on appended data and real steg.
Quick answer: I don't know / Depends on the data.

> And then, how fast can someone write a worm that will make every photo
> stored on a harddrive look like it's been stegoed?
Again, you'd have to decide between real and fake steg. Appending a
fortune message to the end of an image would be really quick, and
would alert stegedetect. But if you want to signal the nsa, you'd need
real steg with real (but breakable) crypto. The difference is quick
perl script versus a modified jpeg library.
who are ya tryin to fool?
[EMAIL PROTECTED]

RE: Gilmore case...Who can make laws?

[J.A. Terranson]

On Tue, 7 Sep 2004, Tyler Durden wrote:

> Hum. Another wrinkle in this thing occurred to me here, though I'm sure
> various Cypherpunks will (rightly) declare me naive.
>
> This describes the "Government" as creating secret laws. But, theoretically,
> only the congress and the Senate can create new laws, correct?

Incorrect.  There are serveral backdoors.  The POTUS can issue a
Presidential Finding, and said "finding" effectively creates a "law".

The SCOTUS can make laws as well, also by issuing findings, although they
are then called "decisions" :-/


-- 
Yours,

J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."  Osama Bin Laden
- - -

  "There aught to be limits to freedom!"George Bush
- - -

Which one scares you more?

RE: stegedetect & Variola's Suitcase

[Tyler Durden]

So here's the 'obvious' question:
How fast can dedicated hardware run if it were a dedicated Stegedetect 
processor?

In other words, how easy would it be for NSA, et al to scan 'every' photo on 
the internet for Stego traces? (And then, every photo being emailed?)

And then, how fast can someone write a worm that will make every photo 
stored on a harddrive look like it's been stegoed?

-TD

From: Sunder <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: stegedetect - looks like "we" need better mice
Date: Tue, 7 Sep 2004 05:53:08 -0400 (edt)
http://freshmeat.net/projects/stegdetect/?branch_id=52957&release_id=172055
http://www.outguess.org/detection.php
Steganography Detection with Stegdetect
Stegdetect is an automated tool for detecting steganographic content in
images. It is capable of detecting several different steganographic
methods to embed hidden information in JPEG images. Currently, the
detectable schemes are
* jsteg,
* jphide (unix and windows),
* invisible secrets,
* outguess 01.3b,
* F5 (header analysis),
* appendX and camouflage.
Stegbreak is used to launch dictionary attacks against JSteg-Shell, JPHide
and OutGuess 0.13b.
Stegdetect and Stegbreak have been developed by Niels Provos.
--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-
_
Check out Election 2004 for up-to-date election news, plus voter tools and 
more! http://special.msn.com/msn/election2004.armx

Re: stegedetect & Variola's Suitcase

[Tyler Durden]

Joseph Holsten  wrote...
who are ya tryin to fool?
Well, just in case it's not obvious, the clear issue here is whether the use 
of Stego is actually merely a red flag, in which case it may actually be 
worse than using nothing on some levels. If every message used it, though...

-TD
_
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Gilmore case: CNN

[J.A. Terranson]

http://www.cnn.com/2004/LAW/09/06/airline.id.ap/index.html


Government wants ID arguments secret
Monday, September 6, 2004 Posted: 4:07 PM EDT (2007 GMT)


SAN FRANCISCO, California (AP) -- The U.S. Department of Justice has asked
an appellate court to keep its arguments secret for a case in which
privacy advocate John Gilmore is challenging federal requirements to show
identification before boarding an airplane.

A federal statute and other regulations "prohibit the disclosure of
sensitive security information, and that is precisely what is alleged to
be at issue here," the government said in court papers filed Friday with
the U.S. Ninth Circuit Court of Appeals. Disclosing the restricted
information "would be detrimental to the security of transportation," the
government wrote.

Attorneys for Gilmore, a 49-year-old San Francisco resident who co-founded
the Electronic Frontier Foundation, a civil liberties group, said they
don't buy the government's argument and that its latest request raises
only more questions.

"We're dealing with the government's review of a secret law that now they
want a secret judicial review for," one of Gilmore's attorneys, James
Harrison, said in a phone interview Sunday. "This administration's use of
a secret law is more dangerous to the security of the nation than any
external threat."

Gilmore first sued the government and several airlines in July 2002 after
airline agents refused to let him board planes in San Francisco and
Oakland without first showing an ID or submitting to a more intense
search. He claimed in his lawsuit the ID requirement was vague and
ineffective and violated his constitutional protections against illegal
searches and seizures.

A U.S. District Court judge earlier this year dismissed his claims against
the airlines, but said his challenge to the government belonged in a
federal appellate court.

Now in his appellate case, Gilmore maintains the federal government has
yet to disclose the regulations behind the ID requirement to which he was
subjected.

"How are people supposed to follow laws if they don't know what they are?"
Harrison said.

The government contends its court arguments should be sealed from public
view and heard before a judge outside the presence of Gilmore and his
attorneys. The government, however, said it would plan to file another
redacted public version of its arguments.

A date for a hearing on the matter has not yet been set.

Re: Maths holy grail could bring disaster for internet

[Sunder]

Forgive my ignorance, but would other PK schemes that don't rely on prime
numbers such as Elliptic Curve be affected?

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Tue, 7 Sep 2004, Matt Crawford wrote:

> On Sep 6, 2004, at 21:52, R. A. Hettinga wrote:
> 
> This would be a good thing.  Because to rebuild the infrastructure 
> based on symmetric crypto would bring the trusted third party 
> (currently the CA) out of the shadows and into the light.

Re: What are the risks associated with partially know cipher keys

[Padraig MacIain]

Thank you for your answers Werner. 

I was fairly certain myself about the first question you answered. Its
a 'well its obvious' kind of question.

I wasn't sure about the second one, and I am too snowed under at work
dealing with radius and voip stuff for me to read through the various
*PGP source codes around to look at it from a logical point of view.

Many thanks.


On Tue, 07 Sep 2004 14:06:29 +0200, Werner Koch <[EMAIL PROTECTED]> wrote:
> On Tue, 7 Sep 2004 13:24:39 +0800, Padraig MacIain said:
> 
> > problem. However, does it offer a great risk for something like
> > OpenPGP if the passphrase used to access the secretkey  is partially
> 
> That depends on quality of the passphrase; it makes dictionary attacks
> easier.
> 
> > compromised? And in turn if the passphrase is completely known yet the
> > secret key is still secured (physically) does knowing this passphrase
> > risk a complete compromise of the key pair?
> 
> No.  The protection of the private key is is independent of the key.
> They are in no way related.  The key is based on a random string and
> only the protection of this key is based on the passphrase.  This
> protection only helps against a lost (but protected) private key.
> 
> Salam-Shalom,
> 
>   Werner
> 
> 



-- 
Padraig MacIain
url:  http://www.bur.st/~darke/ (Nimheil)
"That is not dead which can eternal lie, and with strange aeons even
death may die."

Re: What are the risks associated with partially know cipher keys

[Werner Koch]

On Tue, 7 Sep 2004 13:24:39 +0800, Padraig MacIain said:

> problem. However, does it offer a great risk for something like
> OpenPGP if the passphrase used to access the secretkey  is partially

That depends on quality of the passphrase; it makes dictionary attacks
easier.

> compromised? And in turn if the passphrase is completely known yet the
> secret key is still secured (physically) does knowing this passphrase
> risk a complete compromise of the key pair?

No.  The protection of the private key is is independent of the key.
They are in no way related.  The key is based on a random string and
only the protection of this key is based on the passphrase.  This
protection only helps against a lost (but protected) private key.


Salam-Shalom,

   Werner

Digital content spurs micropayments resurgence

[R. A. Hettinga]

Digital content spurs micropayments resurgence
 By  Matt Hines
 CNET News.com
 September 7, 2004, 4:00 AM PT
 URL:  http://zdnet.com.com/2100-1104-5347513.html

 Think small.

 With its meteoric rise to success, Apple Computer's iTunes digital music
service not only changed perceptions about whether consumers were willing
to pay for online content, but it also highlighted the rising promise of
micropayments.

 On Tuesday, 2-year-old BitPass, a payment company in Palo Alto, Calif., is
expected to announce $11.75 million in venture capital, along with the news
that former American Express Chairman James Robinson III will join its
board of directors. Robinson is also a partner in one of the firms
investing in BitPass, New York-based RRE Ventures.
 News.context

What's new:
 The success of digital music sales has purveyors of micropayment services
humming a happy tune.

 Bottom line:Micropayments have failed to become a macro-business, but the
increasing popularity of digital content could bring a cloudburst of
pennies from heaven.

More stories on micropayments

While credit card companies and online transaction specialists like PayPal
are ringing up bigger sales online, business models aimed at helping
e-commerce vendors facilitate smaller deals, or micropayments, are getting
a boost from digital content sales.

 If this sounds familiar, it should. But the so-called Internet currency
vendors of the dot-com era, companies including Beenz, Flooz and DigiCash,
failed to generate enough business fostering micropayments to survive.
Fast-forward a few years, and news that iTunes topped 125 million downloads
last week is more evidence that digital content may hold the key to
unlocking the low end of e-commerce.

 Micropayments are typified by the 99 cents that iTunes charges to download
a song or the $2.99 users might see on their Cingular Wireless phone bills
after buying a custom ring tone.

 According to recent research published by TowerGroup, the total market for
Internet and wireless micropayments, led by demand for digital content,
will increase by 23 percent annually over the next five years to reach
$11.5 billion by 2009. TowerGroup, based in Needham, Mass., charted the
micropayments market at just over $2 billion in 2003.

 Bruce Cundiff, an analyst with Jupiter Research, thinks the e-commerce
market is in its third or fourth wave of development of micropayment
technologies. The success of iTunes, coupled with continued growth of
broadband, will make digital content the catalyst that pushes the sector
forward rapidly, Cundiff said.

 "What it comes down to is that there simply must be a viable transaction
model for smaller-cost products to make a dollar off e-commerce sales, but
I think with what we've seen already in digital media, it's clear that
people are figuring out how to make it work," Cundiff said.

 Tuning up for takeoff
 Web shoppers have historically preferred to pay with credit cards. But
because credit card companies typically charges fees for processing and
customer service on every transaction, credit cards can be an extremely
inefficient way of making a small purchase, with the fees often eating most
of the profit margin.

Still consumers have begun to get used to the idea of buying small items
over the Net.

 Growth of the digital content market seems almost a certainty, based on
the projected expansion of segments including music services, Internet
publishing, and applications for mobile devices, such as custom ring tones
or games. Cambridge, Mass., analyst firm Forrester Research has predicted
that music downloads alone will become a $1.4 billion business by 2006,
accounting for nearly 10 percent of annual music sales in the United States.

 Jupiter Research estimates that revenue from online content will reach
$3.1 billion by 2009, driven by an increasing number of broadband-ready
homes spending money on Web-based music services, games and e-books, among
other things. Industry experts agree that iTunes deserves a lot of the
credit for opening consumers' eyes to the option of buying online in
micro-size increments, and most seem to feel that digital content will
continue to dominate the market for small Web-based transactions.

 "Micropayments don't just represent buying low-priced items. They can also
can be used to get people to test new products, or try out a service that
charges a lot more for a subscription."
 --analyst Nick Holland, Mercator Advisory Group

 According to Nick Holland, an analyst with Shrewsbury, Mass.-based
Mercator Advisory Group, growth of the micropayments market will be almost
completely dependent on music, ring tones and games, specifically, at least
for the next several years. The analyst estimates that such content will
constitute a $2.3 billion market in the United States this year alone, and
while Holland said subscriptions will remain consumers' favorite method of
payment for digital conte

Re: Maths holy grail could bring disaster for internet

[Matt Crawford]

On Sep 6, 2004, at 21:52, R. A. Hettinga wrote:
But the proof should give us more understanding of how the
primes work, and therefore the proof might be translated into something
that might produce this prime spectrometer. If it does, it will bring 
the
whole of e-commerce to its knees, overnight. So there are very big
implications."
This would be a good thing.  Because to rebuild the infrastructure 
based on symmetric crypto would bring the trusted third party 
(currently the CA) out of the shadows and into the light.

stegedetect - looks like "we" need better mice

[Sunder]

http://freshmeat.net/projects/stegdetect/?branch_id=52957&release_id=172055

http://www.outguess.org/detection.php

Steganography Detection with Stegdetect
Stegdetect is an automated tool for detecting steganographic content in 
images. It is capable of detecting several different steganographic 
methods to embed hidden information in JPEG images. Currently, the 
detectable schemes are

* jsteg,
* jphide (unix and windows),
* invisible secrets,
* outguess 01.3b,
* F5 (header analysis),
* appendX and camouflage.

Stegbreak is used to launch dictionary attacks against JSteg-Shell, JPHide 
and OutGuess 0.13b.

Stegdetect and Stegbreak have been developed by Niels Provos. 


--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-