Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]]

[sunder]

Tyler Durden wrote:

Actually, depending on your App, this would seem to be th very 
OPPOSITE of a moot point.

-TD


Indeed!

I've been ignoring this list for a while, so sorry for the late posting.

I remember sometime in late 99, I had one of the early blackberry 
pagers, the small ones that ate a single AA battery which lasted about a 
week or so, and had email + a small web browser inside of it.  It wasn't 
the blackberry phone.  Anyway, long story short, one day, said pager 
crashed (it is a computer after all) and I was trying to figure out how 
to reboot it, so I thought, fuck it, and removed the battery, the fucker 
stayed ON!  For over 15 minutes!


Gee, I wonder why anyone would design a cell phone or pager to be able 
to stay on after its battery is pulled out.  Yeah, yeah, it's just a 
capacitor or an internal rechargeable battery, but why would you want 
such a feature?


Fast forward to 2005.  Most cell phones are after all small computers 
with a transceiver, microphone, and speaker, and recently GPS 
receivers.  And now we have reports of the GPS info being transmitted 
all the time, "oops! it's a bug, we meant to turn it off." uh huh.  Just 
how much work would it be to reprogram the soft power off key, so it 
shuts off all the lights, and display, but still transmits GPS info, 
just less often?  Or also transmit audio?  What are the odds that the 
code on the phone already comes with this feature built in?


Of course, if it was legal to scan on cell phone frequencies, you might 
be able to confirm what it's sending and when, but of course, it's not 
legal to do that.  Even to your own phone.


Of course some phones are more equal than others.  For example, T-Mobile 
SideKick, which if you write an email and decide to cancel it, but 
you're out of range, exposes its evil self with "Sorry, we can't let you 
delete the email you're composing, because it hasn't been sent to the 
server yet!"  Gee, I wonder what that means?  Nah, it's just a bug.  (Of 
course, this is a totally owned platform, where T-Mobile owns your data, 
not you, oops, make that the hackers of a few months ago..)
Oh and if said phone is running out of batteries, it starts to complain 
loudly until you recharge it.  Um, yeah, it likes being on at all 
times.  You can "hear" it transmit occasionally when it's near amplified 
computer speakers or your car radio. 

Fun that, but could be useful.  Especially if you "heard" it transmit 
while it's supposedly "off." (I've honestly not heard it transmit while 
it's off)


Are we just too paranoid?  Nah, that's just a bug in human firmware, 
we'll fix that in the next brainwashing session.


(BTW: what the fuck's up with all the weirdo subject lines?  There's a 
perfectly good "From: " line in all SMTP headers, we don't need this 
shit in the subject line for fuck's sake!  What's this, the return of 
Jim Choate?)

Re: Well, they got what they want...

[sunder]

Steve Schear wrote:



The term 'securisimilitude' (from verisimilitude) comes to mind.

Steve

True, but I think the goal was FUD and it worked. 

On Tuesday (I think) both the Metro and AMNY free rags reported that all 
of a sudden there was a rash of suspicious packages being reported.  Ya 
think?  Another incident was of a homeless guy putting his luggage on a 
ticket counter and claiming it had a bomb in it.  Think someone yanked 
his chain to the point where he'd sarcasm himself into jail?  Of course 
the bright bulbs in charge evacuated all of Penn Station supposedly.


In another article, one that stated NYCLU was against the searches, but 
claimed most people were happy to open their bags and some even walked 
up to the cops, opened their bags and said "here, look at mine", another 
gave a quote from a supposed police officer saying that July had a ~23% 
drop in crime.  Well, that's nice and all, but the bag searches started 
only 3 days before, so WTF does the crime rate for July (which hasn't 
yet ended) have anything to do with bag searches that just started? 

The funniest part are the letters to the editors thanking the police and 
saying how wonderful it is to be living in a country where you're safe.  
Of course, if you were to tell these folks 10 years ago, that you'll be 
subject to search when entering the subway, or that you couldn't bring a 
nail clipper with you when boarding an airplane, they'd go "Shucks, no 
way that would happen in my country!"


I love the smell of propaganda in the morning.  It smells like FUD.

Re: Well, they got what they want...

[sunder]

Tyler Durden wrote:

Saw a local security expert on the news, and he stated the obvious: 
Random searches and whatnot are going to do zero for someone 
determined, but "might" deter someone who was "thinking about" blowing 
up the A train. In other words, everyone here in NYC knows that we've 
given up a lot for the sake of the appearence of security, but no one 
seems to give a damn.


I wouldn't say "we've given up" at all - after all, we've had no choice 
in the matter. We weren't asked if we wanted to be searched, we weren't 
asked if we were willing to give up liberty for the appearance of 
security, we weren't asked if we were ok with atrocities such as the 
unpatriot act, or the national ID disguised as a standardized driver's 
license, we weren't asked if we were willing to pay lots of tax dollars 
to finance more police on every corner and all the toys that they have 
purchased for these tasks, or the various hollow cement "flower" pots, 
and other barricades.


It's not exactly a liberty that we have sacrificed, when it was taken 
away without consent.  There is another word for this: theft.

Re: /. [Intel Adds DRM to New Chips]

[sunder]

DiSToAGe wrote:


not a backdoor, we forget to much that every system is only 1 and 0
through electricity and physical circuits. If you can make them you can
watch them (with time and monney i agree). Perhaps thinking that datas
(certs, instructions) can be "hidden" behind a physical thing is only a
dream ? I ask myself if not every cryptosystem where you must have
something "hidden" or "physically not accessible" in point of the
process is not sure ?

 

In theory the above is absolutely correct.  In practice, it's extremely 
difficult to properly implement an accurate enough emulator, however as 
an emulator writer you have far more advantages than disadvantages 
despite the 10-100x in slowdown.  (Speaking from personal experience - 
no, nothing on the kind of scale we're talking about here.)  You can 
always have your virtual CPU decide that when it sees a certain 
instruction, to disobey it.  For example, when it sees a checksum check, 
to decide to jump around it and so forth.


Gotta love it when you can fool a program into thinking that 2+2=5 and 
that everything is still A-OK with that!  ;-)


If you can interface with real (protected) hardware, you might even be 
able to get around public key schemes with the emulator.  HP/Agilent 
made some wonderful logic analyzers, which are very useful against 
ancient hardware (think Motorola 68K chips at around 5MHz) too bad 
nothing in the GHz range is (cheaply?) available out there, but there's 
lots that can be done.


What can be done?  For example, if you have something like Palladium or 
whatever it's called these days, you an always build a machine that has 
custom RAM that can change at the flip of a switch - sort of like the 
old EEPROM emulators, but with RAM chips that can be flipped to a ROM 
instead.  You flip a switch after the DRM core has validated your BIOS 
and operating system, and at some point once the CPU cache gets drained, 
it winds up running code that it did not boot, code which you've written 
to do *OTHER* things for example - simply change the IRQ vectors to 
point to your code and you've taken over...  Mind you, all this is 
easier said that done, but it is possible to implement.


Remember, security is a chain, and each (media?) player out there is a 
link in that chain.  It only takes one broken player to wipe out your 
entire investment in that DRM pipe dream. 

Any employee with access can leak the master keys and the game is over.  
Any wily hardware hacker with plenty of time on his hands can take a 
shot at reverse engineering any (media) player to the point of cracking 
it, etc.  In the end, it's a waste of time and money for the makers of 
DRM as there's enough interest that someone somewhere will break it at 
some point in the near future. 

You can play cat and mouse games by watermarking the output with the 
serial # of the player in order to lock out cracked players, but the 
attacker only has to break more than one player (perhaps two different 
models so they get both serial # and model #) and compare the resulting 
outputs from the same movie to figure out which bits contain the 
watermarks.  XOR is very nice for figuring this out. :-)


None of this worries me, because I don't give a rats ass about copying 
movies or what not.  Couldn't care less about it.  I'll wait for the 
shit to make it to HBO, it's usually not worth watching the waste of 
Hollywood plotless overhyped crud anyway, so why worry about copying 
it?  The few titles that are worth watching, are also well worth buying, 
and after a few months they can be had for under $20, so why bother?



What is cause for worry is that it's quite _possible_ for Intel or other 
chip manufacturers to insert backdoors in their hardware which someone 
will go through the trouble of discovering, which does put everyone at 
risk.  No matter how good your operating system and firewall rules, if 
your network card (and drivers) decide to bend over upon receiving a 
specially crafted packet, you're owned just the same. 

Mind you, I've never run across anything close to this, except perhaps 
the old F00FC7C8 bug in the original pentium (which really was a DOS, 
not a back door) and the old UltraSparc I in 64 bit mode multiuser 
hole.  The Pentium IV hyperthreading bug is something recent to worry 
about along the same line of thought.


Sadly, you haven't got much choice in this matter, you have to assume 
that you can trust the hardware that you run on (unless you're willing 
to make your own and have the resources to do so, etc.)

Re: Terrorist-controlled cessna nearly attacks washington

[sunder]

Bill Stewart wrote:
Sigh.  "Terrified Student Pilot" isn't the same as "Terrorist".
Yeah, but they both start with the same four letters and sound alike, 
which seems to be the attention span of those who are afraid of the 
boogie man and consequentially imagine they see him under every rock, or 
bush.

Re: Secure erasing Info (fwd from richard@SCL.UTAH.EDU)

[sunder]

Jason Holt wrote:
There are lots of pitfalls in secure erasure, even without considering
physical media attacks.  Your filesystem may not overwrite data on the same
blocks used to write the data originally, for instance.  Plaintext may be left
in the journal and elsewhere.  Even filling up the disk may not do it, as some
filesystems keep blocks in reserve.  I did a demo a few years ago where I
wrote plaintext, overwrote, then dumped the filesystem blocks out and found
parts of the plaintext.
For anybody who hasn't read it, the Gutmann paper is "Secure Deletion of Data
from Magnetic and Solid-State Memory", and is highly recommended.  He shows
that even RAM isn't safe against physical media attacks.
 

Incase anyone's too lazy to google it, Peter Gutmann's paper can be 
found here: 
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

Good point.  So, modify that with - create a block-level encrypted file 
system on the flash drive, so long as you key and passphrase are good, 
you should be safe enough...  I've also seen this little toy:  
http://www.biostik.com/  a bit pricey, but depending on your threat 
model, might add another layer of protection.  Not something I'd 
personally bother with - esp with the recent stuff about how to make 
fake fingerprints, etc (funny thing is that your fingerprints will be on 
the case of this thing, so not much security there), but YMMV based on 
your threat model, right?But, as always, encrypt early and often.  :-D

Would make an interesting side conversation about how fingerprints are 
passwords, but passwords that can (now?) be easily stolen and replayed.  
IMHO, it casts doubt on a lot of biometric methods.  Wonder if it would 
be possible to create an image of an iris that would pass an iris scan, 
if so, both fingerprints and irises become much like permanent credit 
cards, but worse, which once duplicated, cannot be revoked.  One can 
imagine in the future once ATM's have iris scanners, that some evil 
group will set up a fake ATM with a very good CCD camera setup to 
capture irises as well as ATM cards and pin #'s... and, why not, also 
finger prints if future ATM's use such scanners.

Re: Email Certification?

[sunder]

Suggestion - you can do what advertisers do - encode a web bug image as 
part of some jucy html emails on a web server that you own and check 
your logs.  (not sure if hotmail or whatever allows this, as I don't use 
their cruft.)

Make sure that unlike a web bug you don't set the name so it looks like 
a web bug (i.e. don't call it 1x1.gif) and don't set the image size 
attributes on the IMG SRC tag to say 1x1.  Instead make the file name 
into something that looks like it came from a digital camera and put it 
in a path that matches that cover story.
ie: 
http://127.53.22.7/phightklub_files/2004-xmas-party-pix/JoeShmoeDrunkAndHigh/Kodak/DSC03284345.JPG

No guarantee that someone won't read the email as source and thus not 
grab the image too, but you can make it look like the content of the 
image is important to the message's content and jucy enough to make 
whomever you believe is spying on you want to fetch it.  i.e. "Here's a 
picture of the party, you can clearly see he's got a crack pipe in his 
hand and his eyes are dialated.  I'm thinkin' of reporting him to deh 
fedz, what do u think?"(I'm assuming that the feds are your threat 
model here, but you can vary this up with whatever threat model you 
think is appropriate.  i.e. if you think your woman is spying on you, 
make it a fake email from your supposed mistress, something she'd want 
to open - i.e. subject "I'm gonna tell ur wife about us if you don't do X".)

I'd also make sure that nothing on the webserver itself points to the 
directory where this lives so it can't be picked up by the search 
spiders/bots accidentally, and make sure that you don't allow the 
directory it lives in to have an auto-index.

Then, watch the server logs like a paranoid hawk with a caffeine 
addiction problem and hope they bite, when they do, you know they've 
read the other emails.  You also have to make sure that you don't 
accidentally open these emails yourself, or leave an open web browser 
with your account where someone can randomly snoop.)

But of course, since you are using hotmail and you're about to receive 
this email, if your account is watched, guess what, you can no longer 
use this method.  Oh well.

Tyler Durden wrote:
 Yes, but this almost misses the point.
 Is it possible to detect ('for certain', within previously mentioned 
boundary conditions) that some has read it? This is a different problem 
from merely trying to retain secrecy.
 Remember, my brain is a little punch-drunk from all the Fight Club 
fighting.
 BUT, I believe that the fact that deeper TLAs desire to hide 
themselves from more run-of-the-mill operations might be exploited in an 
interesting way. Or at least force them to "commit" to officially 
surveiling you, thereby (one hopes) subjecting them to whatever frail 
tatters of the law still exist.
 A better example may be home security systems. If they're going to 
tempest you, I'd bet they'd prefer not to inform your local security 
company. They'd rather just shut down your alarm system and I bet this 
is easy for them.
 BUT, this fact may enable one to detect (with little doubt) such an 
intrusion, and about this I shall say no more...

Re: Secure erasing Info (fwd from richard@SCL.UTAH.EDU)

[sunder]

Yeah, but these days, I'd go with the largest flash drive I could 
afford.  USB2 or otherwise.  I don't believe you can recover data from 
these once you actually overwrite the bits (anyone out there know any 
different?).

They're either 1 or 0, there's no extra ferrite molecules to the left or 
the right of the track to pick up a signal from  ;-)  As always encrypt 
the data you write to the device. 

I wouldn't overwrite flash repeatedly (i.e. the Guttman method of 35 
writes) though, there's a limit on the number of writes, after which it 
goes bad.  I'd overwrite it once with random data.

Eugen Leitl wrote:
- Forwarded message from Richard Glaser <[EMAIL PROTECTED]> -
From: Richard Glaser <[EMAIL PROTECTED]>
Date: Wed, 27 Apr 2005 12:17:43 -0600
To: [EMAIL PROTECTED]
Subject: Secure erasing Info
Reply-To: Mac OS X enterprise deployment project
<[EMAIL PROTECTED]>
FYI:
Rendering Drives Completely Unreadable Can be Difficult
---
 

Theory of Secure Computation - Joe Killian, NEC Labs

[sunder]

http://www.uwtv.org/programs/displayevent.asp?rid=2233
A bit sparse on details, but a good overview of all sorts of secure 
protocols.  Our friends Alice and Bob are of course present in various 
orgies of secure protocols.  :)

Re: new egold phisher - this time it's a malware executable

[sunder]

Got another one today with a RAR attachment claiming it was a screen 
shot.  Text is:

Dear Sir
Yesterday you have arrived the amount of $1000 into my account. Of 
course, I do not object, but you probably were mistaken number of the 
account when transferred, and it happens not first time. Please look an 
attached screenshot of all your transfers into my account. I have no 
idea why you transfer money to me, as I do not know you, and I need no 
money. If you were mistaken, I'll return this money to you!
Sincerely.

Nice... what's next?  an egold transfer from a lawyer claiming a long 
lost uncle kicked the bucket and left me a fortune? :-D

Wheee!
sunder wrote:
So, the e-gold phishers are at it again... received a very nice email 
this morning with an attachment.  The Received-From header showed this 
beauty: "from 195.56.214.184 
([EMAIL PROTECTED] [195.56.214.184] 
(may be forged))"

Indeed!
Don't know if it's a trojan, spyware, virus, or worm, and I couldn't 
care less since I don't use egold, but would be interesting (just for 
curiosity's sake) if someone were to disassemble it to see what it does. 
 It's probably a password grabber of some kind, so falls under spyware, 
but who knows what other evil payloads were in the attachment.

ROTFL!
-
Text said:
Dear E-gold Customer,
Herewith we strongly recommend you to install this Service Pack to your 
PC, as lately we have received a lot of complains regarding unauthorized 
cash withdrawals from our customers' accounts. This upgrade blocks all 
currently known Trojan modules and eliminates the possibility of cash 
withdrawals without your authorization. We highly recommend to install 
this Service Pack to secure your accounts.
Please note, that E-gold doesn't take any responsibility and doesn't 
accept any claims regarding losses caused by fraudulent actions, if your 
account has not been duly protected by the present Service Pack.

Please find enclosed the archive of the Service Pack installation file 
in the attachment to this message.

new egold phisher - this time it's a malware executable

[sunder]

So, the e-gold phishers are at it again... received a very nice email 
this morning with an attachment.  The Received-From header showed this 
beauty: "from 195.56.214.184 
([EMAIL PROTECTED] [195.56.214.184] 
(may be forged))"

Indeed!
Don't know if it's a trojan, spyware, virus, or worm, and I couldn't 
care less since I don't use egold, but would be interesting (just for 
curiosity's sake) if someone were to disassemble it to see what it does. 
 It's probably a password grabber of some kind, so falls under spyware, 
but who knows what other evil payloads were in the attachment.

ROTFL!
-
Text said:
Dear E-gold Customer,
Herewith we strongly recommend you to install this Service Pack to your 
PC, as lately we have received a lot of complains regarding unauthorized 
cash withdrawals from our customers' accounts. This upgrade blocks all 
currently known Trojan modules and eliminates the possibility of cash 
withdrawals without your authorization. We highly recommend to install 
this Service Pack to secure your accounts.
Please note, that E-gold doesn't take any responsibility and doesn't 
accept any claims regarding losses caused by fraudulent actions, if your 
account has not been duly protected by the present Service Pack.

Please find enclosed the archive of the Service Pack installation file 
in the attachment to this message.

Gait advances in emerging biometrics

[Sunder]

Original URL: http://www.theregister.co.uk/2004/12/14/alt_biometrics/
Gait advances in emerging biometrics

By John Leyden (john.leyden at theregister.co.uk)
Published Tuesday 14th December 2004 15:07 GMT

"Great Juno comes; I know her by her gait."
William Shakespeare, The Tempest

Retinal scans, finger printing or facial recognition get most of the 
publicity but researchers across the world are quietly labouring away at 
alternative types of biometrics.

Recognition by the way someone walk (their gait), the shape of their ears, 
the rhythm they make when they tap and the involuntary response of ears to 
sounds all have the potential to raise the stock of biometric techniques. 
According to Professor Mark Nixon, of the Image Speech and Recognition 
Research Group at the University of Southampton, each has unique 
advantages which makes them worth exploring.



--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

RE: Optical Tempest FAQ

[Sunder]

IMHO, if you light up two or more other identical CRT's and have them 
display random junk it should throw enough noise to make it worthless - 
(and would put out enough similar RF to mess with RF tempest) there might 
be ways to filter the photons from the other monitors out, but, it would 
be difficult.

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Thu, 2 Dec 2004, Tyler Durden wrote:

> Interesting.
> Contrary to what I thought (or what has been discussed here), only a 
> 'scalar' of detected light is needed, not a vector. In other words, merely 
> measuring overall radiated intensity over time seems to be sufficient to 
> recover the message. This means that certain types of diffusive materials 
> will not necessarily mitigate against this kind of eavesdropping.
> 
> However, his discussion would indicate that the various practical concerns 
> and limitations probably limit this to very niche-type applications...I'd 
> bet that it's very rare when such a trechnique is both needed as well as 
> useful, given the time, the subject and the place.
> 
> -TD
> 
> >From: Sunder <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Optical Tempest FAQ
> >Date: Thu, 2 Dec 2004 10:27:04 -0500 (est)
> >
> >http://www.cl.cam.ac.uk/~mgk25/emsec/optical-faq.html
> >
> >Along with tips and examples.
> >
> >Enjoy, and don't use a CRT in the dark. :-)

Optical Tempest FAQ

[Sunder]

http://www.cl.cam.ac.uk/~mgk25/emsec/optical-faq.html

Along with tips and examples.

Enjoy, and don't use a CRT in the dark. :-)

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

Re: Broward machines count backward

[Sunder]

It sounds suspiciously like an int16 issue.

32K is close enough to 32767 after which a 16 bit integer goes negative 
when incremented.  Which is odd because it should roll over, not count 
backwards.

perhaps they did something like this:

note the use of abs on reporting.


int16 votes[MAX_CANDIDATES];

void add_a_vote(uint8 candidate)
{
 if (candidate>MAX_CANDIDATES) return;
 votes[candidate]++;
}

void report(void)
{
 int i;

 for (i=0; i:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Sat, 6 Nov 2004, R.A. Hettinga wrote:

> 
> 
> 
> Palm Beach Post
> 
> Broward machines count backward
> 
>  By Eliot Kleinberg
> 
> Palm Beach Post Staff Writer
> 
> Friday, November 05, 2004
> 
> 
> FORT LAUDERDALE - It had to happen. Things were just going too smoothly.
> 
> Early Thursday, as Broward County elections officials wrapped up after a
> long day of canvassing votes, something unusual caught their eye. Tallies
> should go up as more votes are counted. That's simple math. But in some
> races, the numbers had gone . . . down.
> 
> 
> Officials found the software used in Broward can handle only 32,000 votes
> per precinct. After that, the system starts counting backward.

Re: bin Laden gets a Promotion

[Sunder]

No! You must vote for the Giant Douche!  Or the Terrorists Win!

But won't someone think of the chldren!  If you vote for the Douche, 
the ChllLdren will die!


ROTFL!

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Sat, 30 Oct 2004, R.A. Hettinga wrote:

> At 2:42 PM -0400 10/30/04, Sunder wrote:
> >the Turd Sandwich?
> 
> Turd Sandwich, of course.
> 
> Cheers,
> RAH
> 
> -- 
> -
> R. A. Hettinga 
> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
> 44 Farquhar Street, Boston, MA 02131 USA
> "... however it may deserve respect for its usefulness and antiquity,
> [predicting the end of the world] has not been found agreeable to
> experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
> 

Re: bin Laden gets a Promotion

[Sunder]

As usual, South Park is a great source of wisdom.  So, are you voting for 
the Giant Douche or the Turd Sandwich?

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

Re: James A. Donald's insanity

[Sunder]

Where did I write to you that it's horrible thing to lock people up in
Gitmo, or that "we" (whomever that is) deserve to be attacked?  Show me
the email, with headers that says such a thing.

Oh, wait, you can't, because I never wrote such.  


Let's see, so you've got lots of people questioning your version of 
various events, and you've got claims that various people wrote things 
that they did not, and lots of people challenging the accuracy and indeed, 
truth of your statements.

Hmmm... So what is the obvious conclusion there?  The whole world must be
against you?  Nah, you're not important enough to be paranoid.  

So, what is the obvious conclusion?  No, no, 2+2 is not 5, even for
extremely large values of 2...  

Come on, come on, out with it, say it, say it...  That's right!  *Ding*
you're reality challenged.


Ah!  There, doesn't that feel better?  Now, please, go back and take your
meds before the nice men in the white coats come to take you to the funny
farm.



--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Thu, 21 Oct 2004, James A. Donald wrote:

> --
> On 21 Oct 2004 at 13:41, Sunder wrote:
> > No you imbecile, I'm telling no one anything, other than you 
> > to get a clue.  Where did I tell people who are under attack 
> > to suck it up?
> 
> When you tell us it is horrible to lock up in Gautenamo people 
> who show every sign of trying to kill us , and that we deserve 
> their past efforts to kill us, efforts that some of them 
> promptly resumed on release.  We are under attack, and you are
> telling us to suck it up. 

Re: Airport insanity

[Sunder]

No you imbecile, I'm telling no one anything, other than you to get a 
clue.  Where did I tell people who are under attack to suck it up?

All I did was point out that you weren't there and therefore any comment 
you care to make about it is bound to be flawed.

Please find yourself a clue store and open your wallet - wide.

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Thu, 21 Oct 2004, James A. Donald wrote:

> --
> On 21 Oct 2004 at 10:26, Sunder wrote:
> > IMHO, you are a misguided armchair general who sees yourself 
> > as equal to those scumbags that have risen in power to lead 
> > or enslave nations since you seem to constantly say "they 
> > should have done X, and not Y"
> 
> When people are under attack, you cannot tell them to suck it 
> up, which is what you are doing.  If we had no government, we 
> might well be doing pogroms against american muslims - and a 
> good thing to.
> 
> War causes governments, and causes governments to gain power, 
> but the US government was not the aggressor in this war.   US 
> government meddling in the middle east was unwise and 
> unnecessary, but it did not provoke, nor does it justify, this 
> war.
> 
> The intent of a large minority of muslims was to start a holy 
> war between the west and Islam, and the majority of muslims 
> lack the will or courage to stop them, or even criticize them. 
> That was not the intent of Americans, or the American 
> government.  They started it, they meant to start it. Americans
> tried to avoid it, some of them are still trying to avoid it. 
> All Americans are still trying to conduct the war on the
> smallest possible scale, against the smallest possible subset
> of Islam, disagreeing only on how small that subset can be. 
> 
> --digsig
>  James A. Donald
>  6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
>  YeXgmiDN23gKNejAXLPSgfGxzFPVqFa/9pEDbWNr
>  41sYVdSvXQCEQniQVEIYWhWw2HjtvpvuHtQ0QXUaI
> 

Re: Airport insanity

[Sunder]

I made no claims, you did, rather I asked you sarcastically to validate
your claims, after which you further assumed on top of other mistaken
assumptions, that I made claims countering yours, which I did not.

Perhaps you should examine your own words.

IMHO, you are a misguided armchair general who sees yourself as equal to 
those scumbags that have risen in power to lead or enslave nations since 
you seem to constantly say "they should have done X, and not Y" and are 
constantly seeking to go against with reality with "W should be the case, 
not X" even though W cannot happen while X does.  Yes, that is my 
unprofessional opinion.  And yet, while impotent to achive your views of 
reality, you insist on sharing it, as if anyone gives a rats ass.

It was entertaining, but it's getting old.


I doubt that it would be long before you'll be sporting a tin foil hat.


--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Thu, 21 Oct 2004, James A. Donald wrote:

> --
> On 20 Oct 2004 at 21:27, Sunder wrote:
> 
> > I repeat:
> >
> > And you were there and kept an eye on each and every guard, 
> > interrogator, and prisoner to make sure that the POW's 
> > weren't tortured?
> 
> We know torture did not occur, because lots of people have been 
> released who were and are extremely hostile to the US, and who 
> do not claim torture.
> 
> > And you were there and witnessed the attrocities that said 
> > prisoners committed in order to be placed in Gitmo?
> 
> Why do you assert that the US must be guilty unless it can be
> proven innocent by extraordinary evidence, but the detainees
> must be innocent unless they can be proven guilty by
> extraordinary evidence?
> 
> Doubtless there are some innocents in Gautenamo - but the usual 
> reason they are there is for being foreigners in Afghanistan in 
> the middle of a war with no adequate explanation. 
> 
> --digsig
>  James A. Donald
>  6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
>  PwxWpHJKrzapMUAE8Xc1hvpY0CWDO780ZY/6zW7b
>  4b9RBklMS97dzSSANw7jVcZlASDxbNnLMhwLptK+Z
> 

Re: Printers betray document secrets

[Sunder]

Simple way to test.  Get two printers of the same make and model.  Print 
identical documents on both printers, scan them, diff the scans.  Some 
will be noise, repeat several times, see which noise repeats and you get 
closer and closer to the serial #'s.

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Wed, 20 Oct 2004, Steve Thompson wrote:

> I seem to recall hearing a rumour that suggested that for years now, photocopiers 
> have been leaving their serial number on the copies they produce.  If true, and I am 
> inclined to believe it, it follows naturally that something similar might happen 
> with laser-printers and ink-jet printers.
> 
> Ian Grigg <[EMAIL PROTECTED]> wrote: R.A. Hettinga wrote:
> > 
> 
> > US scientists have discovered that every desktop printer has a signature
> > style that it invisibly leaves on all the documents it produces.
> 
> I don't think this is new - I'm pretty sure it was
> published about 6 or 7 years back as a technique.
> 
> iang
> 
> 
> 
> 
> 
> -
> Post your free ad now! Yahoo! Canada Personals
> 

Re: Airport insanity

[Sunder]

Re: Gitmo

And you were there and kept an eye on each and every guard, interrogator, 
and prisoner to make sure that the POW's weren't tortured?

Wow, you are good...  or phrased another way, what brand of crack are you 
smokin' 'cause the rest of us thin it's some really good shit and would 
like to have some too...

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Mon, 18 Oct 2004, James A. Donald wrote:

> I expected them to be KEPT in Guantanamo.
> 
> Furthermore, they were not tortured, though they should have
> been. 

Re: Airport insanity

[Sunder]

On Tue, 19 Oct 2004, James A. Donald wrote:

> Here is my prescription for winning the war on terrorism
> 
> We SHOULD rely on shock and awe, administered by men in white 
> coats far from the scene.

 

> The US government should expose and condemn these objectionable 
> practices, subvert moderately objectionable regimes, and 
> annihilate more objectionable regimes.  The pentagon should 
> deprive moderately objectionable regimes of economic resources, 
> by stealing their oil, destroying their water systems, and 
> cutting off their trade and population movements with the 
> outside world.
> 
> Syria should suffer annihilation, Iran subversion, Sudan some 
> combination of annihilation and subversion, Saudi Arabia and 
> similar less objectionable regimes should suffer confiscation 
> of oil, destruction of water resources, and loss of contact 
> with the outside world. 

I see.  I'm sure that Dubbya has his own agenda filled with Shoulds, as
does Bin Ladin, as did Lenin, as did Hitler, as did Nero, as do you.  
Each saw (or see) their views as the way to Utopia.  Trouble is, which one
of you megalomaniacs is/was right?

Further to the point, reality is, and what clearly "should" and makes
sense to to you, clearly "doesn't" to another.  The only difference
between you and the others above is that you lack the power to bend
reality to your whims, and IMHO, that is a very good thing.  It is sad the
the above list contained megalomaniacs who did possess that power and used
it to cause great misery to others, and had to be removed from inflicting
their whims on the world at great expense.  Perhaps in a couple of weeks,
US Citizens will vote one of those out the list as he's already done
plenty of damage in the last four years, and save us another miserable 
four years.

So yes, perhaps, in the fine tradition of what should be instead of what
is, you, sir, should go fuck yourself.



--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

Re: Airport insanity

[Sunder]

I repeat:

And you were there and kept an eye on each and every guard, interrogator, 
and prisoner to make sure that the POW's weren't tortured?

And I add:

And you were there and witnessed the attrocities that said prisoners 
committed in order to be placed in Gitmo?

No? to both questions?  Then your comment is worthless.

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Wed, 20 Oct 2004, James A. Donald wrote:

> --
> On 20 Oct 2004 at 13:05, Sunder wrote:
> > Re: Gitmo
> >
> > And you were there and kept an eye on each and every guard, 
> > interrogator, and prisoner to make sure that the POW's 
> > weren't tortured?
> 
> Lots of murderous terrorists have been released from Guatanamo, 
> and in the nearly all cases the most serious of their 
> complaints make it sound like a beach resort, except for the 
> fact that they could not leave.
> 
> A few have more serious complaints.  Either they are lying or, 
> those who say they were well treated apart from being held 
> captive are lying. It is hard to believe that people like 
> Slimane Hadj Abderrahmane (who after release announced his 
> intention to resume terrorist activities and that he would
> attempt to murder his hosts who lobbied to get him release) are
> lying to cover up torture by the US army.

RE: Airport insanity

[Sunder]

I think you need to read this remake of the "First they came for the 
commies" poem.  Short translation - whenever anyone's rights are being 
trampled upon, whether it affects you or not, you should protest.

Goes along with one of the unsaid credos about cypherpunks: "I absolutely 
disagree with what she said, but I'll defend to the death her right to say 
it." which along with "Cypherpunks write code" fell quite short of its 
goal.


http://buffaloreport.com/021123rohde.html

Here I'll save you the trouble.

- - -

They came for the Muslims, and I didn't speak up...

By Stephen Rohde
 
(Author's Note:  The USA Patriot Act became law a little over one year 
ago.)
 
First they came for the Muslims, and I didn't speak up because I wasn't a  
Muslim.
 
Then they came for the immigrants, detaining them indefinitely solely on 
the certification of the attorney general, and I didn't speak up because I  
wasn't an immigrant.
 
Then they came to eavesdrop on suspects consulting with their attorneys, 
and I didn't speak up because I wasn't a suspect.
 
Then they came to prosecute noncitizens before secret military 
commissions, and I didn't speak up because I wasn't a noncitizen.
 
Then they came to enter homes and offices for unannounced "sneak and peak"  
searches, and I didn't speak up because I had nothing to hide.
 
Then they came to reinstate Cointelpro and resume the infiltration and  
surveillance of domestic religious and political groups, and I didn't 
speak up because I no longer participated in any groups.
 
Then they came to arrest American citizens and hold them indefinitely  
without any charges and without access to lawyers, and I didn't speak up 
because I would never be arrested.
 
Then they came to institute TIPS (Terrorism Information and Prevention  
System) recruiting citizens to spy on other citizens and I didn't speak up 
because I was afraid.
 
Then they came for anyone who objected to government policy because it 
only aided the terrorists and gave ammunition to America's enemies, and I 
didn't  speak up ... because I didn't speak up.
 
Then they came for me, and by that time, no one was left to speak up.

Forum Column (from the Daily Journal, 11/20/02). Stephen Rohde is an 
attorney. He edited American Words of Freedom and was was president of the 
American Civil Liberties Union of Southern California.


Does Rohde's text seem familiar? It should. He based it on one of the 
web's most widely-circulated texts about silence in the face of evil:

In Germany, the Nazis first came for the communists, and I didn't 
speak up because I wasn't a communist. Then they came for the Jews, and I 
didn't speak up because I wasn't a Jew. Then they came for the trade 
unionists, and I didn't speak up because I wasn't a trade unionist. Then 
they came for the Catholics, but I didn't speak up because I was a 
protestant. Then they came for me, and by that time there was no one left 
to speak for me.


--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Mon, 18 Oct 2004, James A. Donald wrote:

> I know when it will happen.  It will happen when people 
> interested in anon ecash go on suicide missions.   :-)
> 
> People who are, for the most part, not like us are trying to 
> kill people like us. Let us chuck all those people not-like-us 
> off those planes where most of the passengers are people like 
> us.  This really is not rocket science. 

Re: Airport insanity

[Sunder]

There is still of course the matter of the unexploded bombs in that 
building that were dug out, and that the ATF received a "Don't come in to 
work" page on their beepers, and the seize and classification of all 
surveilance video tapes from things like ATM's across the street.


--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Sat, 16 Oct 2004, James A. Donald wrote:

> Mc Veigh did not target innocents, and if he did target a plane 
> full of innocents, perhaps in order to kill one guilty man on 
> board, there is no way in hell he himself would be on that 
> plane. 

Re: Airport insanity

[Sunder]

RTFGoogle?

Google revealed:

http://www.jubilee-newspaper.com/atf_last_operation.htm
http://www.constitution.org/okc/jdt03-01.htm
http://www.geoffmetcalf.com/qa/23076.html
http://www.lpsf.org/LPSF_Newsletters/nl_10_01.html
http://216.239.39.104/search?q=cache:vrlZD0TAzU8J:www.freerepublic.com/forum/a3ac7e1b57dbf.htm+ATF+paged+not+to+come+in+to+work+murrah&hl=en
http://www.geocities.com/Heartland/7006/proof-of-coverup.html
http://www.uwsa.com/pipermail/uwsa/2001q2/006627.html

and so on.


--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Mon, 18 Oct 2004, Justin wrote:

> On 2004-10-16T22:12:52-0400, Sunder wrote:
> > There is still of course the matter of the unexploded bombs in that 
> > building that were dug out, and that the ATF received a "Don't come in to 
> > work" page on their beepers, and the seize and classification of all 
> > surveilance video tapes from things like ATM's across the street.
> 
> Sources?
> 
> -- 
> The old must give way to the new, falsehood must become exposed by truth,
> and truth, though fought, always in the end prevails.  -- L. Ron Hubbard 
> 

cryptome.org down?

[Sunder]

DNS seems to resolve, but never get to the web server.


--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

Re: Congress Close to Establishing Rules for Driver's Licenses

[Sunder]

Right, just because your Passport or driver's license expired, doesn't 
mean that you got any younger and therefore shouldn't drink.

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Tue, 12 Oct 2004, Riad S. Wahby wrote:

> Tangentially, I was once told that, at least in Massachusetts liquor
> stores, even an _expired_ passport was useful identification.  Can
> anyone confirm that this is true other than at Sav-Mor Liquors?

Bush "wins"

[Sunder]

http://www.boingboing.net/images/wbay.jpg

http://www.boingboing.net/2004/10/07/tv_station_reports_t.html

Thursday, October 7, 2004
TV station reports that Bush has been elected President
WBAY TV in Green Bay, Wisconsin is running an AP article reporting that 
Bush has won the election, weeks before the election is to take place. 
(Click image for enlargement."

wbayAt this hour, President Bush has won re-election as president by a 
47 percent to 43 percent margin in the popular vote nationwide. Ralph 
Nader has 1 percent of the vote nationwide. That's with 51 percent of the 
precincts reporting




--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

RFID Driver's licenses for VA

[Sunder]

So the cops and RFID h4x0rZ can know your true name from a distance.  and 
since RFID tags, are what, $0.05 each, the terrorists and ID 
counterfitters will be able to make fake ones too... Whee!


http://www.wired.com/news/print/0,1294,65243,00.html

RFID Driver's Licenses Debated 
By Mark Baard

Story location: http://www.wired.com/news/privacy/0,1848,65243,00.html

09:50 AM Oct. 06, 2004 PT

Some federal and state government officials want to make state driver's 
licenses harder to counterfeit or steal, by adding computer chips that 
emit a radio signal bearing a license holder's unique, personal 
information.

In Virginia, where several of the 9/11 hijackers obtained driver's 
licenses, state legislators Wednesday will hear testimony about how radio 
frequency identification, or RFID, tags may prevent identity fraud and 
help thwart terrorists using falsified documents to move about the 
country.

Privacy advocates will argue that the radio tags will also make it easy 
for the government to spy on its citizens and exacerbate identity theft, 
one of the problems the technology is meant to relieve.



Because information on RFID tags can be picked up from many feet away, 



--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

Most Disturbing Yet - Senate Wants Database Dragnet

[Sunder]

http://www.wired.com/news/privacy/0,1848,65242,00.html
http://www.wired.com/news/print/0,1294,65242,00.html

Senate Wants Database Dragnet 

By Ryan Singel  

02:00 AM Oct. 06, 2004 PT

The Senate could pass a bill as early as Wednesday evening that would let 
government counter-terrorist investigators instantly query a massive 
system of interconnected commercial and government databases that hold 
billions of records on Americans.

The proposed network is based on the Markle Foundation Task Force's 
December 2003 report, which envisioned a system that would allow FBI and 
CIA agents, as well as police officers and some companies, to quickly 
search intelligence, criminal and commercial databases. The proposal is so 
radical, the bill allocates $50 million just to fund the system's 
specifications and privacy policies. 



To prevent abuses of the system, the Markle task force recommended 
anonymized technology, graduated levels of permission-based access and 
automated auditing software constantly hunting for abuses.

{Huh?  How would anonimized access PREVENT abuses?}

An appendix to the report went so far as to suggest that the system should 
"identify known associates of the terrorist suspect, within 30 seconds, 
using shared addressees, records of phone calls to and from the suspect's 
phone, e-mails to and from the suspect's accounts, financial transactions, 
travel history and reservations, and common memberships in organizations, 
including (with appropriate safeguards) religious and expressive 
organizations."





--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

Federal program to monitor everyone on the road

[Sunder]

http://www.boingboing.net/2004/10/01/federal_program_to_m.html

 Federal program to monitor everyone on the road

Interesting article about the Fed's plans to develop an all-knowing 
intelligent highway system.

Most people have probably never heard of the agency, called the 
Intelligent Transportation Systems Joint Program Office. And they haven't 
heard of its plans to add another dimension to our national road system, 
one that uses tracking and sensor technology to erase the lines between 
cars, the road and the government transportation management centers from 
which every aspect of transportation will be observed and managed.

For 13 years, a powerful group of car manufacturers, technology 
companies and government interests has fought to bring this system to 
life. They envision a future in which massive databases will track the 
comings and goings of everyone who travels by car or mass transit. The 
only way for people to evade the national transportation tracking system 
they're creating will be to travel on foot. Drive your car, and your every 
movement could be recorded and archived. The federal government will know 
the exact route you drove to work, how many times you braked along the 
way, the precise moment you arrived -- and that every other Tuesday you 
opt to ride the bus.


Link to actual story: http://charlotte.creativeloafing.com/news_cover.html

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

How to fuck with airports - a 1 step guide for (Redmond) terrorists.

[Sunder]

Q: How do you cause an 800-plane pile-up at a major airport?
A: Replace working Unix systems with Microsoft Windows 2000!

Details: http://www.techworld.com/opsys/news/index.cfm?NewsID=2275


--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

RE: stegedetect & Variola's Suitcase

[Sunder]

The answer to that question depends on some leg work which involves 
converting the source code to stegetect into hardware and seeing how fast 
that hardware runs, then multiplying by X where X is how many of the chips 
you can afford to build.

I'd image that it's a lot faster to have some hw that gives you a yea/nay 
on each JPG, than to say, attempt to crack DES.

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Tue, 7 Sep 2004, Tyler Durden wrote:

> So here's the 'obvious' question:
> 
> How fast can dedicated hardware run if it were a dedicated Stegedetect 
> processor?
> 
> In other words, how easy would it be for NSA, et al to scan 'every' photo on 
> the internet for Stego traces? (And then, every photo being emailed?)
> 
> And then, how fast can someone write a worm that will make every photo 
> stored on a harddrive look like it's been stegoed?

Re: Maths holy grail could bring disaster for internet

[Sunder]

Forgive my ignorance, but would other PK schemes that don't rely on prime
numbers such as Elliptic Curve be affected?

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Tue, 7 Sep 2004, Matt Crawford wrote:

> On Sep 6, 2004, at 21:52, R. A. Hettinga wrote:
> 
> This would be a good thing.  Because to rebuild the infrastructure 
> based on symmetric crypto would bring the trusted third party 
> (currently the CA) out of the shadows and into the light.

stegedetect - looks like "we" need better mice

[Sunder]

http://freshmeat.net/projects/stegdetect/?branch_id=52957&release_id=172055

http://www.outguess.org/detection.php

Steganography Detection with Stegdetect
Stegdetect is an automated tool for detecting steganographic content in 
images. It is capable of detecting several different steganographic 
methods to embed hidden information in JPEG images. Currently, the 
detectable schemes are

* jsteg,
* jphide (unix and windows),
* invisible secrets,
* outguess 01.3b,
* F5 (header analysis),
* appendX and camouflage.

Stegbreak is used to launch dictionary attacks against JSteg-Shell, JPHide 
and OutGuess 0.13b.

Stegdetect and Stegbreak have been developed by Niels Provos. 


--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

Re: The cages on the Hudson, AKA Little Guantanamo (fwd)

[Sunder]

Um, don't know what you've been smoking but:

a. there is no "we", except individuals with the freedom to chose their
own actions. 

b. cops have guns. 

c. some cops have armor and semi (or full?) automatics along with the
"non-lethal" weaponry. 

d. non-cops don't and aren't allowed to carry the same weaponry. (Unless
your version of "we" includes some arsenal and has been watching lots of
A-Team reruns, I doubt that there's not much the cops can't do and mostly
get away with it.)

Yeah, "Not totally." Just like Red China isn't a total totalitarian state,
and it allowed the students at Tienamen Sq to demonstrate.  We're not too
far away from that, except these cops don't (yet?) have tanks and as far
as has been reported in the media, haven't murdered anyone in the
protests, and that the arrested have been let out a few days later rather
than tortured.


It's certainly inching towards totalitarianism and away from "the right of
the people peaceably to assemble, and to petition the government for a
redress" (not, there's nothing in that text about protest pens, open your
bag searches, show me your ID, or protest permits.)


--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Wed, 1 Sep 2004, Tyler Durden wrote:

> Not totally. That cop on a scooter rightfully got the crap kicked out of him 
> for mowing down demonstrators.
> 
> They can gain local, temporary control but if we take to the streets en 
> masse then there's not much they can do, and they know it.

Re: The cages on the Hudson, AKA Little Guantanamo (fwd)

[Sunder]

Wheee!  NYC==Police State for the last week for those of you living under 
rocks...

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

-- Forwarded message --
Date: Wed, 1 Sep 2004 15:26:13 -0400
From: Edward Potter
To: grimmwerks
Cc: wwwac <[EMAIL PROTECTED]>
Subject: Re: [wwwac] Yes, it's relevent!  The cages on the Hudson,
 AKA Little Guantanamo

He's out.

You can't get near the place today. I tell people what happened and 
they can't believe it. I would not have believed it either, except I 
was there for 11 hours. Then another 15 hours downtown. Excellent first 
hand account here:
http://nyc.indymedia.org/newswire/display/107675/index.php

If I had not been arrested, I would not have known anything like this 
was going on. 1000- 2000 people, in barb-wire cages, at this very 
moment on the Hudson River. No joke. Totally surrounded by police.

ACLU lawyers, Reporters, everyone being denied access. Just starting to 
hit the media.

-ed

On Sep 1, 2004, at 2:57 PM, grimmwerks wrote:

> I read the same thing - and the guy with the bike is STILL there? And 
> held
> on what grounds?   Has any pics surfaced yet?
>
>
> On 9/1/04 2:51 PM, "Edward Potter" <[EMAIL PROTECTED]> wrote:
>
>> I cross posted this to the Politics list, just getting so little media
>> coverage, and yes, I met a few Java Programmers there, plus the guy
>> that has the bike that writes messages by WifI got nailed by the 
>> police
>> too (writing "America Home of the Free") ... so I guess hopefully the
>> word gets out.
>> ---
>>
>> Does anyone on this list know there are now up to 2000 people
>> imprisoned in barb-wire cages on the Hudson River that don't know what
>> their charges are, have not had any rights read to them and are being
>> denied any access to any legal representation?
>>
>> I was there, it was real. It would blow your mind. YOU HAVE NEVER SEEN
>> ANYTHING LIKE IT IN AMERICA BEFORE.
>>
>> Or as the police call it:  Little Guantanamo  
>>
>> Keep up with the news here:
>> http://nyc.indymedia.org
>
>
>



##  The World Wide Web Artists' Consortium  -  http://www.wwwac.org/  ##
##  To Unsubscribe, send email to: [EMAIL PROTECTED]  ##

Re: Backdoor found in Diebold Voting Tabulators

[Sunder]

set of books in GEMS. 
They were already convened, and the time for Harris was already allotted. 
Though the demonstration takes only 3 minutes, the panel refused to allow 
it and would not look. They did, however, meet privately with Diebold 
afterwards, without informing the public or issuing any report of what 
transpired.

On Aug. 18, 2004, Harris and Stephenson, together with computer security 
expert Dr. Hugh Thompson, and former King County Elections Supervisor 
Julie Anne Kempf, met with members of the California Voting Systems Panel 
and the California Secretary of State's office to demonstrate the double 
set of books. The officials declined to allow a camera crew from 60 
Minutes to film or attend.

The Secretary of State's office halted the meeting, called in the general 
counsel for their office, and a defense attorney from the California 
Attorney General's office. They refused to allow Black Box Voting to 
videotape its own demonstration. They prohibited any audiotape and 
specified that no notes of the meeting could be requested in public 
records requests.

The undersecretary of state, Mark Kyle, left the meeting early, and one 
voting panel member, John Mott Smith, appeared to sleep through the 
presentation.

On Aug. 23, 2004, CBC TV came to California and filmed the demonstration.

On Aug 30 and 31, Harris and Stephenson will be in New York City to 
demonstrate the double set of books for any public official and any TV 
crews who wish to see it.

On Sept. 1, another event is planned in New York City, and on Sept. 21, 
Harris and Stephenson intend to demonstrate the problem for members and 
congress and the press in Washington D.C.

Diebold has known of the problem, or should have known, because it did a 
cease and desist on the web site when Harris originally reported the 
problem in 2003. On Aug. 11, 2004, Harris also offered to show the problem 
to Marvin Singleton, Diebold's damage control expert, and to other Diebold 
execs. They refused to look.

Why don't people want to look? Suppose you are formally informed that the 
gas tank tends to explode on the car you are telling people to use. If you 
KNOW about it, but do nothing, you are liable.

LET US HOLD DIEBOLD, AND OUR PUBLIC OFFICIALS, ACCOUNTABLE.

1) Let there be no one who can say "I didn't know."

2) Let there be no election jurisdiction using GEMS that fails to 
implement all of the proper corrective procedures, this fall, to mitigate 
risk. 


--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Tue, 31 Aug 2004 [EMAIL PROTECTED] wrote:

> Quoting Eric Murray <[EMAIL PROTECTED]>:
> 
> > On Tue, Aug 31, 2004 at 11:30:35AM -0400, Sunder wrote:
> > > Oops! Is that a cat exiting the bag?
> > > 
> > > 
> > > http://www.blackboxvoting.org/?q=node/view/78
> > 
> > 
> > Apparently so.  Going to www.blackboxvoting.org now just gives:
> 
> Don't break out the tinfoil hats yet. Maybe they exceeded their
> bandwidth because that link was spread around.
> 

Backdoor found in Diebold Voting Tabulators

[Sunder]

Oops! Is that a cat exiting the bag?


http://www.blackboxvoting.org/?q=node/view/78


Issue: Manipulation technique found in the Diebold central tabulator -- 
1,000 of these systems are in place, and they count up to two million 
votes at a time.

By entering a 2-digit code in a hidden location, a second set of votes is 
created. This set of votes can be changed, so that it no longer matches 
the correct votes. The voting system will then read the totals from the 
bogus vote set. It takes only seconds to change the votes, and to date not 
a single location in the U.S. has implemented security measures to fully 
mitigate the risks. 




--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

Re: Digital camera fingerprinting...

[Sunder]

Yes, your holiness, but how much of that will survive jpeg compression,
photshop (or GIMP) cleanups, and shrinking down to lower resolutions, and 
insertion of stego?

Or what about those "disposable" digital cameras that are hackable?  
Perhaps there should be a cypherpunks pool to swap "disposable" digital 
cameras?

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Wed, 25 Aug 2004, Major Variola (ret) wrote:

> Very relevant, traffic analysis and fingerprinting (intentional or not)
> are
> always tasty subjects.  One question for the court would be, how many
> *other* cameras have column 67 disabled?   One of every thousand?
> And how many thousand cameras were sold?
> 
> Pope Major Variola (ret)

Reason on Gilmore VS Ashcroft

[Sunder]

http://www.reason.com/links/links082404.shtml


--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

RE: Another John Young Sighting

[Sunder]

All Hail Cthulhu!  Why worship the lesser evil?  
Vote for Cthulhu!   Why vote for the lesser evil?


--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Wed, 25 Aug 2004, kawaii ryuko wrote:

> > Hail Eris.
> > 
> 
> All hail Discordia!

Wired: Attacking the 4th Estate

[Sunder]

http://www.wired.com/news/politics/0,1283,64680,00.html?tw=wn_tophead_6

or, the HTML crap free version:

http://www.wired.com/news/print/0,1294,64680,00.html



Attacking the Fourth Estate 

By Adam L. Penenberg  |   Also by this reporter Page 1 of 2 next 

02:00 AM Aug. 25, 2004 PT

John Ashcroft and the Department of Justice must be stopped.

There, I've said it. Of course, now I half expect federal agents to drag 
me off to prison for violating the No One Dare Question the Government 
While We Are Engaged in the War Against Terror Act. (Duration: perhaps 
forever.) 

Sure, you say, no such act exists. But Ashcroft himself once testified 
that bellyaching over what he called "phantoms of lost liberty" only 
serves to "aid terrorists" and "give ammunition to America's enemies." And 
recently FBI agents attempted to intimidate political activists by 
visiting them at their homes to warn about causing trouble at the upcoming 
Republican convention.

More to the point, under Justice Department guidelines, Ashcroft must 
approve any subpoena of a journalist, so how do you explain the rash of 
subpoenas that Special Prosecutor Patrick J. Fitzgerald, the U.S. attorney 
from Chicago, has doled out to Time magazine, The New York Times, The 
Washington Post and NBC? Already one reporter -- Matthew Cooper from Time 
-- has been held in contempt by a federal judge for refusing to appear 
before the grand jury that Fitzgerald convened to investigate which Bush 
administration senior official(s) leaked a covert spy's identity to 
columnist Robert Novak. 




--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

T. Kennedy == Terrorist says TSA

[Sunder]

http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2004/08/20/MNGQ28BM1O1.DTL

Washington -- Sen. Edward "Ted" Kennedy said Thursday that he was stopped 
and questioned at airports on the East Coast five times in March because 
his name appeared on the government's secret "no-fly" list.



"That a clerical error could lend one of the most powerful people in 
Washington to the list -- it makes one wonder just how many others who are 
not terrorists are on the list," said Reggie Shuford, a senior ACLU 
counsel. "Someone of Sen. Kennedy's stature can simply call a friend to 
have his name removed, but a regular American citizen does not have that 
ability. He had to call three times himself."



--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

Excerpts from Rudy Rucker's new Book

[Sunder]

>From Rudy Rucker's new book: "The Lifebox, the Seashell and the Soul."

(The interesting bits to which Tim fantasizes to.)


As seen on:

http://www.boingboing.net/text/guestbar.html



Rant at Start of Chapter on Society

I write this book during a dark time. America.s government is in the hands 
of criminals and morons.

I.d like to break through to a radically different way of talking about 
society, to throw a bucket of ice-water in the face of the sleep-walking 
sheep who think that history is about presidents and kings.

A baby filling a diaper is infinitely more significant than a congress 
placing a movement on the floor.




Twin Towers

Facts: The twin towers fell. The terrorists were Saudis. Bush invaded 
Iraq.

.Ah,. someone might say, .if nobody wanted to fight, we.d be invaded. Look 
at the twin towers. The world.s not safe... And I would submit that the 
administration.s reaction to the twin towers was exactly the wrong one. 
Instead of jumping into the repetitive tit-for-tat class two 
Israelis-versus-Palestinians mode, the government should have gone class 
four. What would make men kill themselves while destroying a part of our 
lovely New York City? What system produced them? Isn.t there a way to get 
in and jolt it in some totally unexpected way, something more original 
than rocket fire vs. car bombs?

Emigration

Before virtually every American presidential election, I.ve heard people 
say, .If so and so wins, I.m leaving the country.. But they never do. The 
only time my friends eve remigrated was during the Viet Nam war, a time 
when the hive mind was undertaking the wholesale slaughter of a 
generation. But most of the time, for most of us, things aren.t bad enough 
to make emigration seem reasonable.

If the election is stolen again in Fall, 2004, the answer could be armed 
revolution, not emigration. If the Bush faction tries to retain power, a 
significant number of people may feel compelled to go to D.C. and fight in 
the streets until the tyrant is deposed. However long it takes, however 
dearly it costs. Would it be worth it?

Hopefully he'll lose the election by too great a margin to fudge. But for 
that to happen, we have to vote. The popular vote margin matters, if not 
in the electoral college, then in the hearts and minds of our oppressed 
populace. If the margin were big enough, the house of cards could 
collapse.



--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

Gilmore VS Ashcroft opens today

[Sunder]

http://www.papersplease.org/gilmore/

In this corner we have John Gilmore. He's a 49 year-old philanthropist who 
lives in San Francisco, California. Through a lot of hard work (and a 
little luck), John made his fortune as a programmer and entrepreneur in 
the software industry. Whereas most people in his position would have 
moved to a tropical island and lived a life of luxury, John chose to use 
his fortune to protect and defend the US Constitution. 

He's challenging the unconstitutionally evil stench of the Asscruftinator!

Who will win?  Place your bets, place your bets, the courtroom showdown
begins today:

http://www.boingboing.net/2004/08/16/john_gilmore_vs_ashc.html

Ding!



--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

Re: Forensics on PDAs, notes from the field

[Sunder]

Right, in which case GPG (or any other decent crypto system) is just fine,
or you wouldn't be looking for stego'ing it inside of binaries in the
first place.

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Fri, 13 Aug 2004, Thomas Shaddack wrote:

> In the world of industrial espionage and divorce lawyers, the FedZ aren't 
> the only threat model.

Re: Forensics on PDAs, notes from the field

[Sunder]

On Fri, 13 Aug 2004, Morlock Elloi wrote:

> The purpose would be that they do not figure out that you are using some
> security program, so they don't suspect that noise in the file or look for
> stego, right?
> 
> The last time I checked the total number of PDA programs ever offered to public
> in some way was around 10,000 (5,000 ? 100,000 ? Same thing.) That can be
> trivially checked for. Any custom-compiled executable will stand out as a sore
> thumb.

How? Not if you get something like a Sharp Zaurus and compile your own
environment.  "Hey, I want to get as much performance out of this shitty
little ARM chip as I can."

> You will suffer considerably less bodily damage inducing you to spit the
> passphrase than to produce the source and the complier.

What makes you think they'll have enough of a clue as to how to read the 
files off your PDA without booting it in the first place?  99% of these 
dorks use very expensive automated hardware tools that do nothing more 
than "dd" your data to their device, then run a scanner on it which looks 
for well known jpg's of kiddie porn.  

If you're suspected of something really big, or you're middle eastern,
then you need to worry about PDA forensics.  Otherwise, you're just
another geek with a case of megalomania thinking you're important enough 
for the FedZ to give a shit about you.
 
> Just use the fucking PGP. It's good for your genitals.

And PGP won't stand out because ?


--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

Re: maybe he would cash himself in? (Re: A Billion for Bin Laden)

[Sunder]

Nah, if Bush already had him in a hole somewhere to produce him just in 
time for the elections, he'd collect the billion for himself as his 
personal reward.

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Thu, 12 Aug 2004, Dave Howe wrote:

> of course someone *really* cynical might think they already had him, but 
> needed to spring a billion towards shrub's reelection campaign

2+2=5 and mention of cryptome

[Sunder]

Original URL: 
http://www.theregister.co.uk/2004/08/11/al_q_geek_us_overthrow_plot/

Al-Qaeda computer geek nearly overthrew US
By Thomas C Greene (thomas.greene at theregister.co.uk)
Published Wednesday 11th August 2004 16:45 GMT

Update A White House with a clear determination to draw paranoid 
conclusions from ambiguous data has finally gone over the top. It has now 
implied that the al-Qaeda computer geek arrested last month in Pakistan 
was involved in a plot to destabilize the USA around election time.

Two and two is five

As we reported here 
(http://www.theregister.co.uk/2004/08/03/us_terror_alert_political_football) 
and here 
(http://www.theregister.co.uk/2004/08/02/al_qaeda_cyber_terror_panic), 
so-called al-Qaeda "computer expert" Muhammad Naeem Noor Khan, a 
Pakistani, was arrested on 13 July in possession of detailed but rather 
old surveillance documents related to major financial institutions in New 
York, Newark, and Washington.

Since that time, other intelligence has led the US security apparatus to 
imagine that a plot to attack the USA might be in the works. (No doubt 
there are scores of plots in the works, but we digress.) Therefore, last 
week, the ever-paranoid Bush Administration decided that Khan's building 
surveillance documents, and the hints of imminent danger, had to be 
connected. Indeed, if al Qaeda is to strike at all, it is most likely to 
strike the targets mentioned in Khan's documents, as opposed to thousands 
of others, the Bushies reasoned.

New York, Newark and Washington were immediately put on high alert, at 
great expense, and to the inconvenience of millions of residents.



--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

Re: A Billion for Bin Laden

[Sunder]

Yeah, about as brilliant as a turd.  Didn't they recently call Al-Qaeda's 
network a hydra?  correct me if I don't recall my Ancient Greek myths, but 
when you cut off one head on the hydra, two more grow back, so are we to 
assume that future heads that grow back will carry such bounties?

A billion here, a billion there, and pretty soon you're talking real 
money.

I guess they do realize that these guys are idologists and the allmighty 
dollar is anathema to them, so they have to raise the bounty in order to 
get someone to betray him...   Never discount greed, no matter how 
ideological someone may be, at some ridiculous sum, someone somewhere will 
rat him out... perhaps just before the elections.

--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

On Wed, 11 Aug 2004, Major Variola (ret) wrote:

> This is brilliant, worthy of being called channelling Tim M.  As it
> relies entirely on free association and the rational marketplace.
> Nevermind
> that the reward is stolen from the sheeple.
> 
> What the DC future-corpses don't grok is that the Sheik's network
> is not financially or career motivated, unlike themselves.
> And xianity (or even amerikan patriotism which sometimes
> substitutes) is too neutered to counter it.

stealth tempest wallpaper

[Sunder]

http://www.newscientist.com/news/print.jsp?id=ns6240
or http://www.newscientist.com/news/news.jsp?id=ns6240&lpos=home3


Stealth wallpaper keeps company secrets safe
 
10:00 08 August 04
 
Special Report from New Scientist Print Edition. Subscribe and get 4 free 
issues.
 

A type of wallpaper that prevents Wi-Fi signals escaping from a building 
without blocking mobile phone signals has been developed by a British 
defence contractor. The technology is designed to stop outsiders gaining 
access to a secure network by using Wi-Fi networks casually set up by 
workers at the office. 




--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

Don't smile for UK Big Brother's passport pix

[Sunder]

http://www.theregister.co.uk/2004/08/06/passport_scanners/print.html

Original URL: http://www.theregister.co.uk/2004/08/06/passport_scanners/
Home Office prohibits happy biometric passports
By Lucy Sherriff (lucy.sherriff at theregister.co.uk)
Published Friday 6th August 2004 10:08 GMT

The Home Office says all new passport photographs must be of an unsmiling 
face with its gob firmly shut because open mouths can confuse facial 
recognition systems.




--Kaos-Keraunos-Kybernetos---
 + ^ + :"Our enemies are innovative and resourceful, and so are we.  /|\
  \|/  :They never stop thinking about new ways to harm our country /\|/\
<--*-->:and our people, and neither do we." -G. W. Bush, 2004.08.05 \/|\/
  /|\  : \|/
 + v + :War is Peace, freedom is slavery, Bush is President.
-

Wired on Navy's new version of Onion Routing

[Sunder]

http://www.wired.com/news/print/0,1294,64464,00.html
Onion Routing Averts Prying Eyes
By Ann Harrison

Story location: http://www.wired.com/news/privacy/0,1848,64464,00.html

02:00 AM Aug. 05, 2004 PT

Computer programmers are modifying a communications system, originally
developed by the U.S. Naval Research Lab, to help Internet users surf the
Web anonymously and shield their online activities from corporate or
government eyes.



The Navy is financing the development of a second-generation onion-routing
system called Tor, which addresses many of the flaws in the original
design and makes it easier to use. The Tor client behaves like a SOCKS
proxy (a common protocol for developing secure communication services),
allowing applications like Mozilla, SSH and FTP clients to talk directly
to Tor and route data streams through a network of onion routers, without
long delays.




--Kaos-Keraunos-Kybernetos---
 + ^ + :"War is Peace/|\
  \|/  : Freedom is Slavery /\|/\
<--*-->: Ignorance is Strength  \/|\/
  /|\  : Bush is President" - Bret Feinblatt \|/
 + v + :
-- http://www.sunder.net 

Ridge: "The Terrorists are comming! The Terrorists are coming!" (wag the media)

[Sunder]

http://www.theregister.co.uk/2004/08/03/us_terror_alert_political_football/print.html

US terror alert becomes political football
By Thomas C Greene (thomas.greene at theregister.co.uk)
Published Tuesday 3rd August 2004 15:15 GMT

Update As we reported recently 
(http://www.theregister.co.uk/2004/08/02/al_qaeda_cyber_terror_panic), the 
latest ratcheting up of the terror threat level in the United States was 
based on captured documents dating back some time. In that article, we 
observed that it was "not clear whether any of the information recently 
obtained relates to current or future schemes."



"much of the information that led the authorities to raise the terror 
alert at several large financial institutions in the New York City and 
Washington areas was three or four years old, intelligence and law 
enforcement officials said on Monday. They reported that they had not yet 
found concrete evidence that a terrorist plot or preparatory surveillance 
operations were still under way."



Why now?

If anyone is wondering why terrorism, and especially attacks at home, 
should have been so fully hyped on such thin evidence, it's useful to 
consider the news cycle.

Last week, John Kerry did a surprisingly good job of introducing himself 
to the nation as a plausible replacement for Bush. 



Politics

But this rain dance was not undertaken from a security point of view. It 
was concocted with a political motive, and its purpose was to distract the 
public from the additive disasters in Iraq, and the unexpectedly strong 
showing by the Democrats in Boston last week. It was designed to make 
Junior look like the "strong leader" that his cheerleaders insist, against 
all evidence, that he really is. (We note that the true Prince of 
Darkness, Dick Cheney, has been dutifully silent, and conspicuously 
absent, during the recent national security festivities, to vouchsafe the 
limelight to Junior.)



--Kaos-Keraunos-Kybernetos---
 + ^ + :"War is Peace/|\
  \|/  : Freedom is Slavery /\|/\
<--*-->: Ignorance is Strength  \/|\/
  /|\  : Bush is President" - Bret Feinblatt \|/
 + v + :
-- http://www.sunder.net 

Welcome to 1984 - almost.

[Sunder]

This speaks volumes as to where intentions lie.


http://scoop.agonist.org/story/2004/8/3/84635/46365

 Justice Department attempting to remove public documents from libraries

American Library Association
July 30, 2004

CHICAGO -- The following statement has been issued by President-Elect 
Michael Gorman, representing President Carol Brey-Casiano, who is 
currently in Guatemala representing the Association:

By Anonymous in USA: Liberty Watch on Tue Aug 3rd, 2004 at 08:46:35 AM PDT
Last week, the American Library Association learned that the Department of 
Justice asked the Government Printing Office Superintendent of Documents 
to instruct depository libraries to destroy five publications the 
Department has deemed not "appropriate for external use." The Department 
of Justice has called for these five public documents, two of which are 
texts of federal statutes, to be removed from depository libraries and 
destroyed, making their content available only to those with access to a 
law office or law library.

The topics addressed in the named documents include information on how 
citizens can retrieve items that may have been confiscated by the 
government during an investigation. The documents to be removed and 
destroyed include: Civil and Criminal Forfeiture Procedure; Select 
Criminal Forfeiture Forms; Select Federal Asset Forfeiture Statutes; Asset 
forfeiture and money laundering resource directory; and Civil Asset 
Forfeiture Reform Act of 2000 (CAFRA).

ALA has submitted a Freedom of Information Act (FOIA) request for the 
withdrawn materials in order to obtain an official response from the 
Department of Justice regarding this unusual action, and why the 
Department has requested that documents that have been available to the 
public for as long as four years be removed from depository library 
collections. ALA is committed to ensuring that public documents remain 
available to the public and will do its best to bring about a satisfactory 
resolution of this matter.

Librarians should note that, according to policy 72, written authorization 
from the Superintendent of Documents is required to remove any documents. 
To this date no such written authorization in hard copy has been issued.


--Kaos-Keraunos-Kybernetos---
 + ^ + :"I find it ironic that, on an amendment designed to protect  /|\
  \|/  :American democracy and our constitutional rights, the   /\|/\
<--*-->:Republican leadership in the House had to rig the vote and  \/|\/
  /|\  :subvert the democratic process in order to prevail"  \|/
 + v + :  -- Rep. Sanders re vote to ammend the US PATRIOT ACT. 
-- http://www.sunder.net 

RE: On how the NSA can be generations ahead

[Sunder]

Some interesting URL's on how this can be technologically achieved.  These 
are just from various news sources, nothing indicating one way or another 
that the boys in Ft. Meade are using any of this stuff - though DARPA is 
mentioned in the first link. :)

http://news.com.com/Sun+chips+away+at+wireless+chip+connections/2100-1006_3-5291289.html

http://www.uwtv.org/programs/displayevent.asp?rid=1844

So this gets around some of the limits of chip to chip interconnects, etc.


--Kaos-Keraunos-Kybernetos---
 + ^ + :"I find it ironic that, on an amendment designed to protect  /|\
  \|/  :American democracy and our constitutional rights, the   /\|/\
<--*-->:Republican leadership in the House had to rig the vote and  \/|\/
  /|\  :subvert the democratic process in order to prevail"  \|/
 + v + :  -- Rep. Sanders re vote to ammend the US PATRIOT ACT. 
-- http://www.sunder.net 

Re: Al-Q targeting NY corporations?

[Sunder]

Your sarcasm detector is down, please send it back to the manufacturer for 
repairs.  Let's hope it's still under warranty.

--Kaos-Keraunos-Kybernetos---
 + ^ + :"I find it ironic that, on an amendment designed to protect  /|\
  \|/  :American democracy and our constitutional rights, the   /\|/\
<--*-->:Republican leadership in the House had to rig the vote and  \/|\/
  /|\  :subvert the democratic process in order to prevail"  \|/
 + v + :  -- Rep. Sanders re vote to ammend the US PATRIOT ACT. 
-- http://www.sunder.net 

On Mon, 2 Aug 2004, Major Variola (ret) wrote:

> At 12:58 PM 8/1/04 -0400, Sunder wrote:
> >You Al-Qaeda types
> >hate us for having freedom, right?
> 
> You're not taken in by that mularky, are you?

Re: Al-Q targeting NY corporations?

[Sunder]

I've a better idea for the terrorists who may be paying attention, why not
just leave NYC alone and target something more useful to take out - like
Microsoft, for example.  

IMHO, the planes that were targeted at the WTC would have been better
directed at various Redmond, WA buildings.  They're after all a very big
company with a lot of billions - that would have been far more spectacular
an attack than a couple of profitless eyesores blocking everyone's view of
the Statue of Liberty.  

And what's with attacking the pentagon?  They're the biggest sink of Evil 
American Taxpayer funds after all. Don't you want your enemies wasting 
billions of dollars on shitty airplanes and helicopters that crash 
themselves?

Besides, if you want to piss off the NY Cops, don't attack One Police
Plaza, take out Dunkin Donuts and Krispy Kreme joints... well, wait, I
kinda like Krispy Kreme once in a while, ok, just Dunkin Donuts...  Or
better yet, don't!  The artery clogging fat and the diabetes inducing
sugar+starch already do plenty.  Nah, if you're an Al Qaeda member, it's 
your duty to open up more donut shops and in fact, have a policy of free 
donuts to every cop.  Infact, you should send crates of donuts to every 
police precinct several times a day.  I'd suggest a 10:1 donut to officer 
ratio.  

Ditto for McDonalds foods.  Add extra grease.  The hydrogenated soybean
kind!

And why bother taking out the bridge to NJ - after all, NJ is where all
the stench is (remember that old joke: Girlfriend "Kiss me where it
smells," Boyfriend: "Ok, let's drive to NJ!"  You're better off leaving
that bridge alone, so commuters can be terrorized by the industrial stench
as they drive through, and by all the delays.  Infact, if you're an Al
Qaeda engineer, you'll want to BUILD more bridges to NJ, so more Satan
Loving American Infidels will get sickened by it.

Oh yeah, and be sure to vote for Bush.  He'll be sure to fuck the economy 
even worse and put more draconian laws into effect.  You Al-Qaeda types 
hate us for having freedom, right?  So Dubbya's your perfect boy for that.


That's the real way to be a terrorist, not by wasting your time on some 
dumb ass fireworks by airplane.  Pshaw, only amateur terrorists do it that 
way.



--Kaos-Keraunos-Kybernetos---
 + ^ + :"I find it ironic that, on an amendment designed to protect  /|\
  \|/  :American democracy and our constitutional rights, the   /\|/\
<--*-->:Republican leadership in the House had to rig the vote and  \/|\/
  /|\  :subvert the democratic process in order to prevail"  \|/
 + v + :  -- Rep. Sanders re vote to ammend the US PATRIOT ACT. 
-- http://www.sunder.net 

On Sun, 1 Aug 2004, J.A. Terranson wrote:

> Article below.
> 
> Just in case AQ is listening, I'd like to remind them that there are some
> other states that also have some *really* good targets ;-)  But, if you're
> just "stuck" on New York, let me make my recommendations:

[OT] Apple calls Real "a hacker"

[Sunder]

http://money.cnn.com/2004/07/29/technology/apple_real/

Interesting non-cypherpunkish stuff.  

So Real goes off and does some reverse engineering so it can use Apple's
DRM to publish its own stuff for iPod's.  Interestingly, Apple wants to
sue using the DMCA, *BUT* where it gets interesting is that IMHO, Real
didn't provide a crack to Apple's DRM, rather it used it for its own
benefit.  So will the DMCA even apply?

Even more interesting, Real used "publically available documents" so they 
didn't do the reverse engineering themselves, so they're not likely to be 
sued on that aspect - though quite likely this is based on the fair play 
stuff which was based on reverse engineering...

This might also have ramifications concerning things like X-Box and
modchips.  i.e. if Apple loses, then it will be legal for someone to build
a modchip to allow X-Box's to run Linux (but not play copied games.)

It will be an interesting fight, and if we, the consumers, are lucky, 
then perhaps some of the evil provisions in the DMCA will go away so we 
can get some more interoperability instead of vendor lock-in.

--Kaos-Keraunos-Kybernetos---
 + ^ + :"I find it ironic that, on an amendment designed to protect  /|\
  \|/  :American democracy and our constitutional rights, the   /\|/\
<--*-->:Republican leadership in the House had to rig the vote and  \/|\/
  /|\  :subvert the democratic process in order to prevail"  \|/
 + v + :  -- Rep. Sanders re vote to ammend the US PATRIOT ACT. 
-- http://www.sunder.net 

Osama says "Vote for Bush!"

[Sunder]

http://www.aaronsw.com/weblog/001393

Not that (m)any of us really expected Al-Qaeda to want Kerry.

--Kaos-Keraunos-Kybernetos---
 + ^ + :"I find it ironic that, on an amendment designed to protect  /|\
  \|/  :American democracy and our constitutional rights, the   /\|/\
<--*-->:Republican leadership in the House had to rig the vote and  \/|\/
  /|\  :subvert the democratic process in order to prevail"  \|/
 + v + :  -- Rep. Sanders re vote to ammend the US PATRIOT ACT. 
-- http://www.sunder.net 

Reputation Capital Article - 1st Monday: Manifesto for the Reputation Society

[Sunder]

Here's a paper/article/screed on reputation capital.  A subject we 
discussed here a long while ago back when dinosaurs ruled the earth, 
etc... well, not quite that long ago.  

This doesn't seem to mention anything about anonymous users, however.



http://www.firstmonday.org/issues/issue9_7/masum/index.html


Abstract
Manifesto for the Reputation Society by Hassan Masum and Yi.Cheng Zhang

Information overload, challenges of evaluating quality, and the 
opportunity to benefit from experiences of others have spurred the 
development of reputation systems. Most Internet sites which mediate 
between large numbers of people use some form of reputation mechanism: 
Slashdot, eBay, ePinions, Amazon, and Google all make use of collaborative 
filtering, recommender systems, or shared judgements of quality.

But we suggest the potential utility of reputation services is far 
greater, touching nearly every aspect of society. By leveraging our 
limited and local human judgement power with collective networked 
filtering, it is possible to promote an interconnected ecology of socially 
beneficial reputation systems . to restrain the baser side of human 
nature, while unleashing positive social changes and enabling the 
realization of ever higher goals.






--Kaos-Keraunos-Kybernetos---
 + ^ + :"I find it ironic that, on an amendment designed to protect  /|\
  \|/  :American democracy and our constitutional rights, the   /\|/\
<--*-->:Republican leadership in the House had to rig the vote and  \/|\/
  /|\  :subvert the democratic process in order to prevail"  \|/
 + v + :  -- Rep. Sanders re vote to ammend the US PATRIOT ACT. 
-- http://www.sunder.net 

New trend: dropping trou at the TSA

[Sunder]

BoingBoing calls this "The Freedom Flash" 
http://www.boingboing.net/2004/07/14/man_flashes_authorit.html



http://news.yahoo.com/news?tmpl=story&u=/ap/20040714/ap_on_fe_st/airport_flasher_1

Man Exposes Self During Airport Screening

Wed Jul 14, 9:07 AM ET

Add Strange News - AP to My Yahoo!

By The Associated Press

MINNEAPOLIS - Daryl Miller didn't make it through airport security because 
he couldn't keep his pants on.

 

Airport police said a security screener was waving a metal-detecting wand 
over Miller's pants area on Friday when Miller pulled his shorts down to 
his ankles. He wasn't wearing any underwear.

Miller then said, "There, how do you like your job," thus ending the 
screening, according to the police report. He was charged with indecent 
exposure and released on $300 bail. 

..

 "This person exposed themself in a public area, a clear violation of the 
law, and we needed to take some action on that, otherwise everybody would 
be dropping their pants," Christenson said.


--Kaos-Keraunos-Kybernetos---
 + ^ + :"I find it ironic that, on an amendment designed to protect  /|\
  \|/  :American democracy and our constitutional rights, the   /\|/\
<--*-->:Republican leadership in the House had to rig the vote and  \/|\/
  /|\  :subvert the democratic process in order to prevail"  \|/
 + v + :  -- Rep. Sanders re vote to ammend the US PATRIOT ACT. 
-- http://www.sunder.net 

Re: Mexico Atty. General gets microchipped (fwd)

[Sunder]

On Tue, 13 Jul 2004, J.A. Terranson wrote:

> Forwarded for amusement

>   "...justice is a duty towards those whom you love and those whom you do
>   not.  And people's rights will not be harmed if the opponent speaks out
>   about them."
> 
>   Osama Bin Laden
> 
>   - - -
> 
>   "There aught to be limits to freedom!"
> 
>George Bush
> 
> 
>   - - -
> 
> Which one scares you more?

The about sounds like a great .signature file. :)
 
> 
> --
> http://www.cnn.com/2004/WORLD/americas/07/13/mexico.chip.reut/index.html
> 
> Mexico attorney general gets microchip implant

> "It's an area of high security, it's necessary that we have access to
> this, through a chip, which what's more is unremovable," Macedo told
> reporters.

Huh? any implantable is removeable...  What, kidnappers, in Mexico don't
have access to alumium foil, faraday cages, frequency counters and
{hatchets,knives,scalpels,chain saws}, etc?

> The chips would enable the wearer to be found anywhere inside Mexico, in
> the event of an assault or kidnapping, said Macedo.

Which means it's transmitting, and to do so, it's not an RFID, it's a bug 
with a battery.  If if it doesn't transmit at all times, there's a scar 
somewhere which points where it is.

This ploy would have only worked if the kidnappers didn't know about it in
advance.  Now they do.  It will stop the lame ones.  The hardass criminals
know how to deal with it.

IMHO, this is a publicity op - not much else, designed to discourage 
potential kidnappers, and enourage the public to get chipped.


"What's the frequency Kenneth?" comes to mind.  ROTFL!

Re: USA PATRIOT Act Survives Amendment Attempt (fwd from brian-slashdotnews@hyperreal.org)

[Sunder]

On Fri, 9 Jul 2004, Bill Stewart wrote:

> At 01:44 PM 7/9/2004, Thomas Shaddack wrote:
> >Is it possible to write a database access protocol, that would in some
> >mathematically bulletproof way ensure that the fact a database record is
> >accessed is made known to at least n people? A way that would ensure that
> >either nobody can see the data, or at least n people reliably know the
> >record was accessed and by whom?

.

> The obvious method for the first half of your problem is
> Shamir secret-sharing - n out of m people need to provide
> their information in order to access the data item (or its key.)
> That isn't necessarily an _efficient_ protocol for databases,

Better yet, you have the n sources provide pieces of a key which
auto-expires after X days, that key is used to access the database rather
than getting the data from n sources.  Authenticating at random with n 
sources, each with a different key is also required.

Store the data on some persistent, distributed stores... Bit Torrent comes 
to mind here.

 
> I'm not convinced that the second half of your problem makes sense.

See above method and add some sort of log to it that automatically and 
anonymously publishes logs of access to it.  So long as n>m/2 and at least 
n people are trustworthy it should work, right?

Then, you also need a watcher app to reveal that access occured.  This app
downloads the logs of the hashes you're interested in, plus other random
ones to prevent logging from revealing who is interested in what.

Would also be nice if the hash for the data you're trying to watch/access 
changes with the date.  That way if one user of the system is compromised, 
the compromisers can't figure out who the other parties accessing the same 
data are.  But I'm not sure how you'd make it happen without tweaking the 
Bit Torrent client a lot, or writing a new one from scratch (invoking 
Not-Invented Here Syndrome).


> Of course, even to use this requires that the application be designed
> in some manner where there's some kind of key that's needed
> to access the data, such as a mailbox that encrypts incoming mail
> with your public key.  That doesn't prevent the secret police from
> forcing your mailbox company to reveal the information before
> encrypting it to you, but it does at least protect _old_ mail,
> unless n out of the m key escrow agents all cooperate.

A-Yup.

> I don't know why you'd design a system like this when you could
> do it without the key escrow feature - am I missing something?

How else would you do it and still be able to know when something was 
read?

--Kaos-Keraunos-Kybernetos---
 + ^ + :"I find it ironic that, on an amendment designed to protect  /|\
  \|/  :American democracy and our constitutional rights, the   /\|/\
<--*-->:Republican leadership in the House had to rig the vote and  \/|\/
  /|\  :subvert the democratic process in order to prevail"  \|/
 + v + :  -- Rep. Sanders re vote to ammend the US PATRIOT ACT. 
-- http://www.sunder.net 

Re: Faster than Moore's law

[Sunder]

On Thu, 8 Jul 2004, Steve Schear wrote:

> >Just want to remind y'all that drive capacity has increased *faster*
> >than semiconductor throughput, which has an 18 month doubling time.
> 
> But access time has not nearly kept pace.  Which is why all manner of 
> database architectures have been created to make up for this shortcoming.

Which is still perfectly fine for data that you collect but search/access 
very rarely which I'd guess is the type of data we're talking about here.  
You collect the data, index it (or extract metadata from it in other ways) 
and you _almost_ never access it again.

Re: [IP] Hi-tech rays to aid terror fight

[Sunder]

On Thu, 8 Jul 2004, Major Variola (ret) wrote:

> 1. I've seen adverts for linear sensors which image the bottoms
> of cars as they drive over.  Sort of a scanner where the paper
> does the moving.  Installed in the road.

Come to think of it, yes, the "road" within the tollbooth gate was a bit
raised, so there could well have been sensors underneath it.  Might as
well add all the sensors you can afford, after all any cars going through
the gate are a captive audience.

> 2. There are companies developing sensors that bombard
> your car with neutrons (don't have to open the trunk),
> and detect the N from the temporary neutron-activated gamma emissions.
> 
> 3. Obviously license plate OCR is trivial.

Natch.  I also did see the big red IR lamps behind, but that's old school 
in almost any toll booth.
 
> 4. I've read papers on recognizing vehicles by their inductive
> signature as they drive over regular road sensors.   This was
> to passively measure road speed for traffic control.  The idea
> is that a VW Beetle has a different inductance vs. time than
> a Ford-250 or an 18 wheeler.  You correlate between
> roadloops at known distances apart and infer road speed.

Or you OCR license plates which is mostly trivial these days, or a 
combination of both.  

Then again, for upstate NY, you actually get a card for NYS Throughway and
pay when you exit at another tollbooth.  Card has a magnetic stripe, and 
shows the entry point on the throughway.  So there are obviously other 
less expensive ways to do just that.  Add cameras with timestamps at each 
tollboth and a way to keep track of which card was where and you've got a 
verifiable robust tracking system.

 
> 5. One could call terahertz "hard RF"  in same way that hard x-rays
> bleed into soft gammas.  But calling anything "hard" implies danger,
> and we mustn't scare the proles.  Perhaps soft IR is better.

:) Sort of like spammers calling their trade "targetted mails" or "opt-in"

Heh, would be funny if the 4am NINJA SWAT raid teams painted happy faces
on their helmets and say "Have a nice day" as they shoot.

 
> Whatever, its still pornography if the resolution is high enough.

What was that quote?... "tits or nukes, it's all just bits on the wire"

I also recall reading recently about those colored plastic/glass embedded
in the road bumps that reflect light (so you can see your lane better?)
are being retrofitted with cameras in them and set at an angle to read the
license plate and measure speed as you drive over them by some company.

Bah, wetware memory sucks. :(

Re: [IP] Hi-tech rays to aid terror fight (fwd from dave@farber.net)

[Sunder]

I recently visited the Canadian side of Niagra falls.  On the return entry 
to the US customs, etc. meant driving through penns that look like toll 
booths.  But I noticed little sensors in pairs and large square sensors as 
well.

The entry gate was fairly large - I'd say about 2' deep by 2' wide by I'd
guess 10/12' high. Black on the outside car facing side, white on the
inner side.  On the side there were pairs of large rectangular boxes at an
angle pointing down toward the car.  Deeper into the stall there were
several pairs of sensors on vertical poles.  The first pair on the left
side - small rectangular ones which pointed at similar poles across the
way.  Something like this:

   |   |
   |  ]| mid - about 3-4' off the ground
   |   |
   |[  | low about 1ft off the ground




>From the top:


  Booth|---arm---|
   | |
   |[|
   |[|
   |]|
   |]|
   | |
   ### ###
   | |
   %%%
   %%%
   | |
  ^ direction of driving

[ = small sensor
##= large sensor
%%= entry gate 3'x3' thick


And there were two sets of these as I drove through.  Were these the 
(in)famous TZ sensors?

There were two guys in the booth, one obviously examining in LCD monitor, 
the other guy going "papers please" and "state the nature of your visit" 
etc.  He seemed only concerned with where we were born, lived, and whether 
we had purchased any alcohol or tabacco products in Canada.


On Thu, 8 Jul 2004, Eugen Leitl wrote:

> - Forwarded message from David Farber <[EMAIL PROTECTED]> -
> 
> From: David Farber <[EMAIL PROTECTED]>
> Date: Thu, 8 Jul 2004 10:09:31 -0400
> 
> Begin forwarded message:
> 
> From: Dewayne Hendricks <[EMAIL PROTECTED]>
> Date: July 8, 2004 4:53:34 AM EDT
> To: Dewayne-Net Technology List <[EMAIL PROTECTED]>
> Subject: [Dewayne-Net] Hi-tech rays to aid terror fight
> 
> Hi-tech rays to aid terror fight
> 
> A new way of identifying metal and explosives could provide a valuable
> tool in the fight against terrorism.
> Airport security has become big business following the terrorist
> attacks in the US.
> 
> A system that detects both metal and non-metallic weapons using
> terahertz light has been developed by technology firm TeraView.

Re: Final stage

[Sunder]

On Thu, 8 Jul 2004, Howie Goodell wrote:

> On Wed, 7 Jul 2004 15:26:59 -0400 (edt), Sunder <[EMAIL PROTECTED]> wrote:
> > 
> > On Wed, 7 Jul 2004, J.A. Terranson wrote:
> > 
> > > On Wed, 7 Jul 2004, Anonymous via the Cypherpunks Tonga Remailer wrote:
> > >
> > > > Praise Allah!  The spires of the West will soon come crashing down!
> > 
> > 
> > 
> > > Laying it on just a little thick, no?
> > 
> > Here we go again.  Get ready for more FUD from the LEO's, I can see Fox
> > news now.  "Cypherpunks a hotbed of crypto-anarchist scum is now being
> > used by Al Qaeda to setup new terrorist attacks..."  Expect to see a
> > sidebar about "rogue" or "evil" anonymous remailers and how they're
> > un-patriotic, etc.
> > 
> > Bah, some feeb had too one too many Crappachino's with lunch today and
> > pulled a Cornholio :(
> > 
> > A few years ago it was requests on how to make bombs, now it's this shit.
> 
> The "UBL is GW" message sounded provocateurish, too.

Yup... but that's kind of standard around here.  Pull up a reasonable 
quote from some super hated person and make people think.  Nothing new.  I 
think there was something about gun control and making people safe 
attributed to Hitler, etc. a while back.

But as I said, here we go: http://www.theinquirer.net/?article=17087
Right on que too, though it doesn't mention Cypherpunks...

The Internet is the home of Terror

Servers of Mass destruction

By Nick Farrell: Thursday 08 July 2004, 07:50
THE INTERNET has become the place for terrorist training, recruitment, and 
fundraising, according to a leading Israeli academic.

Speaking to the Medill News Service, Gabriel Weimann, chair of the 
University of Haifa communications department claims that Terrorist groups 
are exploiting the accessibility, vast audience, and anonymity of the 
Internet to raise money and recruit new members.

Re: Final stage

[Sunder]

On Wed, 7 Jul 2004, J.A. Terranson wrote:

> On Wed, 7 Jul 2004, Anonymous via the Cypherpunks Tonga Remailer wrote:
> 
> > Praise Allah!  The spires of the West will soon come crashing down!


 
> Laying it on just a little thick, no?

Here we go again.  Get ready for more FUD from the LEO's, I can see Fox
news now.  "Cypherpunks a hotbed of crypto-anarchist scum is now being
used by Al Qaeda to setup new terrorist attacks..."  Expect to see a
sidebar about "rogue" or "evil" anonymous remailers and how they're
un-patriotic, etc.

Bah, some feeb had too one too many Crappachino's with lunch today and
pulled a Cornholio :(  

A few years ago it was requests on how to make bombs, now it's this shit.

Re: Privacy laws and social engineering

[Sunder]

On Wed, 7 Jul 2004, Thomas Shaddack wrote:

> Sometimes you get access by telnet. Sometimes by a voice call. Hack the 
> mainframe. Hack the secretary. What's better? (Okay, I agree, you can't 
> sleep with the mainframe.)

> I feel zen today.

Me too:

http://www.openbsd.org/lyrics.html#31
ftp://ftp.openbsd.org/pub/OpenBSD/songs/song31.ogg
ftp://ftp.openbsd.org/pub/OpenBSD/songs/song31.mp3


BSD fight buffer reign
Flowing blood in circuit vein
Quagmire, Hellfire, RAMhead Count
Puffy rip attacker out

Crackin' ze bathroom, Crackin' ze vault
Tale of the script, HEY! Secure by default

Can't fight the Systemagic
Uber tragic
Can't fight the Systemagic

Sexty second, black cat struck
Breeding worm of crypto-suck
Hot rod box unt hunting wake
Vampire omellete, kitten cake

Crackin' ze boardroom, Crackin' ze vault
Rippin' ze bat, HEY! Secure by default

Chorus

Cybersluts vit undead guts
Transyl-viral coffin muck
Penguin lurking under bed
Puffy hoompa on your head

Crackin' ze bedroom, Crackin' ze vault
Crackin' ze whip, HEY! Secure by default
Crackin' ze bedroom, Crackin' ze vault
Crackin' ze whip, HEY! Secure by default

Chorus

Re: Email tapping by ISPs, forwarder addresses, and crypto proxies

[Sunder]

On Wed, 7 Jul 2004, Tyler Durden wrote:

> "If you think the cable landings in Va/Md are coincidental, you are
> smoking something I've run out of.  Its all recorded.  I'm sure the
> archiving and database groups in Ft. Meade will get a chuckle out of your
> "the right to" idioms."
> 
> Well, I don't actually believe it's all recorded. As I've attempted to 
> explain previously, "they" almost certainly have risk models in place. When 
> several variables twinkle enough (eg, origination area, IP address, presence 
> of crypto...) some rule fires and then diverts a copy into the WASP'S Nest. 
> There's probably some kind of key word search that either diverts the copy 
> into storage or into the short list for an analyst to peek it.

To channel Mr. May: "All of this of course can be put to rest by reading
some Bamford. (Body of Secrets, Puzzle Palace.)"

Re: UBL is George Washington

[Sunder]

On Mon, 5 Jul 2004, Anonymous wrote:

> But asymm warfare has to accomplish its goal.  It's not being very
> successful.  The only people who are siding with al-qaeda are those whose
> brains are already mush -statist socialists, to be precise.  If al qaeda
> bombed government buildings or targetted the private residences or offices
> of government officials, they might get more sympathy, from me at least.
> Destroying an pair of buildings and killing thousands of citizens -most of
> whom couldn't give an accurate account of U.S. forces distribution in the
> MidEast- is not a step forward.

Right, WTC as a target doesn't make any strategic sense.  Either they were
very stupid at picking their targets, or their goals are not quite so
obvious - Unless the strategy was to short-sell the stock market the day
before.

Did the FTC/FBI/NSA/CIA/etc find anything along these lines (yet)?  I've 
not been paying much attention to the news as of late.

Re: [IP] more on more on E-mail intercept ruling - good grief!! (fwd from dave@farber.net)

[Sunder]

> The Tempest argument is a stretch, only because you're not actually 
> recovering the information from the phosphor itself.  But the Pandora 
> argument is well taken.

Actually there is optical tempest now that works by watching the flicker 
of a CRT.  Point is actually even more moot since most monitors are now 
LCD based, etc. so there's no raster line scanning the display, etc...

Re: [IP] more on more on E-mail intercept ruling - good grief!! (fwd from dave@farber.net)

[Sunder]

On Fri, 2 Jul 2004, Roy M. Silvernail wrote:

> Call me cynical (no... go ahead), but if VOIP is found to have no 4th 
> Amendment protection, Congress would first have to agree that this *is* 
> a problem before thay could "fix" it.  Given the recent track record of 
> legislators vs. privacy, I'm not at all confident Congress would 
> recognize the flaw, much less legislate to extend 4th Amendment 
> protection.  After all, arent more and more POTS long-distance calls 
> being routed over IP?  The only difference, really, is the point at 
> which audio is fed to the codec.  If the codec is in the central office, 
> it's a "voice" call.  If it's in the handset or local computer, it's 
> VOIP.  I think we can count on the Ashcroftians to eventually notice 
> this and pounce upon the opportunity.  And as for the SCOTUS, all they 
> have to do is sit back on a strict interpretation and such intercepts 
> aren't "wiretaps" at all.

If VOIP gets no protection, then you'll see a lot of "digital" bugs in
various spy shops again - and they'll all of a sudden be legal.  I thought
the Feds busted lots of people for selling bugging equipment, etc. because
they're an invasion of privacy, etc.

Ditto for devices that intercept digital cellular phone conversations, 
spyware software that turns on the microphone in your computer and sends 
the bits out over the internet, ditto for tempest'ing equipment ("But 
your honor, it's stored for 1/60th of a second in the phosphor! It's a 
storage medium!"), etc.


Hey, they can't have their cake and eat it too.  It's either protected or
it isn't.

Re: For Liars and Loafers, Cellphones Offer an Alibi

[Sunder]

One phone I'd like to recommend against is the SideKick.  I've no idea if 
it's got a GPS receiver or not - likely it doesn't need one since it's 
GPRS and can use tower timing as discussed before.

I'm recommending against it, because while I love the phone and its 
features, it's too big brotherish.  Example: if you write an email while 
it's out of range of a cell tower, and hit send, it will store the email 
into the Send folder.  If you then try to delete that email from the Send 
folder it will give you an error saying "I can't do this right now because 
I need to first synchronize with the server."

Which means even emails you want to erase will be first sent to the 
server!

It does have an ssh client, a web browser, and an AIM client, but I use
these with caution, especially the SSH client.

It's also got a USB 2.0 plug and an IR transceiver, but I've not been able 
to make any use of either, nor seen any options to enable/disable them.  
For all I know the IRDA could always on and will talk to anyone, etc.


You don't "own" anything on this phone despite the appearance to the
contrary.


I was also considering Palm phones, but Palm OS is piss poor at memory
protection so any application can clobber/read/spy on any other, so if 
there's spyware in the code that talks to cell towers, you're at its 
mercy, and it can read anything you've got in it.

Re: my name is Doe, John Doe

[Sunder]

How about "rm -rf /"

First name is "rm" middle is "-rf" last is "/"

:)

Re: Antipiracy bill targets technology

[Sunder]

On Fri, 18 Jun 2004, R. A. Hettinga wrote:

> 
> 
> CNET News
> 
>  Antipiracy bill targets technology

> A forthcoming bill in the U.S. Senate would, if passed, dramatically
> reshape copyright law by prohibiting file-trading networks and some
> consumer electronics devices on the grounds that they could be used for
> unlawful purposes.

What was that old saw that went "Well, you're equipped to be a whore, but
you're not?" again?  how about banning chainsaws, they can kill or main
people too and yes, cars, and trains, and airplanes, plastic shopping bags
without holes, belts, rope, wire, electricity, etc. they can all be used
to kill.  all of which is unlawful.
 
>  The Induce Act stands for "Inducement Devolves into Unlawful Child
> Exploitation Act," a reference to Capitol Hill's frequently stated concern

Um, remind me again, when exactly is it lawful to exploit children?  Oh, 
wait, that's right!  When they're in other countries, then, you can make 
them work in sweatshops producing Nike's, Levi's, GAP, etc. products... 
oh, sorry, I forgot.

>  Foes of the Induce Act said that it would effectively overturn the Supreme
> Court's 1984 decision in the Sony Corp. v. Universal City Studios case,
> often referred to as the "Betamax" lawsuit. In that 5-4 opinion, the
> majority said VCRs were legal to sell because they were "capable of
> substantial noninfringing uses." But the majority stressed that Congress
> had the power to enact a law that would lead to a different outcome.

so how soon before we ban paper and pencil? or keyboards, hands - 
because they can hold pencils or type, and eyeballs and ears, because they 
can see video and hear music?

Re: [osint] Assassination Plans Found On Internet

[Sunder]

Or it could just be agitprop meant to raise the theat level back up a 
notch, or provide more funding to the surveillance kitty.

On Mon, 14 Jun 2004, R. A. Hettinga wrote:

> At 10:45 PM +0200 6/14/04, Thomas Shaddack wrote:
> >It may be also a very cheap method of "attack".
> 
> True enough.

Shoulder surfing for passwords by ear

[Sunder]

Hmmm, sounds like we now need keystroke sound jammers.  Shouldn't be too 
hard to implement if you have a good random noise generator, but it could 
get annoying if you play white/pink noise while a password prompt pops up.

Of course, there's still the issue of the pinhole camera in the ceiling 
tiles aimed at your keyboard, but that's old hat. :)

I wonder if different users hit the keys in a different enough way to make 
any difference...


http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci963348,00.html

'Whispering keyboards' could be next attack trend
By Niall McKay, Contributing Writer
11 May 2004 | SearchSecurity.com


OAKLAND -- Listen to this: Eavesdroppers can decipher what is typed by 
simply listening to the sound of a keystroke, according to a scientist at 
this week's IEEE Symposium of Security and Privacy in Oakland, Calif.

Each key on computer keyboards, telephones and even ATM machines makes a 
unique sound as each key is depressed and released, according to a paper 
entitled "Keyboard Acoustic Emanations" presented Monday by IBM research 
scientist Dmitri Asonov.

All that is needed is about $200 worth of microphones and sound processing 
and PC neural networking software.

Today's keyboard, telephone keypads, ATM machines and even door locks have 
a rubber membrane underneath the keys.

"This membrane acts like a drum, and each key hits the drum in a different 
location and produces a unique frequency or sound that the neural 
networking software can decipher," said Asonov. 

Re: Airport security failures justify CAPPS-II snoop system

[sunder]

Meh, same old song:
NSA/CIA/FBI failed to prevent the WTC missile attacks, despite the billions 
of dollars they receive per annum, so guess what, they get rewarded with 
guess what kiddies, even more tax payer dollars!

Condoleeza Rice lies about a specific PDB, calling it "historical" and 
doesn't charged with perjury after said PDB is declassified.

Sibel Edmonds, a Turkish American with top security clearance, who worked 
as a translator at FBI HQ says that she saw information that proved top US 
officials knew months before 9.11.2001 that Al Qaeda planned to use 
airplanes as missiles, but isn't allowed to testify on grounds that "it 
would compromise national security."  Damn right it would -  there should 
be riots in the streets over this, and those "top US officials" should be 
jailed for gross negligence causing the loss of 3000 lives.

NSA, CIA, FBI weren't allowed to share databases because of wisely thought 
out checks and balances to prevent privacy and other types of abuses, so 
they were thrown out, not that they really existed in the first place. 
(i.e. NSA isn't allowed to spy on US citizens, so it uses one of it's 
buddies, perhaps UK, or Australia to do the dirty work.)

Airport security fails, so Uncle Sam gets to spend even more tax payer 
dollars on TSA.  TSA fails, and instead of it being punished, its 
ineptitude gets rewarded by getting justification for more draconian laws, 
and even more tax payer cash... woo hoo!

R. A. Hettinga wrote:

Airport security failures justify CAPPS-II snoop system
By Thomas C Greene ([EMAIL PROTECTED])
Published Monday 26th April 2004 20:21 GMT
Recent government reports on the failure of American airport screeners to
detect threat objects at security checkpoints may provide ammunition for
proponents of the controversial Computer Assisted Passenger Prescreening
System (CAPPS II) database solution, which is currently stalled by myriad
snafus too numerous to mention.

Re: Id Cards 'Will Protect Youngsters from Paedophiles'

[sunder]

Rgggh!  And posting your full name, address, phone number, date of 
birth, social security number, the account and expiration dates of all your 
credit cards + the 3 digit extra code on their backs, ATM card account # 
and the PIN, plus, several samples of your signature (optional) in JPEG 
format, and the code to your alarm system on your web page will prevent 
identity theft.

So, whaddayasay?  It's a fine bridge, lightly used, as you can see, it's 
got a lotta traffic between Manhattan and Brooklyn, I could sell it to you 
real cheap, 'cause you look like a nice guy and all, you know, you could 
make a fortune, setup a toll booth and all that.

R. A. Hettinga wrote:
Horseman #1, Terrorists: Check.
Horseman #2, Pedophiles: Check.
Next?
Cheers,
RAH
-

print  
close
Tue 27 Apr 2004

2:47am (UK)
Id Cards 'Will Protect Youngsters from Paedophiles'
By James Lyons, Political Correspondent, PA News
 Identity cards will help keep youngsters safe from perverts, Education
Secretary Charles Clarke claimed today.

Re: Fact checking

[sunder]

Damian Gerow wrote:
I don't give a flying fuck who you vote for, who the options are, what you
think of them, or even if they're convicted drunk drivers hell-bent on
converting the world to their belief system (...).

You, sir, are in great need of an enema.
*PLONK*

Re: What Should Freedom Lovers Do?

[sunder]

An Metet wrote:
In my devotion to freedom, I apparently go beyond the point where most
cypherpunks are comfortable, in that I support private initiatives and
technologies of all sorts and oppose government regulation of them.
I am a supporter and admirer of Microsoft, which has achieved tremendous
market success without relying on government support, indeed in the
face of steadfast government opposition.  I oppose government antitrust
efforts in general, and specifically those directed against Microsoft.
I agree with everything you've said in your post, including >PRIVATE< DRM 
measures, but, I disagree that Microsoft should be admired.

I've seen far too much evil emminated from Redmond:
* from outright theft of smaller companies' IP (i.e. Stacker),
* dumping ("We'll help you migrate from Netware to NT 3.51 for free"),
* FUD (GNU is communism and Anti-American),
* evil contracts (if you sell blank machines without Windows, you have to 
pay $X more for our software)
* stealth funding of SCO's lawsuit against IBM and linux end users,
* to lots of needless security holes - some even by design, (i.e. security 
is a checkbox as a marketing feature, or an afterthought: i.e. this chant: 
"Active X! Active X! Format Hard drive? Just say 'YES!'")

For the final one, I used to work at Earthweb, which ran Gamelan 
(pronounced gah-meh-lohn, not game LAN), a Java repository.  At one point, 
EW decided to start an Active X repository.  Some guy wrote an Active X 
browser component that shut off your machine if you clicked yes.  The 
component did exactly what it said it did, but it was a good example that 
it could have done something else.  Hence the "Active X! Active X! Format 
Hard Drive? Just say YES!" chant.

Let me tell you, Microsoft tried very, very hard to get us to remove that 
bit of code from the repository.  We didn't, because it did exactly what it 
claimed to do.

More financial damage has been done to the planet by Microsoft than good. 
Far too many sysadmin/developer hours were lost because of Microsoft.  You 
can certainly count the hours in lost human lives...  Hell, just add up the 
cost of each virus/trojan/worm outbreak which targets Outlook, Office, and 
Internet Exploiter.

Now don't get me wrong.  I'm not some knee-jerk Linux Good, Windows bad 
clueless geek wannabee.  I started out as a Novell Netware sysadmin. 
(Well, I started out as a coder, but fell into sysadming over time.)

When NT starting taking over, I picked it up and thought it was cool.  It's 
design was certainly revolutionary, and the NTFS was one of the best 
designed file systems I've seen, even to this day.  NT's borrow a driver 
from the server printing was beautiful.  User management via domains? 
Sweet!  Ok, not too much better than NIS, but hey, very nice. Active 
Directory?  Much, much mo'e better.  DHCP?  Great wonderful idea.  Gateway 
for Netware Services and Migration from Netware?  A bit scummy, but hey 
it's free with the server, might as well use it*.  File and Printer sharing 
for Macintosh?  Cool! - well, except for that one bug with the dancing 
icons back a few years ago...

(* Gateway Service for Netware allowed a scummy sysadmin to bypass the 
license limitation of Netware servers.  A single "user" from the NT server 
would login to the Netware server and proxy hundreds if not thousands of 
user requests.  You suffered in performance, but one of it's uses was to 
bypass licensing.  If you read NT's license it says something along the 
lines that you can't use another proxy this way against an NT server.)

Registry?  Hey, wonderful idea.  No, really.  Storing all your machine's 
settings in a single place and having a single editor (ok two of them) to 
control them was beautiful.  Just make sure you (can and do) back it up.

No, I'm not being sarcastic, if you know how the registry works, how to 
back it up, how to restore it, and how to repair it, it's a great thing - 
much better than lots of .ini, .rc or .conf files 
everyfuckingwherethankyouverymuch.  Ok, in unixen everything lives in /etc. 
 But which /etc?  /etc? /usr/local/etc? /usr/local/samba/etc? and the dot 
files in home directories?  ouch!  (A regular thing that I do is to backup 
all of /etc /usr/local/etc just to make sure I can restore them.  With 
Windows, you just run rdisk /s- and copy %SYSTEMROOT%\system32\repair.)

At the last job, we had a dead Exchange 5.5 on NT 4.0 server.  Its hardware 
died.  I worked for a shitty little dot com.  The guy admining it couldn't 
restore it.  We didn't have another motherboard that mached the drivers on 
that box, so we couldn't just move the hard drive over.  Know what I did? 
I merged the hardware related registry files from the sacrificial machine 
on the OS of the dead one to get it to boot, then hand reinstalled the 
network driver and a few other minor things like the video driver.  It's 
not so hard if you know what you're doing, and a registry isn't a bad thing.

All of the above features more o

Re: Fact checking

[sunder]

Damian Gerow wrote:
Hey, I'm no fan of Tipper either.  And I'm not saying that Al Gore was a
/good/ choice.  But in retrospect, he probably would have been a lesser evil
than the current president.
THAT, ultimately is the meta-point.  You shouldn't have to vote for the 
lesser evil, but when your choice is so vastly limited, why even bother voting?

After the events involving Vince Foster, Lon "It was self defense, she 
threatened me with her baby" Hioruchi(sp?), Janet Reno, and Monicagate, 
Dubbya Jr. seemed the lesser of two evils.  Until 9.11.2001.  At that 
point, Gore clearly became the lesser of two evils, but by that time, it 
was far too late to see it.

How much of the public knew about the connections to Haliburton before 
election day?  How much of the public knew about the Project for a New 
American Century?  How much of the public knew about USA PATRIOT ACT and 
it's sequel?

What's missing is some sort of vote out of office mechanism, a big great 
"Undo" vote as it were.  There are no guarantees that if you vote for 
Scumbag #1 that s/he'll be less of a scumbag that Scumbag #2.

When more than half the country doesn't want to do something, it shouldn't 
be done just because congress and POTUS decides it's in their pocketbook's 
interest, but where's the mechanism to stop it?

Where's the recall vote?  Where's the oversight committee that says "When 
you ran for office you promised X,Y,Z and you're half in your term and 
haven't delivered."

Where's the "I want X% of my dollars to go to this issue, and 0% to go to 
that one" option?

Elections where you only chose between evil #1 and evil #2, are an ironic 
joke, and the ones laughing their way to the bank aren't those with your 
interests in mind.

Re: BBC on all-electronic Indian elections

[sunder]

Damian Gerow wrote:
Actually, Mr. Gore didn't once claim to invent the Internet.  Through
various mis-wordings and lax fact-checkings, the Mass Media came to
represent what he said through that phrase.
What he /actually/ claimed (and what he /actually/ did) was recognize its
importance, and then push for funding, in the 1980's.  So he didn't 'invent'
the Internet, he helped provide the funding for its inventors.
Yeah so what? I still wouldn't want to vote for him (except as a vote 
against Shrubbya)  Al's prise pig of a wife, Tipper, helped found the PMRC 
against lyrics in songs.  See Megadeth's Hook in Mouth for details on this 
censorious organization: 
http://www.songlyrics4u.com/megadeth/hook-in-mouth.html
and http://www.geocities.com/fireace_00/pmrc.html for details about the PMRC.

Re: BBC on all-electronic Indian elections

[sunder]

Jack Lloyd wrote:
Still, I liked this quote: '"I came to vote because wasting one's ballot in a
democracy is a sin," he told the BBC.' Not too common a view in the US these
days, it seems like.
What do you expect when the previous choice we've had was between Al "I 
Invented the Innnernet" Gore, and George "Nucular" Dubbya?

Re: Meshing costs (Re: Hierarchy, Force Monopoly, and Geodesic Societies)

[sunder]

Tyler Durden wrote:

Someone enlighten me here...I don't see this as obvious. I might 
certainly be willing to pay to route someone else's message if I 
understand that to be the real cost of mesh connectivity. In other 
words, say I'm driving down the FDR receiving telemetry about the road 
conditions downtown of me by a few miles. 
Um, just to point out the absolute obvious, if you're >DRIVING< you already 
have a power source, even if you have to use an inverter to power your 
notebook.  At that point you're not worried about worrying about spending a 
few miliamps on transmission here and there.  It doesn't matter at all 
whether or not there's a string of other "you's" ahead of you.   Having 
already paid for the tank of gas, the juice is free, and so should 
transmission - even routing of other users' data.

If you're in the woods, or at the beach, that's a different story.  :)
Ok, well, if you're at the beach, you could get a solar cell and geek away.
If I'm a router, I'm also 
sending that info behind me (which is routing I'm paying for basically), 
but I will understand that the reason I am getting my telemetry is 
precisely because there's a string of "me's" in the cars in front of me, 
routing info down to me. If I insist on getting paid, so will they, and 
the whole thing breaks down.

Actually, this reminds me of the prisoner's dilemma. I remember (I 
think) Hofstaedter doing an interesting analysis that showed that smart 
'criminals' will eventually realize that it pays to cooperate, even if 
that doesn't optimise one's chances in this particular instance.
Yup, can't have a network without nodes.

Of course, the battery lifetime acts as the "weighting" factor here...if 
only a small % of the traffic I'm routing belongs to me, then I may not 
be so willing to route it if my battery lifetime is short. As battery 
time lifetime increases however (though this sorely lags behind Moore's 
law) then more and more people will be willing to route.
In which case, you won't be to willing to transmit either since receiving 
costs you far less battery than transmitting.  In this case you're far more 
likely to store whatever you want to transmit for later - same as working 
"offline" with a mail user agent.

Re: Fornicalia Lawmaker Moves to Block Gmail

[sunder]

Pete Capelli wrote:

 > Since when is there a guarantee of privacy in email??

 Since PhilZ wrote PGP?

Re: Hierarchy, Force Monopoly, and Geodesic Societies

[sunder]

Jim Dixon wrote:

The term is used because most or all trees in the region where the English
language originated are shaped just like that: they have a single trunk
which forks into branches which may themselves fork and so on.  These
branches do not connect back to one another.
I believe the real issue here is one of being able to stretch your mind 
into seeing things from different points of view.  This is the reason I 
brought in the quasi-mystical quote about the sphere whose center is 
everywhere.

To see if you'd be able to go beyond your already rich knowledge and gain 
new benefit from another way of looking at it.  (IMHO, it's important to be 
able to change POV's at will, it keeps you flexible and able to learn new 
ways of dealing with data by conversion.)

In real life, the roots of a tree resemble it's branches buried 
underground, in an almost mirror image.  A tree that terminates where the 
trunk meets the ground would fall.  The only real tree resembling this, is 
one where logger's saw was applied. :)  So we're already not discussing a 
real tree.

The idealized mathematical definition of a tree doesn't quite a real tree 
any more than do B-Trees, B+/-Trees, nor red/black trees, or our debated 
friend, the internet.

The Internet doesn't resemble a tree at all.  It is characterized by many
cross-connections, which form cycles.  These are introduced deliberately
by network engineers, because tree-like networks are unreliable.  
Of course. It's called redundancy and its goal is to eliminate as many 
single points of failure as possible.  But from the point of view of one 
node talking to another, these aren't considered, I'll explain why.

Firstly, don't confuse cycles with redundancy for high availability.  These 
are two different things.

Let's explain why we have multiple connections and what types of these you 
can expect.  There are two common types of multiple connections:

A) Two links to the same ISP:  In terms of redundancy for the purposes of 
being fault tolerant, only one of the multiple links is ever used.  With 
most ISP's, when you negotiate a contract for a backup connection, it's 
with the understanding that you'll only use it when the main one goes down.

B) You have multiple connections to different ISP's (possibly with peering 
contracts, etc.)  In this case when a node at your location tries to 
contact some other node on the internet, it's traffic doesn't go over ALL 
of your connections - it takes only a single path.  [Ok, if your routers 
are correcting for an outage, then perhaps you'll see different paths being 
taken, but this is just the routing tables/routers settling or converging.]

If both case A and case B, a single node in your location will see the 
entire internet as a tree with the root of that tree being the default 
gateway.  (i.e. go back to doing traceroutes.)  In the case of a 
multi-homed machine, or machine that participates in routing, it itself 
becomes the root of the tree.

There are other cases but those are rare, and likely flawed.

Now on to cycles and the whole reason for this debate:

The whole point of many/most routing algorithms is to GET RID OF cycles. 
After you've done this, you're left with a tree.

Loops/cycles are so anathema to the workings of tcp/ip, that one of the 
fields in IP packets has been added to help eliminate: the TTL.  The only 
reason for a TTL value is to prevent packets that are going around in 
circles from congesting all the routers involved in the loop.  (Only later 
did traceroute exploit this into helping provide you with a map of where 
your packets went.)

This is why EIGRP, RIP, etc. use various mechanisms to explicitly prevent 
routing loops (and BGP to aggregate routes.)  Routing loops are damage, 
they are by definition not desirable.

At the data link layer (switches/hubs), this is why you want to use the 
Spanning Tree Protocol.  Notice that name: Spanning *TREE* Protocol.  After 
STP is done, you're left with a data link layer ->TREE< - not a cyclical 
graf.  STP is even more important for LAN's than on the internet since 
there's no TTL on ethernet frames:  a single broadcast, were it to be 
allowed to loop, could saturate your switches to the point of killing your LAN!

What all this says to me is that a cycle is a circle, and that failover/ 
parallel links should be collapsed (and are by routing protocols) to a 
single link.

Once you eliminate cycles, and you do so in real life, you go back to a 
tree.  You only see the alternate paths used when failover or routing 
errors occur.

Yes, I agree with you, if your POV is "The Big Picture" above from space, 
which includes all links, even the unused redundant ones, it's certainly 
not a tree.

At the same time, I also disagree with you.  If your POV is a single host, 
it sees the internet as a tree.  In fact, one of the properties of trees is 
that you "pick up" any leaf node and designate it as the root.  (Doesn't 
work too well on a B+Tree when yo

Re: BBC: File-sharing to bypass censorship

[sunder]

Justin wrote:

This is one nation under God (the Christian God), or haven't you
noticed?  If the Christian Right thinks God doesn't like something, it's
not Constitutionally protected.
Even worse, I've once heard a coworker explain to me why Bush doesn't give 
a rats ass about the environment: just like the impromptu "pilots" who 
learned how to fly, but not land, Bush and Crew believe that this world is 
theirs to do with as they wish, and that pollution isn't important - so 
what if thousands die of cancer, so long as they earn a place in their idea 
paradise.

Yes, between the flat-earther's, witch burners, jihadists, and other nuts, 
religion certain has had a wonderful influence on humanity.

Re: Hierarchy, Force Monopoly, and Geodesic Societies - the internet is a tree.

[sunder]

Jim Dixon wrote:

Yes.  I know what a tree is, and I am quite familiar with structure of
the Internet.  These very pretty pictures certainly look like the Internet
I am familiar with, but don't resemble trees.
It is a tree. I'll give you a hint.  Think of this:

"God is like an infinite sphere, whose center is everywhere and 
circumference nowhere."  Nicholas of Cusa.

It is a tree, but to see it, you'll need to find the root.  The quote above 
is a hint to where the root is.  Replace god with internet, sphere with 
tree, infinite with 2**32 (at least until it goes to ip6.)

So where's the root?  Scroll down for the answer.

 |
 |
 |
\ /
 V
























Did you see it?  No??? It's actually right infront of you.

Still don't know?  Ok then, keep scrolling down.































The root of the internet is your own internet connection.  Proof: If you 
were to iterate traceroutes over the entire ip4 space (good luck doing that 
by the way), and graph the results, you'd get a tree.  It's root is your 
default gateway.

:)

Re: VPN VoIP

[sunder]

Eugen Leitl wrote:

I cited those routers as instances of consumer-type cheap VoIP with
encryption, which thwarts goverment-mandated tapping by ISPs. Exploiting
built-in backdoors or remotely exploitable vulnerabilities is a different
threat model. I definitely hope routers with DynDNS/VPN/VoIP and POTS jacks 
will become more widespread, and use opportunistic encryption as default.
Cool.

I personally am not going to buy the router, as it is lacking functionality
and flexibility of a Linux-based firewall.
Hmm, I wonder if the VoIP standard is open enough that fully compatible 
linux implementations could be made and integrated with ALSA...  I'm sure a 
simple analog circuit could be used to get an rj11 phone jack attached to 
audio in/out once this is done...

I'm waiting for a passively cooled ~GHz VIA C3 motherboard with two NICs and
external fanless power supply to ditch my current proprietary, rather
braindead firewall. I've already verified IDE-cf adapters do very nicely, and
there are dedicated distros like http://www.nycwireless.net/pebble/ which
don't wear down the flash with r/w on /tmp and similiar. 
Shouldn't be a problem if you go the Solaris route and use tmpfs/swapfs 
with no real swap.  (For those that don't know, Solaris mounts /tmp into 
virtual memor space, so if you've got tons of RAM, data written in /tmp is 
actually written in RAM.)

Should I stick with Linux (there's /dev/random and VPN support in current
kernels for the C3 Padlock engine, right?) with SELinux or try OpenBSD for a
firewall type machine with hardware crypto support? 
I've had very good luck with OBSD so far (knock on fake wood?)...  I'm very 
happy with pf... much nicer than iptables...  I haven't used SELinux as a 
firewall, but have experimented with it.  It's excellent in terms of 
security (if you don't mind the huge failure logs), but, it's a bitch to 
configure properly...

I'd go for something between UML (User Mode Linux) and SELinux.  Use 
SELINUX as the main host and UML to partition off untrusted applications in 
sandboxes (i.e. to run apache, etc.)

Re: VPN VoIP

[sunder]

Eugen Leitl wrote:
I've been installing a Draytek Vigor 2900 router at work lately, and found a
line of models which do VoIP (router with analog phone jacks on them). They
also support VPN router-router, and come with DynDNS clients. I thought I've
seen VoIP over VPN being mentioned, but I can't find it right now.
I've not seen, nor played with any of these, *BUT*, heed this warning
which applies to all devices (and software?) that are 1) closed source and 
2) offer some useful service which you'd be tempted to place inside your 
network, 3) are allowed to communicate with the outside world.

I would highly suggest that if you chose to use one of these that you do so 
from a DMZ in your firewall to be safe.  You don't know what OS/firmware 
lives there and whether it can be used via the VOIP network to spy on your 
internal network.

You might need to add another NIC to your firewall, and depending on what 
else this needs, you might also need to provide a DHCP server for it.  Set 
the firewall rules to make sure no packets from this device can go into 
your internal network.  EVER.

Don't just say, "Well this thing is its own router, it does VPN, it has a 
firewall (does it?) I can trust it."

There will likely be features which it provides (perhaps a voice 
mail->email gateway?) which will tempt you to place it on the inside 
network instead of a DMZ.  Don't!  Find a way to secure your network and 
still provide for such features.

[Or, if you use these boxes inside a corporate environment and actually 
care about this level of security and want several of these to talk to each 
other, build another network just for them.  Depending on your needs, I'd 
also say, don't let them talk to the outside world, but if you do that, 
only nodes inside your VPN's will be able to communicate over VOIP.]

If you trust this thing to do VOIP, enjoy, (Accepting possible spying on 
your phone calls by LEO/intel agencies, etc.) but don't trust it enough to 
put the ethernet end of it on your internal network.  You never know when 
some bright kid takes one of these apart, disassembles the firmware and 
finds a backdoor to use against you.

Why the tin-foil sounding rant?  See yesterday's slashdot regarding the 
recent "hardwired" backdoor account in a Cisco Wifi router which has been 
exposed resulting in a call for a firmware update.  You can bet that Cisco 
simply changed the backdoor password/hash instead of eliminating it.  If 
they're not too scummy, they only made it harder to find:

http://yro.slashdot.org/article.pl?sid=04/04/08/1920228&mode=thread&tid=126&tid=158&tid=172&tid=99

Re: The Gilmore Dimissal

[sunder]

93:

One of the nice things about ignorance is that it is curable.  Unlike 
Neo-Conservatism.
Or more accurately - Neo CONfidence artist.  Would be nice to turn those 
into NEO convicts, but we may as well dream of a free country.

Many, many, thanks go to Richard Clarke for exposing the truth we all 
suspected.

So, I'm not quite current about the Gilmore dismissal - is the subject line 
misspelled?  Is there some URL regarding news of this?  I take it from the 
gripes that John's lawsuit against Asscruft re: flying without ID was 
dismissed?

Re: Saving Opportunistic Encryption

[sunder]

Eugen Leitl wrote:

No, anything requiring publishing DNS records won't fly. OE is
*opportunistic*. It doesn't care about what the true identity of the opposite
party is. Any shmuck on dynamic IP should be able to use it instantly, with
no observable performance degradation, using a simple patch.
If it doesn't fit these minimal requirements, it will die, just the same way
FreeS/WAN did.
I absolutely agree.  While it's possible to do things like MIM attacks if 
you don't know who the other guy is, look at how successful SSH is over any 
other kind of solution.  Its biggest competitor at the time it was 
introduced was kerberized telnet/ftp.  How many networks do you know that 
use Kerberos instead of ssh these days?

Look at how many folks use PGP - those who really know it and want it, or 
those who know enough about it and have some easily automated 
implementation that plugs in to their mail client. (i.e. commercial pgp 
with Eudora/Outlook plug in.  As an aside, I'm still pissed off that the 
Mozilla mail client doesn't support PGP/GPG in addition to S/MIME or 
whatever the hell..)

Adding another infrastructure requirement that requires ISP layer changes 
will exponentially raise resistance to its adoption.  While I do run my own 
server for mail/web, 99.9% of the internet luser population doesn't - and 
even so, I chose not to run my own DNS server.  (Allowing register.com to 
do so makes it safer for me: it's one less service that might be 
compromised due to possible bugs.)

Making it optional to add that infrastructure layer - whether it's via DNS, 
LDAP, signed public keys, web o' trust / pgp keyserver, finger, or even 
something entirely new, is probably the safer way to go, BUT don't require it.

There do exist transparent web caching proxies out there (usually 
advertised as web accelerators.)  I ran across such a few months ago when 
our satellite office couldn't connect to one of our servers.  We were using 
private dns virtual host names to access management web pages on our 
servers.  However the proxy intercepted those requests, and tried to 
resolve DNS, but obviously couldn't, so everyone in the office got a DNS 
error.  It took some pretty strong words to get the ISP to even admit that 
they were using such a beast, much less disable it just for us.

It's certainly possible to create a proxy to do MitM interception that 
would foil even SSH.  This wouldn't work so well against mobile devices 
which might fortuitously use a different route, but would work very well 
one hop above the server if that's the only pipe the server has.

There are ways to protect against this such as publishing a line for the 
known-hosts entry by other means, but no one does this (yet?)  (i.e: 
sneakernet, finger, web page, pgp signed/encrypted email, over the 
telephone, etc.)   (Another useful thing is to use public keys for SSH 
instead of passwords: this way the attacker won't be able to reuse your 
password - but you're still compromised the second you login.)

There are some rare cases where you absolutely want to know who you are 
talking to.  For example an https server that allows control of financial 
data.  Even in that case the server doesn't fully know who the client is, 
and doesn't need to (in order to establish the secure link) -- until a 
login (or CC info) is presented.  In the case of using OE to talk to a 
server, the client already has some idea of the server's identity, and the 
server will eventually have some idea of who the client is.

As an aside: Just doing the above to encapsulate emails won't help at all 
against spamming: the spammers will just randomly generate throw away 
public keys, etc.  They've already written trojan spammers with their own 
SMTP servers built in, it's only a few more (thousand?) lines of code to 
incrementally bypass that layer as well.

I've already seen a few years ago spam sites that return "yahoo.com" and 
"msn.com" in reverse DNS, but doing traceroutes reveals that they're 
actually in Korea or China, etc.  So you can't fully rely on (spoofable) 
DNS info anyway.

If any of you remember the recent virii attacks where the attachment is a 
password protected zip file with the password in the body of the email, 
guess what: the evil ones kicked it up a notch once more.

Just yesterday, I saw a new form of this on cpunx: instead of a ZIP 
attachment, the new malware uses a RAR archive, and instead of the password 
being in clear text, it's inside an a randomly named attached .GIF file! 
They've not obscured it, so it's possible to add OCR to the anti-virus 
code, but it's now it's that much harder for the anti-virus to block.

Just as the virus authors evolve their code to adapt their offenses to the 
defenses of virus scanners, so will the spammers evolve their code to 
bypass spam filters, and we've already seen that spammers use virii/worms 
to spread their code...

Distributed computing is already here.  Shame that it's biggest use is 
currently for ev

Re: 'Special skills draft' on drawing board

[sunder]

So is this Uncle Sam's way of getting good workers for no pay?  You could 
expect the same kinds of skills to bring in several hundred dollars per 
hour in the .mil consulting sphere...

Huh... So working from January to April/May to pay one's tax burden isn't 
enough service to the republic anymore? (where tax burden = billions wasted 
on the Iraq/Afghanistani wars, overthrowing elections in Argentina, causing 
riots in Haiti and Africa, etc.)

Now they're resorting to what pretty much amounts to slavery?  How soon 
before .gov just absorbs Exxon, IBM, Sun, HP, Haliburton, Bechtel and all 
of interest directly? How soon before .gov comes out of the fascism closet 
already and announces itself for what it really is?

Bah! I may as well learn to flip burgers and ask if fries will be part of 
the order today...  being a sysadmin isn't getting me employed anymore 
anyway.  :(



R. A. Hettinga wrote:




www.sfgate.com

 'Special skills draft' on drawing board
 Computer experts, foreign language specialists lead list of military's needs
 Eric Rosenberg, Hearst Newspapers
 Saturday, March 13, 2004
)2004 San Francisco Chronicle | Feedback | FAQ


URL: sfgate.com/cgi-bin/article.cgi?file=/c/a/2004/03/13/MNG905K1BC1.DTL

 Washington -- The government is taking the first steps toward a targeted
military draft of Americans with special skills in computers and foreign
languages.

Re: I'd recognise that ear, anywhere

[sunder]

R. A. Hettinga wrote:

Hmmm... Actual progress on old news is new news, right?
Not when it pretends to be a new and wonderful idea, and ignores its past.

Sort of like Apple announcing the world's first 64 bit desktop computer 
when many of us have had DEC Alpha's and UltraSPARC machines on our desks 
since the early/mid 90's -- for example.  (And then it turns out, they 
don't even have a 64 bit OS for it yet!)