yes, they look for stego, as a "Hacker Tool"

>> A cool thing for this purpose could be a patch for gcc to produce unique >> code every time, perhaps using some of the polymorphic methods used by >> viruses. > >The purpose would be that they do not figure out that you are using some >security program, so they don't suspect that noise in the fi

Re: yes, they look for stego, as a "Hacker Tool"

On Fri, 13 Aug 2004, Major Variola (ret) wrote: > Any jpg which looks like noise will be of interest. And any stego > program will make them look at your images (etc) more closely :-) > > Most of the programs they've hashed is so the forensic pigs can discount > them. But they would find know

Joux found a collision for SHA-0 !

--- begin forwarded text Delivered-To: [EMAIL PROTECTED] From: Pascal Junod <[EMAIL PROTECTED]> Organization: EPFL - LASEC To: [EMAIL PROTECTED] Subject: Joux found a collision for SHA-0 ! Date: Fri, 13 Aug 2004 15:32:29 +0200 User-Agent: KMail/1.6.2 Sender: [EMAIL PROTECTED] Hi ! This has app

Re: Forensics on PDAs, notes from the field

At 02:11 PM 8/13/04 -0400, Sunder wrote: >If you're suspected of something really big, or you're middle eastern, >then you need to worry about PDA forensics. Otherwise, you're just >another geek with a case of megalomania thinking you're important enough >for the FedZ to give a shit about you. Pe

Re: Forensics on PDAs, notes from the field

>On Fri, 13 Aug 2004, Thomas Shaddack wrote: >> In the world of industrial espionage and divorce lawyers, the FedZ aren't >> the only threat model. At 03:06 PM 8/13/04 -0400, Sunder wrote: >Right, in which case GPG (or any other decent crypto system) is just fine, >or you wouldn't be looking for s

Re: Forensics on PDAs, notes from the field

At 01:46 PM 8/13/04 -0400, John Kelsey wrote: >>From: "Major Variola (ret)" <[EMAIL PROTECTED]> >>Obvious lesson: Steganography tool authors, your programs >>should use the worm/HIV trick of changing their signatures >>with every invocation. Much harder for the forensic >>fedz to recognize your to

Re: Forensics on PDAs, notes from the field (your teenage son's homemade porn)

At 10:07 PM 8/13/04 +0200, Thomas Shaddack wrote: >On Fri, 13 Aug 2004, Tyler Durden wrote: > >> And it seems to me to be a difficult task getting ahold of enough photos >> that would be believably worth encrypting. > >Homemade porn? Your 16 year old son's homemade porn. [google on Heidl & rape;

Re: Forensics on PDAs, notes from the field

Sunder wrote... And PGP won't stand out because ? Just wondering. Is it possible to disguise a PGP'd message as a more weakly encrypted message that then decrypts to something other than the true message? OK...perhaps we stego an encrypted message, then encrypt that photo using something we

Re: Forensics on PDAs, notes from the field

On Fri, 13 Aug 2004, Tyler Durden wrote: > And it seems to me to be a difficult task getting ahold of enough photos > that would be believably worth encrypting. Homemade porn?

Re: Forensics on PDAs, notes from the field

On Fri, 13 Aug 2004, Sunder wrote: > If you're suspected of something really big, or you're middle eastern, > then you need to worry about PDA forensics. Otherwise, you're just > another geek with a case of megalomania thinking you're important enough > for the FedZ to give a shit about you. I

Re: Forensics on PDAs, notes from the field

> A cool thing for this purpose could be a patch for gcc to produce unique > code every time, perhaps using some of the polymorphic methods used by > viruses. The purpose would be that they do not figure out that you are using some security program, so they don't suspect that noise in the file o

Re: Forensics on PDAs, notes from the field

Right, in which case GPG (or any other decent crypto system) is just fine, or you wouldn't be looking for stego'ing it inside of binaries in the first place. --Kaos-Keraunos-Kybernetos--- + ^ + :"Our enemies are innovative and resourceful, and so are we

Re: Forensics on PDAs, notes from the field

On Thu, 12 Aug 2004, Thomas Shaddack wrote: > > The NIST CDROM also doesn't seem to include source code amongst its > > sigs, so if you compile yourself, you may avoid their easy glance. > > A cool thing for this purpose could be a patch for gcc to produce unique > code every time, perhaps usi

Re: Forensics on PDAs, notes from the field

>From: "Major Variola (ret)" <[EMAIL PROTECTED]> >Sent: Aug 11, 2004 9:21 PM >To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> >Subject: Forensics on PDAs, notes from the field .. >Obvious lesson: Steganography tool authors, your programs >should use the worm/HIV trick of changing their signatures >wit

Re: Forensics on PDAs, notes from the field

On Fri, 13 Aug 2004, Morlock Elloi wrote: > > A cool thing for this purpose could be a patch for gcc to produce unique > > code every time, perhaps using some of the polymorphic methods used by > > viruses. > > The purpose would be that they do not figure out that you are using some > security

Re: Forensics on PDAs, notes from the field

On Fri, 13 Aug 2004, Morlock Elloi wrote: > The purpose would be that they do not figure out that you are using some > security program, so they don't suspect that noise in the file or look for > stego, right? > > The last time I checked the total number of PDA programs ever offered to public > i

Re: Forensics on PDAs, notes from the field

Quoth Thomas Shaddack <[EMAIL PROTECTED]> > Obvious lesson: Steganography tool authors, your programs > should use the worm/HIV trick of changing their signatures > with every invocation. Much harder for the forensic > fedz to recognize your tools. (As suspicious, of course). It should be enoug

RE: 2+2=5 and mention of cryptome

Nah. They wanted to cock-block Kerry and his high visibility as a result of the DNC. As for inconveniencing this New Yorker, it was barely worse than it usually is going down to Wall Street. The RNC will be another story altogether, however. -TD From: Sunder <[EMAIL PROTECTED]> To: [EMAIL PRO

Too Much Information?

Too Much Information? Web Site Raises Questions About Public Access to Sensitive Government Info By JakeTapper ABCNEWS.com Aug. 12, 2004- John Young, a 69-year-old architect, was contacted a few weeks ago by Department

Re: Cryptome on ABC Evening News?

There a text version of the report on abcnews.com and a video is available to subscribers. To keep the nation secure the web site is not named. Google search appears to do it based on hate mail coming in.

Re: Cryptome on ABC Evening News?

Can somebody record it in MPEG or DivX, please? :) It's difficult to get ABC News across the Atlantic without a dish. On Thu, 12 Aug 2004, R. A. Hettinga wrote: > There's a teaser for tonight's 6:30 news about "a wesite that publishes > pipeline maps and the names and addresses of government e

Cryptome on ABC Evening News?

There's a teaser for tonight's 6:30 news about "a wesite that publishes pipeline maps and the names and addresses of government employees". The horror. :-) Cheers, RAH -- - R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Bo

Re: Cryptome on ABC Evening News?

To keep the nation secure the web site is not named. Google search appears to do it based on hate mail coming in. How 'bout posting those hate email addresses on Cryptome! (You might also recommend that they use an anonymous remailer next time!) -TD

Re: Cryptome on ABC Evening News?

At 12:49 AM +0200 8/13/04, Thomas Shaddack wrote: >Can somebody record it in MPEG or DivX, please? :) It's difficult to get >ABC News across the Atlantic without a dish. I didn't see anything. But, like an idiot, I surfed out of it. ADD's a bitch. :-). Anyone see the whole show? Cheers, RAH --